hxxp://iili[.]io

Analysis

max time kernel
4s
max time network
36s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20240226-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20240226-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
27-03-2024 15:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://iili.io

Score

7^/10

antivm spyware stealer

Malware Config

Signatures

Changes its process name 64 IoCs

Processes:

firefox

description	ioc	pid
Changes the process name, possibly in an attempt to hide itself	IPC I/O Parent	1640
Changes the process name, possibly in an attempt to hide itself	IPC I/O Parent	1640
Changes the process name, possibly in an attempt to hide itself	IPC I/O Parent	1640
Changes the process name, possibly in an attempt to hide itself	glean.dispatche	1639
Changes the process name, possibly in an attempt to hide itself	Backgro~Pool #1	1645
Changes the process name, possibly in an attempt to hide itself	Backgro~Pool #1	1645
Changes the process name, possibly in an attempt to hide itself	IPDL Background	1644
Changes the process name, possibly in an attempt to hide itself	IPDL Background	1644
Changes the process name, possibly in an attempt to hide itself	Socket Thread	1643
Changes the process name, possibly in an attempt to hide itself	Socket Thread	1643
Changes the process name, possibly in an attempt to hide itself	Netlink Monitor	1642
Changes the process name, possibly in an attempt to hide itself	Netlink Monitor	1642
Changes the process name, possibly in an attempt to hide itself	HTML5 Parser	1646
Changes the process name, possibly in an attempt to hide itself	HTML5 Parser	1646
Changes the process name, possibly in an attempt to hide itself	Timer	1641
Changes the process name, possibly in an attempt to hide itself	Timer	1641
Changes the process name, possibly in an attempt to hide itself	JS Watchdog	1648
Changes the process name, possibly in an attempt to hide itself	JS Watchdog	1648
Changes the process name, possibly in an attempt to hide itself	BGReadURLs	1650
Changes the process name, possibly in an attempt to hide itself	BGReadURLs	1650
Changes the process name, possibly in an attempt to hide itself	Cache2 I/O	1651
Changes the process name, possibly in an attempt to hide itself	Cookie	1652
Changes the process name, possibly in an attempt to hide itself	Cookie	1652
Changes the process name, possibly in an attempt to hide itself	StreamTrans #1	1653
Changes the process name, possibly in an attempt to hide itself	StreamTrans #1	1653
Changes the process name, possibly in an attempt to hide itself	TaskCon~ller #1	1655
Changes the process name, possibly in an attempt to hide itself	TaskCon~ller #0	1654
Changes the process name, possibly in an attempt to hide itself	BgIOThr~Pool #1	1656
Changes the process name, possibly in an attempt to hide itself	BgIOThr~Pool #1	1656
Changes the process name, possibly in an attempt to hide itself	QuotaManager IO	1657
Changes the process name, possibly in an attempt to hide itself	QuotaManager IO	1657
Changes the process name, possibly in an attempt to hide itself	IndexedDB #1	1658
Changes the process name, possibly in an attempt to hide itself	IndexedDB #1	1658
Changes the process name, possibly in an attempt to hide itself	IPC Launch	1661
Changes the process name, possibly in an attempt to hide itself	IPC Launch	1661
Changes the process name, possibly in an attempt to hide itself	SandboxReporter	1660
Changes the process name, possibly in an attempt to hide itself	SandboxReporter	1660
Changes the process name, possibly in an attempt to hide itself	Breakpad Server	1659
Changes the process name, possibly in an attempt to hide itself	DOM Worker	1663
Changes the process name, possibly in an attempt to hide itself	DOM Worker	1663
Changes the process name, possibly in an attempt to hide itself	Sandbox Forked	1662
Changes the process name, possibly in an attempt to hide itself	Chroot Helper	1664
Changes the process name, possibly in an attempt to hide itself	StreamTrans #5	1668
Changes the process name, possibly in an attempt to hide itself	StreamTrans #5	1668
Changes the process name, possibly in an attempt to hide itself	StreamTrans #4	1667
Changes the process name, possibly in an attempt to hide itself	StreamTrans #4	1667
Changes the process name, possibly in an attempt to hide itself	StreamTrans #3	1666
Changes the process name, possibly in an attempt to hide itself	StreamTrans #3	1666
Changes the process name, possibly in an attempt to hide itself	StreamTrans #2	1665
Changes the process name, possibly in an attempt to hide itself	StreamTrans #2	1665
Changes the process name, possibly in an attempt to hide itself	MainThread	1662	firefox
Changes the process name, possibly in an attempt to hide itself	IPC I/O Child	1670
Changes the process name, possibly in an attempt to hide itself	IPC I/O Child	1670
Changes the process name, possibly in an attempt to hide itself	IPC I/O Child	1670
Changes the process name, possibly in an attempt to hide itself	FSBroker1662	1671
Changes the process name, possibly in an attempt to hide itself	FSBroker1662	1671
Changes the process name, possibly in an attempt to hide itself	Socket Process	1662	firefox
Changes the process name, possibly in an attempt to hide itself	Backgro~Pool #1	1672
Changes the process name, possibly in an attempt to hide itself	Backgro~Pool #1	1672
Changes the process name, possibly in an attempt to hide itself	Socket Thread	1673
Changes the process name, possibly in an attempt to hide itself	Socket Thread	1673
Changes the process name, possibly in an attempt to hide itself	Timer	1675
Changes the process name, possibly in an attempt to hide itself	Timer	1675
Changes the process name, possibly in an attempt to hide itself	ProfilerChild	1674

Reads user data of web browsers 64 IoCs

Reads stored browser data which can include saved credentials.

spyware stealer

Processes:

firefox

description	ioc	process
File opened for reading	/root/.mozilla/firefox/1i5j3njt.default-release/prefs.js	firefox
File opened for reading	/root/.mozilla/firefox/1i5j3njt.default-release/system-extensions	firefox
File opened for reading	/root/.mozilla/firefox/1i5j3njt.default-release/storage/permanent/chrome/idb
File opened for reading	/root/.mozilla/firefox/1i5j3njt.default-release/sessionstore-backups/previous.js
File opened for reading	/root/.mozilla/firefox/1i5j3njt.default-release/shield-preference-experiments.json
File opened for reading	/root/.mozilla/firefox/1i5j3njt.default-release/cert9.db-journal
File opened for reading	/root/.mozilla/firefox/1i5j3njt.default-release/cookies.sqlite-journal	firefox
File opened for reading	/root/.mozilla/firefox/1i5j3njt.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite-wal
File opened for reading	/root/.mozilla/firefox/1i5j3njt.default-release	firefox
File opened for reading	/root/.mozilla/firefox/1i5j3njt.default-release/xulstore.json	firefox
File opened for reading	/root/.mozilla/firefox/1i5j3njt.default-release/addons.json
File opened for reading	/root/.mozilla/firefox/1i5j3njt.default-release/sessionstore-backups/recovery.js
File opened for reading	/root/.mozilla/firefox/1i5j3njt.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite-journal
File opened for reading	/root/.mozilla/firefox/1i5j3njt.default-release/cookies.sqlite
File opened for reading	/root/.mozilla/firefox/1i5j3njt.default-release/cookies.sqlite	firefox
File opened for reading	/root/.mozilla/firefox/1i5j3njt.default-release/storage/ls-archive.sqlite
File opened for reading	/root/.mozilla/firefox/1i5j3njt.default-release/sessionstore.jsonlz4
File opened for reading	/root/.mozilla/firefox/1i5j3njt.default-release/AlternateServices.txt
File opened for reading	/root/.mozilla/firefox/1i5j3njt.default-release/sessionstore-backups/recovery.baklz4
File opened for reading	/root/.mozilla/firefox/1i5j3njt.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-journal
File opened for reading	/root/.mozilla/firefox/1i5j3njt.default-release/sessionstore.js
File opened for reading	/root/.mozilla/firefox/1i5j3njt.default-release/places.sqlite-wal	firefox
File opened for reading	/root/.mozilla/firefox/1i5j3njt.default-release/bookmarkbackups
File opened for reading	/root/.mozilla/firefox/1i5j3njt.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
File opened for reading	/root/.mozilla/firefox/1i5j3njt.default-release/handlers.json	firefox
File opened for reading	/root/.mozilla/firefox/1i5j3njt.default-release/SiteSecurityServiceState.txt
File opened for reading	/root/.mozilla/firefox/1i5j3njt.default-release/sessionCheckpoints.json
File opened for reading	/root/.mozilla/firefox/1i5j3njt.default-release/search.json.mozlz4
File opened for reading	/root/.mozilla/firefox/1i5j3njt.default-release/extensions.json
File opened for reading	/root/.mozilla/firefox/1i5j3njt.default-release/times.json
File opened for reading	/root/.mozilla/firefox/1i5j3njt.default-release/places.sqlite	firefox
File opened for reading	/root/.mozilla/firefox/1i5j3njt.default-release/favicons.sqlite-journal	firefox
File opened for reading	/root/.mozilla/firefox/1i5j3njt.default-release/storage.sqlite
File opened for reading	/root/.mozilla/firefox/1i5j3njt.default-release/storage
File opened for reading	/root/.mozilla/firefox/1i5j3njt.default-release/cert9.db-journal	firefox
File opened for reading	/root/.mozilla/firefox/1i5j3njt.default-release/ClientAuthRememberList.txt
File opened for reading	/root/.mozilla/firefox/1i5j3njt.default-release/sessionstore-backups/previous.jsonlz4
File opened for reading	/root/.mozilla/firefox/1i5j3njt.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite-journal
File opened for reading	/root/.mozilla/firefox/1i5j3njt.default-release/compatibility.ini	firefox
File opened for reading	/root/.mozilla/firefox/1i5j3njt.default-release/user.js	firefox
File opened for reading	/root/.mozilla/firefox/1i5j3njt.default-release/cookies.sqlite-journal
File opened for reading	/root/.mozilla/firefox/1i5j3njt.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite
File opened for reading	/root/.mozilla/firefox/1i5j3njt.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-wal
File opened for reading	/root/.mozilla/firefox/1i5j3njt.default-release/sessionstore-backups/recovery.bak
File opened for reading	/root/.mozilla/firefox/1i5j3njt.default-release/cert_override.txt	firefox
File opened for reading	/root/.mozilla/firefox/1i5j3njt.default-release/cert9.db
File opened for reading	/root/.mozilla/firefox/1i5j3njt.default-release/extensions	firefox
File opened for reading	/root/.mozilla/firefox/1i5j3njt.default-release/extension-preferences.json
File opened for reading	/root/.mozilla/firefox/1i5j3njt.default-release/storage.sqlite-journal
File opened for reading	/root/.mozilla/firefox/1i5j3njt.default-release/permissions.sqlite
File opened for reading	/root/.mozilla/firefox/1i5j3njt.default-release/pkcs11.txt	firefox
File opened for reading	/root/.mozilla/firefox/1i5j3njt.default-release/key4.db	firefox
File opened for reading	/root/.mozilla/firefox/1i5j3njt.default-release/content-prefs.sqlite
File opened for reading	/root/.mozilla/firefox/1i5j3njt.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite-wal
File opened for reading	/root/.mozilla/firefox/1i5j3njt.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite-wal
File opened for reading	/root/.mozilla/firefox/1i5j3njt.default-release/ExperimentStoreData.json
File opened for reading	/root/.mozilla/firefox/1i5j3njt.default-release/addonStartup.json.lz4	firefox
File opened for reading	/root/.mozilla/firefox/1i5j3njt.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite-journal
File opened for reading	/root/.mozilla/firefox/1i5j3njt.default-release/favicons.sqlite	firefox
File opened for reading	/root/.mozilla/firefox/1i5j3njt.default-release
File opened for reading	/root/.mozilla/firefox/1i5j3njt.default-release/storage/permanent/chrome
File opened for reading	/root/.mozilla/firefox/1i5j3njt.default-release/storage/ls-archive.sqlite-journal
File opened for reading	/root/.mozilla/firefox/1i5j3njt.default-release/cert9.db	firefox
File opened for reading	/root/.mozilla/firefox/1i5j3njt.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite

Checks CPU configuration 1 TTPs 1 IoCs
Checks CPU information which indicate if the system is a virtual machine.
antivm

Virtualization/Sandbox Evasion
T1497

Processes:

description ioc

File opened for reading /proc/cpuinfo

description	ioc
File opened for reading	/proc/cpuinfo

Reads CPU attributes 1 TTPs 11 IoCs

System Information Discovery

T1082

Processes:

firefoxfirefoxfirefoxfirefoxfirefoxfirefox

description	ioc	process
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index2/size
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index3/size
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
File opened for reading	/sys/devices/system/cpu/present
File opened for reading	/sys/devices/system/cpu/present	firefox

Enumerates kernel/hardware configuration 1 TTPs 60 IoCs

Reads contents of /sys virtual filesystem to enumerate system information.

System Information Discovery

T1082

Processes:

firefoxfirefoxfirefoxfirefoxfirefoxdbus-daemonfirefox

description	ioc
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/resource
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/vendor
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/device
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/device
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/resource
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/class
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/vendor
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/class
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/resource
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/class
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/device
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/irq
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/vendor
File opened for reading	/sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/resource
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/class
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/vendor
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/uevent
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/bus/pci/devices
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/resource
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/class
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/resource
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/vendor
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/class
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/irq
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/subsystem_device
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/vendor
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/device
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/subsystem_vendor
File opened for reading	/sys/devices/system/cpu
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/resource
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/device
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/irq
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/irq
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/device
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/irq
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/irq
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/device
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/device
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/resource
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/irq
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/vendor
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/device
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/class
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/class
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/class
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/vendor
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/irq
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/vendor
File opened for reading	/sys/kernel/security/apparmor/features/dbus/mask	dbus-daemon
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/resource
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/irq
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/vendor
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/device
File opened for reading	/sys/devices/system/cpu	firefox

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

Processes:

firefoxfirefoxdbus-daemonfirefoxfirefoxxdg-desktop-portal-gtkfirefoxsedxdg-permission-storesedsedgvfsd-fusefirefoxxdg-desktop-portalxdg-document-portalgvfsdsedsed

description	ioc	process
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/self/fd/41	firefox
File opened for reading	/proc/self/fd/112	firefox
File opened for reading	/proc/self/task/1810/stat
File opened for reading	/proc/mounts	dbus-daemon
File opened for reading	/proc/self/task/1669/stat
File opened for reading	/proc/self/fd/31	firefox
File opened for reading	/proc/self/fd/29	firefox
File opened for reading	/proc/1710/cmdline
File opened for reading	/proc/self/task/1767/stat
File opened for reading	/proc/1550/status
File opened for reading	/proc/1550/attr/current
File opened for reading	/proc/self/fd/44	firefox
File opened for reading	/proc/self/fd/50	firefox
File opened for reading	/proc/self/fd/39	firefox
File opened for reading	/proc/self/fd/42	firefox
File opened for reading	/proc/self/fd/35	firefox
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/1690/cmdline
File opened for reading	/proc/filesystems	xdg-desktop-portal-gtk
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/self/stat
File opened for reading	/proc/self/task/1635/stat
File opened for reading	/proc/filesystems	xdg-permission-store
File opened for reading	/proc/self/task/1744/stat
File opened for reading	/proc/1738/smaps
File opened for reading	/proc/self/task/1792/stat
File opened for reading	/proc/1789/smaps
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/self/fd/115	firefox
File opened for reading	/proc/self/fd/36	firefox
File opened for reading	/proc/self/fd/40	firefox
File opened for reading	/proc/filesystems	gvfsd-fuse
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/self/fd/52	firefox
File opened for reading	/proc/1760/statm
File opened for reading	/proc/1545/cmdline
File opened for reading	/proc/self/fd/34	firefox
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/self/fd/77	firefox
File opened for reading	/proc/self/fd/49	firefox
File opened for reading	/proc/filesystems	xdg-desktop-portal
File opened for reading	/proc/1681/cmdline
File opened for reading	/proc/filesystems	xdg-document-portal
File opened for reading	/proc/1567/cmdline
File opened for reading	/proc/1633/cmdline
File opened for reading	/proc/self/fd/45	firefox
File opened for reading	/proc/filesystems	gvfsd
File opened for reading	/proc/self/fd/75	firefox
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/1789/statm
File opened for reading	/proc/self/fd
File opened for reading	/proc/self/mountinfo
File opened for reading	/proc/self/fd/47	firefox
File opened for reading	/proc/1686/cmdline
File opened for reading	/proc/self/fd/6	firefox
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/1806/statm

Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.

Processes:

firefox

description ioc process

File opened for modification /tmp/firefox/.parentlock firefox

description	ioc	process
File opened for modification	/tmp/firefox/.parentlock	firefox

/usr/bin/xdg-open
xdg-open http://iili.io
1⤵
PID:1544

/usr/bin/dbus-send
dbus-send --print-reply "--dest=org.freedesktop.DBus" /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager
2⤵
PID:1545

/usr/bin/dbus-launch
dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr
3⤵
PID:1546

/bin/grep
grep " = \\\"xfce4\\\"\$"
2⤵
PID:1552

/usr/bin/xprop
xprop -root _DT_SAVE_MODE
2⤵
PID:1551

/bin/grep
grep -i "^xfce_desktop_window"
2⤵
PID:1554

/usr/bin/xprop
xprop -root
2⤵
PID:1553

/bin/grep
grep -q "^Enlightenment"
2⤵
PID:1556

/bin/uname
uname
2⤵
PID:1557

/bin/grep
grep -q "^file://"
2⤵
PID:1559

/bin/egrep
egrep -q "^[[:alpha:]+\\.\\-]+:"
2⤵
PID:1561

/usr/local/sbin/grep
grep -E -q "^[[:alpha:]+\\.\\-]+:"
2⤵
PID:1561

/usr/local/bin/grep
grep -E -q "^[[:alpha:]+\\.\\-]+:"
2⤵
PID:1561

/usr/sbin/grep
grep -E -q "^[[:alpha:]+\\.\\-]+:"
2⤵
PID:1561

/usr/bin/grep
grep -E -q "^[[:alpha:]+\\.\\-]+:"
2⤵
PID:1561

/sbin/grep
grep -E -q "^[[:alpha:]+\\.\\-]+:"
2⤵
PID:1561

/bin/grep
grep -E -q "^[[:alpha:]+\\.\\-]+:"
2⤵
PID:1561

/usr/bin/xdg-mime
xdg-mime query default x-scheme-handler/http
2⤵
PID:1566

/usr/bin/dbus-send
dbus-send --print-reply "--dest=org.freedesktop.DBus" /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager
3⤵
PID:1567

/usr/bin/dbus-launch
dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr
4⤵
PID:1568

/bin/grep
grep " = \\\"xfce4\\\"\$"
3⤵
PID:1570

/usr/bin/xprop
xprop -root _DT_SAVE_MODE
3⤵
PID:1569

/bin/grep
grep -i "^xfce_desktop_window"
3⤵
PID:1572

/usr/bin/xprop
xprop -root
3⤵
PID:1571

/bin/grep
grep -q "^Enlightenment"
3⤵
PID:1574

/bin/uname
uname
3⤵
PID:1575

/usr/bin/which
which firefox
2⤵
PID:1618

/usr/bin/firefox
/usr/bin/firefox http://iili.io
2⤵
PID:1633

/usr/bin/which
which /usr/bin/firefox
3⤵
PID:1634

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox http://iili.io
2⤵
- Reads user data of web browsers
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
- Writes file to tmp directory
PID:1633

/usr/bin/dbus-launch
dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr
3⤵
PID:1638

/usr/local/sbin/dbus-launch
dbus-launch "--autolaunch=11c67417355f45d397f6be11f62e85a6" --binary-syntax --close-stderr
3⤵
PID:1678

/usr/local/bin/dbus-launch
dbus-launch "--autolaunch=11c67417355f45d397f6be11f62e85a6" --binary-syntax --close-stderr
3⤵
PID:1678

/usr/sbin/dbus-launch
dbus-launch "--autolaunch=11c67417355f45d397f6be11f62e85a6" --binary-syntax --close-stderr
3⤵
PID:1678

/usr/bin/dbus-launch
dbus-launch "--autolaunch=11c67417355f45d397f6be11f62e85a6" --binary-syntax --close-stderr
3⤵
PID:1678

/usr/bin/dbus-daemon
/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session
1⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1548

/bin/sed
sed -n "s/\$^[[:alnum:]+\\.-]*\$:.*\$/\\1/p"
1⤵
- Reads runtime system information
PID:1564

/bin/sed
sed "s/:/ /g"
1⤵
- Reads runtime system information
PID:1578

/usr/bin/cut
cut -d ";" -f 1
1⤵
PID:1583

/usr/bin/cut
cut -d "=" -f 2
1⤵
PID:1582

/usr/bin/head
head -n 1
1⤵
PID:1581

/bin/grep
grep "x-scheme-handler/http=" /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache
1⤵
PID:1580

/usr/bin/cut
cut -d ";" -f 1
1⤵
PID:1588

/usr/bin/cut
cut -d "=" -f 2
1⤵
PID:1587

/usr/bin/head
head -n 1
1⤵
PID:1586

/bin/grep
grep "x-scheme-handler/http=" /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache
1⤵
PID:1585

/usr/bin/cut
cut -d ";" -f 1
1⤵
PID:1593

/usr/bin/cut
cut -d "=" -f 2
1⤵
PID:1592

/usr/bin/head
head -n 1
1⤵
PID:1591

/bin/grep
grep "x-scheme-handler/http=" /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache
1⤵
PID:1590

/usr/bin/cut
cut -d ";" -f 1
1⤵
PID:1598

/usr/bin/cut
cut -d "=" -f 2
1⤵
PID:1597

/usr/bin/head
head -n 1
1⤵
PID:1596

/bin/grep
grep "x-scheme-handler/http=" /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache
1⤵
PID:1595

/usr/bin/cut
cut -d ";" -f 1
1⤵
PID:1603

/usr/bin/cut
cut -d "=" -f 2
1⤵
PID:1602

/usr/bin/head
head -n 1
1⤵
PID:1601

/bin/grep
grep "x-scheme-handler/http=" /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache
1⤵
PID:1600

/bin/sed
sed "s/:/ /g"
1⤵
- Reads runtime system information
PID:1606

/bin/sed
sed -e "s|-|/|"
1⤵
- Reads runtime system information
PID:1609

/bin/sed
sed -e "s|-|/|"
1⤵
- Reads runtime system information
PID:1612

/usr/bin/cut
cut "-d=" -f 2-
1⤵
PID:1617

/usr/bin/cut
cut "-d=" -f 2-
1⤵
PID:1624

/usr/bin/cut
cut "-d=" -f 2-
1⤵
PID:1627

/usr/bin/cut
cut "-d=" -f 2-
1⤵
PID:1632

/usr/bin/lsb_release
/usr/bin/lsb_release -idrc
1⤵
PID:1649

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -parentBuildID 20230522134052 -prefsLen 19257 -prefMapSize 230809 -appDir /usr/lib/firefox/browser "{62b8675a-27ae-4ff2-a23d-3c8799b32fd9}" 1633 true socket
1⤵
- Changes its process name
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1662

/usr/libexec/xdg-desktop-portal
/usr/libexec/xdg-desktop-portal
1⤵
- Reads runtime system information
PID:1681

/usr/libexec/xdg-document-portal
/usr/libexec/xdg-document-portal
1⤵
- Reads runtime system information
PID:1686

/usr/libexec/xdg-permission-store
/usr/libexec/xdg-permission-store
1⤵
- Reads runtime system information
PID:1690

/usr/libexec/xdg-desktop-portal-gtk
/usr/libexec/xdg-desktop-portal-gtk
1⤵
- Reads runtime system information
PID:1701

/usr/lib/gvfs/gvfsd
/usr/lib/gvfs/gvfsd
1⤵
- Reads runtime system information
PID:1705

/usr/lib/gvfs/gvfsd-fuse
/usr/lib/gvfs/gvfsd-fuse /root/.gvfs -f -o big_writes
1⤵
- Reads runtime system information
PID:1710

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 21750 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser "{b9c0d735-b328-4d92-b86f-2ee262186646}" 1633 true tab
1⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1738

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 21418 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser "{3666684e-934e-4047-b248-8c33d4c0cd61}" 1633 true tab
1⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1760

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 21767 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser "{39268229-10f0-4227-9078-0d3977b57a10}" 1633 true tab
1⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1789

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -childID 4 -isForBrowser -prefsLen 27881 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser "{acd95caf-81f9-485d-a468-72070dfa6799}" 1633 true tab
1⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1806

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Virtualization/Sandbox Evasion

T1497

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

/root/.cache/dconf/user
Filesize
2B

MD5
885bf69dc0168f3624435346d7bf4836

SHA1
167d40b282fa3ab3a759bebaa971561c07cf03f4

SHA256
319d204b93d0584bd3aa878e2e07d51b06fe3e1d4396fc3293e318677d335524

SHA512
a502afbcd9a91923f6803c8ec1e299d80789ff1afad9288bc47f3b599030c2f642409b6b7869e05057b7916e028594260b0e27afff88b39c7d3550038d6fbfda

Download Submit
/root/.cache/mozilla/firefox/1i5j3njt.default-release/cache2/entries/3D1E19D09F398691ABF62061591970855193B42F
Filesize
13KB

MD5
9cb4710f2a37fec6fcb8fc0178cc922a

SHA1
aac5b203b771b4320a1734a1c4e4dc7ea0b80a48

SHA256
2f42e8b6444283d51cd95b6237b3dd540344f52ee552de9b1fd146b077a35530

SHA512
1120b69acd7a0ae499586c95d647690c53f16416604f45a9a1c5a79c4e5faa54d94d321f761e7c1cde799230fc8de5779c7e28ebf571b88a79302be9aacbee2d

Download Submit
/root/.dbus/session-bus/11c67417355f45d397f6be11f62e85a6-0
Filesize
466B

MD5
c88f9a971747c552670dcc506bab56b2

SHA1
ade16271e3182d5701a06a659477ebdd1a2f34cc

SHA256
8c1e063dbdf6791e860afbe021da9c07e3a8c5f79ccc5ba47ad11483835ffe35

SHA512
78e65d77a87da56d2e954c3b55be5fc36786ec42d4015dfc7faa2368229c153267ff62d326a10897d5930ec635ce5a8d7a708a8df5ad921ba57b2442a8a9c580

Download Submit
/root/.mozilla/firefox/1i5j3njt.default-release/cert9.db
Filesize
224KB

MD5
f6cf6fc89c9cfde5e678ab21cfa80383

SHA1
92bd656924aa813ecbc03101de77d242d5071596

SHA256
f74ded87a73d0b04f65c78f37bf690313be0012e1a3ea266f1ea2972ddaf9bb9

SHA512
3322f9112226cf81bb408bc30b27ab1a9f425d7567657b514e21bac29b54a4e3a4ea4822ae7abfb6037d85bb7c09e4b74f1550ce20c0c88b1430d4e4f34b7bc5

Download Submit
/root/.mozilla/firefox/1i5j3njt.default-release/cert9.db
Filesize
224KB

MD5
c6c7d68f67e874a9aa822486f411660d

SHA1
052ae81adfaf4dc0e22db678a04c242b20328e08

SHA256
d10e392f34fb35d21f205423483baae43ba9abd5d02039e42b557dcb3f197e32

SHA512
dc85e09023313102215e7334ebd852c31af6831a6bb1421e2a94ae1190d881f990dd03ab2e3f438c6931a87660ff6dd965087f4c0cca7510f98ca5fa4a4007ab

Download Submit
/root/.mozilla/firefox/1i5j3njt.default-release/cert9.db
Filesize
224KB

MD5
263c4bc994701574d8d80cf9866ae7bc

SHA1
86976b4c74b15449749dbf5b7be7e596ecc1c98c

SHA256
2dd6d609e5465155a8394c7152d5b0e4e5dc2f50a994d64a0788078a5e31df11

SHA512
e3dd3143e0a17d4de2fc2f52d758caacce8ef09b1b89c1e6596c9379eb8699b567633ea574f4743eca510c70a79ad07cdc3f68c7b787ec1c06b5c59d154ee28e

Download Submit
/root/.mozilla/firefox/1i5j3njt.default-release/compatibility.ini
Filesize
163B

MD5
fe452b7294d5928a9a5863b89ee0a6bd

SHA1
a5d4c245071fa96476ba48b4725bdae7f1b7940f

SHA256
d5bfb07561606a19aa96557ea109b175050dc0eb805cbef9c813503587d77900

SHA512
dc37d8507f08849e3382d2dbafd4a64555dbd57a288c95131e9aefb366630f1585811a9e1456b861bb9d2b816ed88b18ffb7580cd92b41bb9b0227ce1363843e

Download Submit
/root/.mozilla/firefox/1i5j3njt.default-release/cookies.sqlite
Filesize
96KB

MD5
9535f5fe817accc769c2c1d3354db39f

SHA1
6af62cf08717cf3bfa84eb1a7b311acf522ce560

SHA256
c53c15fcfac2bb57fdc88d23f932fc244dbaf4020f0f6eaecf0f77a37c21f8c5

SHA512
dc9c2c32eb42dda0a7a711e143aea58c603c1e9d885c3677e9fe86f525e1b0b32a46e240756263e56510b07e764ba69f2de13b90ec18210678242e10cfe17837

Download Submit
/root/.mozilla/firefox/1i5j3njt.default-release/cookies.sqlite
Filesize
96KB

MD5
5caa766855d5613a999f71b7812d6451

SHA1
ad0d9a52a0d5cc7f11858301dbe47377ed99ee37

SHA256
3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27

SHA512
17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

Download Submit
/root/.mozilla/firefox/1i5j3njt.default-release/favicons.sqlite
Filesize
224KB

MD5
3c0a1ec298284608bfa51081ea539be3

SHA1
e51b58f6fe89d45fd8a1d935b51da172d5f6f32e

SHA256
34c4fe7ab2d3e44f193b489ebe84c17d67b336546af9ef231897ec09d7ff16f2

SHA512
8550f530377f7a98c46a6989bec2c43ed644274509a5b987e8e0d034bf867b3315dcc75a2c851a5ac43a45b40bf51c789d828a9a69c02157b3e900467341a28f

Download Submit
/root/.mozilla/firefox/1i5j3njt.default-release/key4.db
Filesize
288KB

MD5
36fb2a6df8df1364af9e541b28e4913f

SHA1
61af6211477ad9489ee42834c6f1fe85405663a8

SHA256
6603fb950bd2697866f7907b4fce78c8743fb55a9e322beba5b37361a568d91d

SHA512
1c60a67333fca32ad3daff07d6a459d9277caf0fe72dfc35c2cefbaccec002c8d2a5a396e74ba067def0de4c5ca1c2fda0017adcd53f4505b91457187d6e4117

Download Submit
/root/.mozilla/firefox/1i5j3njt.default-release/permissions.sqlite
Filesize
96KB

MD5
232fbc22dd03a8ec41edde02bdbea61c

SHA1
6ab4b39bca95418c52f7f861fd39e5fddb9cc7b6

SHA256
d88bf367aaf79efbb2e8fbdb1dc5bde1c1c3a53e0f4d8188027a63ec55d5f5f0

SHA512
055f1595f4a327347671db53cec8d89a310109d3f871c567e3d5b654b956fc0369d12437f7dc6d9327b973008f1327ee0dfdb5504f1b3cbe00da29941b1e5892

Download Submit
/root/.mozilla/firefox/1i5j3njt.default-release/places.sqlite
Filesize
1.3MB

MD5
24d0ee4c1efb55555b11d8bdbdfdd9a6

SHA1
1e5de4ca26b7dcc984d795e4c95b272f294cee0a

SHA256
b9422511cae0fce6907218c7012d8fd2d6c90ab334e2ed054636f6a0d8570771

SHA512
8de5c98d1db4574db2c7e866538e002855a537be5786f0d1b6853f47c1bc92d36ca73f54dca145f5b277f13619cf60b5ab60530380e86fcea30fb9e7ea04a495

Download Submit
/root/.mozilla/firefox/1i5j3njt.default-release/prefs-1.js
Filesize
2KB

MD5
ee28eaa3ec5fd1a494be1b66f7aa610a

SHA1
3e43987d46c968b50cec493e45c7f98aa9c18cce

SHA256
a7dc316ad3faea60166d878be14f93924ce03765ed823b4e8c203bd9a8edfa92

SHA512
e7318d38c6b16141f555a330fe9c8bcea8123d91dfaf18d4f2de7a0af39454c9842369ded25b79c2d61ea2270f153e13c13cc78990c2c739c2b98f033ac724ba

Download Submit
/root/.mozilla/firefox/1i5j3njt.default-release/prefs-1.js
Filesize
2KB

MD5
8c8880ac1b485e7a2497b633f290c5be

SHA1
6c72bfc9b102020e570511195b71b95caf5bc881

SHA256
6606a04413fffe1928aaa9c9eec7a18003997c2fadb613b1fd18e1f26ee704f0

SHA512
99e462f80a4b8fcb2cfed08584bbd77cb8d1e133acf2484a2f7be6ecc621792c7d09ad8d9eb4ae7be2ae136ee768719227e5f3c596a54e9df2bce8db2ace396b

Download Submit
/root/.mozilla/firefox/1i5j3njt.default-release/prefs-1.js
Filesize
3KB

MD5
40e6052247abbb24b36a0e26f8a065e4

SHA1
a224b7766b60ac4d0aa8264b47cd456c862062d7

SHA256
edfa2f715604da09e7e738a01c7c9c1aaadb198eb04df4d69ec79851555e4924

SHA512
c3bd587ad32ea76396c6b71383264d41dcc4c346c47409b0c0ff1758e7b29d2a75dfc93171d2cbf8c0141968b9a4bfd99e57d06780a508bd658315cdca49f4d5

Download Submit
/root/.mozilla/firefox/1i5j3njt.default-release/prefs-1.js
Filesize
4KB

MD5
fecf529f20f0adc2b695fefc6455246f

SHA1
81f397e8ee2f2735c0cf08e723bfee8333ea46a2

SHA256
504bbb1351bd69f17344052da244146643437f8e3eaf4ca1c4fa7df39910df01

SHA512
5b15018d52cfed9f1bc501eea9a58460261dae8373005a119b3db01cdf46c14ebd097401956519cd2c4710b77513260f0731953a02a588d0c4ad8ee29daa052a

Download Submit
/root/.mozilla/firefox/1i5j3njt.default-release/prefs.js
Filesize
1KB

MD5
88712db15c75a02096332db7fbedc769

SHA1
aa8467be55b44db1e890ff8d5abb762d95540955

SHA256
609b1e2264ce2c4dfe3b60419278d8f64fa491e3970968f6959be8a30db5603b

SHA512
a423c1e946182be703414f7aa76c20aaea6ec6ca175fd77cb38159847e9e462047f6471f8a9d5350b4cc88aea6c30756da731df9f78c90651b8f3714df39f384

Download Submit
/root/.mozilla/firefox/1i5j3njt.default-release/storage/ls-archive.sqlite
Filesize
96KB

MD5
e0c613bfd69956a19ce2dc5e925aa223

SHA1
14accb230edcd6cb76967cdc6d4e5686db96b5df

SHA256
0d4cb11f6364c46a75f9eaddfca5c660b90dfd515df3afcd5e0baeca28a0f1ab

SHA512
01643c0131a392be92b3f281d7f633c1f502bff19090b0d716f1ac66aefecc3fcf92f393bef66b03089c9b9c6d8aaeb711b6a4f29d5a6729dd188c838f2272d1

Download Submit
/root/.mozilla/firefox/1i5j3njt.default-release/storage/ls-archive.sqlite
Filesize
128KB

MD5
178d71e5529d637ac62f7e75fdd75896

SHA1
339f2b949cc4c207b66aea11137448ba28d36dcb

SHA256
7b0050f1bfaab85c8f9067ae7d7369056ff752c0c852ef1462a96c22169004d4

SHA512
ec0e0105fcfbbae356dd55efbcf92975f35bbe5cb93fcabf4c08443e871957635d14830b27c4e1ddefbbaff8f9b7ec3590bf417a9442e1d7ee3607d14d56f664

Download Submit
/root/.mozilla/firefox/1i5j3njt.default-release/storage/permanent/chrome/.metadata-v2-tmp
Filesize
42B

MD5
fb4a2184db2f6fa4e149efcd475cae0a

SHA1
4dcab6fa4795e6b63bd71c231a06fc45531ed919

SHA256
a60a4878ea7a3299fbc87707fcd90fac68f790f9c150c769e9c8d4ca0e2c1fbd

SHA512
8bceb5872b6c66e8fc21797a4997abbe00a20678849df618176327a7a9b1368ff69540bb37f496fdfa0ff692e7568e87303dcc4ba996601cb589b2320ccbd7c1

Download Submit
/root/.mozilla/firefox/1i5j3njt.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite
Filesize
44KB

MD5
a8dd7ebaad5528b23f82ccb1534cea18

SHA1
600daceacfb5cf9df0b66ba7dce4516b2ac4df70

SHA256
e5b0d02c18ae36c4a220f41fd97c66060c17aaafcbb324a57ccdc2707c44c4ec

SHA512
67f867a8e2b37fb6bececd5ebc570ca594ea329142badd63d1281d5e735f515a5e329abc6eb9a9d3465aab0a08541b4888018d859964f160a52345ab93532bff

Download Submit
/root/.mozilla/firefox/1i5j3njt.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite
Filesize
12KB

MD5
5d681798db725c4196c9900d9f2e685e

SHA1
d7c34ba56a12587cc97f37fc0cf65c5f14b4fbcb

SHA256
3e7b29e5a0e5e3512f4dee1fbbe11ff511706047664195b7ca0e808bb3066247

SHA512
93bff13620a81b5df17059d7f83483be4bcbff09b55748479be74e51a5a4d7cffbeff8566ff7e3b3a634c8e3d5bbcbd6d8fc2e8a0d49eb4168996dad1dcf57cd

Download Submit
/root/.mozilla/firefox/1i5j3njt.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite
Filesize
44KB

MD5
7352c8848e88edc39b7fb5e663888187

SHA1
8c3dffe25cc56c7aec1b782292d6fceed81e6304

SHA256
7a462086a26978809c719e57a7ea6a25568767fb7532014e8531fda94b660e0a

SHA512
f2a0dbbab5c2c1702b03bce15a47739481f523e127d1372b40534db9a20b2bc99fb53710ee0e5d44176188817cac704cf4f98cdf087e7e89d244281fcfc3b280

Download Submit
/root/.mozilla/firefox/1i5j3njt.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite
Filesize
12KB

MD5
f8e0dc936e54606870a28d525a5a4395

SHA1
34cde71aeb47191ea3ebb67e25fe663ff3cf0a51

SHA256
e0444f7e63f8d8b00a07848bdbaaef9a813690fbc7cb77c526fbcf9b4189fff6

SHA512
9db51bee4eaeb089967bf73f858cac4011c56df7057886fa7f889c0f9ddf199098b112cf84936990dac4a38affeef9ed3322d25b84a478002668d510fdfcb771

Download Submit
/root/.mozilla/firefox/1i5j3njt.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite
Filesize
44KB

MD5
759544297aaa61f5fef8ee42d0ae4393

SHA1
fc2d66f6e60409e3e8d38623ce5f817fc7f571e0

SHA256
1bd2000cd972e80cefaec6e982ba261d224a818f367de0fdf8c51fa5a05d7ab5

SHA512
8aaa2ce66f10d46f7c9200af841ac7bd9f5b55c30308a14f0deda44ac62581c45daae45154487c0073a0d5847d5926cbb4072ca64a702ac6b834ad0bb482804f

Download Submit
/root/.mozilla/firefox/1i5j3njt.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite
Filesize
12KB

MD5
30e26269eafbf5ceb8df9f7dc775b9e0

SHA1
05b5d24a48e35f46bc9c3dea03b95cf5d766dbe0

SHA256
e43d9ed63593f42f6c9bec0c9793fd82ac6c1871ad7ad5f4cf0162f6a779bfc6

SHA512
2ad359e850676dd6ab97798ff8457d238c52cd7d41ccc585c8fbae82c278994c8e31d4073164b0a0bbaddd12275792bd8b9dd99532bc84f3daee27f9be13a112

Download Submit
/root/.mozilla/firefox/1i5j3njt.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite
Filesize
16KB

MD5
7307ff9b011306d222442b186dbc8ea6

SHA1
2bfc3a84225ff5f16a6589a4c1b670fb36a15ea1

SHA256
fa447d04acba032cafc1abfa954ff3d9f4bbc7097af1e932728a8529e9c00554

SHA512
6d3abf20e87943f8df47d2b8e617697667fdc9fc29c4429bc177809c8045937f508eb7e9c5005109c39be94194860efef51fa105c0a3fff34627aeea5deb3b77

Download Submit
/root/.mozilla/firefox/1i5j3njt.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
Filesize
44KB

MD5
07a412e08825220262ad2890757ff779

SHA1
f46c127dbc070ded87a6078b3c1c761955f96de8

SHA256
da640f8b665841b520d2262a21cc3f82aeaa881cf81a1ddae27ef501d66544e4

SHA512
0134c783bf3293848e479b478ac57a1e0f4202cddfb8b57bc6275aada7345f398cf8a627e9b1c34fd618192c2f0c9737b1da487daf33f9c557ebc1377105582b

Download Submit
/root/.mozilla/firefox/1i5j3njt.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
Filesize
12KB

MD5
16b6f6464c68b811306be1cbb394db45

SHA1
e424247ce578d221901ba9571ff173998be99211

SHA256
3925102e0349ce24a6dbe78a4a806d72b93e2f608c45d29c203e3f761c5bce04

SHA512
37866c602d9e50ab2839674d96b66c15df7f43ebbf5ac191376f5ee837674ad5e2db7eed72063595c1368fad3d1f17389353b219a4f1f81c5742263dfc864b5b

Download Submit
/root/.mozilla/firefox/1i5j3njt.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
Filesize
164KB

MD5
5eecccc2b36b10967650667c11b202d6

SHA1
5cbfd79d879c6d1dba3dd5a2f8a6cd5f99fb99c5

SHA256
88518e37dd0872de204d53bc6c9187e64ee714c513893615a29ea8f0dec6aa44

SHA512
b6aa29ea9c7b29ee46609c5fdb1166f200ba78c7bd642aa5176ac93949ee3b3bf468239988fafb80d8ec33a477d90bdfbe0020ef16518028f3ee093e53d468f8

Download Submit
/root/.mozilla/firefox/1i5j3njt.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
Filesize
148KB

MD5
dd3f6ba37c670af5953593535e435d04

SHA1
ecfe4e650a050bce77e8ff7468de04c1b8acc9a4

SHA256
5cc6fa137a1f3a7d0b615b178877f12c460b22f95702eb7534d5732ee6599561

SHA512
86e0482543faae6fb279ca71e1e6d6461d32317e74baebb3973e0fde9800107faeb9c2347be6cf8a47556ae43c8e6c224a595e952f621e40ad2c5eba920df2b3

Download Submit
/root/.mozilla/firefox/1i5j3njt.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
Filesize
168KB

MD5
e87498f20e6ffb24c100b389c9186fd6

SHA1
919ac3ffd22845e2ed3bf53ff974ab495d0a7c73

SHA256
98fb2b81377690e84819f72cb58f02505856485830b2bb98c5f1e3b4804013d0

SHA512
706619b456d5beba0308ca27ff3e011c844aea05ad99ae3a572748c8dbb20e9992be624609ca1cb56ff82f29181c9b1e95b9ce7032601db4c24d2e13e5d454e7

Download Submit
/root/.mozilla/firefox/1i5j3njt.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
Filesize
232KB

MD5
acf01119af3ee0d161b6e1049e26f195

SHA1
8bc33819ec10dae13e2ff134ad511eab20b6c1cd

SHA256
e1998c974705b8d904597e177b52c35f5d66b635fe71441941000bc7cfc675f2

SHA512
cb015e43fb40912970f77491b51c56099fb889e4eea4920e758081e207589a13c7c65ef556735ad7ca5fd90fef9ed3e86907f7f12570d07f8fc83f313fbef2dc

Download Submit
/root/.mozilla/firefox/1i5j3njt.default-release/times.json
Filesize
50B

MD5
7343d29b33fe7160faccb250ca7525ab

SHA1
1c59a1741f3aa95201ef89a497fc0e1abf495e07

SHA256
3ea5dc0323a443374e596ab31cdfdedb986d4aa5ce2c9c1d5f8d55d127ff753c

SHA512
ee534a3e7c763e4a4fa27dbc5a1ab4423ab49d6522bbe9d5690b7584ef806cc158325cdbe9a68a7b75f71c5bae781bd87bdf9e6eaf7c7dcc8464ca88a2fa1ab4

Download Submit
/root/.mozilla/firefox/1i5j3njt.default-release/times.json
Filesize
47B

MD5
828be4aee898837233c50c96acfae328

SHA1
50f13d4d2043849ebfb7834a4b9bf9da5f1f1518

SHA256
9c75dbf4cf3d67c715a610bc5460a646a57d631f0220aafb2863c34399fb3c8c

SHA512
c0be397c1a53f592310ae51294f68ab2f83c80ee600164c91517d6e4c4f87e08e2b4a7e46ceb2154bf1b7ac83d824c3ac0b10b8bc8d8af6d03622e08cbd1c069

Download Submit
/root/.mozilla/firefox/Crash Reports/InstallTime20230522134052
Filesize
10B

MD5
d17fc9d752361da9bd455fb65cf02834

SHA1
d2db99839f4ac9a2d415d4b2295fd471ebbd852c

SHA256
7713059926d799b59ee1e1b762fd28bca3d656d707b67c0f2d6e242797b3266d

SHA512
588e44527e8d94b18540f8503ca858454e429fd36d4a6df75f125d8b8ab251d5ee96789f00540ec8037541db6360e3ef69a5367450e2f5a7f71f7ce35e86277e

Download Submit
/root/.mozilla/firefox/installs.ini
Filesize
62B

MD5
c5844221d121f0fb911e69b7713e48e1

SHA1
9cbc3a08d525a2908e579e294d0b24258ac83d7c

SHA256
1c81d1b022cc9122e83012290da506487ba64f42a2af9672a418cb59f371843e

SHA512
40e63ee909e476a532a6687d688dade41c7cb87f3816fd6040c74b527a695d31226948e5549f53bbf9108c86d305e9a4f5f856c8cfec99ce17b2a52f94b63ebf

Download Submit
/root/.mozilla/firefox/l7kb1gw4.default/times.json
Filesize
47B

MD5
7a3aacb3de91cf291b5dbb98a5866329

SHA1
d84cacd29c490cdd292e52e57e1696c795b16c1c

SHA256
96f8901c2b4dd845b995defb3cf0274b4733af41d988136d198f7e83d0c7e098

SHA512
078c5d9fa141c5011a72256a639d42a01e11608f908d2d9e9ee5c8095b874de8eafd07be43d7279da937bb25f58ee9ad787c409015b2b821701b22e013a667e4

Download Submit
/root/.mozilla/firefox/profiles.ini
Filesize
259B

MD5
e42859d54ff90ecc1a82afa97607dcbd

SHA1
eefd348d1f0494769beee2041d39b390e22ca202

SHA256
4808eb5fe49df62fb575f0736ae692147cfff7baa9a226ff9eeafbf458c23bb4

SHA512
c40ac1b902f76c21d7d2661b9ec28010dd5b7c586c3803cd8209fe929d37502fe042b55999c9c14c5a91d011a56f364ad0200c32ffbe703100a5c58fc31c9f63

Download Submit