hxxp://something

Analysis

max time kernel
4s
max time network
113s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20240226-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20240226-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
28-03-2024 07:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://something

Score

7^/10

antivm spyware stealer

Malware Config

Signatures

Changes its process name 64 IoCs

Processes:

firefox

description	ioc	pid
Changes the process name, possibly in an attempt to hide itself	IPC I/O Parent	1633
Changes the process name, possibly in an attempt to hide itself	IPC I/O Parent	1633
Changes the process name, possibly in an attempt to hide itself	IPC I/O Parent	1633
Changes the process name, possibly in an attempt to hide itself	glean.dispatche	1632
Changes the process name, possibly in an attempt to hide itself	Backgro~Pool #1	1638
Changes the process name, possibly in an attempt to hide itself	Backgro~Pool #1	1638
Changes the process name, possibly in an attempt to hide itself	IPDL Background	1637
Changes the process name, possibly in an attempt to hide itself	IPDL Background	1637
Changes the process name, possibly in an attempt to hide itself	Socket Thread	1636
Changes the process name, possibly in an attempt to hide itself	Socket Thread	1636
Changes the process name, possibly in an attempt to hide itself	HTML5 Parser	1639
Changes the process name, possibly in an attempt to hide itself	HTML5 Parser	1639
Changes the process name, possibly in an attempt to hide itself	Netlink Monitor	1635
Changes the process name, possibly in an attempt to hide itself	Netlink Monitor	1635
Changes the process name, possibly in an attempt to hide itself	Timer	1634
Changes the process name, possibly in an attempt to hide itself	Timer	1634
Changes the process name, possibly in an attempt to hide itself	JS Watchdog	1641
Changes the process name, possibly in an attempt to hide itself	JS Watchdog	1641
Changes the process name, possibly in an attempt to hide itself	BGReadURLs	1643
Changes the process name, possibly in an attempt to hide itself	BGReadURLs	1643
Changes the process name, possibly in an attempt to hide itself	Cache2 I/O	1644
Changes the process name, possibly in an attempt to hide itself	Cookie	1645
Changes the process name, possibly in an attempt to hide itself	Cookie	1645
Changes the process name, possibly in an attempt to hide itself	StreamTrans #1	1646
Changes the process name, possibly in an attempt to hide itself	StreamTrans #1	1646
Changes the process name, possibly in an attempt to hide itself	TaskCon~ller #1	1648
Changes the process name, possibly in an attempt to hide itself	TaskCon~ller #0	1647
Changes the process name, possibly in an attempt to hide itself	BgIOThr~Pool #1	1649
Changes the process name, possibly in an attempt to hide itself	BgIOThr~Pool #1	1649
Changes the process name, possibly in an attempt to hide itself	QuotaManager IO	1650
Changes the process name, possibly in an attempt to hide itself	QuotaManager IO	1650
Changes the process name, possibly in an attempt to hide itself	IndexedDB #1	1656
Changes the process name, possibly in an attempt to hide itself	IndexedDB #1	1656
Changes the process name, possibly in an attempt to hide itself	IPC Launch	1662
Changes the process name, possibly in an attempt to hide itself	IPC Launch	1662
Changes the process name, possibly in an attempt to hide itself	SandboxReporter	1661
Changes the process name, possibly in an attempt to hide itself	SandboxReporter	1661
Changes the process name, possibly in an attempt to hide itself	Breakpad Server	1660
Changes the process name, possibly in an attempt to hide itself	Sandbox Forked	1663
Changes the process name, possibly in an attempt to hide itself	DOM Worker	1664
Changes the process name, possibly in an attempt to hide itself	DOM Worker	1664
Changes the process name, possibly in an attempt to hide itself	Chroot Helper	1665
Changes the process name, possibly in an attempt to hide itself	StreamTrans #5	1671
Changes the process name, possibly in an attempt to hide itself	StreamTrans #5	1671
Changes the process name, possibly in an attempt to hide itself	StreamTrans #4	1670
Changes the process name, possibly in an attempt to hide itself	StreamTrans #4	1670
Changes the process name, possibly in an attempt to hide itself	StreamTrans #3	1669
Changes the process name, possibly in an attempt to hide itself	StreamTrans #3	1669
Changes the process name, possibly in an attempt to hide itself	StreamTrans #2	1668
Changes the process name, possibly in an attempt to hide itself	StreamTrans #2	1668
Changes the process name, possibly in an attempt to hide itself	MainThread	1663	firefox
Changes the process name, possibly in an attempt to hide itself	IPC I/O Child	1673
Changes the process name, possibly in an attempt to hide itself	IPC I/O Child	1673
Changes the process name, possibly in an attempt to hide itself	IPC I/O Child	1673
Changes the process name, possibly in an attempt to hide itself	FSBroker1663	1674
Changes the process name, possibly in an attempt to hide itself	FSBroker1663	1674
Changes the process name, possibly in an attempt to hide itself	Socket Process	1663	firefox
Changes the process name, possibly in an attempt to hide itself	Backgro~Pool #1	1675
Changes the process name, possibly in an attempt to hide itself	Backgro~Pool #1	1675
Changes the process name, possibly in an attempt to hide itself	Socket Thread	1676
Changes the process name, possibly in an attempt to hide itself	Socket Thread	1676
Changes the process name, possibly in an attempt to hide itself	Timer	1678
Changes the process name, possibly in an attempt to hide itself	Timer	1678
Changes the process name, possibly in an attempt to hide itself	ProfilerChild	1677

Reads user data of web browsers 64 IoCs

Reads stored browser data which can include saved credentials.

spyware stealer

Processes:

firefox

description	ioc	process
File opened for reading	/root/.mozilla/firefox/uss0xg4o.default-release/addonStartup.json.lz4	firefox
File opened for reading	/root/.mozilla/firefox/uss0xg4o.default-release/ClientAuthRememberList.txt
File opened for reading	/root/.mozilla/firefox/uss0xg4o.default-release/storage/default
File opened for reading	/root/.mozilla/firefox/uss0xg4o.default-release/favicons.sqlite-wal
File opened for reading	/root/.mozilla/firefox/uss0xg4o.default-release/prefs.js	firefox
File opened for reading	/root/.mozilla/firefox/uss0xg4o.default-release/sessionstore.jsonlz4
File opened for reading	/root/.mozilla/firefox/uss0xg4o.default-release/pkcs11.txt	firefox
File opened for reading	/root/.mozilla/firefox/uss0xg4o.default-release/cert9.db-journal	firefox
File opened for reading	/root/.mozilla/firefox/uss0xg4o.default-release/SiteSecurityServiceState.txt
File opened for reading	/root/.mozilla/firefox/uss0xg4o.default-release/places.sqlite-wal
File opened for reading	/root/.mozilla/firefox/uss0xg4o.default-release/user.js	firefox
File opened for reading	/root/.mozilla/firefox/uss0xg4o.default-release/cert9.db
File opened for reading	/root/.mozilla/firefox/uss0xg4o.default-release/sessionstore-backups/previous.js
File opened for reading	/root/.mozilla/firefox/uss0xg4o.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite
File opened for reading	/root/.mozilla/firefox/uss0xg4o.default-release/places.sqlite	firefox
File opened for reading	/root/.mozilla/firefox/uss0xg4o.default-release/cookies.sqlite-journal
File opened for reading	/root/.mozilla/firefox/uss0xg4o.default-release	firefox
File opened for reading	/root/.mozilla/firefox/uss0xg4o.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-wal
File opened for reading	/root/.mozilla/firefox/uss0xg4o.default-release/sessionstore.js
File opened for reading	/root/.mozilla/firefox/uss0xg4o.default-release/cert9.db-journal
File opened for reading	/root/.mozilla/firefox/uss0xg4o.default-release/extension-settings.json
File opened for reading	/root/.mozilla/firefox/uss0xg4o.default-release/system-extensions	firefox
File opened for reading	/root/.mozilla/firefox/uss0xg4o.default-release/sessionCheckpoints.json
File opened for reading	/root/.mozilla/firefox/uss0xg4o.default-release/sessionstore-backups/previous.jsonlz4
File opened for reading	/root/.mozilla/firefox/uss0xg4o.default-release/storage/permanent/chrome
File opened for reading	/root/.mozilla/firefox/uss0xg4o.default-release/storage.sqlite
File opened for reading	/root/.mozilla/firefox/uss0xg4o.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite-journal
File opened for reading	/root/.mozilla/firefox/uss0xg4o.default-release/cert_override.txt	firefox
File opened for reading	/root/.mozilla/firefox/uss0xg4o.default-release/AlternateServices.txt
File opened for reading	/root/.mozilla/firefox/uss0xg4o.default-release/cookies.sqlite	firefox
File opened for reading	/root/.mozilla/firefox/uss0xg4o.default-release/storage.sqlite-journal
File opened for reading	/root/.mozilla/firefox/uss0xg4o.default-release/permissions.sqlite-journal
File opened for reading	/root/.mozilla/firefox/uss0xg4o.default-release/sessionstore-backups/recovery.jsonlz4
File opened for reading	/root/.mozilla/firefox/uss0xg4o.default-release/cert9.db	firefox
File opened for reading	/root/.mozilla/firefox/uss0xg4o.default-release/favicons.sqlite-wal	firefox
File opened for reading	/root/.mozilla/firefox/uss0xg4o.default-release/places.sqlite-wal	firefox
File opened for reading	/root/.mozilla/firefox/uss0xg4o.default-release/extensions	firefox
File opened for reading	/root/.mozilla/firefox/uss0xg4o.default-release/sessionstore-backups/recovery.js
File opened for reading	/root/.mozilla/firefox/uss0xg4o.default-release/xulstore.json	firefox
File opened for reading	/root/.mozilla/firefox/uss0xg4o.default-release/storage/ls-archive.sqlite-journal
File opened for reading	/root/.mozilla/firefox/uss0xg4o.default-release/addons.json
File opened for reading	/root/.mozilla/firefox/uss0xg4o.default-release/sessionstore-backups/recovery.baklz4
File opened for reading	/root/.mozilla/firefox/uss0xg4o.default-release/sessionstore-backups/recovery.bak
File opened for reading	/root/.mozilla/firefox/uss0xg4o.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite-wal
File opened for reading	/root/.mozilla/firefox/uss0xg4o.default-release/storage/temporary
File opened for reading	/root/.mozilla/firefox/uss0xg4o.default-release/places.sqlite-journal	firefox
File opened for reading	/root/.mozilla/firefox/uss0xg4o.default-release/favicons.sqlite	firefox
File opened for reading	/root/.mozilla/firefox/uss0xg4o.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
File opened for reading	/root/.mozilla/firefox/uss0xg4o.default-release/favicons.sqlite
File opened for reading	/root/.mozilla/firefox/uss0xg4o.default-release/storage
File opened for reading	/root/.mozilla/firefox/uss0xg4o.default-release/handlers.json	firefox
File opened for reading	/root/.mozilla/firefox/uss0xg4o.default-release/search.json.mozlz4
File opened for reading	/root/.mozilla/firefox/uss0xg4o.default-release/content-prefs.sqlite
File opened for reading	/root/.mozilla/firefox/uss0xg4o.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite-journal
File opened for reading	/root/.mozilla/firefox/uss0xg4o.default-release/content-prefs.sqlite-journal
File opened for reading	/root/.mozilla/firefox/uss0xg4o.default-release/cookies.sqlite
File opened for reading	/root/.mozilla/firefox/uss0xg4o.default-release/extensions.json
File opened for reading	/root/.mozilla/firefox/uss0xg4o.default-release/storage/ls-archive.sqlite
File opened for reading	/root/.mozilla/firefox/uss0xg4o.default-release/permissions.sqlite
File opened for reading	/root/.mozilla/firefox/uss0xg4o.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-journal
File opened for reading	/root/.mozilla/firefox/uss0xg4o.default-release/ExperimentStoreData.json
File opened for reading	/root/.mozilla/firefox/uss0xg4o.default-release/places.sqlite
File opened for reading	/root/.mozilla/firefox/uss0xg4o.default-release
File opened for reading	/root/.mozilla/firefox/uss0xg4o.default-release/shield-preference-experiments.json

Checks CPU configuration 1 TTPs 1 IoCs
Checks CPU information which indicate if the system is a virtual machine.
antivm

Virtualization/Sandbox Evasion
T1497

Processes:

description ioc

File opened for reading /proc/cpuinfo

description	ioc
File opened for reading	/proc/cpuinfo

Reads CPU attributes 1 TTPs 11 IoCs

System Information Discovery

T1082

Processes:

firefoxfirefoxfirefoxfirefoxfirefoxfirefox

description	ioc	process
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index2/size
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index3/size
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
File opened for reading	/sys/devices/system/cpu/present
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/present	firefox

Enumerates kernel/hardware configuration 1 TTPs 60 IoCs

Reads contents of /sys virtual filesystem to enumerate system information.

System Information Discovery

T1082

Processes:

firefoxfirefoxfirefoxdbus-daemonfirefoxfirefoxfirefox

description	ioc
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/resource
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/irq
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/resource
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/vendor
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/device
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/class
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/class
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/class
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/device
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/device
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/irq
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/vendor
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/vendor
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/resource
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/subsystem_vendor
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/device
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/device
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/irq
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/resource
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/device
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/irq
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/irq
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/class
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/irq
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/class
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/vendor
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/uevent
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/vendor
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/vendor
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/resource
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/class
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/subsystem_device
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/vendor
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/class
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/class
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/device
File opened for reading	/sys/devices/system/cpu
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/kernel/security/apparmor/features/dbus/mask	dbus-daemon
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/class
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/irq
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/device
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/device
File opened for reading	/sys/bus/pci/devices
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/vendor
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/resource
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/irq
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/resource
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/resource
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/device
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/irq
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/vendor
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/resource
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/vendor
File opened for reading	/sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us	firefox

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

Processes:

sedfirefoxfirefoxfirefoxsedgvfsd-fusefirefoxseddbus-daemongvfsdsedxdg-permission-storexdg-document-portalfirefoxsed

description	ioc
File opened for reading	/proc/self/fd
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/1760/statm
File opened for reading	/proc/self/fd/111	firefox
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/1760/smaps
File opened for reading	/proc/self/task/1628/stat
File opened for reading	/proc/self/fd/50	firefox
File opened for reading	/proc/1684/cmdline
File opened for reading	/proc/self/cgroup	firefox
File opened for reading	/proc/self/fd/34	firefox
File opened for reading	/proc/1543/status
File opened for reading	/proc/self/fd/6	firefox
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/self/fd/29	firefox
File opened for reading	/proc/self/fd/75	firefox
File opened for reading	/proc/self/task/1808/stat
File opened for reading	/proc/self/fd/41	firefox
File opened for reading	/proc/filesystems	gvfsd-fuse
File opened for reading	/proc/self/task/1767/stat
File opened for reading	/proc/1560/cmdline
File opened for reading	/proc/self/stat
File opened for reading	/proc/self/fd/31	firefox
File opened for reading	/proc/self/mountinfo
File opened for reading	/proc/1689/cmdline
File opened for reading	/proc/1693/cmdline
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/1738/statm
File opened for reading	/proc/1538/cmdline
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/self/fd/37	firefox
File opened for reading	/proc/self/fd/49	firefox
File opened for reading	/proc/filesystems	dbus-daemon
File opened for reading	/proc/filesystems	gvfsd
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/1626/cmdline
File opened for reading	/proc/self/mountinfo	firefox
File opened for reading	/proc/1738/smaps
File opened for reading	/proc/filesystems	xdg-permission-store
File opened for reading	/proc/1708/cmdline
File opened for reading	/proc/self/fd/102	firefox
File opened for reading	/proc/self/fd/104	firefox
File opened for reading	/proc/sys/kernel/cap_last_cap
File opened for reading	/proc/1543/attr/current
File opened for reading	/proc/self/fd/38	firefox
File opened for reading	/proc/filesystems	xdg-document-portal
File opened for reading	/proc/1804/smaps
File opened for reading	/proc/self/task/1672/stat
File opened for reading	/proc/self/fd/43	firefox
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/self/fd/44	firefox
File opened for reading	/proc/self/fd/47	firefox
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/self/task/1790/stat
File opened for reading	/proc/mounts	dbus-daemon
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/self/fd/36	firefox
File opened for reading	/proc/self/fd/40	firefox
File opened for reading	/proc/self/task/1744/stat
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/1804/statm

Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.

Processes:

firefox

description ioc process

File opened for modification /tmp/firefox/.parentlock firefox

description	ioc	process
File opened for modification	/tmp/firefox/.parentlock	firefox

/usr/bin/xdg-open
xdg-open http://something
1⤵
PID:1537

/usr/bin/dbus-send
dbus-send --print-reply "--dest=org.freedesktop.DBus" /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager
2⤵
PID:1538

/usr/bin/dbus-launch
dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr
3⤵
PID:1539

/bin/grep
grep " = \\\"xfce4\\\"\$"
2⤵
PID:1545

/usr/bin/xprop
xprop -root _DT_SAVE_MODE
2⤵
PID:1544

/bin/grep
grep -i "^xfce_desktop_window"
2⤵
PID:1548

/usr/bin/xprop
xprop -root
2⤵
PID:1547

/bin/grep
grep -q "^Enlightenment"
2⤵
PID:1550

/bin/uname
uname
2⤵
PID:1551

/bin/grep
grep -q "^file://"
2⤵
PID:1553

/bin/egrep
egrep -q "^[[:alpha:]+\\.\\-]+:"
2⤵
PID:1555

/usr/local/sbin/grep
grep -E -q "^[[:alpha:]+\\.\\-]+:"
2⤵
PID:1555

/usr/local/bin/grep
grep -E -q "^[[:alpha:]+\\.\\-]+:"
2⤵
PID:1555

/usr/sbin/grep
grep -E -q "^[[:alpha:]+\\.\\-]+:"
2⤵
PID:1555

/usr/bin/grep
grep -E -q "^[[:alpha:]+\\.\\-]+:"
2⤵
PID:1555

/sbin/grep
grep -E -q "^[[:alpha:]+\\.\\-]+:"
2⤵
PID:1555

/bin/grep
grep -E -q "^[[:alpha:]+\\.\\-]+:"
2⤵
PID:1555

/usr/bin/xdg-mime
xdg-mime query default x-scheme-handler/http
2⤵
PID:1559

/usr/bin/dbus-send
dbus-send --print-reply "--dest=org.freedesktop.DBus" /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager
3⤵
PID:1560

/usr/bin/dbus-launch
dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr
4⤵
PID:1561

/bin/grep
grep " = \\\"xfce4\\\"\$"
3⤵
PID:1563

/usr/bin/xprop
xprop -root _DT_SAVE_MODE
3⤵
PID:1562

/bin/grep
grep -i "^xfce_desktop_window"
3⤵
PID:1565

/usr/bin/xprop
xprop -root
3⤵
PID:1564

/bin/grep
grep -q "^Enlightenment"
3⤵
PID:1567

/bin/uname
uname
3⤵
PID:1568

/usr/bin/which
which firefox
2⤵
PID:1614

/usr/bin/firefox
/usr/bin/firefox http://something
2⤵
PID:1626

/usr/bin/which
which /usr/bin/firefox
3⤵
PID:1627

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox http://something
2⤵
- Reads user data of web browsers
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
- Writes file to tmp directory
PID:1626

/usr/bin/dbus-launch
dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr
3⤵
PID:1631

/usr/local/sbin/dbus-launch
dbus-launch "--autolaunch=11c67417355f45d397f6be11f62e85a6" --binary-syntax --close-stderr
3⤵
PID:1681

/usr/local/bin/dbus-launch
dbus-launch "--autolaunch=11c67417355f45d397f6be11f62e85a6" --binary-syntax --close-stderr
3⤵
PID:1681

/usr/sbin/dbus-launch
dbus-launch "--autolaunch=11c67417355f45d397f6be11f62e85a6" --binary-syntax --close-stderr
3⤵
PID:1681

/usr/bin/dbus-launch
dbus-launch "--autolaunch=11c67417355f45d397f6be11f62e85a6" --binary-syntax --close-stderr
3⤵
PID:1681

/usr/bin/dbus-daemon
/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session
1⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1541

/bin/sed
sed -n "s/\$^[[:alnum:]+\\.-]*\$:.*\$/\\1/p"
1⤵
- Reads runtime system information
PID:1558

/bin/sed
sed "s/:/ /g"
1⤵
- Reads runtime system information
PID:1571

/usr/bin/cut
cut -d ";" -f 1
1⤵
PID:1576

/usr/bin/cut
cut -d "=" -f 2
1⤵
PID:1575

/usr/bin/head
head -n 1
1⤵
PID:1574

/bin/grep
grep "x-scheme-handler/http=" /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache
1⤵
PID:1573

/usr/bin/cut
cut -d ";" -f 1
1⤵
PID:1581

/usr/bin/cut
cut -d "=" -f 2
1⤵
PID:1580

/usr/bin/head
head -n 1
1⤵
PID:1579

/bin/grep
grep "x-scheme-handler/http=" /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache
1⤵
PID:1578

/usr/bin/cut
cut -d ";" -f 1
1⤵
PID:1586

/usr/bin/cut
cut -d "=" -f 2
1⤵
PID:1585

/usr/bin/head
head -n 1
1⤵
PID:1584

/bin/grep
grep "x-scheme-handler/http=" /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache
1⤵
PID:1583

/usr/bin/cut
cut -d ";" -f 1
1⤵
PID:1591

/usr/bin/cut
cut -d "=" -f 2
1⤵
PID:1590

/usr/bin/head
head -n 1
1⤵
PID:1589

/bin/grep
grep "x-scheme-handler/http=" /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache
1⤵
PID:1588

/usr/bin/cut
cut -d ";" -f 1
1⤵
PID:1596

/usr/bin/cut
cut -d "=" -f 2
1⤵
PID:1595

/usr/bin/head
head -n 1
1⤵
PID:1594

/bin/grep
grep "x-scheme-handler/http=" /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache
1⤵
PID:1593

/bin/sed
sed "s/:/ /g"
1⤵
- Reads runtime system information
PID:1599

/bin/sed
sed -e "s|-|/|"
1⤵
- Reads runtime system information
PID:1602

/bin/sed
sed -e "s|-|/|"
1⤵
- Reads runtime system information
PID:1605

/usr/bin/cut
cut "-d=" -f 2-
1⤵
PID:1613

/usr/bin/cut
cut "-d=" -f 2-
1⤵
PID:1617

/usr/bin/cut
cut "-d=" -f 2-
1⤵
PID:1620

/usr/bin/cut
cut "-d=" -f 2-
1⤵
PID:1625

/usr/bin/lsb_release
/usr/bin/lsb_release -idrc
1⤵
PID:1642

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -parentBuildID 20230522134052 -prefsLen 19257 -prefMapSize 230809 -appDir /usr/lib/firefox/browser "{852a1dec-8f1f-4228-91d1-94697457bca4}" 1626 true socket
1⤵
- Changes its process name
- Reads CPU attributes
- Enumerates kernel/hardware configuration
PID:1663

/usr/libexec/xdg-desktop-portal
/usr/libexec/xdg-desktop-portal
1⤵
PID:1684

/usr/libexec/xdg-document-portal
/usr/libexec/xdg-document-portal
1⤵
- Reads runtime system information
PID:1689

/usr/libexec/xdg-permission-store
/usr/libexec/xdg-permission-store
1⤵
- Reads runtime system information
PID:1693

/usr/libexec/xdg-desktop-portal-gtk
/usr/libexec/xdg-desktop-portal-gtk
1⤵
PID:1704

/usr/lib/gvfs/gvfsd
/usr/lib/gvfs/gvfsd
1⤵
- Reads runtime system information
PID:1708

/usr/lib/gvfs/gvfsd-fuse
/usr/lib/gvfs/gvfsd-fuse /root/.gvfs -f -o big_writes
1⤵
- Reads runtime system information
PID:1713

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 21807 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser "{cb6b9143-6f0e-433a-afd4-00cb6e143d35}" 1626 true tab
1⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1738

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 21475 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser "{9ce60180-14ab-4073-b445-7c60f3cfd593}" 1626 true tab
1⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1760

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 21824 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser "{d47c146f-eab0-4398-bd39-7d6b8076136f}" 1626 true tab
1⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1787

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -childID 4 -isForBrowser -prefsLen 27881 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser "{0bb3ae68-5d8c-4b8a-9390-904a0f2b4c7a}" 1626 true tab
1⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1804

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Virtualization/Sandbox Evasion

T1497

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

/root/.cache/dconf/user
Filesize
2B

MD5
cf595bf90db7193297195e48ba82104d

SHA1
c8d66731e39b0d3fb47ea2877a6ad8150ee145d7

SHA256
2ecd8a6b7d2845546659ad4cf443533cf921b19dc81fa83934e83821b4dfdcb7

SHA512
083c0151f931208dcb4b0134762c30d1858c6cafa40eaeb4113b69717dc286ac69a890b548b7dfb489cd3b2527903ac45236bb13af8d2c5f2f27807c6d62b6e7

Download Submit
/root/.cache/mozilla/firefox/uss0xg4o.default-release/cache2/entries/3D1E19D09F398691ABF62061591970855193B42F
Filesize
13KB

MD5
518ab98c027e45d99203076e034b5f17

SHA1
d460be7d3c3b148b9d9823fd6b92b4a6e339243f

SHA256
e6f3e08b376cb91d7e90cdbbc5ebc51cc06998de95f9fbd0a12305d72c3a7c6e

SHA512
b301014f120010f16bd6e03362a76e6f7ac6ec7e3cb6d66f4c114ab41cced1d180651d2f490617f664b9630efc2d11ec95a32a0bd826def0659ce2af63fd9c06

Download Submit
/root/.dbus/session-bus/11c67417355f45d397f6be11f62e85a6-0
Filesize
466B

MD5
12abea41c48f6e41a53b4c51a41654fa

SHA1
286876a6d4c34e1e50989a907e18129a8bc814f3

SHA256
73bcf5f6eae4003573231f5dd72e84293331df1b209b83f820b6ac164d74a496

SHA512
4316488683e7a6414f61fa25bd7f85442d262a52cd04ee1896653e32c0f865e0c4f332fd4675561edcbff784c5e665921e3b12467efb2f97f986bea6dc889507

Download Submit
/root/.mozilla/firefox/Crash Reports/InstallTime20230522134052
Filesize
10B

MD5
e49ea8060a644fb6332b62ebe050647e

SHA1
ffc4a032d638ddc53992c19a8a1233872a345626

SHA256
e64fddddeb887521daa1e1e24fd9680252aae055b04c75a6bd55773bc58a5751

SHA512
15578dd6e44956a7329ec59bbfffa7e740dfd814fc84542016eb94be99a2e8c4a83d264a5713250baffa14c4d0fb75a2bcf2bc09801b1268e2c48514bcf532a0

Download Submit
/root/.mozilla/firefox/installs.ini
Filesize
62B

MD5
ebf66fcda95e8649d964b69b16b32d1d

SHA1
51a8a1b9d44b8844481668e6d8624139d1893e21

SHA256
cc260b6aa8246192716b208928def02586683f4e9782aeccf8921e378333a1bd

SHA512
b857c5d931e4b7354405390a002a79758829eb3cffea70b104d26a28b48977bf408c9fe4f48dc29406663be102216a38828e0742e30750fe8e89b126ce02313f

Download Submit
/root/.mozilla/firefox/profiles.ini
Filesize
259B

MD5
93747f63b6f16b39ace94efeb36f1459

SHA1
5c00ef321443fd913099f9ff8cfcefaf57695b26

SHA256
e5d54dd4cde7557d7269bc650e31f94455e7db89274c65685c4d3b0cb0a25979

SHA512
5c0d23ac4447ce351241d95822972dcf60bdb27282b5c9354ae2c01ea3e20b48275d7839692ff8219d475ce9cae8d8f95fd8c552480db137dc11536f83ac0507

Download Submit
/root/.mozilla/firefox/uss0xg4o.default-release/cert9.db
Filesize
224KB

MD5
0068dcc97a37f4a16fc502f77d2a467b

SHA1
5f6a14d01729da8203b89f5c3abc6a1b3a2450ca

SHA256
ce33735a71af4bad3df1c46a077903f7fe87eeee25df80264af348fd1d070b03

SHA512
c1fe93e8e1e31c50c407d8a675f7dc9885921566adcd98d54867f2008bb5c4f0835d78a1dfc0abbfaff5262feedc60e398c1308143c9c5ee6bc8540ed2f503f4

Download Submit
/root/.mozilla/firefox/uss0xg4o.default-release/cert9.db
Filesize
224KB

MD5
4fa1a73d4c0eeffb7ed4d524c5eed94b

SHA1
48ce8325163ce0bbf06669fb4440b03d65c7b774

SHA256
b02717ef2afbd89526ba87a8fc244fc14594d449827a738c53797fd04483c51a

SHA512
c29e4c7eefea5b67e2e1151f50fa2d5d310d2bb33926dddff44e896b33e0652b871fdeced364f133a0e1b5637d5fe9b89dbd6c3eac40bb742e8db878734f47f1

Download Submit
/root/.mozilla/firefox/uss0xg4o.default-release/cert9.db
Filesize
224KB

MD5
03657e0a97e163ba59fbd803a79cd4a1

SHA1
365700dad928ce5bbad5d0755b822c7e7f02ef8f

SHA256
9ee118a5c7722cd41d18146c404d1dc778390bf9544d9924b9d316b6a6511054

SHA512
553a05139a1fa5f090198e831de2602f06d87cf3e6bc5f4f93be7cc31b8f78dcd21155913060b420d9803fbc0a95581d7d59f2f074fbb7d9e5e7e58007d9e5cc

Download Submit
/root/.mozilla/firefox/uss0xg4o.default-release/compatibility.ini
Filesize
163B

MD5
fe452b7294d5928a9a5863b89ee0a6bd

SHA1
a5d4c245071fa96476ba48b4725bdae7f1b7940f

SHA256
d5bfb07561606a19aa96557ea109b175050dc0eb805cbef9c813503587d77900

SHA512
dc37d8507f08849e3382d2dbafd4a64555dbd57a288c95131e9aefb366630f1585811a9e1456b861bb9d2b816ed88b18ffb7580cd92b41bb9b0227ce1363843e

Download Submit
/root/.mozilla/firefox/uss0xg4o.default-release/cookies.sqlite
Filesize
96KB

MD5
9535f5fe817accc769c2c1d3354db39f

SHA1
6af62cf08717cf3bfa84eb1a7b311acf522ce560

SHA256
c53c15fcfac2bb57fdc88d23f932fc244dbaf4020f0f6eaecf0f77a37c21f8c5

SHA512
dc9c2c32eb42dda0a7a711e143aea58c603c1e9d885c3677e9fe86f525e1b0b32a46e240756263e56510b07e764ba69f2de13b90ec18210678242e10cfe17837

Download Submit
/root/.mozilla/firefox/uss0xg4o.default-release/cookies.sqlite
Filesize
96KB

MD5
5caa766855d5613a999f71b7812d6451

SHA1
ad0d9a52a0d5cc7f11858301dbe47377ed99ee37

SHA256
3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27

SHA512
17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

Download Submit
/root/.mozilla/firefox/uss0xg4o.default-release/favicons.sqlite
Filesize
224KB

MD5
3c0a1ec298284608bfa51081ea539be3

SHA1
e51b58f6fe89d45fd8a1d935b51da172d5f6f32e

SHA256
34c4fe7ab2d3e44f193b489ebe84c17d67b336546af9ef231897ec09d7ff16f2

SHA512
8550f530377f7a98c46a6989bec2c43ed644274509a5b987e8e0d034bf867b3315dcc75a2c851a5ac43a45b40bf51c789d828a9a69c02157b3e900467341a28f

Download Submit
/root/.mozilla/firefox/uss0xg4o.default-release/key4.db
Filesize
288KB

MD5
580e56727ef35610d1ec0da2661c91ec

SHA1
e4353a7b0852ecf14b1817b4843f0afa52e5ce7b

SHA256
6972cbd8442309514659331813769e0dfdf80edbc2434a8e26ef5fc7bf0c5cb2

SHA512
079ec538cd7b534f48903fc852c6b8e1bebad4cac1f12edbca4211b49f99f02351570ac8ee99fbca73983281d8c266de4fff29342c9faa1e971859a85deb6120

Download Submit
/root/.mozilla/firefox/uss0xg4o.default-release/permissions.sqlite
Filesize
96KB

MD5
232fbc22dd03a8ec41edde02bdbea61c

SHA1
6ab4b39bca95418c52f7f861fd39e5fddb9cc7b6

SHA256
d88bf367aaf79efbb2e8fbdb1dc5bde1c1c3a53e0f4d8188027a63ec55d5f5f0

SHA512
055f1595f4a327347671db53cec8d89a310109d3f871c567e3d5b654b956fc0369d12437f7dc6d9327b973008f1327ee0dfdb5504f1b3cbe00da29941b1e5892

Download Submit
/root/.mozilla/firefox/uss0xg4o.default-release/places.sqlite
Filesize
1.3MB

MD5
adeddce0845a5fa4acb081542f287f35

SHA1
ecfdc237331a941329ebfebbd85859d9ecf9e62b

SHA256
8c50022dc1524cc59d1a3685f512db8ecdb10f7c45a1c5ce5c1a821925c23e55

SHA512
b92e0f4afb1a517fafc081c1ede76a4b93806a7057075d4a5628941832e094b714e95f2c0e4ddd19b081c235cbe87bfebc3dc187fd720d988f5893695e0bdb73

Download Submit
/root/.mozilla/firefox/uss0xg4o.default-release/prefs-1.js
Filesize
2KB

MD5
2acccbb4d1cd044a362f84ac68d373f5

SHA1
213e235eb8e429be290c73e57326bcb404dab7cf

SHA256
2665c0e59aebc2f97fc86f2d7a252c33bf20cee6a0bff4a8f95d56c8aaaa1e76

SHA512
a9fda4cf557605992fb6f1efa5c1f3df5fc61eb2792919b17ffbc8963e870a9f3c03983121e14a1704ad5b1c0a6c475bb3ce6e66b92a99f098f63190e7d3108f

Download Submit
/root/.mozilla/firefox/uss0xg4o.default-release/prefs-1.js
Filesize
3KB

MD5
6f3b1da96f6c4435c04f3e1eb9e52e7d

SHA1
be82bac4c1aed5e5fd9b0402147e8ce9d520fa28

SHA256
6785a8c9626a154373118b055f2a8f92a5f16ffa5088eacae85b5e5525d29ead

SHA512
53da8b4ea9168cf515f7d2ccab4d1153f22acf5b5d9cb7e898525b61fb6a11666fbf83fd5e27284b361d23af4543595cfbede2fa57f02f195700e8ce6a6955f3

Download Submit
/root/.mozilla/firefox/uss0xg4o.default-release/prefs-1.js
Filesize
4KB

MD5
e4ec31262bf0029254eeef783b490b1e

SHA1
2b916fa7c26a43dc3daf16fcfe40be3efbeed8cd

SHA256
76aed8cefab5950f1f4c96c980baa6711e37b19382737078f6ba45e28048452e

SHA512
3c47b32854369d1050498c6df34978771edd6f78e1452646f657121b764d0f844036baf4a4f5956040947151a0c556aed0a0172e9cbdd7bdc0efc9fe5915190b

Download Submit
/root/.mozilla/firefox/uss0xg4o.default-release/prefs-1.js
Filesize
4KB

MD5
b1e85669b050736f7fff9819ed3cf31e

SHA1
abff804743e1a72c4991614cc6c3fcd6566d2105

SHA256
ad898e787a3c1df7538d1076bcf99768ed01feb1cd144d48840541d5139159c4

SHA512
bff0b47d1e55eb1e0727a0f0f344c1a0ee2871c259651071ae0617f19ad41e075407956dddb1e7be7ac57d73a55469b96de1a38d665273771029612ab97ed145

Download Submit
/root/.mozilla/firefox/uss0xg4o.default-release/prefs.js
Filesize
1KB

MD5
7ef2dd2979064f8a1e8344383c914824

SHA1
4057270135a2943db653449cda8b6bf4a69cda6b

SHA256
da4e1f788c77c4b4f737fab8a247e6b74993b992c04a2664887c5755b43b04a1

SHA512
f5e7da76b6c2a392e6f087eaf93526ac9cd3058142b3f7455ffee9a13e6dd2e2fe65b1ee4b1c762686fc561b830773ca15166d8d183355a1c4711f10f8a3884a

Download Submit
/root/.mozilla/firefox/uss0xg4o.default-release/storage/ls-archive.sqlite
Filesize
96KB

MD5
e0c613bfd69956a19ce2dc5e925aa223

SHA1
14accb230edcd6cb76967cdc6d4e5686db96b5df

SHA256
0d4cb11f6364c46a75f9eaddfca5c660b90dfd515df3afcd5e0baeca28a0f1ab

SHA512
01643c0131a392be92b3f281d7f633c1f502bff19090b0d716f1ac66aefecc3fcf92f393bef66b03089c9b9c6d8aaeb711b6a4f29d5a6729dd188c838f2272d1

Download Submit
/root/.mozilla/firefox/uss0xg4o.default-release/storage/ls-archive.sqlite
Filesize
128KB

MD5
178d71e5529d637ac62f7e75fdd75896

SHA1
339f2b949cc4c207b66aea11137448ba28d36dcb

SHA256
7b0050f1bfaab85c8f9067ae7d7369056ff752c0c852ef1462a96c22169004d4

SHA512
ec0e0105fcfbbae356dd55efbcf92975f35bbe5cb93fcabf4c08443e871957635d14830b27c4e1ddefbbaff8f9b7ec3590bf417a9442e1d7ee3607d14d56f664

Download Submit
/root/.mozilla/firefox/uss0xg4o.default-release/storage/permanent/chrome/.metadata-v2-tmp
Filesize
42B

MD5
d15b6c1cc376c4318552c5d688de04b3

SHA1
aa068a6d8789a1710b024e67903e9db3ca897aad

SHA256
bc857ce32270e8c90d9c93368ceed3d5c0ac04ab34839508640c1231ea32ab05

SHA512
8791f377e5f6098e175c1b97f5b3106c9a9d1a6c03ebeb88f79be82f22069643f01886a1327d46707e9e41af36ee8d4b5f934a4eb89bec1cb5239600a78a8a0c

Download Submit
/root/.mozilla/firefox/uss0xg4o.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite
Filesize
44KB

MD5
a8dd7ebaad5528b23f82ccb1534cea18

SHA1
600daceacfb5cf9df0b66ba7dce4516b2ac4df70

SHA256
e5b0d02c18ae36c4a220f41fd97c66060c17aaafcbb324a57ccdc2707c44c4ec

SHA512
67f867a8e2b37fb6bececd5ebc570ca594ea329142badd63d1281d5e735f515a5e329abc6eb9a9d3465aab0a08541b4888018d859964f160a52345ab93532bff

Download Submit
/root/.mozilla/firefox/uss0xg4o.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite
Filesize
12KB

MD5
ec87b85227b5cf70fa63f18dfb25dac6

SHA1
eaa35aa2b369260bde94309cec99b2c9264409f3

SHA256
03bbc9d494f3346ec41ec1703cfe6017ff88c241122cba8400828f303e1b7331

SHA512
72accf8eea382584d9976e9c5942869555ea60d23ecbb80b49ffc891777f7fa7369caa7ec7a27d1a1235da5de7c8d1e1a5f64177964913ce98d289ae44caf948

Download Submit
/root/.mozilla/firefox/uss0xg4o.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite
Filesize
44KB

MD5
7352c8848e88edc39b7fb5e663888187

SHA1
8c3dffe25cc56c7aec1b782292d6fceed81e6304

SHA256
7a462086a26978809c719e57a7ea6a25568767fb7532014e8531fda94b660e0a

SHA512
f2a0dbbab5c2c1702b03bce15a47739481f523e127d1372b40534db9a20b2bc99fb53710ee0e5d44176188817cac704cf4f98cdf087e7e89d244281fcfc3b280

Download Submit
/root/.mozilla/firefox/uss0xg4o.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite
Filesize
12KB

MD5
2ee34b802d5edc1bfeb4559ac980d070

SHA1
a711f42e6b743726d46b287039d3507c4c1a0b96

SHA256
21187a947a1098dc53942ae8e5c3413f702759bdf3f9e1f58df2683cdef8e364

SHA512
dc8c0739099436ea0be1331bd5fd905862cc53ee7ba345524200a57c15c6b4031e2d7451ce89a46c7ed71908e8b19093775b59dcfb0eaf53c519aaeec6d4d89e

Download Submit
/root/.mozilla/firefox/uss0xg4o.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite
Filesize
44KB

MD5
759544297aaa61f5fef8ee42d0ae4393

SHA1
fc2d66f6e60409e3e8d38623ce5f817fc7f571e0

SHA256
1bd2000cd972e80cefaec6e982ba261d224a818f367de0fdf8c51fa5a05d7ab5

SHA512
8aaa2ce66f10d46f7c9200af841ac7bd9f5b55c30308a14f0deda44ac62581c45daae45154487c0073a0d5847d5926cbb4072ca64a702ac6b834ad0bb482804f

Download Submit
/root/.mozilla/firefox/uss0xg4o.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite
Filesize
12KB

MD5
a088117a1d00d90de503c6ca4e441626

SHA1
830e3de155820ab14bd77cdd764e3f6da9c480d5

SHA256
69d4c6e784a337926bf4fa8cad78642bb9854d2e30d27ec700596fc9f6575531

SHA512
997e39e9be56834b190d3901fbef278e42de5d4d00ffe4b3cdbac5d1d051e54122d63a073955830f6b70a9f8ace8a433d63cdaac55c2d41860125d1c7470c865

Download Submit
/root/.mozilla/firefox/uss0xg4o.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite
Filesize
16KB

MD5
55df90263ec1e7cd2ba1cb066bab66b0

SHA1
33e60d9912a9ed77f499baab7f0db3e1a0e45b33

SHA256
bbc7762f1b8815297680537b9035f8c724b6a5c0afbb8369de74c1147303b695

SHA512
c1f7da1de867ec27f5fefb53bd4689851653600898a8b78cd67efae73b02e61e58162c0ac80b8acf86cd48cd2b8a0fa7817550bed91cd1fa657473e7eea714f6

Download Submit
/root/.mozilla/firefox/uss0xg4o.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
Filesize
44KB

MD5
07a412e08825220262ad2890757ff779

SHA1
f46c127dbc070ded87a6078b3c1c761955f96de8

SHA256
da640f8b665841b520d2262a21cc3f82aeaa881cf81a1ddae27ef501d66544e4

SHA512
0134c783bf3293848e479b478ac57a1e0f4202cddfb8b57bc6275aada7345f398cf8a627e9b1c34fd618192c2f0c9737b1da487daf33f9c557ebc1377105582b

Download Submit
/root/.mozilla/firefox/uss0xg4o.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
Filesize
12KB

MD5
17d132a021b65a66866221ba67ac3567

SHA1
90435cd2be3bafd0453c5bff15cc8c1b386b151a

SHA256
d6a9ac270c460c7e9501e1ff6845988d31c921841e47a0cf9b92b3ef1dbfc172

SHA512
73d781a4008ab7ceff4e141ad79c3eb0f9b2b91e27ce26c2f665ce64d75b8c94336b6ae578a422c3a327469aea85f449652a5c7ae4e831ff890e7894ca5b8175

Download Submit
/root/.mozilla/firefox/uss0xg4o.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
Filesize
164KB

MD5
27f68a99277071be2a06e58cc9d3d858

SHA1
1f8a291c946d65b597410e30df0c1cea90d2820b

SHA256
93e32d65174b3cc15a2f47519f98c15f8516ffbbed92e03a9c1c16d2f0d1e254

SHA512
c8a46447a0d8e1faf312ace8277b273d07b9d7a3e38ce9447f1046e683ccd793625bae72f5a1bba9a46bc25ac68fc0e790dc04b71c570800549e2de90f1faff9

Download Submit
/root/.mozilla/firefox/uss0xg4o.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
Filesize
148KB

MD5
dd3f6ba37c670af5953593535e435d04

SHA1
ecfe4e650a050bce77e8ff7468de04c1b8acc9a4

SHA256
5cc6fa137a1f3a7d0b615b178877f12c460b22f95702eb7534d5732ee6599561

SHA512
86e0482543faae6fb279ca71e1e6d6461d32317e74baebb3973e0fde9800107faeb9c2347be6cf8a47556ae43c8e6c224a595e952f621e40ad2c5eba920df2b3

Download Submit
/root/.mozilla/firefox/uss0xg4o.default-release/times.json
Filesize
50B

MD5
a53da6ad4faf45ad2309abf93e275221

SHA1
8043d7bd9d60f2f68ab09b0628b6749e6569413b

SHA256
3c04d472f225b7ab34764b05de02006c7104af02ea95c810cbab56dc94e28b96

SHA512
09beb8c8f714a2dfcede6d7079b00d0d6d02d78b91832e04b07b9e3345c78306f1a7bc4147458fbe9092e648ab150803fc8251d5eb0c9dcaa3260fd9d80cee37

Download Submit
/root/.mozilla/firefox/uss0xg4o.default-release/times.json
Filesize
47B

MD5
54a1534bec1a73b4e5c89aa38e846ba1

SHA1
5f4992fe09d7632818932f557f094ee7dd29767b

SHA256
d2f8177ed10d6693faa62ae1bf951e2de0e9f8077d14179973e67dedeb24aa31

SHA512
b350d6486227134acbdefcd563d8c070f81af05c5e3f32afb33c91be2a2954a4ae1ba4a8f52d7a17a604b0c4fb3e092d538662dd4facb35dc0a96e7ee7851837

Download Submit