hxxp://google[.]com

Resubmissions

28-03-2024 08:07

240328-j1b18sga6x 7

28-03-2024 08:07

240328-jz6t8adf74 1

28-03-2024 08:07

240328-jz1cfaga5y 7

28-03-2024 08:04

240328-jysk7sdf56 7

Analysis

max time kernel
83s
max time network
83s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20240226-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20240226-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
28-03-2024 08:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

7^/10

antivm spyware stealer

Malware Config

Signatures

Changes its process name 64 IoCs

Processes:

firefox

description	ioc	pid
Changes the process name, possibly in an attempt to hide itself	IPC I/O Parent	1558
Changes the process name, possibly in an attempt to hide itself	IPC I/O Parent	1558
Changes the process name, possibly in an attempt to hide itself	IPC I/O Parent	1558
Changes the process name, possibly in an attempt to hide itself	glean.dispatche	1557
Changes the process name, possibly in an attempt to hide itself	Backgro~Pool #1	1563
Changes the process name, possibly in an attempt to hide itself	Backgro~Pool #1	1563
Changes the process name, possibly in an attempt to hide itself	IPDL Background	1562
Changes the process name, possibly in an attempt to hide itself	IPDL Background	1562
Changes the process name, possibly in an attempt to hide itself	Socket Thread	1561
Changes the process name, possibly in an attempt to hide itself	Socket Thread	1561
Changes the process name, possibly in an attempt to hide itself	HTML5 Parser	1564
Changes the process name, possibly in an attempt to hide itself	HTML5 Parser	1564
Changes the process name, possibly in an attempt to hide itself	Netlink Monitor	1560
Changes the process name, possibly in an attempt to hide itself	Netlink Monitor	1560
Changes the process name, possibly in an attempt to hide itself	Timer	1559
Changes the process name, possibly in an attempt to hide itself	Timer	1559
Changes the process name, possibly in an attempt to hide itself	JS Watchdog	1566
Changes the process name, possibly in an attempt to hide itself	JS Watchdog	1566
Changes the process name, possibly in an attempt to hide itself	BGReadURLs	1568
Changes the process name, possibly in an attempt to hide itself	BGReadURLs	1568
Changes the process name, possibly in an attempt to hide itself	Cache2 I/O	1569
Changes the process name, possibly in an attempt to hide itself	Cookie	1570
Changes the process name, possibly in an attempt to hide itself	Cookie	1570
Changes the process name, possibly in an attempt to hide itself	StreamTrans #1	1571
Changes the process name, possibly in an attempt to hide itself	StreamTrans #1	1571
Changes the process name, possibly in an attempt to hide itself	TaskCon~ller #1	1573
Changes the process name, possibly in an attempt to hide itself	TaskCon~ller #0	1572
Changes the process name, possibly in an attempt to hide itself	BgIOThr~Pool #1	1574
Changes the process name, possibly in an attempt to hide itself	BgIOThr~Pool #1	1574
Changes the process name, possibly in an attempt to hide itself	QuotaManager IO	1575
Changes the process name, possibly in an attempt to hide itself	QuotaManager IO	1575
Changes the process name, possibly in an attempt to hide itself	IndexedDB #1	1576
Changes the process name, possibly in an attempt to hide itself	IndexedDB #1	1576
Changes the process name, possibly in an attempt to hide itself	IPC Launch	1579
Changes the process name, possibly in an attempt to hide itself	IPC Launch	1579
Changes the process name, possibly in an attempt to hide itself	SandboxReporter	1578
Changes the process name, possibly in an attempt to hide itself	SandboxReporter	1578
Changes the process name, possibly in an attempt to hide itself	Breakpad Server	1577
Changes the process name, possibly in an attempt to hide itself	Sandbox Forked	1580
Changes the process name, possibly in an attempt to hide itself	DOM Worker	1581
Changes the process name, possibly in an attempt to hide itself	DOM Worker	1581
Changes the process name, possibly in an attempt to hide itself	Chroot Helper	1582
Changes the process name, possibly in an attempt to hide itself	StreamTrans #5	1587
Changes the process name, possibly in an attempt to hide itself	StreamTrans #5	1587
Changes the process name, possibly in an attempt to hide itself	StreamTrans #4	1586
Changes the process name, possibly in an attempt to hide itself	StreamTrans #4	1586
Changes the process name, possibly in an attempt to hide itself	StreamTrans #3	1585
Changes the process name, possibly in an attempt to hide itself	StreamTrans #3	1585
Changes the process name, possibly in an attempt to hide itself	StreamTrans #2	1584
Changes the process name, possibly in an attempt to hide itself	StreamTrans #2	1584
Changes the process name, possibly in an attempt to hide itself	MainThread	1580	firefox
Changes the process name, possibly in an attempt to hide itself	IPC I/O Child	1588
Changes the process name, possibly in an attempt to hide itself	IPC I/O Child	1588
Changes the process name, possibly in an attempt to hide itself	IPC I/O Child	1588
Changes the process name, possibly in an attempt to hide itself	FSBroker1580	1589
Changes the process name, possibly in an attempt to hide itself	FSBroker1580	1589
Changes the process name, possibly in an attempt to hide itself	Socket Process	1580	firefox
Changes the process name, possibly in an attempt to hide itself	Backgro~Pool #1	1590
Changes the process name, possibly in an attempt to hide itself	Backgro~Pool #1	1590
Changes the process name, possibly in an attempt to hide itself	Socket Thread	1591
Changes the process name, possibly in an attempt to hide itself	Socket Thread	1591
Changes the process name, possibly in an attempt to hide itself	Timer	1593
Changes the process name, possibly in an attempt to hide itself	Timer	1593
Changes the process name, possibly in an attempt to hide itself	ProfilerChild	1592

Reads user data of web browsers 64 IoCs

Reads stored browser data which can include saved credentials.

spyware stealer

Processes:

firefox

description	ioc
File opened for reading	/root/.mozilla/firefox/z39olcrf.default-release/permissions.sqlite
File opened for reading	/root/.mozilla/firefox/z39olcrf.default-release/signedInUser.json
File opened for reading	/root/.mozilla/firefox/z39olcrf.default-release/ExperimentStoreData.json
File opened for reading	/root/.mozilla/firefox/z39olcrf.default-release/places.sqlite-journal	firefox
File opened for reading	/root/.mozilla/firefox/z39olcrf.default-release/favicons.sqlite-wal	firefox
File opened for reading	/root/.mozilla/firefox/z39olcrf.default-release/cert9.db-journal
File opened for reading	/root/.mozilla/firefox/z39olcrf.default-release/AlternateServices.txt
File opened for reading	/root/.mozilla/firefox/z39olcrf.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-journal
File opened for reading	/root/.mozilla/firefox/z39olcrf.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite-journal
File opened for reading	/root/.mozilla/firefox/z39olcrf.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite-wal
File opened for reading	/root/.mozilla/firefox/z39olcrf.default-release/sessionstore-backups/previous.jsonlz4
File opened for reading	/root/.mozilla/firefox/z39olcrf.default-release/sessionstore-backups/previous.js
File opened for reading	/root/.mozilla/firefox/z39olcrf.default-release/places.sqlite
File opened for reading	/root/.mozilla/firefox/z39olcrf.default-release/addonStartup.json.lz4	firefox
File opened for reading	/root/.mozilla/firefox/z39olcrf.default-release/storage/ls-archive.sqlite
File opened for reading	/root/.mozilla/firefox/z39olcrf.default-release/storage
File opened for reading	/root/.mozilla/firefox/z39olcrf.default-release/times.json
File opened for reading	/root/.mozilla/firefox/z39olcrf.default-release/xulstore.json	firefox
File opened for reading	/root/.mozilla/firefox/z39olcrf.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite
File opened for reading	/root/.mozilla/firefox/z39olcrf.default-release/cookies.sqlite
File opened for reading	/root/.mozilla/firefox/z39olcrf.default-release/storage/ls-archive.sqlite-journal
File opened for reading	/root/.mozilla/firefox/z39olcrf.default-release/storage/permanent/chrome/idb
File opened for reading	/root/.mozilla/firefox/z39olcrf.default-release/sessionstore-backups/recovery.js
File opened for reading	/root/.mozilla/firefox/z39olcrf.default-release/favicons.sqlite	firefox
File opened for reading	/root/.mozilla/firefox/z39olcrf.default-release/datareporting/glean/pending_pings
File opened for reading	/root/.mozilla/firefox/z39olcrf.default-release/system-extensions	firefox
File opened for reading	/root/.mozilla/firefox/z39olcrf.default-release/cookies.sqlite-journal	firefox
File opened for reading	/root/.mozilla/firefox/z39olcrf.default-release/handlers.json	firefox
File opened for reading	/root/.mozilla/firefox/z39olcrf.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite
File opened for reading	/root/.mozilla/firefox/z39olcrf.default-release/storage.sqlite
File opened for reading	/root/.mozilla/firefox/z39olcrf.default-release/search.json.mozlz4
File opened for reading	/root/.mozilla/firefox/z39olcrf.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite-wal
File opened for reading	/root/.mozilla/firefox/z39olcrf.default-release/sessionstore-backups/recovery.bak
File opened for reading	/root/.mozilla/firefox/z39olcrf.default-release/datareporting/glean/pending_pings/a74f7260-50bb-4815-9f1d-d3135fe56603
File opened for reading	/root/.mozilla/firefox/z39olcrf.default-release/prefs.js	firefox
File opened for reading	/root/.mozilla/firefox/z39olcrf.default-release/extensions.json
File opened for reading	/root/.mozilla/firefox/z39olcrf.default-release/storage.sqlite-journal
File opened for reading	/root/.mozilla/firefox/z39olcrf.default-release/storage/permanent/chrome
File opened for reading	/root/.mozilla/firefox/z39olcrf.default-release/datareporting/glean/pending_pings/041e2d49-374d-4e74-b4f8-cf8d3313046b
File opened for reading	/root/.mozilla/firefox/z39olcrf.default-release/sessionstore-backups/recovery.jsonlz4
File opened for reading	/root/.mozilla/firefox/z39olcrf.default-release/SiteSecurityServiceState.txt
File opened for reading	/root/.mozilla/firefox/z39olcrf.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-wal
File opened for reading	/root/.mozilla/firefox/z39olcrf.default-release/places.sqlite	firefox
File opened for reading	/root/.mozilla/firefox/z39olcrf.default-release/thumbnails
File opened for reading	/root/.mozilla/firefox/z39olcrf.default-release/bookmarkbackups
File opened for reading	/root/.mozilla/firefox/z39olcrf.default-release/user.js	firefox
File opened for reading	/root/.mozilla/firefox/z39olcrf.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite-journal
File opened for reading	/root/.mozilla/firefox/z39olcrf.default-release/sessionstore.js
File opened for reading	/root/.mozilla/firefox/z39olcrf.default-release/extension-settings.json
File opened for reading	/root/.mozilla/firefox/z39olcrf.default-release/key4.db
File opened for reading	/root/.mozilla/firefox/z39olcrf.default-release/compatibility.ini	firefox
File opened for reading	/root/.mozilla/firefox/z39olcrf.default-release/cert_override.txt	firefox
File opened for reading	/root/.mozilla/firefox/z39olcrf.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite
File opened for reading	/root/.mozilla/firefox/z39olcrf.default-release/places.sqlite-wal	firefox
File opened for reading	/root/.mozilla/firefox/z39olcrf.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite-wal
File opened for reading	/root/.mozilla/firefox/z39olcrf.default-release/favicons.sqlite-journal	firefox
File opened for reading	/root/.mozilla/firefox/z39olcrf.default-release/favicons.sqlite
File opened for reading	/root/.mozilla/firefox/z39olcrf.default-release/extensions	firefox
File opened for reading	/root/.mozilla/firefox/z39olcrf.default-release/extension-preferences.json
File opened for reading	/root/.mozilla/firefox/z39olcrf.default-release/sessionstore.jsonlz4
File opened for reading	/root/.mozilla/firefox/z39olcrf.default-release/key4.db	firefox
File opened for reading	/root/.mozilla/firefox/z39olcrf.default-release
File opened for reading	/root/.mozilla/firefox/z39olcrf.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
File opened for reading	/root/.mozilla/firefox/z39olcrf.default-release/key4.db-journal	firefox

Checks CPU configuration 1 TTPs 1 IoCs
Checks CPU information which indicate if the system is a virtual machine.
antivm

Virtualization/Sandbox Evasion
T1497

Processes:

description ioc

File opened for reading /proc/cpuinfo

description	ioc
File opened for reading	/proc/cpuinfo

Reads CPU attributes 1 TTPs 14 IoCs

System Information Discovery

T1082

Processes:

firefoxfirefoxfirefoxfirefoxfirefoxfirefoxfirefoxfirefoxfirefox

description	ioc
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index3/size
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/present
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index2/size
File opened for reading	/sys/devices/system/cpu/present	firefox

Enumerates kernel/hardware configuration 1 TTPs 63 IoCs

Reads contents of /sys virtual filesystem to enumerate system information.

System Information Discovery

T1082

Processes:

dbus-daemonfirefoxfirefoxfirefoxfirefoxfirefoxfirefoxfirefoxfirefoxfirefox

description	ioc
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/vendor
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/class
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/irq
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/device
File opened for reading	/sys/kernel/security/apparmor/features/dbus/mask	dbus-daemon
File opened for reading	/sys/devices/system/cpu
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/irq
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/vendor
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/class
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/resource
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/device
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/irq
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/vendor
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/device
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/uevent
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/vendor
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/vendor
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/class
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/irq
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/class
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/subsystem_device
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/device
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/resource
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/resource
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/resource
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/class
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/device
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/irq
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/irq
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/resource
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/class
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/irq
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/vendor
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/device
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/device
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/resource
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/irq
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/resource
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/class
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/bus/pci/devices
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/vendor
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/vendor
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/vendor
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/subsystem_vendor
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/resource
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/class
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/class
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/resource
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/device
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/device
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/irq
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/vendor
File opened for reading	/sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/device

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

Processes:

firefoxfirefoxfirefoxfirefoxfirefoxfirefoxxdg-desktop-portalxdg-permission-storefirefoxxdg-document-portalfirefoxfirefoxdbus-daemon

description	ioc	process
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/self/task/1774/stat
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/self/fd/111	firefox
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/1764/statm
File opened for reading	/proc/self/fd/47	firefox
File opened for reading	/proc/filesystems	xdg-desktop-portal
File opened for reading	/proc/self/fd/6	firefox
File opened for reading	/proc/filesystems	xdg-permission-store
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/self/fd/43	firefox
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/filesystems	xdg-document-portal
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/self/mountinfo
File opened for reading	/proc/1623/cmdline
File opened for reading	/proc/self/fd/35	firefox
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/sys/kernel/cap_last_cap
File opened for reading	/proc/1544/cmdline
File opened for reading	/proc/1761/statm
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/1723/statm
File opened for reading	/proc/self/task/1765/stat
File opened for reading	/proc/1764/smaps
File opened for reading	/proc/1769/smaps
File opened for reading	/proc/self/fd/40	firefox
File opened for reading	/proc/1599/cmdline
File opened for reading	/proc/1628/cmdline
File opened for reading	/proc/self/fd/105	firefox
File opened for reading	/proc/self/fd/37	firefox
File opened for reading	/proc/self/fd/49	firefox
File opened for reading	/proc/self/fd/75	firefox
File opened for reading	/proc/1706/statm
File opened for reading	/proc/self/fd/120	firefox
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/self/fd/44	firefox
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/self/fd/41	firefox
File opened for reading	/proc/self/task/1727/stat
File opened for reading	/proc/self/fd/45	firefox
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/self/task/1546/stat
File opened for reading	/proc/self/fd/48	firefox
File opened for reading	/proc/self/task/1583/stat
File opened for reading	/proc/self/mountinfo	firefox
File opened for reading	/proc/self/fd/36	firefox
File opened for reading	/proc/self/fd/46	firefox
File opened for reading	/proc/1604/cmdline
File opened for reading	/proc/self/task/1684/stat
File opened for reading	/proc/self/stat
File opened for reading	/proc/mounts	dbus-daemon
File opened for reading	/proc/1556/attr/current
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/1706/smaps
File opened for reading	/proc/self/task/1661/stat
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/1761/smaps
File opened for reading	/proc/1769/statm
File opened for reading	/proc/1556/status

Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.

Processes:

firefox

description ioc process

File opened for modification /tmp/firefox/.parentlock firefox

description	ioc	process
File opened for modification	/tmp/firefox/.parentlock	firefox

/usr/bin/firefox
firefox -new-tab http://google.com
1⤵
PID:1544

/usr/bin/which
which /usr/bin/firefox
2⤵
PID:1545

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -new-tab http://google.com
1⤵
- Reads user data of web browsers
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
- Writes file to tmp directory
PID:1544

/usr/bin/dbus-launch
dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr
2⤵
PID:1552

/usr/local/sbin/dbus-launch
dbus-launch "--autolaunch=11c67417355f45d397f6be11f62e85a6" --binary-syntax --close-stderr
2⤵
PID:1596

/usr/local/bin/dbus-launch
dbus-launch "--autolaunch=11c67417355f45d397f6be11f62e85a6" --binary-syntax --close-stderr
2⤵
PID:1596

/usr/sbin/dbus-launch
dbus-launch "--autolaunch=11c67417355f45d397f6be11f62e85a6" --binary-syntax --close-stderr
2⤵
PID:1596

/usr/bin/dbus-launch
dbus-launch "--autolaunch=11c67417355f45d397f6be11f62e85a6" --binary-syntax --close-stderr
2⤵
PID:1596

/usr/bin/dbus-daemon
/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session
1⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1554

/usr/bin/lsb_release
/usr/bin/lsb_release -idrc
1⤵
PID:1567

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -parentBuildID 20230522134052 -prefsLen 19257 -prefMapSize 230809 -appDir /usr/lib/firefox/browser "{0810c354-750c-4453-85ac-5d71dbb2e0f4}" 1544 true socket
1⤵
- Changes its process name
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1580

/usr/libexec/xdg-desktop-portal
/usr/libexec/xdg-desktop-portal
1⤵
- Reads runtime system information
PID:1599

/usr/libexec/xdg-document-portal
/usr/libexec/xdg-document-portal
1⤵
- Reads runtime system information
PID:1604

/usr/libexec/xdg-permission-store
/usr/libexec/xdg-permission-store
1⤵
- Reads runtime system information
PID:1608

/usr/libexec/xdg-desktop-portal-gtk
/usr/libexec/xdg-desktop-portal-gtk
1⤵
PID:1619

/usr/lib/gvfs/gvfsd
/usr/lib/gvfs/gvfsd
1⤵
PID:1623

/usr/lib/gvfs/gvfsd-fuse
/usr/lib/gvfs/gvfsd-fuse /root/.gvfs -f -o big_writes
1⤵
PID:1628

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 21750 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser "{c1679fb3-19b5-45df-a5a2-4cb16b9a1ef8}" 1544 true tab
1⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1655

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 21418 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser "{a10125f6-65f4-4662-a551-29b704bfc164}" 1544 true tab
1⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1677

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 21767 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser "{0dfc4f5a-1c5b-4df4-b4d5-64c8a63b24ae}" 1544 true tab
1⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1706

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -childID 4 -isForBrowser -prefsLen 27824 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser "{19f4a4a8-c30f-4390-9e6a-c03cf10cf95c}" 1544 true tab
1⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1723

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -childID 5 -isForBrowser -prefsLen 27066 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser "{6878e5ee-8922-4310-8da4-55af8669905c}" 1544 true tab
1⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1761

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -childID 6 -isForBrowser -prefsLen 27066 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser "{8004d9b7-2733-42b8-a724-6d2bac54b263}" 1544 true tab
1⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1764

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -childID 7 -isForBrowser -prefsLen 27066 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser "{f7ede457-8dff-415e-a55e-2df0e139c28a}" 1544 true tab
1⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1769

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Virtualization/Sandbox Evasion

T1497

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

/root/.cache/dconf/user
Filesize
2B

MD5
885bf69dc0168f3624435346d7bf4836

SHA1
167d40b282fa3ab3a759bebaa971561c07cf03f4

SHA256
319d204b93d0584bd3aa878e2e07d51b06fe3e1d4396fc3293e318677d335524

SHA512
a502afbcd9a91923f6803c8ec1e299d80789ff1afad9288bc47f3b599030c2f642409b6b7869e05057b7916e028594260b0e27afff88b39c7d3550038d6fbfda

Download Submit
/root/.cache/mozilla/firefox/z39olcrf.default-release/cache2/entries/039090029E64BC91E87E77199A6A6BE11FC39B6F
Filesize
142B

MD5
fe19aa95359e8e6033d677e82498eb90

SHA1
1b3e807ef21db4e753489e63bbf959e54f69f805

SHA256
20d93a20ca5d1314f322556c8d83988345f2c4b1becf83d0b12712f4ae1f3e89

SHA512
da52ee53bc79d8e4f0291640e872c024a26f6f8a0df19304d2f31abb112b08b4945e059a7322bed6c7392e28b69689d9c269f8081a48724ad78fa5b86757f4a8

Download Submit
/root/.cache/mozilla/firefox/z39olcrf.default-release/cache2/entries/0EDDF8C091E2FED62E44BEDDDC1723F5BF38FE4F
Filesize
102B

MD5
43df67c76befbc7595c346208eba2abe

SHA1
4a228c526ad5d849801b0f3fbb924adf54663a44

SHA256
3450e2f4be809df829003c1a31ef3f66bdb7395f25a002b6c5f11abcd86c140c

SHA512
c77bd08c4e2fb4a6059ca33cebf16d0a8d720c7caf458843952a2b4ab8eff487d176bd5756818afe364a7d1f0244a14be4fec5af92d30dd05d8da0ab552d65e8

Download Submit
/root/.cache/mozilla/firefox/z39olcrf.default-release/cache2/entries/3D1E19D09F398691ABF62061591970855193B42F
Filesize
193B

MD5
2e3f7f7c18b6891c79f25eafb7bd264e

SHA1
a3e657bf3ce9803f388fff3f82af4be2a99e092f

SHA256
b565a563820b4c20ebad6c2d46e14eec3550aabe9bab7ffcbcb84880a578b396

SHA512
4d14cc6100018711542a93feffcfe4c7209aceb27f1b86752deeb0962a2be2ba14718298d7fcb4dc841151a22bd3bb3142ef3feb4f80b395eedb9efb23673841

Download Submit
/root/.cache/mozilla/firefox/z39olcrf.default-release/cache2/entries/6D89348819C8881868053197CA0754F36784BF5F
Filesize
89B

MD5
b2ecf725ae2f6eb0f9e83b0fc73e5b32

SHA1
2626defb23c59364fcd68364fcd0a670acd0f1ac

SHA256
defca3b862f99900e96a43f9e2cdf8ffa335225696df55c6ee2ac4acceb9b3ca

SHA512
591e942f6e444659bb3da4f8e37df116575d6447e98b16851276a37fabd73bb8b502da4631fbfa336760d8516cff7c6b6c75e06f36d36c65e28bea8c393f99e9

Download Submit
/root/.cache/mozilla/firefox/z39olcrf.default-release/cache2/entries/943D6C012DD6BDEEB462F1BD8B884949C63E3DE4
Filesize
165B

MD5
227569da0bd4c7291897a129c3cb656d

SHA1
1e885edb89395f9362cddd634df4ab64d8138286

SHA256
cf408e340296f8e8574aed9f043a80b3366ccb08a06fddeeba29a9516b63cc0b

SHA512
b1b4faf9c33c7c15febc45baa80d3dbfbd96b573298f2930cf35afdad6d6add555c394ddd4443fd495ab3fc4fd48aeed30e227d3d9265a4d36864dce34f1d866

Download Submit
/root/.cache/mozilla/firefox/z39olcrf.default-release/cache2/entries/A59CD5522356C9141BA2A8B4056E63097ED8529A
Filesize
118B

MD5
15ff378c61330402a748de68b1afe2dd

SHA1
17022a1f26ac7e06b0c26441293ee8ce931860a8

SHA256
c4dae86b52a2bf01d777b89b2121d4546201ec9a805236a2490eb089657f6929

SHA512
eef31161ba42cd2a46d6ab02f80874f921b53f921b79f119ea1d85555ccb390f21efb234977707265fe9c4996276b8d45126069a90ef90decd7aa942447619be

Download Submit
/root/.cache/mozilla/firefox/z39olcrf.default-release/cache2/entries/B41C7329F660E92624C61816BED9D62A49D8FB2B
Filesize
96B

MD5
aa9053c4b472292d50fb2ea416a7dc6d

SHA1
40716c06105332796bc7c98b4db4d1003bf0d5ce

SHA256
954bd248fb4076aa6c410ab28a6035f460295f5bfbe790d72ab7ac93e9c03f71

SHA512
f7461f303a282d3976e0614f60937097c46a331da827e9ed23394507120dff03fd2fde1b5b9b57859c18c5936db8e5be975d2e78b44d2cadd0d3cea1ab3b5df9

Download Submit
/root/.cache/mozilla/firefox/z39olcrf.default-release/cache2/entries/D23F7952044A1A6016B80DED46FC563716A295DF
Filesize
198B

MD5
e71549b02c24d214bb0e8e84d189d520

SHA1
3740a2c03c1b5c4fc1912925ccc43941b9beeec2

SHA256
698ca9ba0bef379afe3a574f4c933827779e109bf1a26afd0178d30a6ebe72c3

SHA512
fc9ecde1473ce0c33a2072f7af0018fb4ca1924460028a8447dc0bd5513c8cd7797438d8588b42266120376d9ac1193c83bc8a948ac9ae884e6157ba5bd47a92

Download Submit
/root/.cache/mozilla/firefox/z39olcrf.default-release/cache2/entries/D6B0ADD0DAEA00708CBB4290B85CCA0E0FA79061
Filesize
186B

MD5
1651488aa633f35dbc55fbeb60645831

SHA1
fce7c614ce9f0d69229ad5dc09c7356fa79f6d1f

SHA256
b4db50088ec672a18249536e0710147971b27afe4953116ad3df405d4281719f

SHA512
6a3710a4278ccba741c6dfd959be1c9c02ad87142ba6b8f980681bc7dee228e6b676aaa6e07b006efcf7afb0d7aa3f2aaa4d727dd9cdaaaf168fb628c21744a8

Download Submit
/root/.cache/mozilla/firefox/z39olcrf.default-release/cache2/entries/EE1AAB872F378C4FA66FBCD193AF217BF20A4E27
Filesize
115B

MD5
a8253f826980991c06a3d1d6af0aef81

SHA1
3c626301b8ef44945b19a3f65ddc53fbaf87204a

SHA256
8bf7121172cfe21ba53443ae5c85a50a4a63b46891575537a1370e10516a38d3

SHA512
da28b8095735dd623803441f7a039e36b1973ac36de58478c4ab281102a790ecbdf046269056302628ba1c63f8875dd4e475e5751a4aa0162fa326ae3836490f

Download Submit
/root/.cache/mozilla/firefox/z39olcrf.default-release/cache2/entries/F6BA3C524FA30685F041AC5A4342422A8EAD97BF
Filesize
163B

MD5
4ad424a3ed485806d424bb63226aabe0

SHA1
82dca8d4efa5a96c85d9f8a6749212e5e53c05fe

SHA256
b483346a4db604a976c541303b950ff95f1edd4c3ce01ae5fbf14a5f92febff4

SHA512
dff030e2168c1a66aec07fe70425439c4449c2b5cf4508dbdd9f837c4ce3bce4382dd9db75a5d768b214f631995b47d9ec76a27c59b945315a569efd3d0f164f

Download Submit
/root/.cache/mozilla/firefox/z39olcrf.default-release/startupCache/scriptCache-child-new.bin
Filesize
1.9MB

MD5
9202c94af1fd59e4b43efea3e8160f3f

SHA1
6dae4b85d53f9a0a3ad7a3cc36379ef78a20a219

SHA256
3b4c72418b16358712bf34983a4cc7b7560f2716b419e94cacc746294812ef6b

SHA512
8a293628a9e83a183554f779a2c38d7c1a5a1bc6887df35f89cf10d4d3581ed94f4c13b3104c481fbd839d30719265a45de5282d6f046c7f13ef684fa62b020c

Download Submit
/root/.cache/mozilla/firefox/z39olcrf.default-release/startupCache/scriptCache-new.bin
Filesize
8.1MB

MD5
6649c9a33bca79c14ef933e5db2ff8f2

SHA1
a5f90a83e7c4696b8d6949475912b03e706c808b

SHA256
573f778807621550c592ee9a99409775d38e4787e0716e56602d450863cf08bb

SHA512
b0e2f1ea3b405a6cb25ffe66afdbf66180b2f5024bb4b4a66020ac4918d2d179fd61db5d6dbc35cf9f854c31ea9b6510eff28b1222addc48b43da723ea578550

Download Submit
/root/.cache/mozilla/firefox/z39olcrf.default-release/startupCache/urlCache-new.bin
Filesize
3KB

MD5
11a291f49adc36ee5b6f01baf07d32d3

SHA1
a3ebfc9b4728c7a024f18854a6c22f9623c6d863

SHA256
c20a6f9352d1c7fb5801570f936d1d6bac7abf490c24df5c01c874413c70354e

SHA512
a111e6aea6291cd82eef97ee86fe5c7698ff466fff1221eb17a73a57db5861c09a47f58fa447df1b5072341fe68a5c57ee0957c70c80bbfe4b2a14bc4ee516db

Download Submit
/root/.dbus/session-bus/11c67417355f45d397f6be11f62e85a6-0
Filesize
466B

MD5
01e2dd71ad6466de3b44e890dfd7a43b

SHA1
b3d8de32d4f4e22fc015882f2210e4544e5a6609

SHA256
8f19a68ae1918ae77d2df211aee05653c504df266ae4054b424157ab35f6686b

SHA512
128e3e528b59444fcd8c62b0d572bf60ab4f577ec1be73336d190d4d6f5bc7cf9c5a3dc2cccfc00d3fe327b830883dc221f789b8ae8acf1e28d436b090070d3d

Download Submit
/root/.mozilla/firefox/Crash Reports/InstallTime20230522134052
Filesize
10B

MD5
ef6c94ea5ebf411735d1a350918eb604

SHA1
ac5a5b1c1e0846e7512dd4cfca8f1dc07e8237a3

SHA256
73cc682e39b169de5bf06cd50bdfd42b5cc8cf7d83eb2c20f68212447496fd69

SHA512
acf9505c87c680e9f8c8afee6066c83ef42339348b55ed6fe0c7cae93fbdd6acd1070a78bb17b32499d808979a8ed522c44ccfba43b1587cbcd82c018965b23e

Download Submit
/root/.mozilla/firefox/installs.ini
Filesize
62B

MD5
f7bdd4ce8e15462c4fd1e471a47d4683

SHA1
7247f1517591a7f763b931d4c14eab611b3380c7

SHA256
1949cf1097cad0147b95bea988c4db2ca0db47257ba889958eaf710a5be4d185

SHA512
fd470cdab7cbf19349c87b6194501d8b6e15725ed4b1749a7e9e67ea5be0477c995857a58185571dc2d9b91fc054a1d72e85f20c49db15f127a17012af857108

Download Submit
/root/.mozilla/firefox/profiles.ini
Filesize
259B

MD5
35bcf63536466516c857fe5fcbff4b20

SHA1
039cce23fadbbebf358c8af3f8b5ac5cca14ac38

SHA256
9eac1b579c93569933068b00b70af2d313bb412145db9feff5d6b2bf0ad660e5

SHA512
e0771bf470a8876e5aeda913459e1f15195bf5b5f1d23a686f49dcab462bf7fd4c8026b1281383a78fc0314344810fc0858a44593a29831c7b75c08f65cba95a

Download Submit
/root/.mozilla/firefox/yj46cmqh.default/times.json
Filesize
47B

MD5
9d6862703d38a572e271d6ea291967e6

SHA1
4e0ce6193a49a87c2283649fc0f4a1e6eeae6ba8

SHA256
11a2ef5e2664ef61bbd386e8b5b0b36a4e155f790c8f1222b8b7d0400453be94

SHA512
1dd2f81d6dc1797ff6df091c10907e14689d858220e4e70d4d49ddb222847379a91f9e26a97323218520cc8bfdafab934323ef2535187d72099a270e4b9abfa6

Download Submit
/root/.mozilla/firefox/z39olcrf.default-release/cert9.db
Filesize
224KB

MD5
3cb9773be6d81859a41fdcb18f628d99

SHA1
76a986c20052b6a9bb8ca49380aa2315192efd95

SHA256
09dc5906db9aa2245db97925bd4f645301523f311b7366fcfd3386bb15bc4507

SHA512
5d9b104300d55638eb4dbee85768cc7aef442ceec3b833caf23bdbbb5738837c9151f54bbbffca2c24df750ded6bd62a7b05c63e6adc05bcf9e0472d6e473d07

Download Submit
/root/.mozilla/firefox/z39olcrf.default-release/compatibility.ini
Filesize
163B

MD5
fe452b7294d5928a9a5863b89ee0a6bd

SHA1
a5d4c245071fa96476ba48b4725bdae7f1b7940f

SHA256
d5bfb07561606a19aa96557ea109b175050dc0eb805cbef9c813503587d77900

SHA512
dc37d8507f08849e3382d2dbafd4a64555dbd57a288c95131e9aefb366630f1585811a9e1456b861bb9d2b816ed88b18ffb7580cd92b41bb9b0227ce1363843e

Download Submit
/root/.mozilla/firefox/z39olcrf.default-release/content-prefs.sqlite
Filesize
224KB

MD5
1fc2e7b7fe2c5be305dfa9a2bbb60771

SHA1
4967389dea050001cb1af3ec799edb7805c3abb8

SHA256
1953edcac737d1ad3de6fbf69671163882fdc0be5bd21d00378d8d8c753c757a

SHA512
fba536378ab9b5f04d92f1029b92d255c7da445a29e2527647bc16e57d02c179de1e78a2de11db1b00cc54c24d3715980c84c0cde103f47c6150f2e7bb8f93d5

Download Submit
/root/.mozilla/firefox/z39olcrf.default-release/cookies.sqlite
Filesize
96KB

MD5
9535f5fe817accc769c2c1d3354db39f

SHA1
6af62cf08717cf3bfa84eb1a7b311acf522ce560

SHA256
c53c15fcfac2bb57fdc88d23f932fc244dbaf4020f0f6eaecf0f77a37c21f8c5

SHA512
dc9c2c32eb42dda0a7a711e143aea58c603c1e9d885c3677e9fe86f525e1b0b32a46e240756263e56510b07e764ba69f2de13b90ec18210678242e10cfe17837

Download Submit
/root/.mozilla/firefox/z39olcrf.default-release/cookies.sqlite
Filesize
96KB

MD5
5caa766855d5613a999f71b7812d6451

SHA1
ad0d9a52a0d5cc7f11858301dbe47377ed99ee37

SHA256
3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27

SHA512
17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

Download Submit
/root/.mozilla/firefox/z39olcrf.default-release/favicons.sqlite
Filesize
224KB

MD5
3c0a1ec298284608bfa51081ea539be3

SHA1
e51b58f6fe89d45fd8a1d935b51da172d5f6f32e

SHA256
34c4fe7ab2d3e44f193b489ebe84c17d67b336546af9ef231897ec09d7ff16f2

SHA512
8550f530377f7a98c46a6989bec2c43ed644274509a5b987e8e0d034bf867b3315dcc75a2c851a5ac43a45b40bf51c789d828a9a69c02157b3e900467341a28f

Download Submit
/root/.mozilla/firefox/z39olcrf.default-release/key4.db
Filesize
288KB

MD5
7428308ff2ee58ab98b85f07d6530c7e

SHA1
4ac20ae2fd609f943a3591ccbf8c798ade003b13

SHA256
345b4879bcac6453fee643785262264113e1be1d802053767340f21f9daba4b3

SHA512
01988b4c357d11e351c177bf9d8b67c0d83e544f9a55fd81cd10462628c1208926df7c9516a00bb034c891ada839e28c972e9a1bb2a548f053b8289de753896e

Download Submit
/root/.mozilla/firefox/z39olcrf.default-release/permissions.sqlite
Filesize
96KB

MD5
232fbc22dd03a8ec41edde02bdbea61c

SHA1
6ab4b39bca95418c52f7f861fd39e5fddb9cc7b6

SHA256
d88bf367aaf79efbb2e8fbdb1dc5bde1c1c3a53e0f4d8188027a63ec55d5f5f0

SHA512
055f1595f4a327347671db53cec8d89a310109d3f871c567e3d5b654b956fc0369d12437f7dc6d9327b973008f1327ee0dfdb5504f1b3cbe00da29941b1e5892

Download Submit
/root/.mozilla/firefox/z39olcrf.default-release/places.sqlite
Filesize
1.3MB

MD5
efc6aa6ad8fe1b773464a2f9167a9760

SHA1
104b262c5f1bd1cbac241fa6cc7c195c94b407ee

SHA256
8a27287e6a009ae2c0ddc890edaa7d30a27c437b4c05df7186dee207a7d227f4

SHA512
a12b799989f565a309531f0610a1ed5e8c27cc1c97b426957e51068a1820cc8c0af9e24c8c08efe33f010d23153fc2800900dd33f545802551e3e9401a7f6f0b

Download Submit
/root/.mozilla/firefox/z39olcrf.default-release/prefs-1.js
Filesize
2KB

MD5
6c9aee1bb6a8caf23faff2e976f47abd

SHA1
32aa72be3db0afe981b1bad0598115b02b4f78ec

SHA256
15301faf26bfb86347e4dcba8e03f51d68bed0e14335574c822b81c7e0a8c7e1

SHA512
749acd7e7605f9b1067797e5d6a4de91fe51d50746648149861184da09cde2fa7f1ca901b1d35af469f37d67648b183f7eada66f184405a2975ce7fecf09f3db

Download Submit
/root/.mozilla/firefox/z39olcrf.default-release/prefs-1.js
Filesize
2KB

MD5
449f422a456d49de2fcdbd8086a6fc59

SHA1
e5cbe1d0477b64103fb856adbbef0c479c86d965

SHA256
44b4b79b353f5aef25e69a9ace82e80c767330909443a7bb107c6a18d1853789

SHA512
5e0dac0b6245c23d11cfbdf104ee0858b90975f9df58dcb15fcccf817b897a4d049d5b26a1552ae02f2c16d9a055f5758cff02610c48f5fdd23019900b7b59a8

Download Submit
/root/.mozilla/firefox/z39olcrf.default-release/prefs-1.js
Filesize
4KB

MD5
d8cc75cbeaaeac44c36fc64bf1562fa8

SHA1
dc915ea53411483c35d7f90c213f982d8de7d532

SHA256
f85c6dc9f78656289614ff171190805a878b53d54743e79d726f0aa2f1578c64

SHA512
21b245f8f35a3f5f6e5b4aca030f65ab7e76b4a9be80e3c370f11c40181ad83cfe791298423fd8a3fbafba264a33a9c733e582d8847efd3f5b1a1e7cfa8f10e3

Download Submit
/root/.mozilla/firefox/z39olcrf.default-release/prefs-1.js
Filesize
4KB

MD5
c17162b0bbac1e23597b1d0d34cd6f1d

SHA1
47e46fdd07f5882e6aa7ecd1c7c8e54a03a8b9bb

SHA256
0e6feb1cfe9b394880a6122dec04cfd0c2215684a4e4201652705888853aba72

SHA512
b9969c4d5614ccf0a3d64910c9fb42478af87205dee84bbca20565336470a9a14c22f9a871703cc46d174d2b72486122eaa293efa0e3d7c690fb677851b9133f

Download Submit
/root/.mozilla/firefox/z39olcrf.default-release/prefs-1.js
Filesize
5KB

MD5
2dda7f79b7f07032a203e2c62bb5ccd0

SHA1
2199e95887b53bf086ca2d1eb84bfbb711d3a51f

SHA256
83f7b1ea2eeb623b4ff5ac44b1e97f74403b60768779e7893f764d4ae50e0e42

SHA512
0e3ebadd45c3daafe55254378dd0ce4637053176c80e3359b4cca7caa96826d389708ce0a511129725edca959361ff9f49581165fffec0a4e96fd9cb21b06ef9

Download Submit
/root/.mozilla/firefox/z39olcrf.default-release/prefs-1.js
Filesize
5KB

MD5
92d83a02396592e1b944f24f74107081

SHA1
c6258c99a220c9f687cdc6c6a0a3d817a12ea360

SHA256
00068d6774bafb83aa853ca1d437efb2dbba16b40b90d903143ee4ae98d7fee1

SHA512
a991a6700c57cbae8da0a4233931aca3d75bb8bed850d33946abebbf504182e0574bca7822b532c7a869f1d0295a6612690e7f94acb1198192bd1e65636d26a1

Download Submit
/root/.mozilla/firefox/z39olcrf.default-release/prefs.js
Filesize
1KB

MD5
46be59ec0a2fb68aadd7b3a75276a9d7

SHA1
d82c2bb22634728da7f61b8c4316a518295b78c6

SHA256
0d0cb7d14a1085d851d6f6df428f6955eb14438deecdaae258e9af3cb3096d1b

SHA512
0e5920353bc578aaf0f9ea6f42e75a12193ee7a356051c2ef22d12abd56b72cd296842564948a16f417d9aa442167d3386fe28fc563d2b5cfc07a3d398302cb1

Download Submit
/root/.mozilla/firefox/z39olcrf.default-release/storage/ls-archive.sqlite
Filesize
96KB

MD5
e0c613bfd69956a19ce2dc5e925aa223

SHA1
14accb230edcd6cb76967cdc6d4e5686db96b5df

SHA256
0d4cb11f6364c46a75f9eaddfca5c660b90dfd515df3afcd5e0baeca28a0f1ab

SHA512
01643c0131a392be92b3f281d7f633c1f502bff19090b0d716f1ac66aefecc3fcf92f393bef66b03089c9b9c6d8aaeb711b6a4f29d5a6729dd188c838f2272d1

Download Submit
/root/.mozilla/firefox/z39olcrf.default-release/storage/ls-archive.sqlite
Filesize
128KB

MD5
178d71e5529d637ac62f7e75fdd75896

SHA1
339f2b949cc4c207b66aea11137448ba28d36dcb

SHA256
7b0050f1bfaab85c8f9067ae7d7369056ff752c0c852ef1462a96c22169004d4

SHA512
ec0e0105fcfbbae356dd55efbcf92975f35bbe5cb93fcabf4c08443e871957635d14830b27c4e1ddefbbaff8f9b7ec3590bf417a9442e1d7ee3607d14d56f664

Download Submit
/root/.mozilla/firefox/z39olcrf.default-release/storage/permanent/chrome/.metadata-v2-tmp
Filesize
42B

MD5
ec37a40128e0cb0393b4e44b1ec793b6

SHA1
f77cbe4a7b14a3a0471a8950eb0064b9f48485e6

SHA256
6235ee4920a57244bafb09887adc2bd3d653d6298e673129cf07b1bc5c1b2d76

SHA512
748919583d0886ed85d5cd264e31eb410086a0f9d9b7a557591afc51cb436d2f968c92754eca5128d31f69401f7e42e7ada5dab812850d4e9ca94954b695ecb4

Download Submit
/root/.mozilla/firefox/z39olcrf.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite
Filesize
44KB

MD5
a8dd7ebaad5528b23f82ccb1534cea18

SHA1
600daceacfb5cf9df0b66ba7dce4516b2ac4df70

SHA256
e5b0d02c18ae36c4a220f41fd97c66060c17aaafcbb324a57ccdc2707c44c4ec

SHA512
67f867a8e2b37fb6bececd5ebc570ca594ea329142badd63d1281d5e735f515a5e329abc6eb9a9d3465aab0a08541b4888018d859964f160a52345ab93532bff

Download Submit
/root/.mozilla/firefox/z39olcrf.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite
Filesize
12KB

MD5
195b7a0bb025c246f4f119b5b959c7d8

SHA1
705f09b0a25c9bcc1e046af428de4583d73e2d48

SHA256
5ea62b716e258188335ee4afbc31327c7beaf0df28fb8a3a57d700713c055a5a

SHA512
b721d5313a8e9cdf7cec22dbe50d2685ac7204c070929c1c93ce3697629bb69bee6ddd7b0b2716c7a2901449290903ba27a6a5ac75c668e14d5eeebe38240b23

Download Submit
/root/.mozilla/firefox/z39olcrf.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite
Filesize
16KB

MD5
84cf27c4d43a04b916ddf13ab799c905

SHA1
5eebe46b91fa3100a73c0fbb127b52f708b042b5

SHA256
9692c07b944f5f653eb512b7b8f74cb991ab80a9ab51580881eabc4c00032506

SHA512
6efb471f50b2d429f8742eb429d12e2022aede9b1d3f34105e45bd7137f9f6f96ea9b6fbed780cecbd74252a809289bd86204216f180bd8d3d680c47cd82a07c

Download Submit
/root/.mozilla/firefox/z39olcrf.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite
Filesize
44KB

MD5
7352c8848e88edc39b7fb5e663888187

SHA1
8c3dffe25cc56c7aec1b782292d6fceed81e6304

SHA256
7a462086a26978809c719e57a7ea6a25568767fb7532014e8531fda94b660e0a

SHA512
f2a0dbbab5c2c1702b03bce15a47739481f523e127d1372b40534db9a20b2bc99fb53710ee0e5d44176188817cac704cf4f98cdf087e7e89d244281fcfc3b280

Download Submit
/root/.mozilla/firefox/z39olcrf.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite
Filesize
12KB

MD5
dc24a4f4d16f0c849c3f324d22edc35c

SHA1
5f4d79b027b623b66e2b3ab44dc2dbcb22e55599

SHA256
9a9ef58346c750df3f6f7b92cc059b93d3347e9fa37856936532281084aee892

SHA512
eacbe70bddcecb847ff81de163cdc05ec4b61ccfd69a5c287ec84dee25fdd2e2683ea79d3013c7671dbfe824d434e0b30ca3567fe195d9e31abb2f67e6d2a1f3

Download Submit
/root/.mozilla/firefox/z39olcrf.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite
Filesize
16KB

MD5
8c471ae0313e1ec5717fac3d13fb3f38

SHA1
6e03c75d10d34a04e8cde219ceb92a2d45602f39

SHA256
128f3597843b3ac4bbce232b9dd335ad50d88002e688eac0c7c1ba0a182092e3

SHA512
eb71bb2fef4f080cf36969b868e777f4d92e267ac73dab0df010f715b248a2bf34a5bc9a997243d584aea8da9be93731526cdaf71f375c661d61d97eb44c047a

Download Submit
/root/.mozilla/firefox/z39olcrf.default-release/storage/permanent/chrome/idb/2918063365piupsah.sqlite
Filesize
20KB

MD5
d82e173bb5a2d53e156b0d1603d64dd3

SHA1
cb995d908a5e382a2b767f1f502e5cf289da3a46

SHA256
cb206f6fd346679d1f386927f58a0e24f8f258c5b70eaf0470b01c235bc4cdeb

SHA512
ec0bf7f4e0217418d65f0f5b0111c3b94d3f0c0b60a62fb25337d53d3ff96f8767634b53a916137e5d60f243a9fd0545a92aba466aec5028d9809c6570bbb07e

Download Submit
/root/.mozilla/firefox/z39olcrf.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite
Filesize
44KB

MD5
759544297aaa61f5fef8ee42d0ae4393

SHA1
fc2d66f6e60409e3e8d38623ce5f817fc7f571e0

SHA256
1bd2000cd972e80cefaec6e982ba261d224a818f367de0fdf8c51fa5a05d7ab5

SHA512
8aaa2ce66f10d46f7c9200af841ac7bd9f5b55c30308a14f0deda44ac62581c45daae45154487c0073a0d5847d5926cbb4072ca64a702ac6b834ad0bb482804f

Download Submit
/root/.mozilla/firefox/z39olcrf.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite
Filesize
12KB

MD5
c0f7f839b884fb4bd5f818023f9b5aad

SHA1
e608df32fd5cc01745d2e302c115ce3be8cdf54e

SHA256
a76a61d89b9ce0ceb5876d8543f88bd0a7f236b7c1238647a37a527a18c41ffc

SHA512
ad804be24f293baa7ee5044960885b886e9edda7a77d1c6f92c515c06535164e41a84e2078140ad8b8f1795ae3ef6b3bc4c9b26b017aa09a000418618d3ba544

Download Submit
/root/.mozilla/firefox/z39olcrf.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite
Filesize
16KB

MD5
8701b5ec459dd83d57318c86826f135a

SHA1
5c583c4261165186811ceea9a8e8006e74f96cca

SHA256
97ad9d5ffb908a60519bcaaa47bee43a155a8dd3e4102baca61adf8bb4882f5a

SHA512
745db6026ea1a19154ff094c3b09b64672fb4c7f29df46ca72dbfdbbf08207d6fd7e317b30390a057e3d692a8e56751c3c7968689dd8715e74bc61af05e68c46

Download Submit
/root/.mozilla/firefox/z39olcrf.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
Filesize
44KB

MD5
07a412e08825220262ad2890757ff779

SHA1
f46c127dbc070ded87a6078b3c1c761955f96de8

SHA256
da640f8b665841b520d2262a21cc3f82aeaa881cf81a1ddae27ef501d66544e4

SHA512
0134c783bf3293848e479b478ac57a1e0f4202cddfb8b57bc6275aada7345f398cf8a627e9b1c34fd618192c2f0c9737b1da487daf33f9c557ebc1377105582b

Download Submit
/root/.mozilla/firefox/z39olcrf.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
Filesize
12KB

MD5
c91a9d9183b095f595ea7d4c4474b906

SHA1
a598a1e719de1ff957dd4c5d0bf63630f3ae527f

SHA256
0060715b6e05784e186e30ebbe1380cf611802173fe1ae91a25001412e9e2415

SHA512
7a994c788f79517292f02f62d67fd0502b70dd786ed7dda0d8b5c2753d37746743721c48d73e13f405303df0902206487df763c2ba5f4e821677e532ce297b37

Download Submit
/root/.mozilla/firefox/z39olcrf.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
Filesize
164KB

MD5
7708ea2a72f38f4ebae218c9345305af

SHA1
7ec5467576e62915a874938a9b7eef29a716d43c

SHA256
0f992dc0182c33d9660d6040ace135999d32b09b1e9c842039b80c1ccda47fe7

SHA512
f0e8e7b1508ef9d9830d842d5f1698667822137ec2de878b814592f6ef59269b7952492639740e99a09bb525432d76ab7603d07af37efcaa84e29d0abde1ca35

Download Submit
/root/.mozilla/firefox/z39olcrf.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
Filesize
148KB

MD5
dd3f6ba37c670af5953593535e435d04

SHA1
ecfe4e650a050bce77e8ff7468de04c1b8acc9a4

SHA256
5cc6fa137a1f3a7d0b615b178877f12c460b22f95702eb7534d5732ee6599561

SHA512
86e0482543faae6fb279ca71e1e6d6461d32317e74baebb3973e0fde9800107faeb9c2347be6cf8a47556ae43c8e6c224a595e952f621e40ad2c5eba920df2b3

Download Submit
/root/.mozilla/firefox/z39olcrf.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
Filesize
168KB

MD5
e87498f20e6ffb24c100b389c9186fd6

SHA1
919ac3ffd22845e2ed3bf53ff974ab495d0a7c73

SHA256
98fb2b81377690e84819f72cb58f02505856485830b2bb98c5f1e3b4804013d0

SHA512
706619b456d5beba0308ca27ff3e011c844aea05ad99ae3a572748c8dbb20e9992be624609ca1cb56ff82f29181c9b1e95b9ce7032601db4c24d2e13e5d454e7

Download Submit
/root/.mozilla/firefox/z39olcrf.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
Filesize
248KB

MD5
c966f43cae42ec8d4344eb4630a887a9

SHA1
912dd5cccf8054393dec1285ca70ea07d358788e

SHA256
5829d4bc45f5204c879e1110017000c591a8b838f6478b411246cc98a48e5129

SHA512
da1ea2df960cb9ae17ba902529665240b6db25d02120ffe32608040edaf818afc1d2d92834c8a6f3b5af6bb96b6880f9b0f3e3416e200fcdbb4c0b556215ef88

Download Submit
/root/.mozilla/firefox/z39olcrf.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
Filesize
316KB

MD5
c3312474e7dc3827d9668d677ee7da56

SHA1
b3af75bb947a0bb468960591b986a652342ec72d

SHA256
74eb5892b247c892bbf897dcf9b4a9253099dfc7f91c46df8e84b4ae5711b281

SHA512
df0622f34366a7ca15341d55a868570f441b99a1b779b0341c360eca14c437c338fca96811fda803a74bd444d05a6257aa5fbf5e96b7517176216577d0163cb4

Download Submit
/root/.mozilla/firefox/z39olcrf.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
Filesize
256KB

MD5
cbd646d770b0fb0b23c49e19561918a2

SHA1
8a7de4b860b0fd6a566f1774127861ba940ffc60

SHA256
cd6fba40ff9a4d8cadf608693862bf9a72c2b3d78255308d05a503ab3c8f36c6

SHA512
176b0f8efef295d5ae6203ff7286fe88b922b6b03e705d2d53c734b4bba61ef586fb69560e8fdf574f05d85990d45d8e2e2b2515785400b0194c52344a2e9f07

Download Submit
/root/.mozilla/firefox/z39olcrf.default-release/times.json
Filesize
50B

MD5
5bdce3d598e9f397e5ea08650f590ca8

SHA1
171757cbc2dc88c1954cf32083a7d9f502a827fd

SHA256
66cbece29841cb1a53ebfc2758cab75fc08539fc821fc77d1e5790eef8938b27

SHA512
4e769c8836eb6d3dac4607f37f264459f9e8aa050115c86f8e6d0373ad2eb3bed0f0ba07e6bf001ccdc88e661c1ca487f8f96facfde09cea098765c6e1287a7f

Download Submit
/root/.mozilla/firefox/z39olcrf.default-release/times.json
Filesize
47B

MD5
d873a1f96705815ccbb6b64bc2d1e20e

SHA1
e1e1bea59059a965bb5a2ee291de9052ec001dfe

SHA256
402d1f0b4397e2823f9215a7093396190e2aa1c0dc33cc04434f911421a6163e

SHA512
1c94e1aad2898725323de3ec389ee8430b43e80f10ff5724c194a0c44171faecee6fc3bcd245c116b2f78d21931e4a5a7fe9e776184e43fca86727e8a2599e8f

Download Submit