hxxps://github[.]com/pankoza2-pl/malwaredatabase-old

Analysis

max time kernel
6s
max time network
10s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20240226-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20240226-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
28-03-2024 11:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/pankoza2-pl/malwaredatabase-old

Score

7^/10

antivm spyware stealer

Malware Config

Signatures

Changes its process name 64 IoCs

Processes:

firefox

description	ioc	pid
Changes the process name, possibly in an attempt to hide itself	IPC I/O Parent	1692
Changes the process name, possibly in an attempt to hide itself	IPC I/O Parent	1692
Changes the process name, possibly in an attempt to hide itself	IPC I/O Parent	1692
Changes the process name, possibly in an attempt to hide itself	glean.dispatche	1691
Changes the process name, possibly in an attempt to hide itself	Socket Thread	1705
Changes the process name, possibly in an attempt to hide itself	Timer	1703
Changes the process name, possibly in an attempt to hide itself	Backgro~Pool #1	1707
Changes the process name, possibly in an attempt to hide itself	Timer	1703
Changes the process name, possibly in an attempt to hide itself	Socket Thread	1705
Changes the process name, possibly in an attempt to hide itself	Backgro~Pool #1	1707
Changes the process name, possibly in an attempt to hide itself	IPDL Background	1706
Changes the process name, possibly in an attempt to hide itself	IPDL Background	1706
Changes the process name, possibly in an attempt to hide itself	Netlink Monitor	1704
Changes the process name, possibly in an attempt to hide itself	Netlink Monitor	1704
Changes the process name, possibly in an attempt to hide itself	HTML5 Parser	1708
Changes the process name, possibly in an attempt to hide itself	HTML5 Parser	1708
Changes the process name, possibly in an attempt to hide itself	JS Watchdog	1710
Changes the process name, possibly in an attempt to hide itself	JS Watchdog	1710
Changes the process name, possibly in an attempt to hide itself	BGReadURLs	1712
Changes the process name, possibly in an attempt to hide itself	BGReadURLs	1712
Changes the process name, possibly in an attempt to hide itself	Cache2 I/O	1713
Changes the process name, possibly in an attempt to hide itself	Cookie	1714
Changes the process name, possibly in an attempt to hide itself	Cookie	1714
Changes the process name, possibly in an attempt to hide itself	StreamTrans #1	1715
Changes the process name, possibly in an attempt to hide itself	StreamTrans #1	1715
Changes the process name, possibly in an attempt to hide itself	TaskCon~ller #1	1717
Changes the process name, possibly in an attempt to hide itself	TaskCon~ller #0	1716
Changes the process name, possibly in an attempt to hide itself	BgIOThr~Pool #1	1718
Changes the process name, possibly in an attempt to hide itself	BgIOThr~Pool #1	1718
Changes the process name, possibly in an attempt to hide itself	QuotaManager IO	1719
Changes the process name, possibly in an attempt to hide itself	QuotaManager IO	1719
Changes the process name, possibly in an attempt to hide itself	IndexedDB #1	1720
Changes the process name, possibly in an attempt to hide itself	IndexedDB #1	1720
Changes the process name, possibly in an attempt to hide itself	IPC Launch	1723
Changes the process name, possibly in an attempt to hide itself	IPC Launch	1723
Changes the process name, possibly in an attempt to hide itself	SandboxReporter	1722
Changes the process name, possibly in an attempt to hide itself	SandboxReporter	1722
Changes the process name, possibly in an attempt to hide itself	Breakpad Server	1721
Changes the process name, possibly in an attempt to hide itself	Sandbox Forked	1724
Changes the process name, possibly in an attempt to hide itself	DOM Worker	1725
Changes the process name, possibly in an attempt to hide itself	DOM Worker	1725
Changes the process name, possibly in an attempt to hide itself	Chroot Helper	1726
Changes the process name, possibly in an attempt to hide itself	StreamTrans #5	1731
Changes the process name, possibly in an attempt to hide itself	StreamTrans #5	1731
Changes the process name, possibly in an attempt to hide itself	StreamTrans #4	1730
Changes the process name, possibly in an attempt to hide itself	StreamTrans #4	1730
Changes the process name, possibly in an attempt to hide itself	StreamTrans #3	1729
Changes the process name, possibly in an attempt to hide itself	StreamTrans #3	1729
Changes the process name, possibly in an attempt to hide itself	StreamTrans #2	1728
Changes the process name, possibly in an attempt to hide itself	StreamTrans #2	1728
Changes the process name, possibly in an attempt to hide itself	MainThread	1724	firefox
Changes the process name, possibly in an attempt to hide itself	IPC I/O Child	1732
Changes the process name, possibly in an attempt to hide itself	IPC I/O Child	1732
Changes the process name, possibly in an attempt to hide itself	IPC I/O Child	1732
Changes the process name, possibly in an attempt to hide itself	FSBroker1724	1733
Changes the process name, possibly in an attempt to hide itself	FSBroker1724	1733
Changes the process name, possibly in an attempt to hide itself	Socket Process	1724	firefox
Changes the process name, possibly in an attempt to hide itself	Socket Thread	1735
Changes the process name, possibly in an attempt to hide itself	Backgro~Pool #1	1734
Changes the process name, possibly in an attempt to hide itself	Socket Thread	1735
Changes the process name, possibly in an attempt to hide itself	Backgro~Pool #1	1734
Changes the process name, possibly in an attempt to hide itself	Timer	1737
Changes the process name, possibly in an attempt to hide itself	Timer	1737
Changes the process name, possibly in an attempt to hide itself	ProfilerChild	1736

Reads user data of web browsers 64 IoCs

Reads stored browser data which can include saved credentials.

spyware stealer

Processes:

firefox

description	ioc
File opened for reading	/root/.mozilla/firefox/bzcmx3bh.default-release/sessionstore.jsonlz4
File opened for reading	/root/.mozilla/firefox/bzcmx3bh.default-release/sessionstore.js
File opened for reading	/root/.mozilla/firefox/bzcmx3bh.default-release/search.json.mozlz4
File opened for reading	/root/.mozilla/firefox/bzcmx3bh.default-release/storage/permanent/chrome/idb
File opened for reading	/root/.mozilla/firefox/bzcmx3bh.default-release/sessionstore-backups/recovery.baklz4
File opened for reading	/root/.mozilla/firefox/bzcmx3bh.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite-journal
File opened for reading	/root/.mozilla/firefox/bzcmx3bh.default-release/places.sqlite-journal	firefox
File opened for reading	/root/.mozilla/firefox/bzcmx3bh.default-release/permissions.sqlite
File opened for reading	/root/.mozilla/firefox/bzcmx3bh.default-release/key4.db	firefox
File opened for reading	/root/.mozilla/firefox/bzcmx3bh.default-release/ClientAuthRememberList.txt
File opened for reading	/root/.mozilla/firefox/bzcmx3bh.default-release/shield-preference-experiments.json
File opened for reading	/root/.mozilla/firefox/bzcmx3bh.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite-journal
File opened for reading	/root/.mozilla/firefox/bzcmx3bh.default-release/storage.sqlite-journal
File opened for reading	/root/.mozilla/firefox/bzcmx3bh.default-release/AlternateServices.txt
File opened for reading	/root/.mozilla/firefox/bzcmx3bh.default-release/sessionstore-backups/previous.js
File opened for reading	/root/.mozilla/firefox/bzcmx3bh.default-release/storage
File opened for reading	/root/.mozilla/firefox/bzcmx3bh.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite
File opened for reading	/root/.mozilla/firefox/bzcmx3bh.default-release/compatibility.ini	firefox
File opened for reading	/root/.mozilla/firefox/bzcmx3bh.default-release/addons.json
File opened for reading	/root/.mozilla/firefox/bzcmx3bh.default-release/cert_override.txt	firefox
File opened for reading	/root/.mozilla/firefox/bzcmx3bh.default-release/SiteSecurityServiceState.txt
File opened for reading	/root/.mozilla/firefox/bzcmx3bh.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite-wal
File opened for reading	/root/.mozilla/firefox/bzcmx3bh.default-release/key4.db-journal	firefox
File opened for reading	/root/.mozilla/firefox/bzcmx3bh.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-journal
File opened for reading	/root/.mozilla/firefox/bzcmx3bh.default-release/key4.db
File opened for reading	/root/.mozilla/firefox/bzcmx3bh.default-release/cookies.sqlite-journal
File opened for reading	/root/.mozilla/firefox/bzcmx3bh.default-release/cookies.sqlite	firefox
File opened for reading	/root/.mozilla/firefox/bzcmx3bh.default-release/places.sqlite	firefox
File opened for reading	/root/.mozilla/firefox/bzcmx3bh.default-release/system-extensions	firefox
File opened for reading	/root/.mozilla/firefox/bzcmx3bh.default-release/cookies.sqlite-journal	firefox
File opened for reading	/root/.mozilla/firefox/bzcmx3bh.default-release	firefox
File opened for reading	/root/.mozilla/firefox/bzcmx3bh.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite-wal
File opened for reading	/root/.mozilla/firefox/bzcmx3bh.default-release/storage.sqlite
File opened for reading	/root/.mozilla/firefox/bzcmx3bh.default-release/storage/ls-archive.sqlite
File opened for reading	/root/.mozilla/firefox/bzcmx3bh.default-release/storage/permanent/chrome
File opened for reading	/root/.mozilla/firefox/bzcmx3bh.default-release/cert9.db
File opened for reading	/root/.mozilla/firefox/bzcmx3bh.default-release/content-prefs.sqlite
File opened for reading	/root/.mozilla/firefox/bzcmx3bh.default-release/content-prefs.sqlite-journal
File opened for reading	/root/.mozilla/firefox/bzcmx3bh.default-release/prefs.js	firefox
File opened for reading	/root/.mozilla/firefox/bzcmx3bh.default-release/user.js	firefox
File opened for reading	/root/.mozilla/firefox/bzcmx3bh.default-release/storage/ls-archive.sqlite-journal
File opened for reading	/root/.mozilla/firefox/bzcmx3bh.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
File opened for reading	/root/.mozilla/firefox/bzcmx3bh.default-release/permissions.sqlite-journal
File opened for reading	/root/.mozilla/firefox/bzcmx3bh.default-release/extension-preferences.json
File opened for reading	/root/.mozilla/firefox/bzcmx3bh.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite
File opened for reading	/root/.mozilla/firefox/bzcmx3bh.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-wal
File opened for reading	/root/.mozilla/firefox/bzcmx3bh.default-release/extensions.json
File opened for reading	/root/.mozilla/firefox/bzcmx3bh.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite-journal
File opened for reading	/root/.mozilla/firefox/bzcmx3bh.default-release/times.json
File opened for reading	/root/.mozilla/firefox/bzcmx3bh.default-release/sessionstore-backups/previous.jsonlz4
File opened for reading	/root/.mozilla/firefox/bzcmx3bh.default-release/cert9.db-journal
File opened for reading	/root/.mozilla/firefox/bzcmx3bh.default-release/cookies.sqlite
File opened for reading	/root/.mozilla/firefox/bzcmx3bh.default-release/handlers.json	firefox
File opened for reading	/root/.mozilla/firefox/bzcmx3bh.default-release/sessionstore-backups/recovery.bak
File opened for reading	/root/.mozilla/firefox/bzcmx3bh.default-release/cert9.db	firefox
File opened for reading	/root/.mozilla/firefox/bzcmx3bh.default-release/cert9.db-journal	firefox
File opened for reading	/root/.mozilla/firefox/bzcmx3bh.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite
File opened for reading	/root/.mozilla/firefox/bzcmx3bh.default-release
File opened for reading	/root/.mozilla/firefox/bzcmx3bh.default-release/addonStartup.json.lz4	firefox
File opened for reading	/root/.mozilla/firefox/bzcmx3bh.default-release/sessionCheckpoints.json
File opened for reading	/root/.mozilla/firefox/bzcmx3bh.default-release/sessionstore-backups/recovery.jsonlz4
File opened for reading	/root/.mozilla/firefox/bzcmx3bh.default-release/pkcs11.txt	firefox
File opened for reading	/root/.mozilla/firefox/bzcmx3bh.default-release/extensions	firefox
File opened for reading	/root/.mozilla/firefox/bzcmx3bh.default-release/sessionstore-backups/recovery.js

Checks CPU configuration 1 TTPs 1 IoCs
Checks CPU information which indicate if the system is a virtual machine.
antivm

Virtualization/Sandbox Evasion
T1497

Processes:

description ioc

File opened for reading /proc/cpuinfo

description	ioc
File opened for reading	/proc/cpuinfo

Reads CPU attributes 1 TTPs 11 IoCs

System Information Discovery

T1082

Processes:

firefoxfirefoxfirefoxfirefoxfirefoxfirefox

description	ioc	process
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index3/size
File opened for reading	/sys/devices/system/cpu/present
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index2/size
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/present	firefox

Enumerates kernel/hardware configuration 1 TTPs 60 IoCs

Reads contents of /sys virtual filesystem to enumerate system information.

System Information Discovery

T1082

Processes:

dbus-daemonfirefoxfirefoxfirefoxfirefoxfirefoxfirefox

description	ioc	process
File opened for reading	/sys/kernel/security/apparmor/features/dbus/mask	dbus-daemon
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/vendor
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/device
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/vendor
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/resource
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/class
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/vendor
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/device
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/irq
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/subsystem_device
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/device
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/class
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/uevent
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/device
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/device
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/irq
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/vendor
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/device
File opened for reading	/sys/devices/system/cpu
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/resource
File opened for reading	/sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/resource
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/vendor
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/irq
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/class
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/device
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/resource
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/vendor
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/resource
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/irq
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/resource
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/class
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/vendor
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/irq
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/irq
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/vendor
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/subsystem_vendor
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/resource
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/irq
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/vendor
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/device
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/irq
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/class
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/class
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/resource
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/device
File opened for reading	/sys/bus/pci/devices
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/resource
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/vendor
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/class
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/class
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/device
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/class
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/irq
File opened for reading	/sys/devices/system/cpu	firefox

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

Processes:

xdg-permission-storefirefoxfirefoxdbus-daemonsedsedsedfirefoxgvfsdgvfsd-fusefirefoxfirefoxsedfirefoxxdg-desktop-portalxdg-document-portal

description	ioc	process
File opened for reading	/proc/filesystems	xdg-permission-store
File opened for reading	/proc/self/fd/76	firefox
File opened for reading	/proc/self/task/1829/stat
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/filesystems	dbus-daemon
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/self/fd/44	firefox
File opened for reading	/proc/1875/statm
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/self/fd/36	firefox
File opened for reading	/proc/self/fd/6	firefox
File opened for reading	/proc/self/fd/35	firefox
File opened for reading	/proc/1822/statm
File opened for reading	/proc/1875/smaps
File opened for reading	/proc/1852/statm
File opened for reading	/proc/self/fd/34	firefox
File opened for reading	/proc/self/fd/46	firefox
File opened for reading	/proc/self/fd/51	firefox
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/self/fd
File opened for reading	/proc/self/cgroup	firefox
File opened for reading	/proc/self/task/1855/stat
File opened for reading	/proc/self/fd/49	firefox
File opened for reading	/proc/self/task/1727/stat
File opened for reading	/proc/filesystems	gvfsd
File opened for reading	/proc/self/fd/31	firefox
File opened for reading	/proc/self/fd/29	firefox
File opened for reading	/proc/self/fd/43	firefox
File opened for reading	/proc/1748/cmdline
File opened for reading	/proc/self/mountinfo
File opened for reading	/proc/self/mountinfo	firefox
File opened for reading	/proc/self/fd/47	firefox
File opened for reading	/proc/filesystems	gvfsd-fuse
File opened for reading	/proc/1852/smaps
File opened for reading	/proc/self/task/1680/stat
File opened for reading	/proc/self/stat
File opened for reading	/proc/1772/cmdline
File opened for reading	/proc/1800/statm
File opened for reading	/proc/1800/smaps
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/1596/status
File opened for reading	/proc/1763/cmdline
File opened for reading	/proc/self/fd/74	firefox
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/self/fd/41	firefox
File opened for reading	/proc/self/task/1806/stat
File opened for reading	/proc/self/fd/92	firefox
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/mounts	dbus-daemon
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/1678/cmdline
File opened for reading	/proc/self/fd/37	firefox
File opened for reading	/proc/1767/cmdline
File opened for reading	/proc/self/fd/73	firefox
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/self/fd/40	firefox
File opened for reading	/proc/filesystems	xdg-desktop-portal
File opened for reading	/proc/filesystems	xdg-document-portal
File opened for reading	/proc/self/fd/48	firefox
File opened for reading	/proc/self/task/1879/stat
File opened for reading	/proc/1743/cmdline
File opened for reading	/proc/self/maps	firefox

Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.

Processes:

firefox

description ioc process

File opened for modification /tmp/firefox/.parentlock firefox

description	ioc	process
File opened for modification	/tmp/firefox/.parentlock	firefox

/usr/bin/xdg-open
xdg-open https://github.com/pankoza2-pl/malwaredatabase-old
1⤵
PID:1590

/usr/bin/dbus-send
dbus-send --print-reply "--dest=org.freedesktop.DBus" /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager
2⤵
PID:1591

/usr/bin/dbus-launch
dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr
3⤵
PID:1592

/bin/grep
grep " = \\\"xfce4\\\"\$"
2⤵
PID:1598

/usr/bin/xprop
xprop -root _DT_SAVE_MODE
2⤵
PID:1597

/bin/grep
grep -i "^xfce_desktop_window"
2⤵
PID:1600

/usr/bin/xprop
xprop -root
2⤵
PID:1599

/bin/grep
grep -q "^Enlightenment"
2⤵
PID:1602

/bin/uname
uname
2⤵
PID:1603

/bin/grep
grep -q "^file://"
2⤵
PID:1605

/bin/egrep
egrep -q "^[[:alpha:]+\\.\\-]+:"
2⤵
PID:1607

/usr/local/sbin/grep
grep -E -q "^[[:alpha:]+\\.\\-]+:"
2⤵
PID:1607

/usr/local/bin/grep
grep -E -q "^[[:alpha:]+\\.\\-]+:"
2⤵
PID:1607

/usr/sbin/grep
grep -E -q "^[[:alpha:]+\\.\\-]+:"
2⤵
PID:1607

/usr/bin/grep
grep -E -q "^[[:alpha:]+\\.\\-]+:"
2⤵
PID:1607

/sbin/grep
grep -E -q "^[[:alpha:]+\\.\\-]+:"
2⤵
PID:1607

/bin/grep
grep -E -q "^[[:alpha:]+\\.\\-]+:"
2⤵
PID:1607

/usr/bin/xdg-mime
xdg-mime query default x-scheme-handler/https
2⤵
PID:1611

/usr/bin/dbus-send
dbus-send --print-reply "--dest=org.freedesktop.DBus" /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager
3⤵
PID:1612

/usr/bin/dbus-launch
dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr
4⤵
PID:1613

/bin/grep
grep " = \\\"xfce4\\\"\$"
3⤵
PID:1615

/usr/bin/xprop
xprop -root _DT_SAVE_MODE
3⤵
PID:1614

/bin/grep
grep -i "^xfce_desktop_window"
3⤵
PID:1617

/usr/bin/xprop
xprop -root
3⤵
PID:1616

/bin/grep
grep -q "^Enlightenment"
3⤵
PID:1619

/bin/uname
uname
3⤵
PID:1620

/usr/bin/which
which firefox
2⤵
PID:1663

/usr/bin/firefox
/usr/bin/firefox https://github.com/pankoza2-pl/malwaredatabase-old
2⤵
PID:1678

/usr/bin/which
which /usr/bin/firefox
3⤵
PID:1679

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox https://github.com/pankoza2-pl/malwaredatabase-old
2⤵
- Reads user data of web browsers
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
- Writes file to tmp directory
PID:1678

/usr/bin/dbus-launch
dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr
3⤵
PID:1690

/usr/local/sbin/dbus-launch
dbus-launch "--autolaunch=11c67417355f45d397f6be11f62e85a6" --binary-syntax --close-stderr
3⤵
PID:1740

/usr/local/bin/dbus-launch
dbus-launch "--autolaunch=11c67417355f45d397f6be11f62e85a6" --binary-syntax --close-stderr
3⤵
PID:1740

/usr/sbin/dbus-launch
dbus-launch "--autolaunch=11c67417355f45d397f6be11f62e85a6" --binary-syntax --close-stderr
3⤵
PID:1740

/usr/bin/dbus-launch
dbus-launch "--autolaunch=11c67417355f45d397f6be11f62e85a6" --binary-syntax --close-stderr
3⤵
PID:1740

/usr/bin/dbus-daemon
/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session
1⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1594

/bin/sed
sed -n "s/\$^[[:alnum:]+\\.-]*\$:.*\$/\\1/p"
1⤵
- Reads runtime system information
PID:1610

/bin/sed
sed "s/:/ /g"
1⤵
PID:1623

/usr/bin/cut
cut -d ";" -f 1
1⤵
PID:1628

/usr/bin/cut
cut -d "=" -f 2
1⤵
PID:1627

/usr/bin/head
head -n 1
1⤵
PID:1626

/bin/grep
grep "x-scheme-handler/https=" /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache
1⤵
PID:1625

/usr/bin/cut
cut -d ";" -f 1
1⤵
PID:1633

/usr/bin/cut
cut -d "=" -f 2
1⤵
PID:1632

/usr/bin/head
head -n 1
1⤵
PID:1631

/bin/grep
grep "x-scheme-handler/https=" /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache
1⤵
PID:1630

/usr/bin/cut
cut -d ";" -f 1
1⤵
PID:1638

/usr/bin/cut
cut -d "=" -f 2
1⤵
PID:1637

/usr/bin/head
head -n 1
1⤵
PID:1636

/bin/grep
grep "x-scheme-handler/https=" /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache
1⤵
PID:1635

/usr/bin/cut
cut -d ";" -f 1
1⤵
PID:1643

/usr/bin/cut
cut -d "=" -f 2
1⤵
PID:1642

/usr/bin/head
head -n 1
1⤵
PID:1641

/bin/grep
grep "x-scheme-handler/https=" /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache
1⤵
PID:1640

/usr/bin/cut
cut -d ";" -f 1
1⤵
PID:1648

/usr/bin/cut
cut -d "=" -f 2
1⤵
PID:1647

/usr/bin/head
head -n 1
1⤵
PID:1646

/bin/grep
grep "x-scheme-handler/https=" /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache
1⤵
PID:1645

/bin/sed
sed "s/:/ /g"
1⤵
- Reads runtime system information
PID:1651

/bin/sed
sed -e "s|-|/|"
1⤵
- Reads runtime system information
PID:1654

/bin/sed
sed -e "s|-|/|"
1⤵
- Reads runtime system information
PID:1657

/usr/bin/cut
cut "-d=" -f 2-
1⤵
PID:1662

/usr/bin/cut
cut "-d=" -f 2-
1⤵
PID:1666

/usr/bin/cut
cut "-d=" -f 2-
1⤵
PID:1669

/usr/bin/cut
cut "-d=" -f 2-
1⤵
PID:1674

/usr/bin/lsb_release
/usr/bin/lsb_release -idrc
1⤵
PID:1711

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -parentBuildID 20230522134052 -prefsLen 19257 -prefMapSize 230809 -appDir /usr/lib/firefox/browser "{4ea7a2d4-7509-4e15-a5b9-db20d4d88d4c}" 1678 true socket
1⤵
- Changes its process name
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1724

/usr/libexec/xdg-desktop-portal
/usr/libexec/xdg-desktop-portal
1⤵
- Reads runtime system information
PID:1743

/usr/libexec/xdg-document-portal
/usr/libexec/xdg-document-portal
1⤵
- Reads runtime system information
PID:1748

/usr/libexec/xdg-permission-store
/usr/libexec/xdg-permission-store
1⤵
- Reads runtime system information
PID:1752

/usr/libexec/xdg-desktop-portal-gtk
/usr/libexec/xdg-desktop-portal-gtk
1⤵
PID:1763

/usr/lib/gvfs/gvfsd
/usr/lib/gvfs/gvfsd
1⤵
- Reads runtime system information
PID:1767

/usr/lib/gvfs/gvfsd-fuse
/usr/lib/gvfs/gvfsd-fuse /root/.gvfs -f -o big_writes
1⤵
- Reads runtime system information
PID:1772

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 21807 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser "{4e7e96ed-b70b-450a-9f59-f11438c3d188}" 1678 true tab
1⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1800

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 21475 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser "{85be471b-4f33-42c4-a93d-b0fd172d14fb}" 1678 true tab
1⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1822

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 21824 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser "{62448bfe-31db-4951-a27e-0c30ee510376}" 1678 true tab
1⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1852

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -childID 4 -isForBrowser -prefsLen 27881 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser "{0f46a86e-2347-4403-9c32-757f8bf0aeb1}" 1678 true tab
1⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1875

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Virtualization/Sandbox Evasion

T1497

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

/root/.cache/dconf/user
Filesize
2B

MD5
441077cc9e57554dd476bdfb8b8b8102

SHA1
3f29546453678b855931c174a97d6c0894b8f546

SHA256
b413f47d13ee2fe6c845b2ee141af81de858df4ec549a58b7970bb96645bc8d2

SHA512
80536c6170dd8626dc081af148d39ec2fd5d090cc578a76647e7903fd34bd02e4333ece57b0e24ff116f43429b6ff541834bd40ef0c8d3563acef5ed0fd254b8

Download Submit
/root/.cache/mozilla/firefox/bzcmx3bh.default-release/cache2/entries/3D1E19D09F398691ABF62061591970855193B42F
Filesize
13KB

MD5
85187fdcb84a961ce8c84c224341c11f

SHA1
48b162975c4c07d24566be1bc4dd50a5f9462f2e

SHA256
91c05a3dbe2e244c2dfb5edca02b5830b3be4bc8a4c7192b8cbda635af87500b

SHA512
e4a5dd396ae4b401cd0dbe80fcc4bba99ca4159a9ccc40f8400f082fd171e751b438fd44302c97955c0d423076b2acb3a6190ce6a1ba7d3b2a89d9691a47c961

Download Submit
/root/.dbus/session-bus/11c67417355f45d397f6be11f62e85a6-0
Filesize
466B

MD5
7fe8d5976e57f0afaae2f7c82297ccd3

SHA1
92a8ff9499ba7122250ff2d9186aed7b8230ece5

SHA256
6a0238d2c5a97eaf83a6473e817fd9aee6ccc351b92cb93d0219f54918c96ab8

SHA512
54d6898feb45ec9150dfbf682a0cfd01695225fecf62fa23d741796eab7a023479b50205fdd57874df2f4ca81b567c94d15288ade247240d84770f9ca0824a59

Download Submit
/root/.mozilla/firefox/Crash Reports/InstallTime20230522134052
Filesize
10B

MD5
e177272745797b0bbc1b4702aaafa594

SHA1
628ec2bde48567d8e3863f20858ac281ff981321

SHA256
987cbb20a79ef7412a8aa5c0fd628b0163ba89d0ed7b57777238a9c84b7b7ec2

SHA512
dbdf85f3e669817169d5169d5262092a6ab5fe4daadb10e2341b0eb50f00f10cbd65c1735d55076a2a6956b032e811b6ec38936af27f09f9a05cfc508483b248

Download Submit
/root/.mozilla/firefox/bzcmx3bh.default-release/cert9.db
Filesize
224KB

MD5
41439eb79b17ce22a658463c77c00760

SHA1
f7f9dfe2e40d19c02374cc863eabe97153ae2a42

SHA256
3a45bb08fb578be69cd61bd243fa105c212289818311db42d7c5d25bf1fa9ee4

SHA512
8e72c1ae921508c353dd24be55dd0bf71dbc6d704066d5a2b282ad1c41eaefc3f81100d2383b52e5f630f6b33b26ce6eed1ccbf1b1185a7628414787e391d63f

Download Submit
/root/.mozilla/firefox/bzcmx3bh.default-release/cert9.db
Filesize
224KB

MD5
fceff20679f443d52cfaa1320dc8479f

SHA1
d013f609394d46622e456b11bcdbac13a3f23054

SHA256
c26ddeb3b45d61c02729d0abd4757870a9f8503927c7b734aac22d9ea74556c7

SHA512
0487d81ba9907e0f5d86c33f9ce47e5c89c2e220b152667de64e7f0b642c064e825e98b3d0b0c31616604498458109627b7df4bc44cbfbb13686be8d44ad61ff

Download Submit
/root/.mozilla/firefox/bzcmx3bh.default-release/cert9.db
Filesize
224KB

MD5
c2518bdc661f462107581092e4f6a081

SHA1
c7639e73326da21016d15c7f6a2d296d3ea611dd

SHA256
0d1b98f17ba8b9c16e8bbfae8077af3058698866ef633e1cb1351ac8a23a7e9c

SHA512
eca16415f48c0f2a5bae02f05a05101feb47017a514773ed57382c821a92f1d9dcf9841be6399bbd67613669a401d16acfae5760d3fffab8b2912fdc00e20a01

Download Submit
/root/.mozilla/firefox/bzcmx3bh.default-release/compatibility.ini
Filesize
163B

MD5
fe452b7294d5928a9a5863b89ee0a6bd

SHA1
a5d4c245071fa96476ba48b4725bdae7f1b7940f

SHA256
d5bfb07561606a19aa96557ea109b175050dc0eb805cbef9c813503587d77900

SHA512
dc37d8507f08849e3382d2dbafd4a64555dbd57a288c95131e9aefb366630f1585811a9e1456b861bb9d2b816ed88b18ffb7580cd92b41bb9b0227ce1363843e

Download Submit
/root/.mozilla/firefox/bzcmx3bh.default-release/cookies.sqlite
Filesize
96KB

MD5
9535f5fe817accc769c2c1d3354db39f

SHA1
6af62cf08717cf3bfa84eb1a7b311acf522ce560

SHA256
c53c15fcfac2bb57fdc88d23f932fc244dbaf4020f0f6eaecf0f77a37c21f8c5

SHA512
dc9c2c32eb42dda0a7a711e143aea58c603c1e9d885c3677e9fe86f525e1b0b32a46e240756263e56510b07e764ba69f2de13b90ec18210678242e10cfe17837

Download Submit
/root/.mozilla/firefox/bzcmx3bh.default-release/cookies.sqlite
Filesize
96KB

MD5
5caa766855d5613a999f71b7812d6451

SHA1
ad0d9a52a0d5cc7f11858301dbe47377ed99ee37

SHA256
3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27

SHA512
17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

Download Submit
/root/.mozilla/firefox/bzcmx3bh.default-release/key4.db
Filesize
288KB

MD5
f16add85d3b67e4b3827a7b0d4b3b036

SHA1
4d4bc18d3a4d6f44f0d3699f6b271c38648ddf8c

SHA256
d5d2b252a087b9ce123d7ca25f36ec9489b5624ecc7d3f734541759ccdca88bf

SHA512
91be560c73a2751ce460695d193bbd6e893378396a22c2cb2bdd79a2fff157ef36d0d9e1e6c36d9aef2ae28d338d1a84466cd4fe2d7aa04f70fcc300c467378e

Download Submit
/root/.mozilla/firefox/bzcmx3bh.default-release/permissions.sqlite
Filesize
96KB

MD5
232fbc22dd03a8ec41edde02bdbea61c

SHA1
6ab4b39bca95418c52f7f861fd39e5fddb9cc7b6

SHA256
d88bf367aaf79efbb2e8fbdb1dc5bde1c1c3a53e0f4d8188027a63ec55d5f5f0

SHA512
055f1595f4a327347671db53cec8d89a310109d3f871c567e3d5b654b956fc0369d12437f7dc6d9327b973008f1327ee0dfdb5504f1b3cbe00da29941b1e5892

Download Submit
/root/.mozilla/firefox/bzcmx3bh.default-release/prefs-1.js
Filesize
1KB

MD5
fda6376546908e7269a7ce0effad88af

SHA1
5713ecf050deddaf617e722b70f367efac7fd3fc

SHA256
3abed894a85bed2d2d4fd7d732891a5e49c9c630592125ab5fa199b57a834cce

SHA512
10de8557f0e78ec37669629ee1207b2fa60d5e1ce95a8da2e4c839eb99579f8e0fd6c7558c88a7d36a45c0782509fbe715a5d4843c39818ed9d3e3b1d84c7fcb

Download Submit
/root/.mozilla/firefox/bzcmx3bh.default-release/prefs-1.js
Filesize
2KB

MD5
04de2e43bf1b0de8e25c121659140e95

SHA1
12acd526ef59015f8a4bb48f3ece58aa3c18bec3

SHA256
8977a2a24af953c72bceece5ac5135448f1dc008f97794d76bcaba6a18855afb

SHA512
545dac0d4589ac7f85f465100e627adbaddf38b34e0c5a553f557ad3c8f3646de955bd5b13c1286706d666ddc5f9621553580e06d7171cdae712d7c6a9699d9c

Download Submit
/root/.mozilla/firefox/bzcmx3bh.default-release/prefs-1.js
Filesize
2KB

MD5
4a7c8464bea3b1bd6e5200dee36cbbe4

SHA1
c5bb27d8b1d34ed48cb690e07ea183c3a35e8904

SHA256
9e9c23542b02dd5307f0617e42808dd2d672385a43fbe3dd84ff04064de5e443

SHA512
bf783e6e3a24c526d4565f21abf4a8636a99d782f1b4887f86ca3334e45db29cb33aac9e8767a46a6cd859cab6ed4e093985abc7f467bed6927f9c17f65b1742

Download Submit
/root/.mozilla/firefox/bzcmx3bh.default-release/prefs-1.js
Filesize
3KB

MD5
c65e9711424bd602cd22669a0d1732da

SHA1
0ec613ac688cf4719dbd02238c14f59b719d8be5

SHA256
975cb3a017c7a474fd7fc47516865623265ac369432580365578556dc898b6d1

SHA512
68c1b2f7d70f32d0717faa412ce7b840ac2b870800306d5a47dfd68abd9e244bff889d4a415c0c14a5a7180cd3527a7322d5ce2374606331cc92f4acb956c633

Download Submit
/root/.mozilla/firefox/bzcmx3bh.default-release/prefs-1.js
Filesize
4KB

MD5
b9170bb328c020c3a308c815519384e2

SHA1
19efd1845fe17a42eb128d790b2797a736a06221

SHA256
efa23a5a306945b5279d1b52dd59fbf805a38e7b6af1ecd268bcdd907fd9a590

SHA512
9387851e5f7605260b2ba2b7b16bfbf7cbfd6358a216de0a0a00994764eb0e62a4cceb63f8caafcdaf0ffb60d306253a045a6b310532311d6c3a9e8a68b43fc1

Download Submit
/root/.mozilla/firefox/bzcmx3bh.default-release/prefs.js
Filesize
1KB

MD5
b5af01be937b370af25d0dc597dc42a2

SHA1
7276e431ef4e5bcf79ae53e29e6b2546d24fbb15

SHA256
b20db048161d62d83be833a059101d7279be5ff3d849eb9194f2b01f0cb8f128

SHA512
ff89c215d87bb208c57fad734259ccb0908d7314879a0170fc9e855a476d886508a4852ae6174dd49d68062bbe7ae79e5be77db8ddc1221235b21a01a3178de7

Download Submit
/root/.mozilla/firefox/bzcmx3bh.default-release/storage/ls-archive.sqlite
Filesize
96KB

MD5
e0c613bfd69956a19ce2dc5e925aa223

SHA1
14accb230edcd6cb76967cdc6d4e5686db96b5df

SHA256
0d4cb11f6364c46a75f9eaddfca5c660b90dfd515df3afcd5e0baeca28a0f1ab

SHA512
01643c0131a392be92b3f281d7f633c1f502bff19090b0d716f1ac66aefecc3fcf92f393bef66b03089c9b9c6d8aaeb711b6a4f29d5a6729dd188c838f2272d1

Download Submit
/root/.mozilla/firefox/bzcmx3bh.default-release/storage/ls-archive.sqlite
Filesize
128KB

MD5
178d71e5529d637ac62f7e75fdd75896

SHA1
339f2b949cc4c207b66aea11137448ba28d36dcb

SHA256
7b0050f1bfaab85c8f9067ae7d7369056ff752c0c852ef1462a96c22169004d4

SHA512
ec0e0105fcfbbae356dd55efbcf92975f35bbe5cb93fcabf4c08443e871957635d14830b27c4e1ddefbbaff8f9b7ec3590bf417a9442e1d7ee3607d14d56f664

Download Submit
/root/.mozilla/firefox/bzcmx3bh.default-release/storage/permanent/chrome/.metadata-v2-tmp
Filesize
42B

MD5
ac54d14098df10d9d6c20de8dc9e0ea2

SHA1
83fb85ac743aab1c34d2d01731170558f72237e7

SHA256
d65409aa7c9695b3f63ca4eb5ba3114b20afa6803ce011afec2070d546821900

SHA512
d59e63e3b9487516774f8d6609ac4178c26478325f913486ef58840ada7e1664d4e518e7e7f1d05a707ee413b4bf1fcacd3a487c881a2f8b7567573d7a405f00

Download Submit
/root/.mozilla/firefox/bzcmx3bh.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite
Filesize
44KB

MD5
a8dd7ebaad5528b23f82ccb1534cea18

SHA1
600daceacfb5cf9df0b66ba7dce4516b2ac4df70

SHA256
e5b0d02c18ae36c4a220f41fd97c66060c17aaafcbb324a57ccdc2707c44c4ec

SHA512
67f867a8e2b37fb6bececd5ebc570ca594ea329142badd63d1281d5e735f515a5e329abc6eb9a9d3465aab0a08541b4888018d859964f160a52345ab93532bff

Download Submit
/root/.mozilla/firefox/bzcmx3bh.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite
Filesize
12KB

MD5
e2f8fdedb88703b72410e4b57dff9413

SHA1
139e0eedb6019015993c72de07eeeac601340ee9

SHA256
9cf3fa60c34728c3d4a29f797d97b359afa0615654eb0eb49d6b55736bdef7d1

SHA512
81ddfc34b9dba944ad885081a5bed30f20feff7f072347a65ae8aab3a21695c98ad0d82b5ce1526b23b0d13f98419d35dda4f9c843e24fbfbd78895314f13225

Download Submit
/root/.mozilla/firefox/bzcmx3bh.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite
Filesize
44KB

MD5
0bb83f088e8e0dd97c726a76168cfa12

SHA1
beb39122f177685909071f860e65609b8177314b

SHA256
b446c3986606fc8421db3b0302bee743960ab3a7099bc14ed5ce3cc47e3d204d

SHA512
0cbe26cd3032c5e29b944881b0694a52c8abbbfaac66e4dd43c924c52c90bc6002f8e4a3dd7c8559e911493b1cb19bc02b02ce84336b624201959ada5a4382d8

Download Submit
/root/.mozilla/firefox/bzcmx3bh.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite
Filesize
44KB

MD5
759544297aaa61f5fef8ee42d0ae4393

SHA1
fc2d66f6e60409e3e8d38623ce5f817fc7f571e0

SHA256
1bd2000cd972e80cefaec6e982ba261d224a818f367de0fdf8c51fa5a05d7ab5

SHA512
8aaa2ce66f10d46f7c9200af841ac7bd9f5b55c30308a14f0deda44ac62581c45daae45154487c0073a0d5847d5926cbb4072ca64a702ac6b834ad0bb482804f

Download Submit
/root/.mozilla/firefox/bzcmx3bh.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite
Filesize
12KB

MD5
07b57c9f7fbe673a28ebd34f9114c159

SHA1
dec8c301285d2434620e6769adce40cfcb6a4695

SHA256
750565d6c50fe5c52831ba6a810e3a65c4a0931dba58e8104ba1973d1aab8849

SHA512
966e99fad8de1fe5af6b58cef6b58b88be69b2d6f76b3186a6e31ab9e0528d18d40fe7bca040197bdef30e976cf8ecedaf2e80756ca80364fe4bd65cb04fd1cd

Download Submit
/root/.mozilla/firefox/bzcmx3bh.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite
Filesize
16KB

MD5
09f0e73aa1daf911b2fff1ce173ed4eb

SHA1
70060e1fa7ac368b02133574bdee968de7314733

SHA256
15e18afacf61988603e877cf2b66180d59cf899ae46fcdb740700e1774eb033d

SHA512
be5760a84593042a2fe8964c26777ebf32493225bc093bd16d37c208dfaf4731c192a95cf4f210cad764f59cc96c0848860c3ac742cc5d3dfeecf900f22800b0

Download Submit
/root/.mozilla/firefox/bzcmx3bh.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
Filesize
44KB

MD5
07a412e08825220262ad2890757ff779

SHA1
f46c127dbc070ded87a6078b3c1c761955f96de8

SHA256
da640f8b665841b520d2262a21cc3f82aeaa881cf81a1ddae27ef501d66544e4

SHA512
0134c783bf3293848e479b478ac57a1e0f4202cddfb8b57bc6275aada7345f398cf8a627e9b1c34fd618192c2f0c9737b1da487daf33f9c557ebc1377105582b

Download Submit
/root/.mozilla/firefox/bzcmx3bh.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
Filesize
12KB

MD5
a105c227d51906b6b427900f7c12d7dd

SHA1
0da556a2cb27ebec8e5dfdeb42a5fc60d906bd41

SHA256
3abb99a4c67d0cb0b5a47a215e70a16b00f62a29c6ff17613b490fd6117801e2

SHA512
32bc30e617ed8aa6cf16aa78d6d874bc735a55abc7111808ea0f901108ebd411024da07299bc7a3e51e011c0b6560b82c9fa6725c163e4a39678353d703c9043

Download Submit
/root/.mozilla/firefox/bzcmx3bh.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
Filesize
164KB

MD5
2ec8acda9993c69f6655177c4386e5ed

SHA1
d63c237c7dcafe422f424cf9686942db2c9e41ae

SHA256
d6d8c98e13f3e3397dcd94822b3e025d766ad9ab8967be7f5c290e836ccc5dc4

SHA512
08f88ac591f59b0b1d727f88157ad436717c52433456bffa523633f08d1d71f300e564bac812b3b15e5c65a9e2dd1c3f945ed6318ebba73eff84d9c3fe5616eb

Download Submit
/root/.mozilla/firefox/bzcmx3bh.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
Filesize
148KB

MD5
dd3f6ba37c670af5953593535e435d04

SHA1
ecfe4e650a050bce77e8ff7468de04c1b8acc9a4

SHA256
5cc6fa137a1f3a7d0b615b178877f12c460b22f95702eb7534d5732ee6599561

SHA512
86e0482543faae6fb279ca71e1e6d6461d32317e74baebb3973e0fde9800107faeb9c2347be6cf8a47556ae43c8e6c224a595e952f621e40ad2c5eba920df2b3

Download Submit
/root/.mozilla/firefox/bzcmx3bh.default-release/times.json
Filesize
50B

MD5
f529b2a9219cbe912dced9d20a5af35f

SHA1
c51d3a7028324ef2185600a793150a232803349d

SHA256
a48b5a91d597fc97d6614f6c16d0205477554a140272e951c7db73806a2984eb

SHA512
48505d145c51cdb38353c9243acb6b27fbec9673cc20740568e3bec5f415ccfa060f34efecfe52550c1436f65ae9c3de398880ce2f16a78883550be30139fda7

Download Submit
/root/.mozilla/firefox/bzcmx3bh.default-release/times.json
Filesize
47B

MD5
938c537654a9489452908259db3d66f9

SHA1
8a44855772f61482eb41a5fe9461c251f12497f0

SHA256
0971704f7e8e9dba77e93834252f4e5c65c1d410bc783b250554de1ffde79f47

SHA512
fb367bb10d7696e5dc62c22288e82e39682522c2f72170b4492b3697622d177fcaf26b997d81758916832370588df1332225d1c4f2df7c373c9dc5cd57625fe1

Download Submit
/root/.mozilla/firefox/installs.ini
Filesize
62B

MD5
8f5842376021a3c8ed69b368d3dc9641

SHA1
d6b1147b4a6c0455e6053d1d657ced89f71aca88

SHA256
da37943f4eb69573a93f5ea19a3fca8690d9a9f52b24aaca39ec038241fe75e9

SHA512
89ee0729556fed52c90d641d78bc3a63b7c73f0c9eafe7a72360fd38cef5b2a49d5a2ef68094640b25de6a84f4d13b9360dd388bdcc93a64ded8637ebac25d01

Download Submit
/root/.mozilla/firefox/profiles.ini
Filesize
259B

MD5
0998b439a8e96279581f47c7445558d0

SHA1
fbeee77b60a42a39420907e85cff83fd916d67a1

SHA256
f90cee267fbd7b6b32807d15ebeaaa1667be896ffb5803127d557de97c68cd86

SHA512
b0ad28b5334f917c07161fc2b2758424e396211cfe3b8f143dd109e2825855f4270bc4884ec4a32ec3de9d00a7f73e509990aaff732dfe4b9efd155e7adb0814

Download Submit
/root/.mozilla/firefox/s9ir9h2k.default/times.json
Filesize
47B

MD5
84375f0cb160533bbcec8bb884151b94

SHA1
87186ac982b7bbea001938b648c25fcc2d7a098c

SHA256
580dda59ed9d0b69eed6f9e37fb6f71e625879ba45f91195cabbeed742c4e2c3

SHA512
29eb8d7f5357db702019a72545b12aee04e31d310c4bf9bb8a99b5b0a65e5cfbdac3df520bff7f6eedb9913703eee6a25c642519e2afabb75cc988520e054f85

Download Submit