hxxps://now[.]gg/apps/roblox-corporation/5349/roblox[.]html

Analysis

max time kernel
45s
max time network
84s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20240226-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20240226-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
28-03-2024 19:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://now.gg/apps/roblox-corporation/5349/roblox.html

Score

7^/10

antivm spyware stealer

Malware Config

Signatures

Changes its process name 64 IoCs

Processes:

firefox

description	ioc	pid
Changes the process name, possibly in an attempt to hide itself	glean.dispatche	1660
Changes the process name, possibly in an attempt to hide itself	IPC I/O Parent	1661
Changes the process name, possibly in an attempt to hide itself	IPC I/O Parent	1661
Changes the process name, possibly in an attempt to hide itself	IPC I/O Parent	1661
Changes the process name, possibly in an attempt to hide itself	HTML5 Parser	1667
Changes the process name, possibly in an attempt to hide itself	HTML5 Parser	1667
Changes the process name, possibly in an attempt to hide itself	Backgro~Pool #1	1666
Changes the process name, possibly in an attempt to hide itself	Backgro~Pool #1	1666
Changes the process name, possibly in an attempt to hide itself	IPDL Background	1665
Changes the process name, possibly in an attempt to hide itself	IPDL Background	1665
Changes the process name, possibly in an attempt to hide itself	Socket Thread	1664
Changes the process name, possibly in an attempt to hide itself	Socket Thread	1664
Changes the process name, possibly in an attempt to hide itself	Netlink Monitor	1663
Changes the process name, possibly in an attempt to hide itself	Netlink Monitor	1663
Changes the process name, possibly in an attempt to hide itself	Timer	1662
Changes the process name, possibly in an attempt to hide itself	Timer	1662
Changes the process name, possibly in an attempt to hide itself	JS Watchdog	1669
Changes the process name, possibly in an attempt to hide itself	JS Watchdog	1669
Changes the process name, possibly in an attempt to hide itself	BGReadURLs	1671
Changes the process name, possibly in an attempt to hide itself	BGReadURLs	1671
Changes the process name, possibly in an attempt to hide itself	Cache2 I/O	1672
Changes the process name, possibly in an attempt to hide itself	Cookie	1673
Changes the process name, possibly in an attempt to hide itself	Cookie	1673
Changes the process name, possibly in an attempt to hide itself	StreamTrans #1	1674
Changes the process name, possibly in an attempt to hide itself	StreamTrans #1	1674
Changes the process name, possibly in an attempt to hide itself	TaskCon~ller #1	1676
Changes the process name, possibly in an attempt to hide itself	TaskCon~ller #0	1675
Changes the process name, possibly in an attempt to hide itself	BgIOThr~Pool #1	1677
Changes the process name, possibly in an attempt to hide itself	BgIOThr~Pool #1	1677
Changes the process name, possibly in an attempt to hide itself	StreamTrans #2	1686
Changes the process name, possibly in an attempt to hide itself	StreamTrans #2	1686
Changes the process name, possibly in an attempt to hide itself	QuotaManager IO	1689
Changes the process name, possibly in an attempt to hide itself	QuotaManager IO	1689
Changes the process name, possibly in an attempt to hide itself	IndexedDB #1	1693
Changes the process name, possibly in an attempt to hide itself	IndexedDB #1	1693
Changes the process name, possibly in an attempt to hide itself	IPC Launch	1696
Changes the process name, possibly in an attempt to hide itself	IPC Launch	1696
Changes the process name, possibly in an attempt to hide itself	SandboxReporter	1695
Changes the process name, possibly in an attempt to hide itself	SandboxReporter	1695
Changes the process name, possibly in an attempt to hide itself	Breakpad Server	1694
Changes the process name, possibly in an attempt to hide itself	Sandbox Forked	1697
Changes the process name, possibly in an attempt to hide itself	DOM Worker	1698
Changes the process name, possibly in an attempt to hide itself	DOM Worker	1698
Changes the process name, possibly in an attempt to hide itself	Chroot Helper	1699
Changes the process name, possibly in an attempt to hide itself	MainThread	1697	firefox
Changes the process name, possibly in an attempt to hide itself	IPC I/O Child	1701
Changes the process name, possibly in an attempt to hide itself	IPC I/O Child	1701
Changes the process name, possibly in an attempt to hide itself	IPC I/O Child	1701
Changes the process name, possibly in an attempt to hide itself	FSBroker1697	1702
Changes the process name, possibly in an attempt to hide itself	FSBroker1697	1702
Changes the process name, possibly in an attempt to hide itself	Socket Process	1697	firefox
Changes the process name, possibly in an attempt to hide itself	Socket Thread	1704
Changes the process name, possibly in an attempt to hide itself	Backgro~Pool #1	1703
Changes the process name, possibly in an attempt to hide itself	Socket Thread	1704
Changes the process name, possibly in an attempt to hide itself	Backgro~Pool #1	1703
Changes the process name, possibly in an attempt to hide itself	ProfilerChild	1705
Changes the process name, possibly in an attempt to hide itself	ProfilerChild	1705
Changes the process name, possibly in an attempt to hide itself	Timer	1706
Changes the process name, possibly in an attempt to hide itself	Timer	1706
Changes the process name, possibly in an attempt to hide itself	Worker Launcher	1707
Changes the process name, possibly in an attempt to hide itself	Worker Launcher	1707
Changes the process name, possibly in an attempt to hide itself	gmain	1708
Changes the process name, possibly in an attempt to hide itself	gdbus	1710
Changes the process name, possibly in an attempt to hide itself	gmain	1713

Reads user data of web browsers 56 IoCs

Reads stored browser data which can include saved credentials.

spyware stealer

Processes:

firefox

description	ioc
File opened for reading	/root/.mozilla/firefox/0jc745f2.default-release/AlternateServices.txt
File opened for reading	/root/.mozilla/firefox/0jc745f2.default-release/cert9.db
File opened for reading	/root/.mozilla/firefox/0jc745f2.default-release/addonStartup.json.lz4	firefox
File opened for reading	/root/.mozilla/firefox/0jc745f2.default-release/permissions.sqlite-journal
File opened for reading	/root/.mozilla/firefox/0jc745f2.default-release/key4.db-journal	firefox
File opened for reading	/root/.mozilla/firefox/0jc745f2.default-release/ClientAuthRememberList.txt
File opened for reading	/root/.mozilla/firefox/0jc745f2.default-release/cookies.sqlite-journal	firefox
File opened for reading	/root/.mozilla/firefox/0jc745f2.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite-wal
File opened for reading	/root/.mozilla/firefox/0jc745f2.default-release/cert_override.txt	firefox
File opened for reading	/root/.mozilla/firefox/0jc745f2.default-release/prefs.js	firefox
File opened for reading	/root/.mozilla/firefox/0jc745f2.default-release/sessionstore-backups/recovery.baklz4
File opened for reading	/root/.mozilla/firefox/0jc745f2.default-release/sessionstore-backups/recovery.js
File opened for reading	/root/.mozilla/firefox/0jc745f2.default-release/content-prefs.sqlite
File opened for reading	/root/.mozilla/firefox/0jc745f2.default-release/extensions	firefox
File opened for reading	/root/.mozilla/firefox/0jc745f2.default-release/sessionstore-backups/previous.jsonlz4
File opened for reading	/root/.mozilla/firefox/0jc745f2.default-release/sessionstore-backups/recovery.bak
File opened for reading	/root/.mozilla/firefox/0jc745f2.default-release/content-prefs.sqlite-journal
File opened for reading	/root/.mozilla/firefox/0jc745f2.default-release/key4.db
File opened for reading	/root/.mozilla/firefox/0jc745f2.default-release/compatibility.ini	firefox
File opened for reading	/root/.mozilla/firefox/0jc745f2.default-release
File opened for reading	/root/.mozilla/firefox/0jc745f2.default-release/extension-preferences.json
File opened for reading	/root/.mozilla/firefox/0jc745f2.default-release/key4.db	firefox
File opened for reading	/root/.mozilla/firefox/0jc745f2.default-release/times.json
File opened for reading	/root/.mozilla/firefox/0jc745f2.default-release/permissions.sqlite
File opened for reading	/root/.mozilla/firefox/0jc745f2.default-release/sessionstore.js
File opened for reading	/root/.mozilla/firefox/0jc745f2.default-release/cert9.db-journal
File opened for reading	/root/.mozilla/firefox/0jc745f2.default-release/storage/ls-archive.sqlite
File opened for reading	/root/.mozilla/firefox/0jc745f2.default-release/cookies.sqlite	firefox
File opened for reading	/root/.mozilla/firefox/0jc745f2.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite-journal
File opened for reading	/root/.mozilla/firefox/0jc745f2.default-release/pkcs11.txt	firefox
File opened for reading	/root/.mozilla/firefox/0jc745f2.default-release/xulstore.json	firefox
File opened for reading	/root/.mozilla/firefox/0jc745f2.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
File opened for reading	/root/.mozilla/firefox/0jc745f2.default-release/storage/permanent/chrome/idb
File opened for reading	/root/.mozilla/firefox/0jc745f2.default-release/cert9.db-journal	firefox
File opened for reading	/root/.mozilla/firefox/0jc745f2.default-release/SiteSecurityServiceState.txt
File opened for reading	/root/.mozilla/firefox/0jc745f2.default-release/storage/ls-archive.sqlite-journal
File opened for reading	/root/.mozilla/firefox/0jc745f2.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite
File opened for reading	/root/.mozilla/firefox/0jc745f2.default-release/sessionstore-backups/previous.js
File opened for reading	/root/.mozilla/firefox/0jc745f2.default-release/cookies.sqlite-journal
File opened for reading	/root/.mozilla/firefox/0jc745f2.default-release/storage/permanent/chrome
File opened for reading	/root/.mozilla/firefox/0jc745f2.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-journal
File opened for reading	/root/.mozilla/firefox/0jc745f2.default-release/handlers.json	firefox
File opened for reading	/root/.mozilla/firefox/0jc745f2.default-release/addons.json
File opened for reading	/root/.mozilla/firefox/0jc745f2.default-release/sessionstore-backups/recovery.jsonlz4
File opened for reading	/root/.mozilla/firefox/0jc745f2.default-release/cert9.db	firefox
File opened for reading	/root/.mozilla/firefox/0jc745f2.default-release/cookies.sqlite
File opened for reading	/root/.mozilla/firefox/0jc745f2.default-release/extensions.json
File opened for reading	/root/.mozilla/firefox/0jc745f2.default-release/sessionCheckpoints.json
File opened for reading	/root/.mozilla/firefox/0jc745f2.default-release/user.js	firefox
File opened for reading	/root/.mozilla/firefox/0jc745f2.default-release/storage
File opened for reading	/root/.mozilla/firefox/0jc745f2.default-release/search.json.mozlz4
File opened for reading	/root/.mozilla/firefox/0jc745f2.default-release/system-extensions	firefox
File opened for reading	/root/.mozilla/firefox/0jc745f2.default-release/sessionstore.jsonlz4
File opened for reading	/root/.mozilla/firefox/0jc745f2.default-release/storage.sqlite
File opened for reading	/root/.mozilla/firefox/0jc745f2.default-release/storage.sqlite-journal
File opened for reading	/root/.mozilla/firefox/0jc745f2.default-release	firefox

Checks CPU configuration 1 TTPs 1 IoCs
Checks CPU information which indicate if the system is a virtual machine.
antivm

Virtualization/Sandbox Evasion
T1497

Processes:

description ioc

File opened for reading /proc/cpuinfo

description	ioc
File opened for reading	/proc/cpuinfo

Reads CPU attributes 1 TTPs 11 IoCs

System Information Discovery

T1082

Processes:

firefoxfirefoxfirefoxfirefoxfirefoxfirefox

description	ioc	process
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index3/size
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index2/size
File opened for reading	/sys/devices/system/cpu/present

Enumerates kernel/hardware configuration 1 TTPs 60 IoCs

Reads contents of /sys virtual filesystem to enumerate system information.

System Information Discovery

T1082

Processes:

firefoxfirefoxfirefoxfirefoxdbus-daemonfirefoxfirefox

description	ioc
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/device
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/class
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/device
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/device
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/class
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/class
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/resource
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/vendor
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/resource
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/irq
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/irq
File opened for reading	/sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us	firefox
File opened for reading	/sys/bus/pci/devices
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/resource
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/resource
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/vendor
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/vendor
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/class
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/class
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/device
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/resource
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/device
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/irq
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/device
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/irq
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/uevent
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/vendor
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/class
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/class
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/resource
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/irq
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/resource
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/vendor
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/device
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/vendor
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/vendor
File opened for reading	/sys/kernel/security/apparmor/features/dbus/mask	dbus-daemon
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/resource
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/irq
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/vendor
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/subsystem_vendor
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/class
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/irq
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/vendor
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/device
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/device
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/subsystem_device
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/class
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/resource
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/device
File opened for reading	/sys/devices/system/cpu
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/irq
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/vendor
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/irq
File opened for reading	/sys/devices/system/cpu	firefox

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

Processes:

firefoxdbus-daemonsedfirefoxfirefoxsedsedsedfirefoxsedgvfsdfirefoxfirefoxxdg-desktop-portal-gtk

description	ioc	process
File opened for reading	/proc/self/fd/45	firefox
File opened for reading	/proc/self/fd/47	firefox
File opened for reading	/proc/self/fd/35	firefox
File opened for reading	/proc/filesystems	dbus-daemon
File opened for reading	/proc/1572/status
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/1736/cmdline
File opened for reading	/proc/self/fd/79	firefox
File opened for reading	/proc/self/stat
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/self/fd/6	firefox
File opened for reading	/proc/1765/smaps
File opened for reading	/proc/self/fd/99	firefox
File opened for reading	/proc/self/task/1656/stat
File opened for reading	/proc/self/task/1700/stat
File opened for reading	/proc/self/cgroup	firefox
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/1567/cmdline
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/1732/cmdline
File opened for reading	/proc/1765/statm
File opened for reading	/proc/self/task/1837/stat
File opened for reading	/proc/1572/attr/current
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/1654/cmdline
File opened for reading	/proc/self/fd/31	firefox
File opened for reading	/proc/self/mountinfo	firefox
File opened for reading	/proc/self/task/1771/stat
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/self/fd/29	firefox
File opened for reading	/proc/self/fd/42	firefox
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/self/fd/34	firefox
File opened for reading	/proc/self/fd/48	firefox
File opened for reading	/proc/self/fd/51	firefox
File opened for reading	/proc/1721/cmdline
File opened for reading	/proc/self/fd/77	firefox
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/filesystems	gvfsd
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/self/fd/46	firefox
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/self/task/1819/stat
File opened for reading	/proc/self/fd/43	firefox
File opened for reading	/proc/self/fd/44	firefox
File opened for reading	/proc/self/fd/49	firefox
File opened for reading	/proc/1717/cmdline
File opened for reading	/proc/filesystems	xdg-desktop-portal-gtk
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/mounts	dbus-daemon
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/1788/smaps
File opened for reading	/proc/self/fd
File opened for reading	/proc/self/fd/40	firefox
File opened for reading	/proc/self/fd/50	firefox
File opened for reading	/proc/1741/cmdline
File opened for reading	/proc/self/task/1795/stat
File opened for reading	/proc/1788/statm
File opened for reading	/proc/sys/kernel/cap_last_cap
File opened for reading	/proc/1588/cmdline

Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.

Processes:

firefox

description ioc process

File opened for modification /tmp/firefox/.parentlock firefox

description	ioc	process
File opened for modification	/tmp/firefox/.parentlock	firefox

/usr/bin/xdg-open
xdg-open https://now.gg/apps/roblox-corporation/5349/roblox.html
1⤵
PID:1566

/usr/bin/dbus-send
dbus-send --print-reply "--dest=org.freedesktop.DBus" /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager
2⤵
PID:1567

/usr/bin/dbus-launch
dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr
3⤵
PID:1568

/bin/grep
grep " = \\\"xfce4\\\"\$"
2⤵
PID:1574

/usr/bin/xprop
xprop -root _DT_SAVE_MODE
2⤵
PID:1573

/bin/grep
grep -i "^xfce_desktop_window"
2⤵
PID:1576

/usr/bin/xprop
xprop -root
2⤵
PID:1575

/bin/grep
grep -q "^Enlightenment"
2⤵
PID:1578

/bin/uname
uname
2⤵
PID:1579

/bin/grep
grep -q "^file://"
2⤵
PID:1581

/bin/egrep
egrep -q "^[[:alpha:]+\\.\\-]+:"
2⤵
PID:1583

/usr/local/sbin/grep
grep -E -q "^[[:alpha:]+\\.\\-]+:"
2⤵
PID:1583

/usr/local/bin/grep
grep -E -q "^[[:alpha:]+\\.\\-]+:"
2⤵
PID:1583

/usr/sbin/grep
grep -E -q "^[[:alpha:]+\\.\\-]+:"
2⤵
PID:1583

/usr/bin/grep
grep -E -q "^[[:alpha:]+\\.\\-]+:"
2⤵
PID:1583

/sbin/grep
grep -E -q "^[[:alpha:]+\\.\\-]+:"
2⤵
PID:1583

/bin/grep
grep -E -q "^[[:alpha:]+\\.\\-]+:"
2⤵
PID:1583

/usr/bin/xdg-mime
xdg-mime query default x-scheme-handler/https
2⤵
PID:1587

/usr/bin/dbus-send
dbus-send --print-reply "--dest=org.freedesktop.DBus" /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager
3⤵
PID:1588

/usr/bin/dbus-launch
dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr
4⤵
PID:1589

/bin/grep
grep " = \\\"xfce4\\\"\$"
3⤵
PID:1591

/usr/bin/xprop
xprop -root _DT_SAVE_MODE
3⤵
PID:1590

/bin/grep
grep -i "^xfce_desktop_window"
3⤵
PID:1593

/usr/bin/xprop
xprop -root
3⤵
PID:1592

/bin/grep
grep -q "^Enlightenment"
3⤵
PID:1595

/bin/uname
uname
3⤵
PID:1596

/usr/bin/which
which firefox
2⤵
PID:1639

/usr/bin/firefox
/usr/bin/firefox https://now.gg/apps/roblox-corporation/5349/roblox.html
2⤵
PID:1654

/usr/bin/which
which /usr/bin/firefox
3⤵
PID:1655

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox https://now.gg/apps/roblox-corporation/5349/roblox.html
2⤵
- Reads user data of web browsers
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
- Writes file to tmp directory
PID:1654

/usr/bin/dbus-launch
dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr
3⤵
PID:1659

/usr/local/sbin/dbus-launch
dbus-launch "--autolaunch=11c67417355f45d397f6be11f62e85a6" --binary-syntax --close-stderr
3⤵
PID:1709

/usr/local/bin/dbus-launch
dbus-launch "--autolaunch=11c67417355f45d397f6be11f62e85a6" --binary-syntax --close-stderr
3⤵
PID:1709

/usr/sbin/dbus-launch
dbus-launch "--autolaunch=11c67417355f45d397f6be11f62e85a6" --binary-syntax --close-stderr
3⤵
PID:1709

/usr/bin/dbus-launch
dbus-launch "--autolaunch=11c67417355f45d397f6be11f62e85a6" --binary-syntax --close-stderr
3⤵
PID:1709

/usr/bin/dbus-daemon
/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session
1⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1570

/bin/sed
sed -n "s/\$^[[:alnum:]+\\.-]*\$:.*\$/\\1/p"
1⤵
- Reads runtime system information
PID:1586

/bin/sed
sed "s/:/ /g"
1⤵
- Reads runtime system information
PID:1599

/usr/bin/cut
cut -d ";" -f 1
1⤵
PID:1604

/usr/bin/cut
cut -d "=" -f 2
1⤵
PID:1603

/usr/bin/head
head -n 1
1⤵
PID:1602

/bin/grep
grep "x-scheme-handler/https=" /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache
1⤵
PID:1601

/usr/bin/cut
cut -d ";" -f 1
1⤵
PID:1609

/usr/bin/cut
cut -d "=" -f 2
1⤵
PID:1608

/usr/bin/head
head -n 1
1⤵
PID:1607

/bin/grep
grep "x-scheme-handler/https=" /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache
1⤵
PID:1606

/usr/bin/cut
cut -d ";" -f 1
1⤵
PID:1614

/usr/bin/cut
cut -d "=" -f 2
1⤵
PID:1613

/usr/bin/head
head -n 1
1⤵
PID:1612

/bin/grep
grep "x-scheme-handler/https=" /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache
1⤵
PID:1611

/usr/bin/cut
cut -d ";" -f 1
1⤵
PID:1619

/usr/bin/cut
cut -d "=" -f 2
1⤵
PID:1618

/usr/bin/head
head -n 1
1⤵
PID:1617

/bin/grep
grep "x-scheme-handler/https=" /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache
1⤵
PID:1616

/usr/bin/cut
cut -d ";" -f 1
1⤵
PID:1624

/usr/bin/cut
cut -d "=" -f 2
1⤵
PID:1623

/usr/bin/head
head -n 1
1⤵
PID:1622

/bin/grep
grep "x-scheme-handler/https=" /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache
1⤵
PID:1621

/bin/sed
sed "s/:/ /g"
1⤵
- Reads runtime system information
PID:1627

/bin/sed
sed -e "s|-|/|"
1⤵
- Reads runtime system information
PID:1630

/bin/sed
sed -e "s|-|/|"
1⤵
- Reads runtime system information
PID:1633

/usr/bin/cut
cut "-d=" -f 2-
1⤵
PID:1638

/usr/bin/cut
cut "-d=" -f 2-
1⤵
PID:1642

/usr/bin/cut
cut "-d=" -f 2-
1⤵
PID:1645

/usr/bin/cut
cut "-d=" -f 2-
1⤵
PID:1653

/usr/bin/lsb_release
/usr/bin/lsb_release -idrc
1⤵
PID:1670

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -parentBuildID 20230522134052 -prefsLen 19257 -prefMapSize 230809 -appDir /usr/lib/firefox/browser "{44f30b77-bad7-4893-be32-f0e3f41a7f1d}" 1654 true socket
1⤵
- Changes its process name
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1697

/usr/libexec/xdg-desktop-portal
/usr/libexec/xdg-desktop-portal
1⤵
PID:1712

/usr/libexec/xdg-document-portal
/usr/libexec/xdg-document-portal
1⤵
PID:1717

/usr/libexec/xdg-permission-store
/usr/libexec/xdg-permission-store
1⤵
PID:1721

/usr/libexec/xdg-desktop-portal-gtk
/usr/libexec/xdg-desktop-portal-gtk
1⤵
- Reads runtime system information
PID:1732

/usr/lib/gvfs/gvfsd
/usr/lib/gvfs/gvfsd
1⤵
- Reads runtime system information
PID:1736

/usr/lib/gvfs/gvfsd-fuse
/usr/lib/gvfs/gvfsd-fuse /root/.gvfs -f -o big_writes
1⤵
PID:1741

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 21684 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser "{9f920d54-1767-4541-9ff2-449c0721c68d}" 1654 true tab
1⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1765

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 21352 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser "{04fcf82b-44c9-497b-bb47-492e0f8b3e07}" 1654 true tab
1⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1788

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 21701 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser "{ce13430c-b09e-4dc5-844c-c020729b5baa}" 1654 true tab
1⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1816

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -childID 4 -isForBrowser -prefsLen 27758 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser "{adb382aa-12bd-43cb-8b04-6cc783ca1365}" 1654 true tab
1⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1833

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Virtualization/Sandbox Evasion

T1497

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

/root/.cache/dconf/user
Filesize
2B

MD5
c4103f122d27677c9db144cae1394a66

SHA1
1489f923c4dca729178b3e3233458550d8dddf29

SHA256
96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7

SHA512
5ea71dc6d0b4f57bf39aadd07c208c35f06cd2bac5fde210397f70de11d439c62ec1cdf3183758865fd387fcea0bada2f6c37a4a17851dd1d78fefe6f204ee54

Download Submit
/root/.dbus/session-bus/11c67417355f45d397f6be11f62e85a6-0
Filesize
466B

MD5
7cbd9359217b5e601dbadf1c0dac4fdd

SHA1
400b4abb6ae7433451325b5fc00a934779aca3dc

SHA256
14fc4264931ab7a907c92b22c532d780c0bf548a82e6e7b79abe9bbe63a33f78

SHA512
196bc8254a26e9febc122efa0fe30e0ab597986319f57748934e2364fbd58d30fbce0b388a1a6fce78898811006e27491f0cd344a5ddbd62dc354e2f9738af2a

Download Submit
/root/.mozilla/firefox/0jc745f2.default-release/cert9.db
Filesize
224KB

MD5
c18b0b3d56e3e0852a1a3ba8f5db5c98

SHA1
c891ec72d972f2803cf4a3d66574568572ed700b

SHA256
2303e3204db19df6b1af2a4828738cc350685e6e6e22e86ea316a78a8cc2d12b

SHA512
2efeab45acdf3fb79d4b91d75e1420bc6867ac9fd791b8eaf9bbe6d7f33ae5060894a9b3a0ad79c11d2bebbdec4fbcef9f5f62335c538c11040a702c6ec49734

Download Submit
/root/.mozilla/firefox/0jc745f2.default-release/compatibility.ini
Filesize
163B

MD5
fe452b7294d5928a9a5863b89ee0a6bd

SHA1
a5d4c245071fa96476ba48b4725bdae7f1b7940f

SHA256
d5bfb07561606a19aa96557ea109b175050dc0eb805cbef9c813503587d77900

SHA512
dc37d8507f08849e3382d2dbafd4a64555dbd57a288c95131e9aefb366630f1585811a9e1456b861bb9d2b816ed88b18ffb7580cd92b41bb9b0227ce1363843e

Download Submit
/root/.mozilla/firefox/0jc745f2.default-release/cookies.sqlite
Filesize
96KB

MD5
9535f5fe817accc769c2c1d3354db39f

SHA1
6af62cf08717cf3bfa84eb1a7b311acf522ce560

SHA256
c53c15fcfac2bb57fdc88d23f932fc244dbaf4020f0f6eaecf0f77a37c21f8c5

SHA512
dc9c2c32eb42dda0a7a711e143aea58c603c1e9d885c3677e9fe86f525e1b0b32a46e240756263e56510b07e764ba69f2de13b90ec18210678242e10cfe17837

Download Submit
/root/.mozilla/firefox/0jc745f2.default-release/cookies.sqlite
Filesize
96KB

MD5
5caa766855d5613a999f71b7812d6451

SHA1
ad0d9a52a0d5cc7f11858301dbe47377ed99ee37

SHA256
3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27

SHA512
17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

Download Submit
/root/.mozilla/firefox/0jc745f2.default-release/key4.db
Filesize
288KB

MD5
e784141174fab7e6f5925b32c6e1818d

SHA1
63b4ba6002a7655cf5ac78d1eb30c191ea843ed6

SHA256
df80288c025252e531e82c0ae0bca406511d4f2bfd92b916caf6b1515ec3e821

SHA512
ad7796a463a13070dae8f0cf39f57857e9a17158ee826ebe8f95d98e724a10a4828cd75d1e0d3d0088da6dc9e0fefa3ed23c67f0f0f7e8ffd3c35ef19d22f7c8

Download Submit
/root/.mozilla/firefox/0jc745f2.default-release/permissions.sqlite
Filesize
96KB

MD5
232fbc22dd03a8ec41edde02bdbea61c

SHA1
6ab4b39bca95418c52f7f861fd39e5fddb9cc7b6

SHA256
d88bf367aaf79efbb2e8fbdb1dc5bde1c1c3a53e0f4d8188027a63ec55d5f5f0

SHA512
055f1595f4a327347671db53cec8d89a310109d3f871c567e3d5b654b956fc0369d12437f7dc6d9327b973008f1327ee0dfdb5504f1b3cbe00da29941b1e5892

Download Submit
/root/.mozilla/firefox/0jc745f2.default-release/prefs-1.js
Filesize
1KB

MD5
6167e8f28b78a8ce97f1fdc65f79ea6d

SHA1
afa278c1a6026c43fe0f2653bebbc72476fe7e99

SHA256
a25399a9280311338d663b3df0a50e7e8b74505ccbd611ba4ff91011ac349b6d

SHA512
14aacc137fdfe1f4470d5df4cd35b3c3086c561ac0f92eff4b87260b8b7ce528e3c7aafe98e3a6b23cac8a76952765f6182e1e8343e01008fbdc9bbdf1993f5f

Download Submit
/root/.mozilla/firefox/0jc745f2.default-release/prefs-1.js
Filesize
1KB

MD5
1d98b9225517a2a4bb305590290f7f20

SHA1
374375c8d6278d4166d4b038fa86f66958b06f6e

SHA256
07a7894a4d554a446f3c93884ee97276cfdc27ef0f0b10d9fc3d73fc4fc24f8e

SHA512
4ac461def901b9c0aa37af532af1ffbb0cd710dd1d52a410d93745aa704ef39212063f86e63af719ffb203c3809674f0ab6ec315c50cb5816ae0739bb3513b21

Download Submit
/root/.mozilla/firefox/0jc745f2.default-release/prefs-1.js
Filesize
2KB

MD5
f7f682abc29d35f395874dcc87a6fdd6

SHA1
7bfe07b6a50805faf2afcbbfa26f122b93770f3f

SHA256
8482f0587767a2cf067d8044605d0b1cb4f35dc6ec473cd927771078d5523ea7

SHA512
ff33656b1bd74c91b4b0c9b22ce2ca97d24700af5d967c37b093156ffa9a572f8d6bd5bf9e9183c9a34047783940393f58086cb6e62636d612ef3ad7da759ddc

Download Submit
/root/.mozilla/firefox/0jc745f2.default-release/prefs-1.js
Filesize
2KB

MD5
29d58fd3eec0a76c4cb7851f6ac1d5b0

SHA1
f131a16886530cb64f9d99f054b9da2c1697668d

SHA256
80fce1ddda142c7b0deba2498b6694705555cc9729ff88c4053d5e1fc00f4518

SHA512
433940ba7528ba4f1fe94bde738ea3d35a0afea01d584c613d79ddca57e5cc05debfcfd56ccf9c00b9ee98dfb014c05893e29746b3488b11ab6eacfbbc29454a

Download Submit
/root/.mozilla/firefox/0jc745f2.default-release/prefs-1.js
Filesize
2KB

MD5
a57ad5f92bbb1432024d49abb8a933c4

SHA1
677d083d6107e647303707a436857ea9acf1db2b

SHA256
4972ab8627dcb61c9a72ee326b7c93440fc003c3677ead31271ef8ad571fbae9

SHA512
bca09f67cad029c5c985c4729bef128cdf4b8f00514de019d0f55d235bcb06907aeec4eb2f40fc81cbfc47de9626267e640e27b3e5a4f1055d29c510ec643bd9

Download Submit
/root/.mozilla/firefox/0jc745f2.default-release/prefs-1.js
Filesize
3KB

MD5
93ba465da48e1c45726a822cee013029

SHA1
f0c8696e9a297d539a5630ac6d31799d9d4381ff

SHA256
7a112e8314177c9bcf87a9eff9858982a21ce755f3e223414ab9bea74c49e3a0

SHA512
09898a850534cb0db13fe8a7ff3fbea1e4c76a39ce9d5eff40e65fb798493d41060984b3d8af9417e65ca36859f0b7b14573b9f3f72ec0e1879980a26e32e5f7

Download Submit
/root/.mozilla/firefox/0jc745f2.default-release/prefs-1.js
Filesize
3KB

MD5
dc64ec65b6b14756955cbfc5473dbadc

SHA1
32821edf2b7a74cea5633d8ff8d95bafbccf22b5

SHA256
bf7aa9094d70975ef8327a3fe50a35bff987cbd79fb8ac9bc2071dbc8c821a69

SHA512
148848147f514f4cd593a67348e511c51ff02759c70f5de5a41b869e2e0574883dab2331fa05bb92730261bb27b354ea95baf869d8df00435b2de2d9f6514e7a

Download Submit
/root/.mozilla/firefox/0jc745f2.default-release/prefs.js
Filesize
776B

MD5
dfbbc690854e9f6582281445ab65a874

SHA1
cbebc061cdfb5cc6a1cf946b6ede70810cef7724

SHA256
bc7d4d74b63c2a3aab40db1e33075287628315fbbeab6ef126b4db5b3d54371b

SHA512
c4b5d6b45f946fe3769f751ad0be9dd8ec9175e07aa07617bcbf82809429d6cb8acb27ff87fb132c1d2531f76b33d2eda57ea0f4be48d7dfaa21ae9a31093913

Download Submit
/root/.mozilla/firefox/0jc745f2.default-release/storage/ls-archive.sqlite
Filesize
96KB

MD5
e0c613bfd69956a19ce2dc5e925aa223

SHA1
14accb230edcd6cb76967cdc6d4e5686db96b5df

SHA256
0d4cb11f6364c46a75f9eaddfca5c660b90dfd515df3afcd5e0baeca28a0f1ab

SHA512
01643c0131a392be92b3f281d7f633c1f502bff19090b0d716f1ac66aefecc3fcf92f393bef66b03089c9b9c6d8aaeb711b6a4f29d5a6729dd188c838f2272d1

Download Submit
/root/.mozilla/firefox/0jc745f2.default-release/storage/ls-archive.sqlite
Filesize
128KB

MD5
178d71e5529d637ac62f7e75fdd75896

SHA1
339f2b949cc4c207b66aea11137448ba28d36dcb

SHA256
7b0050f1bfaab85c8f9067ae7d7369056ff752c0c852ef1462a96c22169004d4

SHA512
ec0e0105fcfbbae356dd55efbcf92975f35bbe5cb93fcabf4c08443e871957635d14830b27c4e1ddefbbaff8f9b7ec3590bf417a9442e1d7ee3607d14d56f664

Download Submit
/root/.mozilla/firefox/0jc745f2.default-release/storage/permanent/chrome/.metadata-v2-tmp
Filesize
42B

MD5
bbfed0e55ea11b4fafc9229b34c43058

SHA1
774e50328682872d6161a75f78fe7a1f3efab45b

SHA256
ddc00139bff1919304db04852adeb6cbaa7589e2eb102b6c6039ca3d76c0ed24

SHA512
020db8b010c5b79af96b0866283cc5958dd4a354d7495f9036eaa6de80b49adbeceba9f5de5072554cd7007ec7b847b26ebbcbe1bdff0a746f3b56a3a55754c9

Download Submit
/root/.mozilla/firefox/0jc745f2.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite
Filesize
4KB

MD5
14396a8e683727274478325da363346d

SHA1
27e61597c8460701b44000a872934eac6b10ba9d

SHA256
5addc54dd84c61f7a0823946170835da184434bcbe19e87c249e8c6dd0560128

SHA512
c178f6eaca7ffa1f2f45a08cbe9326c0816eae5a41cb39970933464fd6b449337a25d985df1758e14c98a9c219882d66676416820276ed83ee20064ac5f4578e

Download Submit
/root/.mozilla/firefox/0jc745f2.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
Filesize
44KB

MD5
07a412e08825220262ad2890757ff779

SHA1
f46c127dbc070ded87a6078b3c1c761955f96de8

SHA256
da640f8b665841b520d2262a21cc3f82aeaa881cf81a1ddae27ef501d66544e4

SHA512
0134c783bf3293848e479b478ac57a1e0f4202cddfb8b57bc6275aada7345f398cf8a627e9b1c34fd618192c2f0c9737b1da487daf33f9c557ebc1377105582b

Download Submit
/root/.mozilla/firefox/0jc745f2.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
Filesize
12KB

MD5
5da3db67fc5d8cf5032009321c2653e3

SHA1
2f6770f027fb52ff6894df2b71055a5dbd299e86

SHA256
e5ade927112a98357a2648c0280fc76525cc24479f5c9478a61eb1fc1f458f77

SHA512
691bb9d37e5b78bba60025d090178bc5aae5cc51b842ea48cf68a4c12c2b3e4dfcdbc095832ffe72401895cbe459fbc1675b712615015686bf12d8321e8c6f70

Download Submit
/root/.mozilla/firefox/0jc745f2.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
Filesize
164KB

MD5
a352fa8bfdd6466d5eaf29743dfb8fdc

SHA1
e67f306407f7ae48b1f0865d998d8dd7b219bc2f

SHA256
997b72774b07879a26c466907ed4fc83881f0abcdc703b9ea11e1764fbfcc446

SHA512
1524b55ffebfc626819d7e116d48827a1cb1efef92b7ea68dddfce87d5c0cd6945a643c801b1b04aa0bafcca04f4774d002c7ff6abbe84ac86d6b639e12e3661

Download Submit
/root/.mozilla/firefox/0jc745f2.default-release/times.json
Filesize
50B

MD5
0eb371fe09bafe1533ad3912e8069cf9

SHA1
f28af508b549b5b75e0b64109b520e689b70eeb5

SHA256
53b1fc6f3cf56ea6c4704dc85595df59c415b387859f6acc589749021ded46b9

SHA512
5f727e950aa30d3c098f5efd18b6d8a5a4a92e93d9404229562bf9a19ba2aaf79fc112bd8b75c95eddd3a351aceb43a84e945852904882e45fc13a9d32021dc4

Download Submit
/root/.mozilla/firefox/0jc745f2.default-release/times.json
Filesize
47B

MD5
a2636f0527bb78753ebbb1be1894d750

SHA1
220062482f4f2d37df159473ddb576d37d0434ce

SHA256
8492df770b5660019245046c70a9934af1df26a14f2af1b447a070ef3c316ee4

SHA512
0c4f869e32d089ba6ee3c61a8e6120282134f7e5b3d899029f6948438c10b5936767adb23480be03edde0d915250f5936e5bb7da7ca7ea50ea2e22575ea3c60d

Download Submit
/root/.mozilla/firefox/Crash Reports/InstallTime20230522134052
Filesize
10B

MD5
d4b3d0bf3c44627fe7a0fd852bf1d4c7

SHA1
81b1efc45f10202ab07a8e092a7f185bfc3be342

SHA256
c024849055afbc2cac9c5191796809585a06e707ee39a7f7414a850d6f96cec8

SHA512
c4f4755563ae48197cdee297ad44d296368553701f42a147cc43c3c2d49892d1955b9e546fc3c3c69144c225dca4b4c95f18c7a600d797975013d0c2db4ef873

Download Submit
/root/.mozilla/firefox/installs.ini
Filesize
62B

MD5
a98047924656f73ba9b3e8bd093feca9

SHA1
9628f08d7882539edb08a80207246100a18e4eef

SHA256
dde9b958f53664d24875c2469166efad6c06b171e285d6194f5c824c088e2bfc

SHA512
04d296deb5ff116080f41205e6bc7b6f7013fb950cf9d7d513e188a444dd8e7c6e22552947974e16f24b205422bf970214854adde67ce7fcaad16f06a3c620d4

Download Submit
/root/.mozilla/firefox/profiles.ini
Filesize
259B

MD5
5f909c1ab28b25c125a0b2e270b8e1b4

SHA1
1d9a5beb56cd9d81f3b442c4d16026956f9535bd

SHA256
adba0356c8e19f2ec09e657b535e3d9b7a43baacc16dacf4be7a13ec64af0bb1

SHA512
f90be5448812c9a6e38c2020fe43ddf8a8d45abe691b1a55d852ec265c4d771f50e1b2e8ca1b47824a380487eb1b973d631106c2ca56aea38fb5d150bcac9313

Download Submit
/root/.mozilla/firefox/z3aoejf3.default/times.json
Filesize
47B

MD5
5102039e57ebdbb65563d37a9f0fa37e

SHA1
fdd255c24e21ed80e5da935257fd9f79b28123c9

SHA256
e97dda5869507bd084dbf7191a12e7b5b940a0b990bae60eb569070d33f1a736

SHA512
18559480780e81575530eeccc420e4ceec22c487d496b226c70f9a3ac2ba5cc59f86f7af79b7dcce0b30dcac3d83d949e0720806ca74bfcc0b9db835826b53d0

Download Submit