hxxp://google[.]com

Analysis

max time kernel
12s
max time network
91s
platform
ubuntu-20.04_amd64
resource
ubuntu2004-amd64-20240221-en
resource tags

arch:amd64arch:i386image:ubuntu2004-amd64-20240221-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system
submitted
28-03-2024 20:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

7^/10

antivm spyware stealer

Malware Config

Signatures

Changes its process name 64 IoCs

Processes:

firefox

description	ioc	pid
Changes the process name, possibly in an attempt to hide itself	gmain	1522
Changes the process name, possibly in an attempt to hide itself	gdbus	1538
Changes the process name, possibly in an attempt to hide itself	glean.dispatche	1540
Changes the process name, possibly in an attempt to hide itself	IPC I/O Parent	1542
Changes the process name, possibly in an attempt to hide itself	IPC I/O Parent	1542
Changes the process name, possibly in an attempt to hide itself	IPC I/O Parent	1542
Changes the process name, possibly in an attempt to hide itself	Backgro~Pool #1	1557
Changes the process name, possibly in an attempt to hide itself	IPDL Background	1556
Changes the process name, possibly in an attempt to hide itself	Backgro~Pool #1	1557
Changes the process name, possibly in an attempt to hide itself	IPDL Background	1556
Changes the process name, possibly in an attempt to hide itself	Socket Thread	1555
Changes the process name, possibly in an attempt to hide itself	Socket Thread	1555
Changes the process name, possibly in an attempt to hide itself	Timer	1553
Changes the process name, possibly in an attempt to hide itself	Timer	1553
Changes the process name, possibly in an attempt to hide itself	HTML5 Parser	1558
Changes the process name, possibly in an attempt to hide itself	Netlink Monitor	1554
Changes the process name, possibly in an attempt to hide itself	HTML5 Parser	1558
Changes the process name, possibly in an attempt to hide itself	Netlink Monitor	1554
Changes the process name, possibly in an attempt to hide itself	pool-firefox	1560
Changes the process name, possibly in an attempt to hide itself	pool-firefox	1559
Changes the process name, possibly in an attempt to hide itself	JS Watchdog	1562
Changes the process name, possibly in an attempt to hide itself	JS Watchdog	1562
Changes the process name, possibly in an attempt to hide itself	BGReadURLs	1564
Changes the process name, possibly in an attempt to hide itself	BGReadURLs	1564
Changes the process name, possibly in an attempt to hide itself	Cache2 I/O	1565
Changes the process name, possibly in an attempt to hide itself	Cookie	1566
Changes the process name, possibly in an attempt to hide itself	Cookie	1566
Changes the process name, possibly in an attempt to hide itself	glxtest:disk$0	1567
Changes the process name, possibly in an attempt to hide itself	StreamTrans #1	1568
Changes the process name, possibly in an attempt to hide itself	StreamTrans #1	1568
Changes the process name, possibly in an attempt to hide itself	TaskCon~ller #1	1570
Changes the process name, possibly in an attempt to hide itself	TaskCon~ller #0	1569
Changes the process name, possibly in an attempt to hide itself	BgIOThr~Pool #1	1571
Changes the process name, possibly in an attempt to hide itself	BgIOThr~Pool #1	1571
Changes the process name, possibly in an attempt to hide itself	QuotaManager IO	1575
Changes the process name, possibly in an attempt to hide itself	QuotaManager IO	1575
Changes the process name, possibly in an attempt to hide itself	IndexedDB #1	1687
Changes the process name, possibly in an attempt to hide itself	IndexedDB #1	1687
Changes the process name, possibly in an attempt to hide itself	IPC Launch	1690
Changes the process name, possibly in an attempt to hide itself	IPC Launch	1690
Changes the process name, possibly in an attempt to hide itself	SandboxReporter	1689
Changes the process name, possibly in an attempt to hide itself	SandboxReporter	1689
Changes the process name, possibly in an attempt to hide itself	Breakpad Server	1688
Changes the process name, possibly in an attempt to hide itself	Sandbox Forked	1691
Changes the process name, possibly in an attempt to hide itself	DOM Worker	1692
Changes the process name, possibly in an attempt to hide itself	DOM Worker	1692
Changes the process name, possibly in an attempt to hide itself	Chroot Helper	1693
Changes the process name, possibly in an attempt to hide itself	MainThread	1691	firefox
Changes the process name, possibly in an attempt to hide itself	StreamTrans #3	1696
Changes the process name, possibly in an attempt to hide itself	StreamTrans #3	1696
Changes the process name, possibly in an attempt to hide itself	StreamTrans #2	1695
Changes the process name, possibly in an attempt to hide itself	StreamTrans #2	1695
Changes the process name, possibly in an attempt to hide itself	IPC I/O Child	1697
Changes the process name, possibly in an attempt to hide itself	IPC I/O Child	1697
Changes the process name, possibly in an attempt to hide itself	IPC I/O Child	1697
Changes the process name, possibly in an attempt to hide itself	Socket Process	1691	firefox
Changes the process name, possibly in an attempt to hide itself	Socket Thread	1699
Changes the process name, possibly in an attempt to hide itself	Socket Thread	1699
Changes the process name, possibly in an attempt to hide itself	Backgro~Pool #1	1698
Changes the process name, possibly in an attempt to hide itself	Backgro~Pool #1	1698
Changes the process name, possibly in an attempt to hide itself	ProfilerChild	1701
Changes the process name, possibly in an attempt to hide itself	ProfilerChild	1701
Changes the process name, possibly in an attempt to hide itself	FSBroker1691	1700
Changes the process name, possibly in an attempt to hide itself	FSBroker1691	1700

Reads user data of web browsers 64 IoCs

Reads stored browser data which can include saved credentials.

spyware stealer

Processes:

firefox

description	ioc	process
File opened for reading	/root/.mozilla/firefox/74vrob9t.default-release/user.js	firefox
File opened for reading	/root/.mozilla/firefox/74vrob9t.default-release/extension-preferences.json
File opened for reading	/root/.mozilla/firefox/74vrob9t.default-release/pkcs11.txt	firefox
File opened for reading	/root/.mozilla/firefox/74vrob9t.default-release/content-prefs.sqlite-journal
File opened for reading	/root/.mozilla/firefox/74vrob9t.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite-wal
File opened for reading	/root/.mozilla/firefox/74vrob9t.default-release/extensions	firefox
File opened for reading	/root/.mozilla/firefox/74vrob9t.default-release/storage.sqlite
File opened for reading	/root/.mozilla/firefox/74vrob9t.default-release/permissions.sqlite
File opened for reading	/root/.mozilla/firefox/74vrob9t.default-release/cert9.db-journal
File opened for reading	/root/.mozilla/firefox/74vrob9t.default-release/storage/permanent/chrome
File opened for reading	/root/.mozilla/firefox/74vrob9t.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite-wal
File opened for reading	/root/.mozilla/firefox/74vrob9t.default-release/cookies.sqlite	firefox
File opened for reading	/root/.mozilla/firefox/74vrob9t.default-release/storage
File opened for reading	/root/.mozilla/firefox/74vrob9t.default-release/sessionstore-backups/previous.jsonlz4
File opened for reading	/root/.mozilla/firefox/74vrob9t.default-release/sessionstore.js
File opened for reading	/root/.mozilla/firefox/74vrob9t.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite-journal
File opened for reading	/root/.mozilla/firefox/74vrob9t.default-release/sessionstore.jsonlz4
File opened for reading	/root/.mozilla/firefox/74vrob9t.default-release/cert9.db
File opened for reading	/root/.mozilla/firefox/74vrob9t.default-release/ExperimentStoreData.json
File opened for reading	/root/.mozilla/firefox/74vrob9t.default-release/system-extensions	firefox
File opened for reading	/root/.mozilla/firefox/74vrob9t.default-release/storage/ls-archive.sqlite-journal
File opened for reading	/root/.mozilla/firefox/74vrob9t.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite-wal
File opened for reading	/root/.mozilla/firefox/74vrob9t.default-release/addons.json
File opened for reading	/root/.mozilla/firefox/74vrob9t.default-release/sessionstore-backups/recovery.jsonlz4
File opened for reading	/root/.mozilla/firefox/74vrob9t.default-release/cert_override.txt	firefox
File opened for reading	/root/.mozilla/firefox/74vrob9t.default-release/places.sqlite-journal	firefox
File opened for reading	/root/.mozilla/firefox/74vrob9t.default-release/times.json
File opened for reading	/root/.mozilla/firefox/74vrob9t.default-release/shield-preference-experiments.json
File opened for reading	/root/.mozilla/firefox/74vrob9t.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite
File opened for reading	/root/.mozilla/firefox/74vrob9t.default-release/places.sqlite	firefox
File opened for reading	/root/.mozilla/firefox/74vrob9t.default-release
File opened for reading	/root/.mozilla/firefox/74vrob9t.default-release/storage/ls-archive.sqlite
File opened for reading	/root/.mozilla/firefox/74vrob9t.default-release/sessionCheckpoints.json
File opened for reading	/root/.mozilla/firefox/74vrob9t.default-release	firefox
File opened for reading	/root/.mozilla/firefox/74vrob9t.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-journal
File opened for reading	/root/.mozilla/firefox/74vrob9t.default-release/cookies.sqlite-journal	firefox
File opened for reading	/root/.mozilla/firefox/74vrob9t.default-release/storage.sqlite-journal
File opened for reading	/root/.mozilla/firefox/74vrob9t.default-release/storage/permanent/chrome/idb
File opened for reading	/root/.mozilla/firefox/74vrob9t.default-release/key4.db-journal	firefox
File opened for reading	/root/.mozilla/firefox/74vrob9t.default-release/xulstore.json	firefox
File opened for reading	/root/.mozilla/firefox/74vrob9t.default-release/key4.db
File opened for reading	/root/.mozilla/firefox/74vrob9t.default-release/prefs.js	firefox
File opened for reading	/root/.mozilla/firefox/74vrob9t.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
File opened for reading	/root/.mozilla/firefox/74vrob9t.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite-journal
File opened for reading	/root/.mozilla/firefox/74vrob9t.default-release/key4.db	firefox
File opened for reading	/root/.mozilla/firefox/74vrob9t.default-release/sessionstore-backups/recovery.bak
File opened for reading	/root/.mozilla/firefox/74vrob9t.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite
File opened for reading	/root/.mozilla/firefox/74vrob9t.default-release/cookies.sqlite
File opened for reading	/root/.mozilla/firefox/74vrob9t.default-release/addonStartup.json.lz4	firefox
File opened for reading	/root/.mozilla/firefox/74vrob9t.default-release/cert9.db	firefox
File opened for reading	/root/.mozilla/firefox/74vrob9t.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite
File opened for reading	/root/.mozilla/firefox/74vrob9t.default-release/sessionstore-backups/recovery.baklz4
File opened for reading	/root/.mozilla/firefox/74vrob9t.default-release/handlers.json	firefox
File opened for reading	/root/.mozilla/firefox/74vrob9t.default-release/permissions.sqlite-journal
File opened for reading	/root/.mozilla/firefox/74vrob9t.default-release/sessionstore-backups/recovery.js
File opened for reading	/root/.mozilla/firefox/74vrob9t.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite-journal
File opened for reading	/root/.mozilla/firefox/74vrob9t.default-release/cookies.sqlite-journal
File opened for reading	/root/.mozilla/firefox/74vrob9t.default-release/extensions.json
File opened for reading	/root/.mozilla/firefox/74vrob9t.default-release/cert9.db-journal	firefox
File opened for reading	/root/.mozilla/firefox/74vrob9t.default-release/sessionstore-backups/previous.js
File opened for reading	/root/.mozilla/firefox/74vrob9t.default-release/search.json.mozlz4
File opened for reading	/root/.mozilla/firefox/74vrob9t.default-release/content-prefs.sqlite
File opened for reading	/root/.mozilla/firefox/74vrob9t.default-release/compatibility.ini	firefox
File opened for reading	/root/.mozilla/firefox/74vrob9t.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-wal

Checks CPU configuration 1 TTPs 1 IoCs
Checks CPU information which indicate if the system is a virtual machine.
antivm

Virtualization/Sandbox Evasion
T1497

Processes:

description ioc

File opened for reading /proc/cpuinfo

description	ioc
File opened for reading	/proc/cpuinfo

Reads CPU attributes 1 TTPs 11 IoCs

System Information Discovery

T1082

Processes:

firefoxfirefoxfirefoxfirefoxfirefoxfirefox

description	ioc	process
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
File opened for reading	/sys/devices/system/cpu/present
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index2/size
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index3/size
File opened for reading	/sys/devices/system/cpu/present	firefox

Enumerates kernel/hardware configuration 1 TTPs 64 IoCs

Reads contents of /sys virtual filesystem to enumerate system information.

System Information Discovery

T1082

Processes:

glxtestfirefoxfirefoxfirefoxfirefoxfirefoxdbus-daemonfirefox

description	ioc	process
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/irq	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/irq	glxtest
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/device	glxtest
File opened for reading	/sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/resource	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/vendor	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/class	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/device	glxtest
File opened for reading	/sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/resource	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/irq	glxtest
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/uevent	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/irq	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/class	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/device	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/device	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/class	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/device	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/vendor	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/resource	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/resource	glxtest
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/subsystem_device	glxtest
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/devices/system/cpu
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/class	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/vendor	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/resource	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/class	glxtest
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/resource	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/vendor	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/resource	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/class	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/irq	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/device	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/vendor	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/resource	glxtest
File opened for reading	/sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us	firefox
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/devices/system/cpu	glxtest
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/irq	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/class	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/irq	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/device	glxtest
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/subsystem_vendor	glxtest
File opened for reading	/sys/kernel/security/apparmor/features/dbus/mask	dbus-daemon
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/device	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/resource	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/vendor	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/class	glxtest
File opened for reading	/sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/vendor	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/class	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/vendor	glxtest
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/vendor	glxtest
File opened for reading	/sys/bus/pci/devices	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/device	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/device	glxtest
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/irq	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/irq	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/vendor	glxtest

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

Processes:

firefoxxdg-desktop-portaldconf-servicefirefoxfirefoxfirefoxxdg-document-portalfirefoxfirefoxdbus-daemonglxtestgvfsd-trashnautilusxdg-desktop-portal-gtkgvfsd

description	ioc	process
File opened for reading	/proc/self/fd/46	firefox
File opened for reading	/proc/self/fd/49	firefox
File opened for reading	/proc/self/fd/50	firefox
File opened for reading	/proc/self/cgroup	firefox
File opened for reading	/proc/filesystems	xdg-desktop-portal
File opened for reading	/proc/cmdline	dconf-service
File opened for reading	/proc/self/task/1989/stat
File opened for reading	/proc/self/fd/40	firefox
File opened for reading	/proc/self/cgroup	firefox
File opened for reading	/proc/self/cgroup	firefox
File opened for reading	/proc/self/task/1694/stat
File opened for reading	/proc/self/fd/39	firefox
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/filesystems	xdg-document-portal
File opened for reading	/proc/self/fd/77	firefox
File opened for reading	/proc/self/task/2045/stat
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/self/task/1485/stat
File opened for reading	/proc/1535/attr/current
File opened for reading	/proc/self/mountinfo	firefox
File opened for reading	/proc/filesystems	dconf-service
File opened for reading	/proc/1972/cmdline
File opened for reading	/proc/self/mountinfo	firefox
File opened for reading	/proc/2038/smaps
File opened for reading	/proc/self/mountinfo	firefox
File opened for reading	/proc/mounts	dbus-daemon
File opened for reading	/proc/self/mountinfo
File opened for reading	/proc/self/fd/36	firefox
File opened for reading	/proc/self/fd/43	firefox
File opened for reading	/proc/self/fd/37	firefox
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/self/cgroup	firefox
File opened for reading	/proc/self/mountinfo	firefox
File opened for reading	/proc/sys/kernel/cap_last_cap
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/filesystems	glxtest
File opened for reading	/proc/self/stat
File opened for reading	/proc/self/fd/87	firefox
File opened for reading	/proc/1983/smaps
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/self/mountinfo	gvfsd-trash
File opened for reading	/proc/1983/statm
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/1835/cmdline
File opened for reading	/proc/self/cgroup	firefox
File opened for reading	/proc/self/mountinfo	firefox
File opened for reading	/proc/2038/statm
File opened for reading	/proc/self/task/2067/stat
File opened for reading	/proc/self/fd/41	firefox
File opened for reading	/proc/filesystems	nautilus
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/self/fd/42	firefox
File opened for reading	/proc/self/fd/32	firefox
File opened for reading	/proc/self/fd/45	firefox
File opened for reading	/proc/self/fd/47	firefox
File opened for reading	/proc/self/fd/52	firefox
File opened for reading	/proc/1851/cmdline
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/self/task/2085/stat
File opened for reading	/proc/filesystems	dbus-daemon
File opened for reading	/proc/self/fd/30	firefox
File opened for reading	/proc/filesystems	xdg-desktop-portal-gtk
File opened for reading	/proc/1888/cmdline
File opened for reading	/proc/filesystems	gvfsd

Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.

Processes:

firefox

description ioc process

File opened for modification /tmp/firefox/.parentlock firefox

description	ioc	process
File opened for modification	/tmp/firefox/.parentlock	firefox

/usr/bin/firefox
firefox -new-tab http://google.com
1⤵
PID:1483

/usr/bin/which
which /usr/bin/firefox
2⤵
PID:1484

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -new-tab http://google.com
1⤵
- Reads user data of web browsers
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
- Writes file to tmp directory
PID:1483

/usr/local/sbin/dbus-launch
dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
2⤵
PID:1523

/usr/local/bin/dbus-launch
dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
2⤵
PID:1523

/usr/sbin/dbus-launch
dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
2⤵
PID:1523

/usr/bin/dbus-launch
dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
2⤵
PID:1523

/usr/lib/firefox/glxtest
/usr/lib/firefox/glxtest -f 13
2⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1541

/usr/local/sbin/dbus-launch
dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
2⤵
PID:1704

/usr/local/bin/dbus-launch
dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
2⤵
PID:1704

/usr/sbin/dbus-launch
dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
2⤵
PID:1704

/usr/bin/dbus-launch
dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
2⤵
PID:1704

/usr/bin/dbus-daemon
/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session
1⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1526

/usr/bin/lsb_release
/usr/bin/lsb_release -idrc
1⤵
PID:1563

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -parentBuildID 20240108143603 -prefsLen 20252 -prefMapSize 231436 -appDir /usr/lib/firefox/browser "{746dd0f7-32bd-4ec7-add1-f0bbe8758e8d}" 1483 true socket
1⤵
- Changes its process name
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1691

/usr/libexec/xdg-desktop-portal
/usr/libexec/xdg-desktop-portal
1⤵
- Reads runtime system information
PID:1835

/usr/libexec/xdg-document-portal
/usr/libexec/xdg-document-portal
1⤵
- Reads runtime system information
PID:1851

/usr/libexec/xdg-permission-store
/usr/libexec/xdg-permission-store
1⤵
PID:1872

/usr/libexec/xdg-desktop-portal-gtk
/usr/libexec/xdg-desktop-portal-gtk
1⤵
- Reads runtime system information
PID:1888

/usr/libexec/gvfsd
/usr/libexec/gvfsd
1⤵
- Reads runtime system information
PID:1905

/usr/libexec/gvfsd-trash
/usr/libexec/gvfsd-trash --spawner :1.6 /org/gtk/gvfs/exec_spaw/0
2⤵
- Reads runtime system information
PID:1972

/usr/libexec/gvfsd-fuse
/usr/libexec/gvfsd-fuse /root/.cache/gvfs -f -o big_writes
1⤵
PID:1930

/usr/libexec/dconf-service
/usr/libexec/dconf-service
1⤵
- Reads runtime system information
PID:1962

/usr/bin/nautilus
/usr/bin/nautilus --gapplication-service
1⤵
- Reads runtime system information
PID:1969

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 22645 -prefMapSize 231436 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{e9d3c605-436f-4322-8480-fa970114a184}" 1483 true tab
1⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1983

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 22370 -prefMapSize 231436 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{0930c81c-9acf-405d-b2a2-74c8b28afa66}" 1483 true tab
1⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:2038

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 22719 -prefMapSize 231436 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{bb1e63fd-9ba5-422e-860a-f34de618d799}" 1483 true tab
1⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:2064

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -childID 4 -isForBrowser -prefsLen 28719 -prefMapSize 231436 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{122f876f-a043-4a99-8a70-45d681b880b2}" 1483 true tab
1⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:2081

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Virtualization/Sandbox Evasion

T1497

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

/root/.cache/dconf/user
Filesize
2B

MD5
c4103f122d27677c9db144cae1394a66

SHA1
1489f923c4dca729178b3e3233458550d8dddf29

SHA256
96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7

SHA512
5ea71dc6d0b4f57bf39aadd07c208c35f06cd2bac5fde210397f70de11d439c62ec1cdf3183758865fd387fcea0bada2f6c37a4a17851dd1d78fefe6f204ee54

Download Submit
/root/.cache/dconf/user
Filesize
2B

MD5
f1a1c5dbc5af4beea7511e48f23ca3ae

SHA1
2069de41d7442faaa5dc9d07128d27c8e707d3b4

SHA256
e6b5b9aa68c49e8650b6545dd8019754b2c1c1f850e94e6e08ae12e88cc121f6

SHA512
d9e343fe99da2c91d608eca35b967d8cf369759e39c057e8af40cbeda14f29f4618a6a2de44809e2c4c004b5f317eb7e87c7582bbe120f69a18aee106964f40d

Download Submit
/root/.cache/mozilla/firefox/74vrob9t.default-release/cache2/entries/037778A55E1B7E9BED3390289866D09402D6C913
Filesize
9KB

MD5
9d5cdfa9d0784764a969505a6d5def74

SHA1
f97745cfe4735567c37fb666aeef334ddeeab6ba

SHA256
0babf2605c70b0b8442d8c0b2f10e686d9988d8b7d9108f6e91547615446947e

SHA512
29b18047165ab1a0f71a595ac981adf8dc064bf14a86c88f4cd4c870979dd221ec287941960fd87d20fcd69013f7dec66dc288456333b58395b3d41467c20110

Download Submit
/root/.cache/mozilla/firefox/74vrob9t.default-release/cache2/entries/1611007487CDFCDB9FE43793C68D8984CF7DD7AA
Filesize
207B

MD5
6104c18fcc62d05ae87f01b3e598db53

SHA1
21d5657ccf581d582a10153cadd3220cf4107e7a

SHA256
6bdbd9e14b99b5a72e9bf693d1be25d833899af16a23040b9fed18049f1d2291

SHA512
7e8746444106e5677fcb1589c44ec77180f72f7af7a6a743c1ddfbb7f94e9c80b2b526eaa9c4ca48f3769eb87ebb9e9811c2907124f6349d18bd51d5f3a327fc

Download Submit
/root/.cache/mozilla/firefox/74vrob9t.default-release/cache2/entries/1611007487CDFCDB9FE43793C68D8984CF7DD7AA
Filesize
9KB

MD5
3d03473e0b6523f849f224bf4aac3951

SHA1
209a7977e0d1c3a5c3e0c82eeb992a265a8895a9

SHA256
f17e680a8dd9d2d7025a08462dd87158129dc9d90f8a85a90ef6d04092e15d22

SHA512
36ffd4653407991c352a690a66bc1ce5764c222182c17d39c337297d88be79599bce5b60108a1449aa5a594415264dd3d293dca6b20ba2eff35caf70af68bf0f

Download Submit
/root/.cache/mozilla/firefox/74vrob9t.default-release/cache2/entries/3D1E19D09F398691ABF62061591970855193B42F
Filesize
13KB

MD5
12de50aecd919034484082bda7abe753

SHA1
fa600f06f89e127813a805bffe7e341b2bf5d4f4

SHA256
a7c9b6ba85d1d19b49a641e75df18b9339a2c330e9f8982732c543d1f4e8f9f7

SHA512
38ae92c20abfc5a7c5e486131e1d062fe76c1fed5648cf7728cc851fe9693cfefa1dc0f293943a05c5996d9635e911e81cff1756a7b19186c1155c4b46975230

Download Submit
/root/.cache/mozilla/firefox/74vrob9t.default-release/cache2/entries/3D1E19D09F398691ABF62061591970855193B42F
Filesize
13KB

MD5
a4b8994e7da7481b013f4e9b0b843860

SHA1
9cadde1eeb557c239f7ce27f46bd64a09538b18b

SHA256
be6ef933916f6a64707287a76402acc50210e9bda32f255334d9bb527223bd81

SHA512
0d4d555ea7a0ab0d03bffb221960c4be788d83807844c94b3ed13abe033798beb2b606803f2577a06aa8f88ebb06d21b7f4bb27b0adf48dd60d1ac42902618aa

Download Submit
/root/.cache/mozilla/firefox/74vrob9t.default-release/cache2/entries/90E321EE94230DCDBDCD2EC0B77C695A4FC21F78
Filesize
187B

MD5
9519b58a3c7008bc1fa67ba7d6e4ba13

SHA1
d5c82bcc4a4fc0281ffae142839e268fe736bd94

SHA256
ba037c397a1b5910997792e725adbb9dcdfcfc77e67ed6a8e6d18b320b97b7dc

SHA512
389b945da948af91dd4540dc87a76bf0568f1ed26d18201708c91b2a436640220d891c10524faf6b7744a4397751f3b10589b9abc1d94ef3eaa027db3017ed03

Download Submit
/root/.cache/mozilla/firefox/74vrob9t.default-release/cache2/entries/90E321EE94230DCDBDCD2EC0B77C695A4FC21F78
Filesize
9KB

MD5
fd056e15ca12f46ec02ed440650fc94c

SHA1
4cdf484c671336ad755b7bc6ea72733c261fcddb

SHA256
124bed0c0b6a71bf8bc730ab01ef95d050b3f90d8e32a1c2fb1ae4014e5ecf3c

SHA512
631decb0ac8d9e06f759d54d1262ea478a27dba4dcf1752f3e92da1b3b403ab38daec05628dff6267d7b052faf68850508fda955668b0a482049eeda8a378ec3

Download Submit
/root/.cache/mozilla/firefox/74vrob9t.default-release/cache2/entries/D0F48A0632B6C451791F4257697E861961F06A6F
Filesize
52B

MD5
e92fab37aaf1899062a6b4fa81215c34

SHA1
341df4c3ef73b203e418d463403337c58297ccce

SHA256
89f01545dc3831580eef85604fe78013a40fee53268053c0b055c74427a92dcb

SHA512
df91f14b6c667df081ba6809b703c75cc4ee728b1d9fd177fd5db38ea6f3501694d9fa4989cbc6e4a501a5afe02a90bc2be24fb37fb5899d61fe3e22018f7d6f

Download Submit
/root/.cache/mozilla/firefox/74vrob9t.default-release/cache2/entries/EE1AAB872F378C4FA66FBCD193AF217BF20A4E27
Filesize
115B

MD5
80da87db011e8f224d110efc1ffe59f8

SHA1
0644ee1c99ea84e220381392fced382487386370

SHA256
9ea9046c3bb25990e8eabf90e244a3735b81740be02c3f194cd6832932835cd8

SHA512
49be80c9ea2eb6185ff99d00189acf37d8528a01405774e5449b163af84ecc5c37bf3d4998e8ad78eb30d5f35725d9f9c0b5d5aa7bb873eca55cc9fab5c4c5e1

Download Submit
/root/.dbus/session-bus/4816dd152e8c48ff97e9117d197c13d8-0
Filesize
466B

MD5
277838267366da975b14ad6d070880fb

SHA1
8bb153591d12add76c570357b2170b8f27e8844c

SHA256
9d3bbd38dde88ac18d5a24f4925c7ee6b10dc2f9f8a7b79ab9c9d07e58adfcd5

SHA512
176c6599959daf61c56fe1d65098fb4ab8331966a90edaf0e96242c25d8138659cb5f9da27634ada99c691002077e91717bebcb20d83184568f3b594da918568

Download Submit
/root/.mozilla/firefox/6w6zubdn.default/times.json
Filesize
47B

MD5
faa4e4ab1342e8ac386363c83ed09d98

SHA1
e81df92f791b9c477448908233baec3138ee245e

SHA256
5a8e3a06e334edfb452a6d2befd248dc4613d1110694372d4878b8e947e9ed78

SHA512
366b35dcd61501d1eb593d7ad4f6bfdf352c3d0552a20f6a7ec1d6c4ec2c6941118551d0a75b9d07915cc85ea2ff468f6c067087c5c888b647b9bece1c828896

Download Submit
/root/.mozilla/firefox/74vrob9t.default-release/cert9.db
Filesize
224KB

MD5
c6260ae67538e146e67fc09113daaa83

SHA1
cf1abc956d418227f0b3a97ce137f87795f82825

SHA256
a6420bf2cc5d6d2eb1768a12e5b5f10e92385262c43479f9b9aa53d73f36aa47

SHA512
55533feeda0fb22d9647d928ad8f354c0d4f292e0c4b872948162a22d543702b957f38d7927f68bc6709ad1de40ccbf9d2416b0a5a0e1602aa3c33fc88f56fbb

Download Submit
/root/.mozilla/firefox/74vrob9t.default-release/cert9.db
Filesize
224KB

MD5
5d98d5aa094dd87a4d33f79cd1805d80

SHA1
164b78fbaa2a9e54cd134d49b39ce78a2ff7b9fe

SHA256
2a2fe6a6ac5d2f6bc59287c8dc82916f750b8c1692fe6204531f5a919931a550

SHA512
3f35c18598c7b8288677a97760762f4488513e8fbc70032fbaa679c54b5ea9d292c000af36f698d6d392d7a8b814f0c58a84974eaa12a7a9d48ce8447ee2ab11

Download Submit
/root/.mozilla/firefox/74vrob9t.default-release/cert9.db
Filesize
224KB

MD5
f5e35eb49caaa183538c4883b6a2b917

SHA1
010c0bef947e4656df0ea4378cb23abf1332b6ce

SHA256
c6777f4f62d58c4eac344530ebb04fd78a06ee8b4fe7ba914b4ca35055e81a6d

SHA512
0b480ab98302316e2e531c9f38cf9b70c68c8dd1f33cbd8aa4f95e81318be05366f9657f10f8cd5207d4b927baf4d9bb67a74869be7760bb2dd46841266f2768

Download Submit
/root/.mozilla/firefox/74vrob9t.default-release/compatibility.ini
Filesize
163B

MD5
2d41a6f5736821b90ef44850dd3873fe

SHA1
a47c4bc1431234a5b58e460ede5b571acd38e562

SHA256
b4bf5c8334f6db20ae94105141ae7a721342ddccd94ec65289dc291e76a31814

SHA512
047a1455211e7aa29ef5f32f07c89d8a0c8d86d871bc664e4d8958a2a014dbe32f0613cd9eb66e7307c0e2439f74ca0b829652a52fa48e8c60d64b41f69914eb

Download Submit
/root/.mozilla/firefox/74vrob9t.default-release/content-prefs.sqlite
Filesize
32KB

MD5
1c7386dfc5a5d7f2aa06cdf1e2b280a9

SHA1
71fd6c476cca7d5aaaa79f1c535346b6de20a448

SHA256
f2793a25bb1c364f2589a7b541a5873f8e5e192ff39c1fcefd786e1c23f1c5c8

SHA512
378d36bf3054ffb7b664bcb4d0e38b546b684ce4436c247674ccf621ec2f9951cca73f55e4c1f496a37061ade6065fd315878aa65d2d38c09f8f6a0cb768d978

Download Submit
/root/.mozilla/firefox/74vrob9t.default-release/cookies.sqlite
Filesize
96KB

MD5
26ff39b359947b71a5fadd950fac34f0

SHA1
66e5830e4dca79225f41adc13a077d8e5dd8084b

SHA256
aecbaf3e1df1332d4f14a11480db712eb4aa91581eb4e942c580bf675f592a45

SHA512
7fae7b9ff4362e12f00acdc898f6f679718bdd28dc959684333086de7bacd162338dc266810f9f3f6dfa3dc228291efd6bb325e2e8573ca0e6a699059a145f11

Download Submit
/root/.mozilla/firefox/74vrob9t.default-release/cookies.sqlite
Filesize
96KB

MD5
102a8b6e82208a1b69224bdca8a5b10f

SHA1
8413dc3772127c4159e6d6b51372990a06b805ee

SHA256
5ebf89b32937916a76a8432832040cf0f6b99c2f006cc42f856712d403ec182c

SHA512
49c5c27c6749a7a73b4b944eea64ceb053a272619e6319bfd433ffbe126c8fbccc110961018165a4c7de781a86cf38d2bd9e52ec71b10bc73c9fd05fe841a46c

Download Submit
/root/.mozilla/firefox/74vrob9t.default-release/key4.db
Filesize
288KB

MD5
18711541e8275eda10ec5e4bda7ad32e

SHA1
8b07568e7ba965d580fa89ef25538f30f84764a6

SHA256
b61bb83c666799ea21c7b7bec02def714b17777d893915dbc7682fbb4b854e3c

SHA512
9efb2a53f2b1d78b5eb88af0e172850f181f6d7f50839b7616c7b69f3c91bb083b3f46561e9734163d72bd3e7bdf835375801a049f7caf310797eb5c25c2a864

Download Submit
/root/.mozilla/firefox/74vrob9t.default-release/permissions.sqlite
Filesize
96KB

MD5
652770017ccd3217c70066cdb7213d35

SHA1
61bcaddfc3b435b399490896b7d6055269ab6653

SHA256
660ccd2cc3805ef44ddd244134e82179df1708a253571afb5062d1b38939bd9a

SHA512
db4b111d760e1a67d63248a677e8487a2ecc31e89362641bcde5ef1d8bbf893b57ad70922fcebbc961d686520361f5bf0c6b7c217ac1b9164e3d275be2dc9db1

Download Submit
/root/.mozilla/firefox/74vrob9t.default-release/prefs-1.js
Filesize
1KB

MD5
7470d66c100017f86d435f89ca920900

SHA1
e9d180d82b3a771f98b0e249c785945eeb71202a

SHA256
97f74532cd0ff2eb29ea519ef8b15d1a0d098c0585955f8e018f99b8a1a6bd98

SHA512
41167da522769fecb328bd72582ebb3f90c6cf8ad7e2f4d8a922f3b204a05076862c2a37765c2774555238b2c7366bd1d2a2f10fe5cb9ed76103d654bf700a6f

Download Submit
/root/.mozilla/firefox/74vrob9t.default-release/prefs-1.js
Filesize
2KB

MD5
20835bbefb1fae26db0a0eeb694b0abd

SHA1
127917f688d31bbdf648f4bf8bf71d856340ad2a

SHA256
9047cf00cb0453036303e4896f0eca1cadc69e2d14e005aea480847a919e3232

SHA512
5f010528ee9f9ce773aa8d77f49c6dedc179254a00ad6d6210d1885ca9a24c1a5410e636607e69b2a460e8684ef1d38b5bd232d3a092617d3c43337cde3259e4

Download Submit
/root/.mozilla/firefox/74vrob9t.default-release/prefs-1.js
Filesize
2KB

MD5
cf8af4260759b7b577e1efd168bee23b

SHA1
0485a0feaf3b18786f766ee39e8258a073062f08

SHA256
e2dd463f8672c1cb6675ed18e394e12b5a0473008feb45977e692f7c55dcf0dc

SHA512
f55a061ef5fbd9a40f8a8619e9f19a2f22547b6c0cda5923995badd8ee05c767f04e7d13755b080639ef5a8dd70551e3c4099066ec9649e88bea1d23b92c80e2

Download Submit
/root/.mozilla/firefox/74vrob9t.default-release/prefs-1.js
Filesize
2KB

MD5
b80db4663f91fda5ff1585b72071641a

SHA1
de85e2b090ddb732df86255e7e483a460154a3ea

SHA256
4bd2961ceea3e138aa5b11e857f5901385fee11b2dc84b710f35501fbe1f5124

SHA512
73496392ba95c3e0df83fcd21e363e70c5ed6557cb0b7fdb0cc9d97ff952b63b6a28b8691acf3ff4fb4b508573ec2e1d88acfaf6153820d9aea1278221a950ef

Download Submit
/root/.mozilla/firefox/74vrob9t.default-release/prefs-1.js
Filesize
3KB

MD5
e5e25ec765ac5a940095aeccb6b1bdd1

SHA1
f0362b78bff4f9f2d25293392eb0a513f3eaf7e1

SHA256
fbbb64fdb6386091080ed2c400928aa88ab211f10aeb96c8ca44587fba24c420

SHA512
f48f7a91cdb522d5e435cabe333839210d5639244766317189220afc6df3aac787a6f80b7639a59afda5b8b91ac594dd7bc12a80cb0638c0be69e1e044c46f01

Download Submit
/root/.mozilla/firefox/74vrob9t.default-release/prefs-1.js
Filesize
4KB

MD5
5fc1125e6840ff7dd79e496cc3d7c7f4

SHA1
fc7e634445abacd8e336aa72642050bee43aee90

SHA256
d5b8d56a2d3278de78435baf574d8c76ac9b5a2b78d61d9ea35692613233f5ef

SHA512
f022e752c8063014f982ce3afc0e960267c5ed00911bd593845c11d497d0f6d2bf081bc755eb3cca066fcd18a10d3c5979d7bb47497088d6c5e47186fd015638

Download Submit
/root/.mozilla/firefox/74vrob9t.default-release/prefs-1.js
Filesize
4KB

MD5
47db3ee9a7d98799f3353e3df198db5c

SHA1
5412a259f2ee8516742f08a3c068fd073441fb39

SHA256
2bc49232541da7961bef39223bcb06437862dbb07f1cca27dcb2861eca17477e

SHA512
8bda6f9dec4c47e58b55e3b51c6ad3dc86ba05526ec22b57f5f14673fe874f0e69a2843ae8e3daf08ff3ea9798937130e124e1ca4c5c1fed69c8a2874520377e

Download Submit
/root/.mozilla/firefox/74vrob9t.default-release/prefs.js
Filesize
1KB

MD5
5886be8d97d000c45544a16072a9d5a4

SHA1
e16a1cefcc920490b4d28b6485e3c9c9944fb693

SHA256
aa9d84b7ac0f1111e41f269d258c83edfe635e268ff4314b0fd3ad57853a51b3

SHA512
dfb2a2e555c8e153c82aff73094cebc3fcf3db3c577549e82f206a644c88e4bde52d35c17877523ac5123b29fb5aae2c59279e03df93a8ab3996c27a4e0e5f18

Download Submit
/root/.mozilla/firefox/74vrob9t.default-release/storage/ls-archive.sqlite
Filesize
96KB

MD5
e1121e3dd3c8a9c384f879bdddcff219

SHA1
625f25a1a5ff8527ab3105636fa7aecb9affd234

SHA256
766b9f50254b4e5526b0cde2911512956262596d8937f8630805d3c70802a066

SHA512
03e1cee2e75b2b609b8344a40995de09de837e940d2012f2fea65d9c70eecbcd3345b66b852f32211b38b06a4370f06f02ca7521e29e7113e2e12a6a7752be31

Download Submit
/root/.mozilla/firefox/74vrob9t.default-release/storage/ls-archive.sqlite
Filesize
128KB

MD5
0d2b18bbf091633c4fe1ebdd197dfa15

SHA1
c150dc37042d92d30efed6cbc1b536eb66ec1a3e

SHA256
fe63ee867e0f229a0bcc48b771afeec394c362ac6d0c2bd6907c7202097bd228

SHA512
59d202bfaf236bdcfc05a3e148a773d15a3bdff23be26fb2cbfd059fee6c4a516c7a59de0a3bc97df1419c34464e1346354979ddda1062101121522f22d8156d

Download Submit
/root/.mozilla/firefox/74vrob9t.default-release/storage/permanent/chrome/.metadata-v2-tmp
Filesize
36B

MD5
eee51a14ca40c4f472c09a3feaade4d6

SHA1
99bef116e100e4fbc9b7b3bbb4f4ba1b78bd8d6b

SHA256
d842a8b429468041b494c07ff84b865bcabff08fb47e0f9df33d8c5bf75c7b94

SHA512
fcc729eb8d87941845cd735cc86022ccadeff26ae337d0cae4f9e48cec4328cb1bc34da76eaddc8cb052caa3421e9cf193ea7f909f2f7a50ecb93f3d523b7c9e

Download Submit
/root/.mozilla/firefox/74vrob9t.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite
Filesize
44KB

MD5
488403dd59d861961dbf2e5317cc6e55

SHA1
bcb13cf819bdc370762237a075f14a9be0728a50

SHA256
8645149962df6c816291521b6cb45e9acf79da6bdc3a727ba00c71eb720de4ef

SHA512
4e60bc58fdc1ffe3662b83fc9af3e0ec5af90eeb25da8e60a70717e3588676e135f6cc5a8d57a37c2cd2ce3a3661e665e2688d00799dd834945d5f0964750805

Download Submit
/root/.mozilla/firefox/74vrob9t.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite
Filesize
12KB

MD5
789ecb3e29795030c5bc7d2a5bdd275e

SHA1
387b984f8ae48e4a5678e6716027e6cfc0be4afe

SHA256
e743e66d4ee316fce24ad3263c4aee4336e71578a2f0d7d46ca3b66ffa99749c

SHA512
18c98f1a9dda790381afd06241115de457796a1ee2f787bf03f1c7a43cd911aed6c1b7aa065064378ccc3a8557f80b3dacfebf1a2eb4ec20054553839c47fdc7

Download Submit
/root/.mozilla/firefox/74vrob9t.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite
Filesize
44KB

MD5
f1cd629017b1fe58fc80953ebd4754b6

SHA1
01e02178484458797c2b682325b26b2633fe8466

SHA256
81bf3da297b9ee8270bea383d9479cd7951e35f552361230358e3a35e1f44567

SHA512
afb775074af046014236a312865a1811de3bfb97f8df057541401867140fcc236259ab237712a7d3bc012ff84cf90330e4e122374cd09c194c4c145f575fb95a

Download Submit
/root/.mozilla/firefox/74vrob9t.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite
Filesize
12KB

MD5
58172aa7641ecc6e14a5e72464f93a76

SHA1
2503ce0fc7ca889e838e6fe000e4ca2061304020

SHA256
efa89723ea41d6f72258d0944e6c24e816e6984a96029c890fcc30adf876d774

SHA512
1eac8dc36736c03fccc06d91a2b74551bfbe2d5ace7bcd5a5cf9f07db29a98a6825f63424f8ae40f68fdce0d8bba60b54abeb81c500fbde064f82bc4e7846be5

Download Submit
/root/.mozilla/firefox/74vrob9t.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite
Filesize
44KB

MD5
1ea539584c41fd171d307fb9e740d499

SHA1
de3d1a3d6a0173bcd30c89f148cd732d0ae614eb

SHA256
aaa3461e12a1343eb5803894e1ef6894014b75b26ef264f29ece30b1cea3aa83

SHA512
22b145864127c0f223522016c6ba0a67e06a36aeba135e546f4d77000f436d5060064eb988b7aafdb451e39f70d0afd20313d15507dd531234ac25d60e9d935c

Download Submit
/root/.mozilla/firefox/74vrob9t.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite
Filesize
12KB

MD5
2bc5ce5d01df9c92c536e45f049c0f3a

SHA1
ab12d5bb9e6d1751e645f9c74bc61cc50bfbe2d5

SHA256
df545c853e87762139db2607d1765173deefaa42731f0ed15294fb5233f88771

SHA512
b430974146672ba40561e4e9608b28f81e570d10de39939690945ebab9842b9ed363dda8ff437019c7556e26d0468b48aba25b11826f08198110981798d26019

Download Submit
/root/.mozilla/firefox/74vrob9t.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite
Filesize
16KB

MD5
119bdcaa36c7a8de1dfe55818be0288b

SHA1
5cab64cb3ef479951187785e67e252a21740e2d3

SHA256
7a307fdcdfffce4138eaac71da5fdb7c988f418413fdb3f1aafa5e3659ab343c

SHA512
c16a87dd042df8db47d8fe20eefd9f078c28ee78712f5b36e9643dc6888372ca1b3575c5c66dba0cc316265120b82b5d274d709d8f7b22bf7a7cd89299c699f0

Download Submit
/root/.mozilla/firefox/74vrob9t.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
Filesize
44KB

MD5
225fe36c4bb990de9670b27368d655a2

SHA1
1dc382bec9af9b4bd0308dea1908ab6933834828

SHA256
2185235a458ef8924a1370bb956dd1d65d1f7bbffda08289275e072b65d5d1db

SHA512
11eb31a930a336c13869b0d385df555d7fba32ecea26bf513398dca2a35439643b0896a94c4696ffb439eef18b7f85982155dd12beddef784fe4ed1e86d2d1c2

Download Submit
/root/.mozilla/firefox/74vrob9t.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
Filesize
12KB

MD5
36e98efca74672e375f4e517eeaf713d

SHA1
afeb4c76577cc7b0955de3160d3ef61c6c2f8f4c

SHA256
2676f267ba8abd68bc41d5747d63090e83b60655c7467984f903310f586f3677

SHA512
6e4ce685cf2c37a8953d48db6250443ec656184af4ace583dac00d11454c06701e8e8117df3bf466ef55e357fa4bd4a7bdd8dd4d4123b9263d9ff504e02eb1fd

Download Submit
/root/.mozilla/firefox/74vrob9t.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
Filesize
156KB

MD5
e85ddbcbcdedb08952e0c21ff3c6b1db

SHA1
5687e6d7873b73a766d49a7eb8538a820ae16225

SHA256
d9cf373c6ecf2762fc7f56b494c784f2a2f3e63bcf0fa1bf6a28c02ca88bdb0c

SHA512
6a730d61fac3bd0258166240d13db2197249b8146ef6f2e2de1d3b7802341b1922f2dff3cd5dd760d04c832974ff72aaad58622ad0fcf37b38177aede3fa7131

Download Submit
/root/.mozilla/firefox/74vrob9t.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
Filesize
116KB

MD5
bbe9e4471c97fb1b270eb793922a00e8

SHA1
a1da47669a2b512be64ba97e8bbd587887d2c24f

SHA256
dedbbbca17668696789b6525ec93fadbb5731e96df326c7d84ce355fe0ca1bac

SHA512
1df28b24c05bd0931c3fab72bf6283d4a4df4253bd28060bf9abaf8fa0b9fd91e7790c28d7972287ac82a1bf04eecd3fab8acdaa26dfd394b3493280c7474f1d

Download Submit
/root/.mozilla/firefox/74vrob9t.default-release/times.json
Filesize
50B

MD5
f5b8baf51ab4ebd39bac29b6fce7c632

SHA1
6ba91e466c73623e0340c136333d3d6e97337148

SHA256
4c268bbc4687cbfd565cd13310c8ff512273c51127a99cf38e66f2f1a4d8d901

SHA512
5f8566f625d5ffaeff19111884aada4b2414beb174088b450e960bd64477a6d25bae7d1297f02c5196c0805a359e1539d0d40fee37e5804ad3a48b35ff924e3b

Download Submit
/root/.mozilla/firefox/74vrob9t.default-release/times.json
Filesize
47B

MD5
264d6a8b7e94a5ae94e38ef6e842a35d

SHA1
0835286a43161754cf7f93b4b0c920da2258fc40

SHA256
4d35d4570b812ec3010b56d12fd17ab0f9b5b24c90446f66a2d980916cb38acb

SHA512
b8eb530ceff2ec18fd12fdaa13a30a74d912b0b7df03b1c211253e5ee9e52085d209ebe2dc2f60ab0f3cbde4e338fae094799492f9397bfbe96a3f71c80c4aae

Download Submit
/root/.mozilla/firefox/Crash Reports/InstallTime20240108143603
Filesize
10B

MD5
12e16b10ea16df7d63c5c06fa804e188

SHA1
b0d0396d9b44b4451c8dd5a1510b3286d101a695

SHA256
79891595f94af63eb184d747aa3db5ff399cc12d3ebe7fed1255d23cd96f7834

SHA512
b2cfca70b107a24e498338cf48b0eabbe08c934a58a3c6c4a5a211f5e3fc491c305a6ce801c373783f8c23a2e8a474ddaa7c3f5a9a8db4d311511b644c6b9043

Download Submit
/root/.mozilla/firefox/installs.ini
Filesize
62B

MD5
86267487afeeff7f70e73883ee501e85

SHA1
0356e6639250a0ec347c90ba68dab85b3dacfd7d

SHA256
260baae7e34e69f1fcc1347683abb14a1265bb74310030471374689f242543e3

SHA512
80579a66f2f6a0632a52291da4704220bb8d2973b66a9a8102dacbfb5f7fdbac3aabbc790e4cca74e2147554ba318203e8da15f1dc736d529c08d8f05022d9c3

Download Submit
/root/.mozilla/firefox/profiles.ini
Filesize
259B

MD5
64530329371297b4c827be46c1b5eac3

SHA1
4248c67d932adf66667b67023239ff18e0a5025a

SHA256
1dc7a34b8d2ea95a5faf2690a0fdf04a846ae5fc01a1b79dec46d1bd2f86f4ef

SHA512
e134414c0af38c8381b136cd5d9071b34bd85b123c2f6235dc3edf9725628cf86f846777e2a399cc290e0e0eb31a950d29079c2976e1e97fd5d5453504d88dfc

Download Submit