hxxp://45[.]79[.]187[.]117/srci/774/mid/282/p-84

Resubmissions

05/04/2024, 18:06

240405-wp5kmaaf3y 1

05/04/2024, 18:06

240405-wpzz5sbb54 1

05/04/2024, 18:04

240405-wnwakaba99 7

05/04/2024, 18:02

240405-wmteksba67 7

Analysis

max time kernel
28s
max time network
38s
platform
ubuntu-20.04_amd64
resource
ubuntu2004-amd64-20240221-en
resource tags

arch:amd64arch:i386image:ubuntu2004-amd64-20240221-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system
submitted
05/04/2024, 18:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://45.79.187.117/srci/774/mid/282/p-84

Score

7^/10

antivm spyware stealer

Malware Config

Signatures

Changes its process name 64 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	gmain	1750	Process not Found
Changes the process name, possibly in an attempt to hide itself	gdbus	1758	Process not Found
Changes the process name, possibly in an attempt to hide itself	glean.dispatche	1764	Process not Found
Changes the process name, possibly in an attempt to hide itself	IPC I/O Parent	1768	Process not Found
Changes the process name, possibly in an attempt to hide itself	IPC I/O Parent	1768	Process not Found
Changes the process name, possibly in an attempt to hide itself	IPC I/O Parent	1768	Process not Found
Changes the process name, possibly in an attempt to hide itself	Timer	1891	Process not Found
Changes the process name, possibly in an attempt to hide itself	Timer	1891	Process not Found
Changes the process name, possibly in an attempt to hide itself	Netlink Monitor	1892	Process not Found
Changes the process name, possibly in an attempt to hide itself	Socket Thread	1894	Process not Found
Changes the process name, possibly in an attempt to hide itself	Netlink Monitor	1892	Process not Found
Changes the process name, possibly in an attempt to hide itself	Socket Thread	1894	Process not Found
Changes the process name, possibly in an attempt to hide itself	IPDL Background	1895	Process not Found
Changes the process name, possibly in an attempt to hide itself	Backgro~Pool #1	1896	Process not Found
Changes the process name, possibly in an attempt to hide itself	IPDL Background	1895	Process not Found
Changes the process name, possibly in an attempt to hide itself	Backgro~Pool #1	1896	Process not Found
Changes the process name, possibly in an attempt to hide itself	HTML5 Parser	1899	Process not Found
Changes the process name, possibly in an attempt to hide itself	HTML5 Parser	1899	Process not Found
Changes the process name, possibly in an attempt to hide itself	pool-firefox	1914	Process not Found
Changes the process name, possibly in an attempt to hide itself	pool-firefox	1913	Process not Found
Changes the process name, possibly in an attempt to hide itself	JS Watchdog	1920	Process not Found
Changes the process name, possibly in an attempt to hide itself	JS Watchdog	1920	Process not Found
Changes the process name, possibly in an attempt to hide itself	BGReadURLs	1940	Process not Found
Changes the process name, possibly in an attempt to hide itself	BGReadURLs	1940	Process not Found
Changes the process name, possibly in an attempt to hide itself	Cache2 I/O	1964	Process not Found
Changes the process name, possibly in an attempt to hide itself	Cookie	1966	Process not Found
Changes the process name, possibly in an attempt to hide itself	Cookie	1966	Process not Found
Changes the process name, possibly in an attempt to hide itself	glxtest:disk$0	1982	Process not Found
Changes the process name, possibly in an attempt to hide itself	StreamTrans #1	1985	Process not Found
Changes the process name, possibly in an attempt to hide itself	StreamTrans #1	1985	Process not Found
Changes the process name, possibly in an attempt to hide itself	TaskCon~ller #1	1994	Process not Found
Changes the process name, possibly in an attempt to hide itself	TaskCon~ller #0	1993	Process not Found
Changes the process name, possibly in an attempt to hide itself	BgIOThr~Pool #1	1998	Process not Found
Changes the process name, possibly in an attempt to hide itself	BgIOThr~Pool #1	1998	Process not Found
Changes the process name, possibly in an attempt to hide itself	StreamTrans #3	2028	Process not Found
Changes the process name, possibly in an attempt to hide itself	StreamTrans #4	2029	Process not Found
Changes the process name, possibly in an attempt to hide itself	StreamTrans #3	2028	Process not Found
Changes the process name, possibly in an attempt to hide itself	StreamTrans #4	2029	Process not Found
Changes the process name, possibly in an attempt to hide itself	StreamTrans #5	2030	Process not Found
Changes the process name, possibly in an attempt to hide itself	StreamTrans #2	2027	Process not Found
Changes the process name, possibly in an attempt to hide itself	StreamTrans #5	2030	Process not Found
Changes the process name, possibly in an attempt to hide itself	StreamTrans #2	2027	Process not Found
Changes the process name, possibly in an attempt to hide itself	StreamTrans #6	2031	Process not Found
Changes the process name, possibly in an attempt to hide itself	StreamTrans #6	2031	Process not Found
Changes the process name, possibly in an attempt to hide itself	StreamTrans #7	2032	Process not Found
Changes the process name, possibly in an attempt to hide itself	StreamTrans #7	2032	Process not Found
Changes the process name, possibly in an attempt to hide itself	QuotaManager IO	2034	Process not Found
Changes the process name, possibly in an attempt to hide itself	QuotaManager IO	2034	Process not Found
Changes the process name, possibly in an attempt to hide itself	IndexedDB #1	2035	Process not Found
Changes the process name, possibly in an attempt to hide itself	IndexedDB #1	2035	Process not Found
Changes the process name, possibly in an attempt to hide itself	IPC Launch	2038	Process not Found
Changes the process name, possibly in an attempt to hide itself	SandboxReporter	2037	Process not Found
Changes the process name, possibly in an attempt to hide itself	IPC Launch	2038	Process not Found
Changes the process name, possibly in an attempt to hide itself	SandboxReporter	2037	Process not Found
Changes the process name, possibly in an attempt to hide itself	Breakpad Server	2036	Process not Found
Changes the process name, possibly in an attempt to hide itself	DOM Worker	2040	Process not Found
Changes the process name, possibly in an attempt to hide itself	DOM Worker	2040	Process not Found
Changes the process name, possibly in an attempt to hide itself	Sandbox Forked	2039	Process not Found
Changes the process name, possibly in an attempt to hide itself	Chroot Helper	2041	Process not Found
Changes the process name, possibly in an attempt to hide itself	MainThread	2039	firefox
Changes the process name, possibly in an attempt to hide itself	IPC I/O Child	2043	Process not Found
Changes the process name, possibly in an attempt to hide itself	IPC I/O Child	2043	Process not Found
Changes the process name, possibly in an attempt to hide itself	IPC I/O Child	2043	Process not Found
Changes the process name, possibly in an attempt to hide itself	FSBroker2039	2044	Process not Found

Reads user data of web browsers 64 IoCs

Reads stored browser data which can include saved credentials.

spyware stealer

description	ioc	Process
File opened for reading	/root/.mozilla/firefox/h3gfden5.default-release/cert_override.txt	firefox
File opened for reading	/root/.mozilla/firefox/h3gfden5.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-wal	Process not Found
File opened for reading	/root/.mozilla/firefox/h3gfden5.default-release/sessionstore-backups/recovery.bak	Process not Found
File opened for reading	/root/.mozilla/firefox/h3gfden5.default-release/compatibility.ini	firefox
File opened for reading	/root/.mozilla/firefox/h3gfden5.default-release/user.js	firefox
File opened for reading	/root/.mozilla/firefox/h3gfden5.default-release/system-extensions	firefox
File opened for reading	/root/.mozilla/firefox/h3gfden5.default-release/cookies.sqlite-journal	firefox
File opened for reading	/root/.mozilla/firefox/h3gfden5.default-release/sessionstore-backups/recovery.jsonlz4	Process not Found
File opened for reading	/root/.mozilla/firefox/h3gfden5.default-release/xulstore.json	firefox
File opened for reading	/root/.mozilla/firefox/h3gfden5.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite	Process not Found
File opened for reading	/root/.mozilla/firefox/h3gfden5.default-release/cookies.sqlite	Process not Found
File opened for reading	/root/.mozilla/firefox/h3gfden5.default-release/pkcs11.txt	firefox
File opened for reading	/root/.mozilla/firefox/h3gfden5.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite	Process not Found
File opened for reading	/root/.mozilla/firefox/h3gfden5.default-release/permissions.sqlite-journal	Process not Found
File opened for reading	/root/.mozilla/firefox/h3gfden5.default-release/sessionstore-backups/recovery.js	Process not Found
File opened for reading	/root/.mozilla/firefox/h3gfden5.default-release/places.sqlite-journal	firefox
File opened for reading	/root/.mozilla/firefox/h3gfden5.default-release/content-prefs.sqlite-journal	Process not Found
File opened for reading	/root/.mozilla/firefox/h3gfden5.default-release/storage.sqlite	Process not Found
File opened for reading	/root/.mozilla/firefox/h3gfden5.default-release/storage/ls-archive.sqlite	Process not Found
File opened for reading	/root/.mozilla/firefox/h3gfden5.default-release/sessionstore-backups/recovery.baklz4	Process not Found
File opened for reading	/root/.mozilla/firefox/h3gfden5.default-release/sessionstore.js	Process not Found
File opened for reading	/root/.mozilla/firefox/h3gfden5.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite-journal	Process not Found
File opened for reading	/root/.mozilla/firefox/h3gfden5.default-release/places.sqlite	firefox
File opened for reading	/root/.mozilla/firefox/h3gfden5.default-release/extensions.json	Process not Found
File opened for reading	/root/.mozilla/firefox/h3gfden5.default-release/storage.sqlite-journal	Process not Found
File opened for reading	/root/.mozilla/firefox/h3gfden5.default-release/times.json	Process not Found
File opened for reading	/root/.mozilla/firefox/h3gfden5.default-release/handlers.json	firefox
File opened for reading	/root/.mozilla/firefox/h3gfden5.default-release/cert9.db-journal	firefox
File opened for reading	/root/.mozilla/firefox/h3gfden5.default-release/extension-preferences.json	Process not Found
File opened for reading	/root/.mozilla/firefox/h3gfden5.default-release/storage/permanent/chrome/idb	Process not Found
File opened for reading	/root/.mozilla/firefox/h3gfden5.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite-wal	Process not Found
File opened for reading	/root/.mozilla/firefox/h3gfden5.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite	Process not Found
File opened for reading	/root/.mozilla/firefox/h3gfden5.default-release/addonStartup.json.lz4	firefox
File opened for reading	/root/.mozilla/firefox/h3gfden5.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite-journal	Process not Found
File opened for reading	/root/.mozilla/firefox/h3gfden5.default-release/key4.db	firefox
File opened for reading	/root/.mozilla/firefox/h3gfden5.default-release/shield-preference-experiments.json	Process not Found
File opened for reading	/root/.mozilla/firefox/h3gfden5.default-release/sessionCheckpoints.json	Process not Found
File opened for reading	/root/.mozilla/firefox/h3gfden5.default-release/sessionstore.jsonlz4	Process not Found
File opened for reading	/root/.mozilla/firefox/h3gfden5.default-release/favicons.sqlite-journal	firefox
File opened for reading	/root/.mozilla/firefox/h3gfden5.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-journal	Process not Found
File opened for reading	/root/.mozilla/firefox/h3gfden5.default-release/search.json.mozlz4	Process not Found
File opened for reading	/root/.mozilla/firefox/h3gfden5.default-release/prefs.js	firefox
File opened for reading	/root/.mozilla/firefox/h3gfden5.default-release/sessionstore-backups/previous.jsonlz4	Process not Found
File opened for reading	/root/.mozilla/firefox/h3gfden5.default-release/sessionstore-backups/previous.js	Process not Found
File opened for reading	/root/.mozilla/firefox/h3gfden5.default-release/logins.json	Process not Found
File opened for reading	/root/.mozilla/firefox/h3gfden5.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite	Process not Found
File opened for reading	/root/.mozilla/firefox/h3gfden5.default-release/permissions.sqlite	Process not Found
File opened for reading	/root/.mozilla/firefox/h3gfden5.default-release	firefox
File opened for reading	/root/.mozilla/firefox/h3gfden5.default-release/cookies.sqlite-journal	Process not Found
File opened for reading	/root/.mozilla/firefox/h3gfden5.default-release/extensions	firefox
File opened for reading	/root/.mozilla/firefox/h3gfden5.default-release/key4.db	Process not Found
File opened for reading	/root/.mozilla/firefox/h3gfden5.default-release/content-prefs.sqlite	Process not Found
File opened for reading	/root/.mozilla/firefox/h3gfden5.default-release/storage/ls-archive.sqlite-journal	Process not Found
File opened for reading	/root/.mozilla/firefox/h3gfden5.default-release/favicons.sqlite	firefox
File opened for reading	/root/.mozilla/firefox/h3gfden5.default-release/favicons.sqlite-wal	firefox
File opened for reading	/root/.mozilla/firefox/h3gfden5.default-release/cert9.db-journal	Process not Found
File opened for reading	/root/.mozilla/firefox/h3gfden5.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite-journal	Process not Found
File opened for reading	/root/.mozilla/firefox/h3gfden5.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite-wal	Process not Found
File opened for reading	/root/.mozilla/firefox/h3gfden5.default-release	Process not Found
File opened for reading	/root/.mozilla/firefox/h3gfden5.default-release/storage	Process not Found
File opened for reading	/root/.mozilla/firefox/h3gfden5.default-release/cert9.db	firefox
File opened for reading	/root/.mozilla/firefox/h3gfden5.default-release/key4.db-journal	firefox
File opened for reading	/root/.mozilla/firefox/h3gfden5.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite-wal	Process not Found
File opened for reading	/root/.mozilla/firefox/h3gfden5.default-release/cookies.sqlite	firefox

Checks CPU configuration 1 TTPs 1 IoCs

Checks CPU information which indicate if the system is a virtual machine.

antivm

Virtualization/Sandbox Evasion

T1497

description	ioc
File opened for reading	/proc/cpuinfo

Reads CPU attributes 1 TTPs 11 IoCs

System Information Discovery

T1082

description	ioc	Process
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index3/size	Process not Found
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/online	Process not Found
File opened for reading	/sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq	Process not Found
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index2/size	Process not Found
File opened for reading	/sys/devices/system/cpu/present	Process not Found
File opened for reading	/sys/devices/system/cpu/present	firefox

Enumerates kernel/hardware configuration 1 TTPs 64 IoCs

Reads contents of /sys virtual filesystem to enumerate system information.

System Information Discovery

T1082

description	ioc	Process
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/device	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/resource	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/irq	glxtest
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/device	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/resource	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/vendor	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/class	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/class	glxtest
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/resource	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/vendor	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/vendor	glxtest
File opened for reading	/sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us	firefox
File opened for reading	/sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/device	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/device	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/class	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/vendor	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/resource	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/device	glxtest
File opened for reading	/sys/bus/pci/devices	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/vendor	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/irq	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/irq	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/resource	glxtest
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/irq	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/resource	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/irq	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/vendor	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/class	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/resource	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/device	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/irq	glxtest
File opened for reading	/sys/kernel/security/apparmor/features/dbus/mask	dbus-daemon
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/class	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/device	glxtest
File opened for reading	/sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/irq	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/class	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/resource	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/device	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/irq	glxtest
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/device	glxtest
File opened for reading	/sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/vendor	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/class	glxtest
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/vendor	glxtest
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/subsystem_vendor	glxtest
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/subsystem_device	glxtest
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/vendor	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/class	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/device	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/class	glxtest
File opened for reading	/sys/devices/system/cpu	Process not Found
File opened for reading	/sys/devices/system/cpu	glxtest
File opened for reading	/sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/vendor	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/irq	glxtest
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/uevent	glxtest

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/self/mountinfo	Process not Found
File opened for reading	/proc/self/fd/39	firefox
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/self/cgroup	firefox
File opened for reading	/proc/self/mountinfo	firefox
File opened for reading	/proc/filesystems	xdg-document-portal
File opened for reading	/proc/2087/cmdline	Process not Found
File opened for reading	/proc/self/fd/74	firefox
File opened for reading	/proc/2109/cmdline	Process not Found
File opened for reading	/proc/self/task/2154/stat	Process not Found
File opened for reading	/proc/2147/statm	Process not Found
File opened for reading	/proc/2147/smaps	Process not Found
File opened for reading	/proc/filesystems	gvfsd-fuse
File opened for reading	/proc/2104/cmdline	Process not Found
File opened for reading	/proc/2121/statm	Process not Found
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/self/fd/44	firefox
File opened for reading	/proc/filesystems	dconf-service
File opened for reading	/proc/cmdline	dconf-service
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/1484/attr/current	Process not Found
File opened for reading	/proc/self/fd/45	firefox
File opened for reading	/proc/self/task/2042/stat	Process not Found
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/mounts	dbus-daemon
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/self/mountinfo	firefox
File opened for reading	/proc/self/fd/49	firefox
File opened for reading	/proc/self/fd/50	firefox
File opened for reading	/proc/2070/cmdline	Process not Found
File opened for reading	/proc/2112/cmdline	Process not Found
File opened for reading	/proc/self/mountinfo	firefox
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/self/fd	Process not Found
File opened for reading	/proc/1484/status	Process not Found
File opened for reading	/proc/filesystems	xdg-desktop-portal
File opened for reading	/proc/filesystems	xdg-permission-store
File opened for reading	/proc/filesystems	gvfsd-trash
File opened for reading	/proc/self/task/2127/stat	Process not Found
File opened for reading	/proc/self/cgroup	firefox
File opened for reading	/proc/self/fd/93	firefox
File opened for reading	/proc/self/task/2208/stat	Process not Found
File opened for reading	/proc/self/task/2233/stat	Process not Found
File opened for reading	/proc/1509/cmdline	Process not Found
File opened for reading	/proc/1590/cmdline	Process not Found
File opened for reading	/proc/self/fd/51	firefox
File opened for reading	/proc/self/mountinfo	firefox
File opened for reading	/proc/self/fd/86	firefox
File opened for reading	/proc/self/mountinfo	firefox
File opened for reading	/proc/sys/kernel/cap_last_cap	Process not Found
File opened for reading	/proc/self/stat	Process not Found
File opened for reading	/proc/self/fd/34	firefox
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/self/cgroup	firefox
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/self/fd/30	firefox
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/2061/cmdline	Process not Found
File opened for reading	/proc/self/cgroup	firefox
File opened for reading	/proc/1473/cmdline	Process not Found
File opened for reading	/proc/filesystems	sed

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/firefox/.parentlock	firefox

/usr/bin/xdg-open
xdg-open http://45.79.187.117/srci/774/mid/282/p-84
1⤵
PID:1470
- /usr/bin/dbus-send
  dbus-send --print-reply "--dest=org.freedesktop.DBus" /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager
  2⤵
  PID:1473
- - /usr/bin/dbus-launch
    dbus-launch --autolaunch 4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr
    3⤵
    PID:1476
- /usr/bin/grep
  grep " = \\\"xfce4\\\"\$"
  2⤵
  PID:1487
- /usr/bin/xprop
  xprop -root _DT_SAVE_MODE
  2⤵
  PID:1486
- /usr/bin/xprop
  xprop -root
  2⤵
  PID:1488
- /usr/bin/grep
  grep -i "^xfce_desktop_window"
  2⤵
  PID:1489
- /usr/bin/grep
  grep -q "^Enlightenment"
  2⤵
  PID:1497
- /usr/bin/uname
  uname
  2⤵
  PID:1498
- /usr/bin/grep
  grep -q "^file://"
  2⤵
  PID:1500
- /usr/bin/egrep
  egrep -q "^[[:alpha:]+\\.\\-]+:"
  2⤵
  PID:1504
- /usr/local/sbin/grep
  grep -E -q "^[[:alpha:]+\\.\\-]+:"
  2⤵
  PID:1504
- /usr/local/bin/grep
  grep -E -q "^[[:alpha:]+\\.\\-]+:"
  2⤵
  PID:1504
- /usr/sbin/grep
  grep -E -q "^[[:alpha:]+\\.\\-]+:"
  2⤵
  PID:1504
- /usr/bin/grep
  grep -E -q "^[[:alpha:]+\\.\\-]+:"
  2⤵
  PID:1504
- /usr/bin/xdg-mime
  xdg-mime query default x-scheme-handler/http
  2⤵
  PID:1508
- - /usr/bin/dbus-send
    dbus-send --print-reply "--dest=org.freedesktop.DBus" /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager
    3⤵
    PID:1509
  - - /usr/bin/dbus-launch
      dbus-launch --autolaunch 4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr
      4⤵
      PID:1510
- - /usr/bin/grep
    grep " = \\\"xfce4\\\"\$"
    3⤵
    PID:1512
- - /usr/bin/xprop
    xprop -root _DT_SAVE_MODE
    3⤵
    PID:1511
- - /usr/bin/grep
    grep -i "^xfce_desktop_window"
    3⤵
    PID:1514
- - /usr/bin/xprop
    xprop -root
    3⤵
    PID:1513
- - /usr/bin/grep
    grep -q "^Enlightenment"
    3⤵
    PID:1516
- - /usr/bin/uname
    uname
    3⤵
    PID:1517
- /usr/bin/which
  which firefox
  2⤵
  PID:1561
- /usr/bin/firefox
  /usr/bin/firefox http://45.79.187.117/srci/774/mid/282/p-84
  2⤵
  PID:1590
- - /usr/bin/which
    which /usr/bin/firefox
    3⤵
    PID:1592
- /usr/lib/firefox/firefox
  /usr/lib/firefox/firefox http://45.79.187.117/srci/774/mid/282/p-84
  2⤵
  - Reads user data of web browsers
  - Reads CPU attributes
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:1590
- - /usr/local/sbin/dbus-launch
    dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
    3⤵
    PID:1752
- - /usr/local/bin/dbus-launch
    dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
    3⤵
    PID:1752
- - /usr/sbin/dbus-launch
    dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
    3⤵
    PID:1752
- - /usr/bin/dbus-launch
    dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
    3⤵
    PID:1752
- - /usr/lib/firefox/glxtest
    /usr/lib/firefox/glxtest -f 13
    3⤵
    - Enumerates kernel/hardware configuration
    PID:1765
- - /usr/local/sbin/dbus-launch
    dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
    3⤵
    PID:2050
- - /usr/local/bin/dbus-launch
    dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
    3⤵
    PID:2050
- - /usr/sbin/dbus-launch
    dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
    3⤵
    PID:2050
- - /usr/bin/dbus-launch
    dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
    3⤵
    PID:2050

/usr/bin/dbus-daemon
/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session
1⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1479

/usr/bin/sed
sed -n "s/\$^[[:alnum:]+\\.-]*\$:.*\$/\\1/p"
1⤵
PID:1507

/usr/bin/sed
sed "s/:/ /g"
1⤵
- Reads runtime system information
PID:1520

/usr/bin/head
head -n 1
1⤵
PID:1523

/usr/bin/cut
cut -d "=" -f 2
1⤵
PID:1524

/usr/bin/grep
grep "x-scheme-handler/http=" /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache
1⤵
PID:1522

/usr/bin/cut
cut -d ";" -f 1
1⤵
PID:1525

/usr/bin/head
head -n 1
1⤵
PID:1529

/usr/bin/cut
cut -d "=" -f 2
1⤵
PID:1530

/usr/bin/cut
cut -d ";" -f 1
1⤵
PID:1531

/usr/bin/grep
grep "x-scheme-handler/http=" /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache
1⤵
PID:1528

/usr/bin/head
head -n 1
1⤵
PID:1534

/usr/bin/cut
cut -d ";" -f 1
1⤵
PID:1536

/usr/bin/cut
cut -d "=" -f 2
1⤵
PID:1535

/usr/bin/grep
grep "x-scheme-handler/http=" /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache
1⤵
PID:1533

/usr/bin/cut
cut -d ";" -f 1
1⤵
PID:1541

/usr/bin/cut
cut -d "=" -f 2
1⤵
PID:1540

/usr/bin/head
head -n 1
1⤵
PID:1539

/usr/bin/grep
grep "x-scheme-handler/http=" /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache
1⤵
PID:1538

/usr/bin/cut
cut -d "=" -f 2
1⤵
PID:1545

/usr/bin/cut
cut -d ";" -f 1
1⤵
PID:1546

/usr/bin/head
head -n 1
1⤵
PID:1544

/usr/bin/grep
grep "x-scheme-handler/http=" /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache
1⤵
PID:1543

/usr/bin/sed
sed "s/:/ /g"
1⤵
- Reads runtime system information
PID:1549

/usr/bin/sed
sed -e "s|-|/|"
1⤵
PID:1552

/usr/bin/sed
sed -e "s|-|/|"
1⤵
- Reads runtime system information
PID:1555

/usr/bin/cut
cut "-d=" -f 2-
1⤵
PID:1560

/usr/bin/cut
cut "-d=" -f 2-
1⤵
PID:1567

/usr/bin/cut
cut "-d=" -f 2-
1⤵
PID:1572

/usr/bin/cut
cut "-d=" -f 2-
1⤵
PID:1583

/usr/bin/lsb_release
/usr/bin/lsb_release -idrc
1⤵
PID:1921

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -parentBuildID 20240108143603 -prefsLen 20252 -prefMapSize 231436 -appDir /usr/lib/firefox/browser "{83185dc1-d5da-4e53-bd8e-c26f6dcdd0ea}" 1590 true socket
1⤵
- Changes its process name
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:2039

/usr/libexec/xdg-desktop-portal
/usr/libexec/xdg-desktop-portal
1⤵
- Reads runtime system information
PID:2061

/usr/libexec/xdg-document-portal
/usr/libexec/xdg-document-portal
1⤵
- Reads runtime system information
PID:2066

/usr/libexec/xdg-permission-store
/usr/libexec/xdg-permission-store
1⤵
- Reads runtime system information
PID:2070

/usr/libexec/xdg-desktop-portal-gtk
/usr/libexec/xdg-desktop-portal-gtk
1⤵
PID:2080

/usr/libexec/gvfsd
/usr/libexec/gvfsd
1⤵
PID:2087
- /usr/libexec/gvfsd-trash
  /usr/libexec/gvfsd-trash --spawner :1.8 /org/gtk/gvfs/exec_spaw/0
  2⤵
  - Reads runtime system information
  PID:2112

/usr/libexec/gvfsd-fuse
/usr/libexec/gvfsd-fuse /root/.cache/gvfs -f -o big_writes
1⤵
- Reads runtime system information
PID:2094

/usr/libexec/dconf-service
/usr/libexec/dconf-service
1⤵
- Reads runtime system information
PID:2104

/usr/bin/nautilus
/usr/bin/nautilus --gapplication-service
1⤵
PID:2109

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 22702 -prefMapSize 231436 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{93ca4700-cfa7-4db3-a518-4742a42aa200}" 1590 true tab
1⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:2121

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 22454 -prefMapSize 231436 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{db22c6eb-85a4-496a-9620-ec377ad3564f}" 1590 true tab
1⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:2147

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 22836 -prefMapSize 231436 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{05724b17-f0b7-463f-b8ff-4469c762fc78}" 1590 true tab
1⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:2205

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -childID 4 -isForBrowser -prefsLen 28854 -prefMapSize 231436 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{2852d579-1223-4084-a75c-efe6d558738a}" 1590 true tab
1⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:2230

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/root/.cache/dconf/user

Filesize
2B

MD5
885bf69dc0168f3624435346d7bf4836

SHA1
167d40b282fa3ab3a759bebaa971561c07cf03f4

SHA256
319d204b93d0584bd3aa878e2e07d51b06fe3e1d4396fc3293e318677d335524

SHA512
a502afbcd9a91923f6803c8ec1e299d80789ff1afad9288bc47f3b599030c2f642409b6b7869e05057b7916e028594260b0e27afff88b39c7d3550038d6fbfda

Download Submit
/root/.cache/dconf/user

Filesize
2B

MD5
c4103f122d27677c9db144cae1394a66

SHA1
1489f923c4dca729178b3e3233458550d8dddf29

SHA256
96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7

SHA512
5ea71dc6d0b4f57bf39aadd07c208c35f06cd2bac5fde210397f70de11d439c62ec1cdf3183758865fd387fcea0bada2f6c37a4a17851dd1d78fefe6f204ee54

Download Submit
/root/.cache/mozilla/firefox/h3gfden5.default-release/cache2/entries/037778A55E1B7E9BED3390289866D09402D6C913

Filesize
196B

MD5
c35964307be7520ef9139069cb0a1999

SHA1
5f4d0317ae02425d3baf934138ce6ae30752e1a4

SHA256
85359286195ca97c96e1729534ad6d0ca4a4d340e06089d24323081c1c7245b3

SHA512
f6dc8e2b64ccff3bb9fb06075caca26ab2c5de03a957a2193a77f1d4a2f17e89d044f4b9aa8ccae09a0c919f5bafbb590b1661ef69d193a9537a9c3f4119924c

Download Submit
/root/.cache/mozilla/firefox/h3gfden5.default-release/cache2/entries/037778A55E1B7E9BED3390289866D09402D6C913

Filesize
9KB

MD5
63008f802a69dc555fd2243db4d361cd

SHA1
d94f19292bc2728972040a91ac849e66b9801bf2

SHA256
f4c33899d802b2c046b4bbeca0fbd8d2304c882d01cfb0867e4c4963c3162fb5

SHA512
e6a1539390d3cea01a6276a453e36c025db496dcd54062e3299a7d754b4606e3fdc4d12897c9c70db5c468abe7c28f821f1dbf7aee2497eef4b9b8c3489b589b

Download Submit
/root/.cache/mozilla/firefox/h3gfden5.default-release/cache2/entries/037778A55E1B7E9BED3390289866D09402D6C913

Filesize
9KB

MD5
c813d87a63447dac0662ef6462480760

SHA1
3e36063213456547610c2c7f47ae620b7cffcf8b

SHA256
021cee4fc88eb01d02d06230aec3fd695c624142b5c467a7259fc3f68ea9870c

SHA512
aff9df6f1f7c35ae0919fc524b3c631f16ef325fe744037038b0e74d09079db8c9712c1b17ec38d46aa2a9976e230d5cace26999fb66a015aea8a0a412c1b64c

Download Submit
/root/.cache/mozilla/firefox/h3gfden5.default-release/cache2/entries/039090029E64BC91E87E77199A6A6BE11FC39B6F

Filesize
142B

MD5
dbe4073f119af9ae9066eed6c6fa6ffa

SHA1
df11483758e76ce9ab7b58840b0da04ed0eb780c

SHA256
58c7e04cdc142487aab062cc9e106ca1a425a8efbc409e9bc3d5b0ed43d551d9

SHA512
977146098159f1bfc0eed09f5bbba5e1d6f97176d5a85e799ac67ea877a2e914b22c58fda008e1f7702754b049f18fa04ce8ae941cc8fe57c349ce24c9afdc84

Download Submit
/root/.cache/mozilla/firefox/h3gfden5.default-release/cache2/entries/0EDDF8C091E2FED62E44BEDDDC1723F5BF38FE4F

Filesize
102B

MD5
b01124751dbf1bcf645d21b247597e4e

SHA1
219bea88a2f00288f3fd447ab072c3d64f3ba287

SHA256
0762c338b58d9fa99d23ed58fc83cb0f9c0ed70a0b08217370211b227adaf6be

SHA512
8c3d161fc60396546e1de005028e509f795666c726c2cb4eee9e20b4c92a6dc88f88e06212de6c29bc9502e73f602a0925eced116defa98263b70c50f0c6f3a4

Download Submit
/root/.cache/mozilla/firefox/h3gfden5.default-release/cache2/entries/1611007487CDFCDB9FE43793C68D8984CF7DD7AA

Filesize
9KB

MD5
67464a674332a40fb12a7a70e551dfac

SHA1
aadeb55fa5303edecb163a8c8ff42a0930c67e06

SHA256
1eec598da67b4c4ba5c90cc431f4c16a0ac1dda1c587bba07d8b9f1ce1b1c9a7

SHA512
20080c6d6227508990f7faa19badd81a5564bec5a39ad72aee72c77758663bd75704473c74fd435aae6a001d37f6708f21b0cdd653e0ef596e7457075e8314c4

Download Submit
/root/.cache/mozilla/firefox/h3gfden5.default-release/cache2/entries/1611007487CDFCDB9FE43793C68D8984CF7DD7AA

Filesize
9KB

MD5
a5998bbf9f3a5a9ba95cb2dc2b44e4b8

SHA1
2db863e5dafe74346a91a838f0e3aa87be67fb71

SHA256
ba4e8099cfe8d29486e75c280aa1775d305147e2b83049964f0235f3f56bfec0

SHA512
da695bb04daf15276d774e81f75962297fad3bd8c2d652633dda22a216c3ab90cb7aca4b166387a480e04f461c7feb43e872414f1dd7a2a23406190e7354a73f

Download Submit
/root/.cache/mozilla/firefox/h3gfden5.default-release/cache2/entries/298D53A692BA41D0C5CA5AE0806650D73FF83365

Filesize
185B

MD5
0dc7533d14f2123d758e7dbd7f1075ab

SHA1
0e3c46ab8df571769a275313d5305ae988a6f6fa

SHA256
d92c60c6a3fb632782d86064184a4dd1d3edd01bc236e04107588c352e9ce942

SHA512
10b4c6c8c64c1c40eab5e29b7c415c93ad742970d6516de1b2b750888b34d7047daca0a9e6aa65d81f9cf9ccb02674473f57fbc1960f5fd0d0358b2b5de1d807

Download Submit
/root/.cache/mozilla/firefox/h3gfden5.default-release/cache2/entries/298D53A692BA41D0C5CA5AE0806650D73FF83365

Filesize
9KB

MD5
eb140c6c195c543b9baea45220f7cd31

SHA1
af29cfa6f693931b88be670bbad2a09d7fb0340a

SHA256
0fb60bb56c90d77792b9f5e7c9393036208e9c7d1599702ba0066233a559338a

SHA512
ec0039fbef614dac452c24ebefa2a2059f2b1ea050522f9fe835cb2bd8e1cffa8c2448ee1960478e1431156c48ec8be89c64dae966d5bc4dfec0f6cd8cde3943

Download Submit
/root/.cache/mozilla/firefox/h3gfden5.default-release/cache2/entries/298D53A692BA41D0C5CA5AE0806650D73FF83365

Filesize
9KB

MD5
8774f6aec430414959d5072498ae0613

SHA1
e6b7366a62f5159767e26b5d0d7755d5e511e1ba

SHA256
93614a058bbbaa9e81d5e9400536cff33c1fc466ca865dd5ec0474b2e24c863f

SHA512
a342cd754aca8e11efaa5ebbd7b945f23637062b860fa74a3d8635764e0f0d343e8e0bddfe60313b52419c8438d5cb6899309bfd57ac98dc10bf0d61099d9d71

Download Submit
/root/.cache/mozilla/firefox/h3gfden5.default-release/cache2/entries/3D1E19D09F398691ABF62061591970855193B42F

Filesize
13KB

MD5
f3896f27ea41ebc5ac0c97f016b38ab4

SHA1
cfa3b268c29afb9796fa3e9d27a249cabf7b7b0e

SHA256
72eb4d7e59baf34add9ea9175cce2633e7a98934483512c920e2d11cf0e949bb

SHA512
32ee80c24a982608305ea17630d3f9cf3fdfadd844b984af94d8a90726f268b27f167389ab52ea693df1da296eaf779c0c491d1f6bb1eecc536583604df839de

Download Submit
/root/.cache/mozilla/firefox/h3gfden5.default-release/cache2/entries/3D1E19D09F398691ABF62061591970855193B42F

Filesize
13KB

MD5
da63e882aae815ee7226f6ebdaa498aa

SHA1
d1661bf4aca066878c594c4da14c58b40162452e

SHA256
bf3d7a98bcdb447dddacd2032f008787cf2d59f9155a37cd4e8813828bf1c5ee

SHA512
65c556540cecf8c614a5ef91965d52d8f6659864f40b9125a132a962aae0abbda1e2324e2c420a836ec324578529bfab17f871359d8bdb23a5640f01e0c1a1b9

Download Submit
/root/.cache/mozilla/firefox/h3gfden5.default-release/cache2/entries/6936AD44BD712B23BED7CB887B871D0AA15D4D34

Filesize
99B

MD5
fd30ac58349ce8b9ed9c7cdeb9e48470

SHA1
76e4d7fc6236fa732e102cb3dc0bed4b05aa8cf2

SHA256
49fe09272b511e5f86b3ca9e21d2ada078dba373a83efaced4879d2a7949dee1

SHA512
9392ae1b255aeaa68aa56b485c30863fa4cd379aa6bff3995817259e92d040a8a93ef029d1c888521556606d541b6c5e29ab2db2d26976ccbcfbe404b8337d44

Download Submit
/root/.cache/mozilla/firefox/h3gfden5.default-release/cache2/entries/6936AD44BD712B23BED7CB887B871D0AA15D4D34

Filesize
99B

MD5
480e8663dd8b10411adbab32732f3966

SHA1
d795230bf2a38a76a51d379c8a3d082f780b564d

SHA256
21224790097713795f0705661c1f0e8292cac0b28c98e841fefcd31fa8618224

SHA512
208d515c82ffc62d681ba1c1d0f6a04d7b6ea7cf905ce9fdffa47b88499ace18d6261ab3afd2d90ca81b645352d69d0c3e0fa4ce4227bb3384b9d07ad7347a24

Download Submit
/root/.cache/mozilla/firefox/h3gfden5.default-release/cache2/entries/8AF5D98EA49BFC5F75DBBB8CBE9CADF11B63E0F4

Filesize
165B

MD5
d77fff86bfbc5ae0086808b512854269

SHA1
6733aa7f4560356c1d5aae24ddb15ed9ce87222c

SHA256
9a6bf4864f3c9fd63b0c5fbcef0583a15a85db24106a8cafbf2833fc4e91a616

SHA512
5f051f40870710c3834540c976ea8ffa0c5f4476476ced499999d20bac162284a2a8f1d49531e810d55d35145e9f787b74285351340545424030752ac6b56379

Download Submit
/root/.cache/mozilla/firefox/h3gfden5.default-release/cache2/entries/8AF5D98EA49BFC5F75DBBB8CBE9CADF11B63E0F4

Filesize
10KB

MD5
397f987a9ee67f479d3cc546425f8820

SHA1
9095baccab2d0ee32bf3a0d3fb734065aa2617de

SHA256
c1c09ed7083f0864cabef0e897406c9674daaec5d4896d58afec487c8023ed5d

SHA512
c146b5722231909804f27aad0c711afd1face7be7780567f756847a9d46b6aee5ccb60fece3399cc2382e558e1c2a01a60b6e01ea6fba352fe0bbd4cc627d08d

Download Submit
/root/.cache/mozilla/firefox/h3gfden5.default-release/cache2/entries/8AF5D98EA49BFC5F75DBBB8CBE9CADF11B63E0F4

Filesize
10KB

MD5
c2a8de8eaf8f8b601b335a75428c8f98

SHA1
fb54a2dba2dbdaa80e3bd5ab0c2cfc33a79e7693

SHA256
61cb74bea98b80a10a16969142ac3915f3432da3d337dd55fd39ed2886a19de6

SHA512
42a874064307994c3bd621e2dee492b41bf8a700a76f39f11ed69655ec573fa60e1daefb0b648a59334ae0e501dafa53ab73a9a7cb17c65023407c1d3dd8f2fc

Download Submit
/root/.cache/mozilla/firefox/h3gfden5.default-release/cache2/entries/90E321EE94230DCDBDCD2EC0B77C695A4FC21F78

Filesize
9KB

MD5
286f72f30bda178628c7f7953675fe59

SHA1
6183cabd6afbcaddedf59a4a2390583994ebc2fe

SHA256
4d8591001a718a0bcde3a6307f9dcbe9c2e62268a622df02d54048fd1f87b856

SHA512
935daad2cbbc7aaa13418a962027311c0b2f3a2757d2c5f35b769d5a319803e40bcb8c1d4891d0bcd852e1903e3eefe05c64fda36d3ab3d3a84db087446b22c4

Download Submit
/root/.cache/mozilla/firefox/h3gfden5.default-release/cache2/entries/90E321EE94230DCDBDCD2EC0B77C695A4FC21F78

Filesize
9KB

MD5
f37568993a5045a1a7833ad5f82cef43

SHA1
307d908373398aabca300942f70c66072723ceab

SHA256
7697dcfe03d1789ddbf46821d10c86f7ae1f1ea56319bdd02c9269f8a6084b72

SHA512
4512c8c55373fdb68f939f67a0cda32575590ce2568880e55a770793920d2fa5d3c2c6f6837109781ae82e648928f43a1ef29af366a4a438c54adc35a6b7f8f7

Download Submit
/root/.cache/mozilla/firefox/h3gfden5.default-release/cache2/entries/B0AF89EEBFA523042898116CDD238A66AB2D8FCA

Filesize
145B

MD5
2c424e4448f4e811921619b9ab870b84

SHA1
e4bef03c703e2a95f7f8bfbc8011095059378c78

SHA256
c1c47d036f9481fdac5625ac9cd619862353240626258e2336bb718cff5849d7

SHA512
38441cf33c03a3f46936bb8264108b5e53a715f34586af1201b713db9b392ae72ae58595dfe816499fc20c2bb98ceb44c3c9d77b9bee61fe6091ab12d8a244cc

Download Submit
/root/.cache/mozilla/firefox/h3gfden5.default-release/cache2/entries/D0F48A0632B6C451791F4257697E861961F06A6F

Filesize
52B

MD5
c199b741aef8c0309f6ca00eed5cdcdf

SHA1
8bc024fd2860561735b18f0ad160533c71067e46

SHA256
d85691d6b765346a8b7cb0057b9c365092c60c9d17a58dd528c788836f1b56ca

SHA512
b0bf44646381dab396d7b1bd1b6280a4199dd28fae58724d270bc1a001c63facad3f52a10c8235c2480c4ae5c2d141092f63e837578392a63c150425b5284c20

Download Submit
/root/.dbus/session-bus/4816dd152e8c48ff97e9117d197c13d8-0

Filesize
466B

MD5
298fd5fa508ef31efeb72a93b942fc1e

SHA1
999ee393e04a3c458e24b73497a2d687fa3c9d5e

SHA256
d42c24d03424f8d6d85c8e1b4077a9cb8bbb4ca894bb4927b999c0b748616bcf

SHA512
67d9187578ff40c81b2b5ad209a7250dbd1bb20fa679149bf18cbef4b5491b8b37c431252f1be0df8c9b38462eeda48e8d6904cda15f6377fc5e4b0897082e03

Download Submit
/root/.mozilla/firefox/Crash Reports/InstallTime20240108143603

Filesize
10B

MD5
b6bafec45076ba68639f318042c6c9c2

SHA1
a4afa962815e86fa7ff09b256c28c836673dedb6

SHA256
4962e80a028d46a18d7b6f9322409c7cf614422cb863f20feb08c423803da6d9

SHA512
15ccd9d84d57b9132e0fa2c831a8462e309a74cd5aa0b0e78de28a9750b10b1f4064e0f0fb031a26680e661366ed2cbe8fe63d456cb4b3837f83ad597457ad2f

Download Submit
/root/.mozilla/firefox/h3gfden5.default-release/cert9.db

Filesize
224KB

MD5
6ddc27beb6ac7ee5536f5ebc56e6b619

SHA1
2117070d0044540749f46ec2127e124994e389bb

SHA256
1256f6342915815d56a922b35efcdda41d8bde201672dd8347727ecf3ea77070

SHA512
56b2b255b0fb35e5b5160de06c7770952b032c198685eda1f0b4545f6b0036758ad9484fe953fdc8f55f89fa6b6472426193f574ffdf6d4e099c3760e13ea9e7

Download Submit
/root/.mozilla/firefox/h3gfden5.default-release/cert9.db

Filesize
224KB

MD5
c69e3e6572cf6bdff1f2bd345e9f94bd

SHA1
572c6cde51a5389a3997ff1a3bf9245964b67047

SHA256
5c551694f4c99d2f365d52e85869789a082f3c353497a6390982913cc6ce52c7

SHA512
5736b1581821680de1aa0716f7f30934fb523958ccd7d1f437beb877d68596ec81b6696f36c5c189ac5a3ff539a73efc8daeac23ca6253088a758b4ab6cdf281

Download Submit
/root/.mozilla/firefox/h3gfden5.default-release/cert9.db

Filesize
224KB

MD5
f7ea2a25fa355fa2b5aa4e732b2a803e

SHA1
f7ac817ae36e9266c4ad588f6db5addb54fd8be9

SHA256
d6a4ccfcbf9e6431e34dbdd4990ec642ea3eb63e31377ce30dc1d2df7e53e831

SHA512
bc9c7db98a6968247f07d8b08a046a608887fb7327c3ddc54e066e3d76865d9f270ec3f7ac1bcbb29e4f6465c618bfcca43e4041d2c88e775a315e84806269cb

Download Submit
/root/.mozilla/firefox/h3gfden5.default-release/compatibility.ini

Filesize
163B

MD5
2d41a6f5736821b90ef44850dd3873fe

SHA1
a47c4bc1431234a5b58e460ede5b571acd38e562

SHA256
b4bf5c8334f6db20ae94105141ae7a721342ddccd94ec65289dc291e76a31814

SHA512
047a1455211e7aa29ef5f32f07c89d8a0c8d86d871bc664e4d8958a2a014dbe32f0613cd9eb66e7307c0e2439f74ca0b829652a52fa48e8c60d64b41f69914eb

Download Submit
/root/.mozilla/firefox/h3gfden5.default-release/content-prefs.sqlite

Filesize
32KB

MD5
1c7386dfc5a5d7f2aa06cdf1e2b280a9

SHA1
71fd6c476cca7d5aaaa79f1c535346b6de20a448

SHA256
f2793a25bb1c364f2589a7b541a5873f8e5e192ff39c1fcefd786e1c23f1c5c8

SHA512
378d36bf3054ffb7b664bcb4d0e38b546b684ce4436c247674ccf621ec2f9951cca73f55e4c1f496a37061ade6065fd315878aa65d2d38c09f8f6a0cb768d978

Download Submit
/root/.mozilla/firefox/h3gfden5.default-release/cookies.sqlite

Filesize
96KB

MD5
26ff39b359947b71a5fadd950fac34f0

SHA1
66e5830e4dca79225f41adc13a077d8e5dd8084b

SHA256
aecbaf3e1df1332d4f14a11480db712eb4aa91581eb4e942c580bf675f592a45

SHA512
7fae7b9ff4362e12f00acdc898f6f679718bdd28dc959684333086de7bacd162338dc266810f9f3f6dfa3dc228291efd6bb325e2e8573ca0e6a699059a145f11

Download Submit
/root/.mozilla/firefox/h3gfden5.default-release/cookies.sqlite

Filesize
96KB

MD5
102a8b6e82208a1b69224bdca8a5b10f

SHA1
8413dc3772127c4159e6d6b51372990a06b805ee

SHA256
5ebf89b32937916a76a8432832040cf0f6b99c2f006cc42f856712d403ec182c

SHA512
49c5c27c6749a7a73b4b944eea64ceb053a272619e6319bfd433ffbe126c8fbccc110961018165a4c7de781a86cf38d2bd9e52ec71b10bc73c9fd05fe841a46c

Download Submit
/root/.mozilla/firefox/h3gfden5.default-release/favicons.sqlite

Filesize
224KB

MD5
aff3f84fda6516b87050f171d68531ea

SHA1
6b82d182412601c057bfc591cc6b9a8932c84c73

SHA256
5203714a71df85f81969a193cac50befa4b1e70841b9b2d3ea348d3b99657172

SHA512
aacbaa66d86f8b3f299cead818a0883bb900588da822148b4ac7543a0fa4ee399c14a69534ae55bfd0e7b18630b93f04e0e0174b7d586e0d536c20760b5d65d8

Download Submit
/root/.mozilla/firefox/h3gfden5.default-release/key4.db

Filesize
288KB

MD5
ba1bea551d0dc5112e49fb31c8b240bc

SHA1
d28df3e44c9739b92381682f3b64a81a592101ff

SHA256
d8590f7c6d980084cab968632753c9af1b7fba80b81aaa1c88f18efcebcafd8c

SHA512
67689b15b0e3883865b86ea821a520079e13e93e7c7b1db41509b40423f43d60789aad8e913ef998fe4d69bddf5f5175bb12a4634ebf82c627fbe54669ac4433

Download Submit
/root/.mozilla/firefox/h3gfden5.default-release/permissions.sqlite

Filesize
96KB

MD5
652770017ccd3217c70066cdb7213d35

SHA1
61bcaddfc3b435b399490896b7d6055269ab6653

SHA256
660ccd2cc3805ef44ddd244134e82179df1708a253571afb5062d1b38939bd9a

SHA512
db4b111d760e1a67d63248a677e8487a2ecc31e89362641bcde5ef1d8bbf893b57ad70922fcebbc961d686520361f5bf0c6b7c217ac1b9164e3d275be2dc9db1

Download Submit
/root/.mozilla/firefox/h3gfden5.default-release/places.sqlite

Filesize
32KB

MD5
f0a2f3f9a21bc84758e705a9e81ad0c7

SHA1
1205454d83f971fb634f03802f5eb665a3ebb06f

SHA256
d13ae8a09a7d541b30fbb9d672ddcbe0a951160cc979fc841985176de393619b

SHA512
e60121ac23f763d306cda7795cb43e7b0ebff54bbdba9228408a92be7e94d17609f0eb5a7d9042e6afe4d1c0efab98dc7c1c993bc16ff4551a3826b088e91660

Download Submit
/root/.mozilla/firefox/h3gfden5.default-release/prefs-1.js

Filesize
1KB

MD5
daafe76363ea7f3acc5fca215ce4bfe5

SHA1
f699619cf1bd4386b13f456801109bf6c6be08b3

SHA256
0b1f6fac4b31851a97e44bd12dea961bf7aba8a8da49e85037b2391b60aed8e4

SHA512
1d4e465f2e2982ebd352c5c57cd506d46dd9cc438865e6ca4b3447ff3a4f545bf089dc54bf83645534f936e663e9b89598070b7e0a37c4830814eb63e9f3e471

Download Submit
/root/.mozilla/firefox/h3gfden5.default-release/prefs-1.js

Filesize
1KB

MD5
24e3edeb3c2a4f1c35938f67b53e477b

SHA1
00e18299dd4d7066054c1a698b0624e99b951a87

SHA256
deb60d4c335b2152e6da551fcc1d6cdc287f75be95a80c7b15bd84b7cabd025b

SHA512
e3596741154ee77ee16c9c9119dbde344fc65f5ad3c87550efb0e8c2d4424a35da63b6088be10430fad48624730ad12f7f30b11dba94bd48bbf7662087d7c54f

Download Submit
/root/.mozilla/firefox/h3gfden5.default-release/prefs-1.js

Filesize
2KB

MD5
6187a85b72739fc07927ab54f874430d

SHA1
e156b47bdf3db55c56e3f29e83c878068672cf48

SHA256
b74de7db35b9ec02f0322df715b0f1d6d7f2d310b032346b6339ddf735801b1c

SHA512
7b92992ba4277c41df8eed9b10420b70f3ccf3f09a7209896ceaa11bd226b9dd69a23d1af07fee9ab98a5f7776e1a8db0fead697eb5589082580227267f9a00e

Download Submit
/root/.mozilla/firefox/h3gfden5.default-release/prefs-1.js

Filesize
2KB

MD5
b005959fffbbefc7128d15bb2cc772e8

SHA1
313e46dc52895bce1bac66bf76fdb9eb8abfb83c

SHA256
4cc4f15e454bd2f85e16c12ed8733d0368e11a667e7e01d73f032855a35653ef

SHA512
2648705fa6647ef2f836572d63a4cbbaa5c2048447f51a41674f717afba68e61156b3b73027630c94f3253a521bcf3b0e59479d659ddba90c7aad60111fbc004

Download Submit
/root/.mozilla/firefox/h3gfden5.default-release/prefs-1.js

Filesize
2KB

MD5
b6d9334fb3566f3dcaa83b6e0d529e33

SHA1
d5b110560a7b8dcb8ef932a9d268aa427421e90b

SHA256
5f93a996106cb42857221a8cdcd5008186f3c5e119f02bcd3cbfb39211e0ca51

SHA512
13df9d6c81a5d0c984fe9e77409ceaa2b065eb135c8c693669e0ad890559b6bb8029ae833b7a8a7c3ea7b25df20cdf85f468201e376b902b7e749db6adb89199

Download Submit
/root/.mozilla/firefox/h3gfden5.default-release/prefs-1.js

Filesize
2KB

MD5
7e6be010f0c6f2cf65641a2bbf44abf5

SHA1
c764ea3adcf2015eaed052a1d23a94e72da48259

SHA256
9c2c3257535f4aaf4ed67238202859b944b5aae2179f5c8a70442103e68d9379

SHA512
c765a1331d6c27d099fa66abaa57ca14fbb78d15533ab9b5e391fc6dc3dc4b650f2fcb95e2930cfdf5b528b647e74ab51c587a4bb834abd229ef089a353f144f

Download Submit
/root/.mozilla/firefox/h3gfden5.default-release/prefs-1.js

Filesize
2KB

MD5
a4efdb2ac32b6518c7640ff9f7588911

SHA1
13dc9ac5cd6f66fd72ef180352d4dfebeca78882

SHA256
913e1a1cf6544f22da03c1679663b5701dcaf60c12756377464be18f6b7a2f93

SHA512
4e95d35f84eb11e8da8cf4fdcefc1a11e947350524cc86c0faecd3410fdd07638c738d80b6246d61dbfbf1cfa6aa7248802f94ccc0bd684784ae19b9ead49117

Download Submit
/root/.mozilla/firefox/h3gfden5.default-release/prefs-1.js

Filesize
3KB

MD5
1efa674c415e38da59aeba35690ddd33

SHA1
e2b372466edb71b71442849df9ceb5189ce7f19c

SHA256
e34f41569916047f9407a451d83688f72bf1c32b36e6f2a339c9a6c35d7dcac3

SHA512
d23640341ac0d221485fde5473a24fa2e23bbed7fcc70598b257166feb66f83d34024cc9cd4c512550a24f7052e086df4dff98b904cbd555444a46e64119785f

Download Submit
/root/.mozilla/firefox/h3gfden5.default-release/prefs-1.js

Filesize
4KB

MD5
a7a5c2dbbbfd79d95f0b8624c56ab8cf

SHA1
025fb5b1c4cc4f1800f110bd15758f672cc2fa43

SHA256
90baab0702310aec66c106827b25b76bb5c7d690296d8fe40839acfdcaf68d8a

SHA512
a2bb91267685e46db4d367e18028e152589f56c94e5595a6bbd5205450023a39b9fae4d41c63d71de76eec28063732fb5ba78d0d89f66f7308752a36809b6cef

Download Submit
/root/.mozilla/firefox/h3gfden5.default-release/prefs-1.js

Filesize
4KB

MD5
8393c7bb1666714919e06b76bbe3d571

SHA1
1d488ce71f83cff0339df7b5bedc04f17b1c633f

SHA256
99140aa629543d755dcf52615b1f743387a4a9893f99cb434e70c817198b2675

SHA512
8bc26ae596534d88c47671f6f825f225231f43e91aecb00fa582a2e648a1a930a3892bc6e626b438730baa99983cc02ef536cbbe5d95428d596717d9d20f3a76

Download Submit
/root/.mozilla/firefox/h3gfden5.default-release/prefs.js

Filesize
656B

MD5
8a3fb2ff88ed8a97c6528a1559029043

SHA1
77fb453528520bee52bb4369fe541d7b7144f64c

SHA256
e1ddb5045ec6fe75f49e0d3fe787eceab8ec3d934dd50825a2cc8546ad532e0f

SHA512
06754a0d62cdeaad085cb5b5ff834999c77b64738093e4301c1a9c29042292280b531856355a96c56fb5eb9a3729a09319fee9de4b1c95748a9616d46d695439

Download Submit
/root/.mozilla/firefox/h3gfden5.default-release/storage/ls-archive.sqlite

Filesize
96KB

MD5
e1121e3dd3c8a9c384f879bdddcff219

SHA1
625f25a1a5ff8527ab3105636fa7aecb9affd234

SHA256
766b9f50254b4e5526b0cde2911512956262596d8937f8630805d3c70802a066

SHA512
03e1cee2e75b2b609b8344a40995de09de837e940d2012f2fea65d9c70eecbcd3345b66b852f32211b38b06a4370f06f02ca7521e29e7113e2e12a6a7752be31

Download Submit
/root/.mozilla/firefox/h3gfden5.default-release/storage/ls-archive.sqlite

Filesize
128KB

MD5
0d2b18bbf091633c4fe1ebdd197dfa15

SHA1
c150dc37042d92d30efed6cbc1b536eb66ec1a3e

SHA256
fe63ee867e0f229a0bcc48b771afeec394c362ac6d0c2bd6907c7202097bd228

SHA512
59d202bfaf236bdcfc05a3e148a773d15a3bdff23be26fb2cbfd059fee6c4a516c7a59de0a3bc97df1419c34464e1346354979ddda1062101121522f22d8156d

Download Submit
/root/.mozilla/firefox/h3gfden5.default-release/storage/permanent/chrome/.metadata-v2-tmp

Filesize
36B

MD5
06bb95ee6d82f9059172d0a836fa6ba1

SHA1
61a6b19576f355813d140618d8f224bcb4358f48

SHA256
96117bf4e0fb86b3412e00a3cb91f6d0d2aa5acfa62767e839649f4b557c0530

SHA512
382884309716be7ee180bc0adfde65eae53c45246ab07a2eef1aa6f8c0a9626ba892c1998aff287e51b27d430aafd626ba2a60a218236b9df0ed172a086fceb3

Download Submit
/root/.mozilla/firefox/h3gfden5.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite

Filesize
44KB

MD5
488403dd59d861961dbf2e5317cc6e55

SHA1
bcb13cf819bdc370762237a075f14a9be0728a50

SHA256
8645149962df6c816291521b6cb45e9acf79da6bdc3a727ba00c71eb720de4ef

SHA512
4e60bc58fdc1ffe3662b83fc9af3e0ec5af90eeb25da8e60a70717e3588676e135f6cc5a8d57a37c2cd2ce3a3661e665e2688d00799dd834945d5f0964750805

Download Submit
/root/.mozilla/firefox/h3gfden5.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite

Filesize
12KB

MD5
b5e854552d61f189dd0ed3591df044d1

SHA1
4b342b9774e15025259ef0f4526f934a3a690ef9

SHA256
c47b86558d095158ce7ac1a9d9f6054b74f42b8122db7395aed4b832c700291f

SHA512
b439c67c5f453d45a9326cd9c2df01debe3c8b1fba47d3319dcbeb442ae2d5e24f487816ce10393fd32a5f0b7b0128c3ad526dad0e1c32b845deed2e4bb2932f

Download Submit
/root/.mozilla/firefox/h3gfden5.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite

Filesize
16KB

MD5
0784c48a7d01974b4b1890a7dde8772a

SHA1
134febf504eaa914277ccb5f35f86a44b6aa1739

SHA256
8d73cfd83b815644e0cc3b049331ebe312ff230ec9c7e5c02a3c73ba8e4e5a6c

SHA512
b9371c176378524d74814e321373b64f7d66978bc781c28062e21664a9dfaa8b6c4a90ab59ccd163e1800a843d1361a9a52c8bdc0173321454827b5a19f17cab

Download Submit
/root/.mozilla/firefox/h3gfden5.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite

Filesize
44KB

MD5
f1cd629017b1fe58fc80953ebd4754b6

SHA1
01e02178484458797c2b682325b26b2633fe8466

SHA256
81bf3da297b9ee8270bea383d9479cd7951e35f552361230358e3a35e1f44567

SHA512
afb775074af046014236a312865a1811de3bfb97f8df057541401867140fcc236259ab237712a7d3bc012ff84cf90330e4e122374cd09c194c4c145f575fb95a

Download Submit
/root/.mozilla/firefox/h3gfden5.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite

Filesize
12KB

MD5
2aedd7ad8365695913bb5ae8fd4944a5

SHA1
c114c43f318311d9df618fd9ca0f61effc34200a

SHA256
5db9fee638b10de95e021f02762473d0888f36704622d67ec29a9ccfda599257

SHA512
4cdda56cd8fabec4fbab2acf16f5ac0e515c747070acebeb01e152a2ffb1c864f1b21ded5ea56ade45c3382bece7bdd9634de8ac4dffee4b1ed707c588192382

Download Submit
/root/.mozilla/firefox/h3gfden5.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite

Filesize
44KB

MD5
1ea539584c41fd171d307fb9e740d499

SHA1
de3d1a3d6a0173bcd30c89f148cd732d0ae614eb

SHA256
aaa3461e12a1343eb5803894e1ef6894014b75b26ef264f29ece30b1cea3aa83

SHA512
22b145864127c0f223522016c6ba0a67e06a36aeba135e546f4d77000f436d5060064eb988b7aafdb451e39f70d0afd20313d15507dd531234ac25d60e9d935c

Download Submit
/root/.mozilla/firefox/h3gfden5.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite

Filesize
12KB

MD5
dd854110cdd33e564bdd672cda8154e2

SHA1
bbc317a8a832f10ba83df08d3611dd2ab8ca174f

SHA256
6c225d7372c9b057ebdc72830565385a8bd7e256e456e5a4afe990700ea489c2

SHA512
a5dde9ff1ec220698e5a59a1bfe46000552f30bc12e3cebbc9a269756618b701d93cf8274db6736f914fcb043b6418a18cd8aceaf1b625c9d0cae42c4dc3f2e1

Download Submit
/root/.mozilla/firefox/h3gfden5.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite

Filesize
16KB

MD5
e73a8e704905f655eaae7020fbdd1842

SHA1
9934812952de8d70a48ba4f164f4044058727b2a

SHA256
295b8b057db27e63b337b445f70404f8cd5471915df9a8b6a778807fb466d9ed

SHA512
7bb780575def3be1b3149dc9c33f62717988e493adfe7e870a502ce0934ff0ea8ee7bc984ce56b42829df41012814251280da5867cc31870cf4e23fbbd8b31d6

Download Submit
/root/.mozilla/firefox/h3gfden5.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

Filesize
44KB

MD5
225fe36c4bb990de9670b27368d655a2

SHA1
1dc382bec9af9b4bd0308dea1908ab6933834828

SHA256
2185235a458ef8924a1370bb956dd1d65d1f7bbffda08289275e072b65d5d1db

SHA512
11eb31a930a336c13869b0d385df555d7fba32ecea26bf513398dca2a35439643b0896a94c4696ffb439eef18b7f85982155dd12beddef784fe4ed1e86d2d1c2

Download Submit
/root/.mozilla/firefox/h3gfden5.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

Filesize
12KB

MD5
09a0260dc3a2475cbb3149291143b090

SHA1
cc5bdb01b5d4ea53b49710fce5042f1f56ec701a

SHA256
6670f82c140d794facf6f8fadeb7487959688991e55cd7745d50ad8b49889891

SHA512
a53f13000cd3a0a8283a4a70a6b35ab90c8a5653e740e9ab784c2412d32a5de99af9707f3d439cb511d947aefe2efc9457973235e40f09a22d9d21d7b8a9ee77

Download Submit
/root/.mozilla/firefox/h3gfden5.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

Filesize
156KB

MD5
0557378b757fb52a84e8071a4a961ffe

SHA1
fdfd7158755ebad1224ec3cbf84583262cc17e8e

SHA256
5cc0314b09df7ff61d47bdcea941cefdadd8baf18fb6f86ec50f9dd0e0b35541

SHA512
d0917c328c46c524432c4376a27de724ce1726ddfca59eaff9c03f64fcb0f6149fcc346a7893c0ed19c99fafcd09070b4ecd53b5929cc0bbfb16ed1131a2210e

Download Submit
/root/.mozilla/firefox/h3gfden5.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

Filesize
116KB

MD5
bbe9e4471c97fb1b270eb793922a00e8

SHA1
a1da47669a2b512be64ba97e8bbd587887d2c24f

SHA256
dedbbbca17668696789b6525ec93fadbb5731e96df326c7d84ce355fe0ca1bac

SHA512
1df28b24c05bd0931c3fab72bf6283d4a4df4253bd28060bf9abaf8fa0b9fd91e7790c28d7972287ac82a1bf04eecd3fab8acdaa26dfd394b3493280c7474f1d

Download Submit
/root/.mozilla/firefox/h3gfden5.default-release/times.json

Filesize
50B

MD5
d50c843ded2c10c166daa1737df7c3f1

SHA1
da3600d4835c7a88bc037565000a265aa618ace8

SHA256
73bfe6b117b791d181fe2af2900cc6888bc1a4a601ee4a23b1e09eba019e3b64

SHA512
bb136775aba328b6838991c7a57c362dea92088142e9fab9d48793417fb71c1e88f2714cbbbf7dedcb8e22b9e19161babf70e942f1f90d7ab163ce9c7e08d628

Download Submit
/root/.mozilla/firefox/h3gfden5.default-release/times.json

Filesize
47B

MD5
fbce253ab1706cc40149bf4ddc173d15

SHA1
fc01e7647eb7d92983c50070b6b394f1e6077316

SHA256
0909913e0fbd3501eeadfb17ab3c29a0f33f82211c6cd0712165c78fb975ee10

SHA512
020959d5c90f83553d4b5f3950409b3019d0cf1b9d3ff4f66d2e4fffb08174eee339595f0352f3f0e852e13c8c85d60cf12c11fef5076e1ccedc8cc79a918baf

Download Submit
/root/.mozilla/firefox/installs.ini

Filesize
62B

MD5
55d7db9e3423fc350ffdb2f285fa89d0

SHA1
7a2bbd48a0fd6189c19cf6ecef9593e767e1fed4

SHA256
640ef166554e8c4c657d6db7191f2a92d7ba1620734e05179e217af9980cc7a5

SHA512
8d1895fdd3895f4af7bc1fca8956413207b313d0b22849eea5180c11b3bb9eeba91ad0837e281b6d6981325cc173d459290ec569f3464d204ab07e43ac2c7065

Download Submit
/root/.mozilla/firefox/profiles.ini

Filesize
259B

MD5
e07a460e0a557ebf67002f5f481bd01d

SHA1
f6acebac09411bb53194b14170488af93752ee0a

SHA256
c21b259607a9ffc1b31e687623e0f7f46beaab7e480428909301a0e1777ee6ec

SHA512
13d13ee04c2e58c418707698fc2dde3bab760a7ba744d7aa139ca6a6c9b188e8a58b7ae013587270a7a1782e230f93d16be5c80954db02b61b3c78b847b0f609

Download Submit
/root/.mozilla/firefox/z0b3xoe1.default/times.json

Filesize
47B

MD5
55520627392ecad163d4e66f4826a0e2

SHA1
0ce7cfe077fc652e022a65a479df35a76ef8f819

SHA256
8a4e9aaacbced574971953dfd05971aa55c35e4114cc95dcd10221962923682d

SHA512
79431e972f9befc30a645caf0c39c18df91502f38d5bed2d729e3a02781eb1fe20feea911457a3875ca64416b4dfcbcd2d32cf1eed654ecadeab9cc93594b4f3

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads