Resubmissions

23-04-2024 10:15

240423-maftaafd86 7

23-04-2024 10:13

240423-l9k2lsfd75 4

23-04-2024 09:34

240423-ljtwtsfb98 7

22-04-2024 04:36

240422-e8rpfafe95 4

22-04-2024 04:36

240422-e8epwafg7w 4

22-04-2024 04:35

240422-e71kysfe85 7

22-04-2024 04:31

240422-e5nhlsfe48 7

22-04-2024 03:44

240422-eajk6sfa85 4

22-04-2024 03:43

240422-d94vqafd2z 7

22-04-2024 03:42

240422-d9vl2sfd2t 4

Analysis

  • max time kernel
    3s
  • max time network
    25s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20240226-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20240226-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    16-04-2024 05:41

General

  • Target

    https://www.google.com

Malware Config

Signatures

  • Changes its process name 64 IoCs
  • Reads user data of web browsers 64 IoCs

    Reads stored browser data which can include saved credentials.

  • Checks CPU configuration 1 TTPs 1 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

  • Reads CPU attributes 1 TTPs 11 IoCs
  • Enumerates kernel/hardware configuration 1 TTPs 60 IoCs

    Reads contents of /sys virtual filesystem to enumerate system information.

  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /usr/bin/firefox
    firefox -new-tab https://www.google.com
    1⤵
      PID:1578
      • /usr/bin/which
        which /usr/bin/firefox
        2⤵
          PID:1579
      • /usr/lib/firefox/firefox
        /usr/lib/firefox/firefox -new-tab https://www.google.com
        1⤵
        • Reads user data of web browsers
        • Reads CPU attributes
        • Enumerates kernel/hardware configuration
        • Reads runtime system information
        • Writes file to tmp directory
        PID:1578
        • /usr/bin/dbus-launch
          dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr
          2⤵
            PID:1586
          • /usr/local/sbin/dbus-launch
            dbus-launch "--autolaunch=11c67417355f45d397f6be11f62e85a6" --binary-syntax --close-stderr
            2⤵
              PID:1630
            • /usr/local/bin/dbus-launch
              dbus-launch "--autolaunch=11c67417355f45d397f6be11f62e85a6" --binary-syntax --close-stderr
              2⤵
                PID:1630
              • /usr/sbin/dbus-launch
                dbus-launch "--autolaunch=11c67417355f45d397f6be11f62e85a6" --binary-syntax --close-stderr
                2⤵
                  PID:1630
                • /usr/bin/dbus-launch
                  dbus-launch "--autolaunch=11c67417355f45d397f6be11f62e85a6" --binary-syntax --close-stderr
                  2⤵
                    PID:1630
                • /usr/bin/dbus-daemon
                  /usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session
                  1⤵
                  • Enumerates kernel/hardware configuration
                  • Reads runtime system information
                  PID:1588
                • /usr/bin/lsb_release
                  /usr/bin/lsb_release -idrc
                  1⤵
                    PID:1601
                  • /usr/lib/firefox/firefox
                    /usr/lib/firefox/firefox -contentproc -parentBuildID 20230522134052 -prefsLen 19257 -prefMapSize 230809 -appDir /usr/lib/firefox/browser "{9c3f8564-522c-460a-8dfc-2ec370245f1b}" 1578 true socket
                    1⤵
                    • Changes its process name
                    • Reads CPU attributes
                    • Enumerates kernel/hardware configuration
                    • Reads runtime system information
                    PID:1614
                  • /usr/libexec/xdg-desktop-portal
                    /usr/libexec/xdg-desktop-portal
                    1⤵
                    • Reads runtime system information
                    PID:1633
                  • /usr/libexec/xdg-document-portal
                    /usr/libexec/xdg-document-portal
                    1⤵
                    • Reads runtime system information
                    PID:1638
                  • /usr/libexec/xdg-permission-store
                    /usr/libexec/xdg-permission-store
                    1⤵
                    • Reads runtime system information
                    PID:1642
                  • /usr/libexec/xdg-desktop-portal-gtk
                    /usr/libexec/xdg-desktop-portal-gtk
                    1⤵
                    • Reads runtime system information
                    PID:1653
                  • /usr/lib/gvfs/gvfsd
                    /usr/lib/gvfs/gvfsd
                    1⤵
                    • Reads runtime system information
                    PID:1657
                  • /usr/lib/gvfs/gvfsd-fuse
                    /usr/lib/gvfs/gvfsd-fuse /root/.gvfs -f -o big_writes
                    1⤵
                    • Reads runtime system information
                    PID:1662
                  • /usr/lib/firefox/firefox
                    /usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 21750 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser "{4d77479f-fe83-4274-85cd-6b3f6d873494}" 1578 true tab
                    1⤵
                    • Reads CPU attributes
                    • Enumerates kernel/hardware configuration
                    • Reads runtime system information
                    PID:1690
                  • /usr/lib/firefox/firefox
                    /usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 21418 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser "{a849ac13-83bb-46f5-8e84-3f7c290a3142}" 1578 true tab
                    1⤵
                    • Reads CPU attributes
                    • Enumerates kernel/hardware configuration
                    • Reads runtime system information
                    PID:1712
                  • /usr/lib/firefox/firefox
                    /usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 21824 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser "{d694d9ea-0ea0-47b0-9644-dd0d36b037c1}" 1578 true tab
                    1⤵
                    • Reads CPU attributes
                    • Enumerates kernel/hardware configuration
                    • Reads runtime system information
                    PID:1740
                  • /usr/lib/firefox/firefox
                    /usr/lib/firefox/firefox -contentproc -childID 4 -isForBrowser -prefsLen 27881 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser "{2752fd1b-37ae-494a-8226-b932610affbf}" 1578 true tab
                    1⤵
                    • Reads CPU attributes
                    • Enumerates kernel/hardware configuration
                    • Reads runtime system information
                    PID:1757

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • /root/.cache/dconf/user

                    Filesize

                    2B

                    MD5

                    441077cc9e57554dd476bdfb8b8b8102

                    SHA1

                    3f29546453678b855931c174a97d6c0894b8f546

                    SHA256

                    b413f47d13ee2fe6c845b2ee141af81de858df4ec549a58b7970bb96645bc8d2

                    SHA512

                    80536c6170dd8626dc081af148d39ec2fd5d090cc578a76647e7903fd34bd02e4333ece57b0e24ff116f43429b6ff541834bd40ef0c8d3563acef5ed0fd254b8

                  • /root/.cache/mozilla/firefox/pdnxgwza.default-release/cache2/entries/3D1E19D09F398691ABF62061591970855193B42F

                    Filesize

                    13KB

                    MD5

                    920773a1db74541a25ddda1b5ed9f521

                    SHA1

                    e797c8526e35516d60f56f3476bd839bc81c2e33

                    SHA256

                    405ba90b4428d0d5f20d1c32cbb695d46e6252cb68704fa269ed036be0dc91cd

                    SHA512

                    748ceceb2c8ab22a0b400fa1644ebcca807a07a16eecd52e06c985a88f791d415e9f380b78531119a6cc579478600bfe0422fa08f2842421c82bff8380aa31b8

                  • /root/.cache/mozilla/firefox/pdnxgwza.default-release/cache2/entries/82F4CDEDC8A08E6BCE520A4114F15825F2E886F6

                    Filesize

                    61KB

                    MD5

                    b0d93b7dbdf9d9b7fb72d1adcf463ad9

                    SHA1

                    1f890da756d413ccee31c7c785c10e44aa55fc50

                    SHA256

                    5ca5c0b226b7161c4d9b6fb8196e0690c4609b779a4e2fcb9617ee9201a59d18

                    SHA512

                    999d6a11d1fc1730b305ce8ec6c60f5f51340e866cbabedd0269e57019fd2486a2e4b8029d0396ef23badf80bea5fca5ec1a8ce88be47f02bdfc3814c8c370a0

                  • /root/.dbus/session-bus/11c67417355f45d397f6be11f62e85a6-0

                    Filesize

                    466B

                    MD5

                    b896ba1f9e0cd0553b96d9faf216b79a

                    SHA1

                    a1234c109c4b2fac445fb767fbb3829a0bc8369a

                    SHA256

                    828131ef22ecce82f07bf4d610a53ec29d7048a03ee106bce2d31c800cf616c8

                    SHA512

                    bc0b9a7dbf2360b09632e3d6269786807169e4b0e68f67c0ff008c88a3256ef1043a537fa20710100e33f44259fd6eef6f7424ae305c4cd797e6030c98f3d04e

                  • /root/.mozilla/firefox/Crash Reports/InstallTime20230522134052

                    Filesize

                    10B

                    MD5

                    9361656b4441fd2f18455323efe86f3a

                    SHA1

                    d7ec8cb3b059e1fd7cb4d9b61fdfb4f495454269

                    SHA256

                    6f78c518727cc3aa303394f20009421cede9bee9a1f544f2ad385a3acd1c028b

                    SHA512

                    aa4f2443290d81a7f828faed8c9a64ad04208f400c4ffaf6c46178b1145f255198ed01cb74be91fcd1738e8079b16c3d47ebdf7010e65df0c26d6d7eb956a986

                  • /root/.mozilla/firefox/installs.ini

                    Filesize

                    62B

                    MD5

                    58a99bab861d28aab668c5c9814ce1b0

                    SHA1

                    445954607e68c9265021bb0063a62aa946ab11e9

                    SHA256

                    cb2ed8eff8405d00a68dd76d47427c4c6fafee6f6661519dac57c5b233e4b5a4

                    SHA512

                    e7d920cd7dd8bffc1e88525ff90b46a01128b1bcbb7d9de85f578c9fa98167d9fe82e9b41da6602d5c8a70d3d5feaec2b772737c636acb39390c9c9cba288712

                  • /root/.mozilla/firefox/pdnxgwza.default-release/cert9.db

                    Filesize

                    224KB

                    MD5

                    4afc113b60b83e8f236aed18696fe59b

                    SHA1

                    ea0be784ca2291af98e478748656d68522b2dac9

                    SHA256

                    678839576f8970beae4e03140ae0936b350fb9ca071da374f7174b1944023710

                    SHA512

                    19f6350fd467bb3ce3c2c68eb4ae160185b21661a9e012dded9d0c5bf96b61db68f2ddd603c442a23458e6289a324de43362588d2d2eaa7dd5638d38b81ffabf

                  • /root/.mozilla/firefox/pdnxgwza.default-release/cert9.db

                    Filesize

                    224KB

                    MD5

                    6e0cf61ee6a052924ca6cce451c825c6

                    SHA1

                    be8a46ec15b9dd08194872ec8b9405d01dbac488

                    SHA256

                    9cedcc0d834fac439ab88410345153a99689117c7517c4399f82c61665de852e

                    SHA512

                    5011332e1d9edc65ed7d07251b0005868e4c7942163db7e004d7ac5eb7a16ce820461103686ca700f7c345e65c6b317728a75bdcd914a83c08e361d431edd96c

                  • /root/.mozilla/firefox/pdnxgwza.default-release/cert9.db

                    Filesize

                    224KB

                    MD5

                    015d2b1e82f9af236ec7ed40cf625830

                    SHA1

                    3603af31fc3c54f1f4906963e1105c27a654f8e1

                    SHA256

                    13dda0d2a0fb296d360d03a6736623c5dfa44972d737fef57ad0d04db1656bb6

                    SHA512

                    d18f10fcd34959f29a81e8422f75293d147a348ea1d8ee1ccb0f4618ac20a52f375253aea5976d145d2e22e24b49b9d0f2395db906b1646260bcaf76f633a4b4

                  • /root/.mozilla/firefox/pdnxgwza.default-release/cert9.db

                    Filesize

                    224KB

                    MD5

                    27dfdd8ab91ec020a54e5ff76ab3f133

                    SHA1

                    e3cfd01e45efb693500db78f98b7d71e05e45b8d

                    SHA256

                    53f3af7bb9effbea4efffa3f8b8a04f5c416298ba4c4978b430cdbd82374c339

                    SHA512

                    87d3fa54f8be1e49c84574a4f80cad4db973ccbe0072f8697c81eb182c071d4a97ec8397ffe0bcf6305c374dfae1c04f4387d04a11da72050359a3fc4c3fd685

                  • /root/.mozilla/firefox/pdnxgwza.default-release/compatibility.ini

                    Filesize

                    163B

                    MD5

                    fe452b7294d5928a9a5863b89ee0a6bd

                    SHA1

                    a5d4c245071fa96476ba48b4725bdae7f1b7940f

                    SHA256

                    d5bfb07561606a19aa96557ea109b175050dc0eb805cbef9c813503587d77900

                    SHA512

                    dc37d8507f08849e3382d2dbafd4a64555dbd57a288c95131e9aefb366630f1585811a9e1456b861bb9d2b816ed88b18ffb7580cd92b41bb9b0227ce1363843e

                  • /root/.mozilla/firefox/pdnxgwza.default-release/content-prefs.sqlite

                    Filesize

                    224KB

                    MD5

                    1fc2e7b7fe2c5be305dfa9a2bbb60771

                    SHA1

                    4967389dea050001cb1af3ec799edb7805c3abb8

                    SHA256

                    1953edcac737d1ad3de6fbf69671163882fdc0be5bd21d00378d8d8c753c757a

                    SHA512

                    fba536378ab9b5f04d92f1029b92d255c7da445a29e2527647bc16e57d02c179de1e78a2de11db1b00cc54c24d3715980c84c0cde103f47c6150f2e7bb8f93d5

                  • /root/.mozilla/firefox/pdnxgwza.default-release/cookies.sqlite

                    Filesize

                    96KB

                    MD5

                    9535f5fe817accc769c2c1d3354db39f

                    SHA1

                    6af62cf08717cf3bfa84eb1a7b311acf522ce560

                    SHA256

                    c53c15fcfac2bb57fdc88d23f932fc244dbaf4020f0f6eaecf0f77a37c21f8c5

                    SHA512

                    dc9c2c32eb42dda0a7a711e143aea58c603c1e9d885c3677e9fe86f525e1b0b32a46e240756263e56510b07e764ba69f2de13b90ec18210678242e10cfe17837

                  • /root/.mozilla/firefox/pdnxgwza.default-release/cookies.sqlite

                    Filesize

                    96KB

                    MD5

                    5caa766855d5613a999f71b7812d6451

                    SHA1

                    ad0d9a52a0d5cc7f11858301dbe47377ed99ee37

                    SHA256

                    3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27

                    SHA512

                    17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

                  • /root/.mozilla/firefox/pdnxgwza.default-release/favicons.sqlite

                    Filesize

                    224KB

                    MD5

                    3c0a1ec298284608bfa51081ea539be3

                    SHA1

                    e51b58f6fe89d45fd8a1d935b51da172d5f6f32e

                    SHA256

                    34c4fe7ab2d3e44f193b489ebe84c17d67b336546af9ef231897ec09d7ff16f2

                    SHA512

                    8550f530377f7a98c46a6989bec2c43ed644274509a5b987e8e0d034bf867b3315dcc75a2c851a5ac43a45b40bf51c789d828a9a69c02157b3e900467341a28f

                  • /root/.mozilla/firefox/pdnxgwza.default-release/key4.db

                    Filesize

                    288KB

                    MD5

                    6b51411ad0ea4603003d76967ffb7914

                    SHA1

                    32342e513a6a6166dbb7ebfdd68e6ac652c8af35

                    SHA256

                    1c16f57ef1b93b4d222217e2daaa844bb899044568700f50e0282e14ae4f7ff2

                    SHA512

                    4f91697f69913bdd01ae38728d6bc5f97ccc3fd22ac02aaaa70826d61a65cfd6fa5e4eda54e8e1ab0cc7d12b58cb8b50143e351ca6c990f19b7b71d75899cce5

                  • /root/.mozilla/firefox/pdnxgwza.default-release/permissions.sqlite

                    Filesize

                    96KB

                    MD5

                    1bde978b83f4314559ee656878c81d24

                    SHA1

                    644a6f420d8cf8cebfb084cb1cd11ea6896c225d

                    SHA256

                    7574f7deac57d3ad97356cf77e9193d16f7e4bc497414acd4345d3a9bb34d448

                    SHA512

                    e07aa94f97f2aaaab877fea4c9ffb67eff509c953962a11edab9935488105e47a98a816cf11ae0a0a838506797639400362104cc21831d171c27d7812359f353

                  • /root/.mozilla/firefox/pdnxgwza.default-release/places.sqlite

                    Filesize

                    1.3MB

                    MD5

                    d9d4bbb51d6a031ec937aca02637cf73

                    SHA1

                    0fb03fbf3f3ca1cc6905f85133e54fd295c9c77a

                    SHA256

                    527c83f0bfb77dc93b9f1b380c4192ece184108ad39e225d7f50acc65e644b4e

                    SHA512

                    11602aad61acc7cee525d2b5fd313f8826e711d8733ad36104eb4df6852c2d9ad7c1310977ef224ff3cd2e202ef4cf25b9497cb5b7bd24e915604aa49d2bcf46

                  • /root/.mozilla/firefox/pdnxgwza.default-release/prefs-1.js

                    Filesize

                    2KB

                    MD5

                    c10d71cb5bed66a9814ab99c7b6f4ca8

                    SHA1

                    f78c236cc936bf3987320897ea83174c46d1bc56

                    SHA256

                    88009532a30d8d67ed56f434fc05070efb6115403fb6375712de2a41b933da04

                    SHA512

                    094ddace373dca7e1bc1cce359aa669ad9dd6a1b91c5a85fedeac3e40e47712069754cfac9c498d3c3656f85ee7600bec295cf0cd57a3987f73bac41a7f857f3

                  • /root/.mozilla/firefox/pdnxgwza.default-release/prefs-1.js

                    Filesize

                    2KB

                    MD5

                    a5f8940c23c10395b5f2f76983014454

                    SHA1

                    d3fc86bc51eb0ee36f219579ac70507d0d037974

                    SHA256

                    b103adebac1efc9c5c7a37c7f521d64a22ce9026ff98a99495e897f280039198

                    SHA512

                    705e917eafa14ae859eb4df7e9c32916b10dc2c4982cae4370ca53b27dab5e0d3f16ed67e4e00581de02ed5faeace731c1fa8c18e384bb12b89910c0e2a25102

                  • /root/.mozilla/firefox/pdnxgwza.default-release/prefs-1.js

                    Filesize

                    3KB

                    MD5

                    3a3d55a37378a6d9fd63327ccb9dca59

                    SHA1

                    61a13f1abcdb9e93d63dc607c537f2c922d1fb73

                    SHA256

                    41c900bfade05b0186c1b25cf2afb38c733c8658999ae6a349521ac6e10f5e3d

                    SHA512

                    57d6f34663d8f1652d437fdd2703eeec30543e16db616d74c6db0387381fde352e22f6e49bb4c7ed3d633bbfb7275445f4b3ab3558f92040c46802610a13ca54

                  • /root/.mozilla/firefox/pdnxgwza.default-release/prefs-1.js

                    Filesize

                    4KB

                    MD5

                    e24e0f23676c6bcd69fb6812eadd1079

                    SHA1

                    775f4a75bcea6d358d82b507fc3b594efa7baeb1

                    SHA256

                    872fad9f449a3cc25de89e568c0ef9be7a001815f9e6420e26c17b42851442f6

                    SHA512

                    4775c08a640d9f9d222b37f5f7fe9d09e8b1cbef6728747c980b0760db8a86d1469da2db35197ed77b8ae72fcfa5a53e7ee5c3f95efda335b0f7366ec9a89da1

                  • /root/.mozilla/firefox/pdnxgwza.default-release/prefs-1.js

                    Filesize

                    4KB

                    MD5

                    26e2de4c87cdef83456b46a3c1770ecf

                    SHA1

                    6979a902775cf573142b595e4af31bccd38eed0a

                    SHA256

                    5249b0dfd731b52e6e8c85083891b5dfd7cb52634ab6962f002e80474c06e5b6

                    SHA512

                    6cf857216cc77c5110b0821c8af73092d860b0c567bab046e47d6f970c6093b0e19fc970f2aa5d836b4589cf32ca1278ec9ca885c1b186f0c082aef11a256cfb

                  • /root/.mozilla/firefox/pdnxgwza.default-release/prefs-1.js

                    Filesize

                    4KB

                    MD5

                    40788edb83e94c6e1ba36ec868de01c0

                    SHA1

                    1707f6ab1240f59a598b6f922e669c7b4216807f

                    SHA256

                    fe8c6eadc125bee0432f6ce506729b551971b0ceaf95bfbd17a91f8b522b3547

                    SHA512

                    ffacd522251e14df40b137b0f60f1c27893fb3ae87b2bc234ac27e10931d9b6cf604259ee4459ba0fd2e5bd5210eb12bed025e66deebdec91f3fe5a3e5671e15

                  • /root/.mozilla/firefox/pdnxgwza.default-release/prefs-1.js

                    Filesize

                    4KB

                    MD5

                    6bcc621dd8292ee8fc90727c8a20f455

                    SHA1

                    5117bf6e57074bb8ac4bca93eeed68f476314e64

                    SHA256

                    2a2fcc8a16aab94987dc3b7fa569d55fdde803e66ac597570fc1eee6fba92039

                    SHA512

                    1414e66bf3daac73945498c3f66e3f9e6ac46364cb69d46680e3c165af365d4eb4ecb1c6e9624608d1ef299b0cf8c6be1dd1adf363d96e65f1311f404227816a

                  • /root/.mozilla/firefox/pdnxgwza.default-release/prefs.js

                    Filesize

                    1KB

                    MD5

                    17beeece6814db5b1ad9a108359bf453

                    SHA1

                    11d1a12d564888db50aa823c32f5bcf436bd5e45

                    SHA256

                    e2ff66aa16eb32a8d6ffca1fc9495977e181939ff9b7f969ab1d1eddd7030d4a

                    SHA512

                    3fd8232bda968b86d4a9d2b1039194ddbf9b13e7897245772595bc5105a55c15ae48b01932969fc156964afbb6c4813192a2ea32d52d6397cb65035c493397cb

                  • /root/.mozilla/firefox/pdnxgwza.default-release/storage/ls-archive.sqlite

                    Filesize

                    96KB

                    MD5

                    e0c613bfd69956a19ce2dc5e925aa223

                    SHA1

                    14accb230edcd6cb76967cdc6d4e5686db96b5df

                    SHA256

                    0d4cb11f6364c46a75f9eaddfca5c660b90dfd515df3afcd5e0baeca28a0f1ab

                    SHA512

                    01643c0131a392be92b3f281d7f633c1f502bff19090b0d716f1ac66aefecc3fcf92f393bef66b03089c9b9c6d8aaeb711b6a4f29d5a6729dd188c838f2272d1

                  • /root/.mozilla/firefox/pdnxgwza.default-release/storage/ls-archive.sqlite

                    Filesize

                    128KB

                    MD5

                    178d71e5529d637ac62f7e75fdd75896

                    SHA1

                    339f2b949cc4c207b66aea11137448ba28d36dcb

                    SHA256

                    7b0050f1bfaab85c8f9067ae7d7369056ff752c0c852ef1462a96c22169004d4

                    SHA512

                    ec0e0105fcfbbae356dd55efbcf92975f35bbe5cb93fcabf4c08443e871957635d14830b27c4e1ddefbbaff8f9b7ec3590bf417a9442e1d7ee3607d14d56f664

                  • /root/.mozilla/firefox/pdnxgwza.default-release/storage/permanent/chrome/.metadata-v2-tmp

                    Filesize

                    42B

                    MD5

                    cc15a2f56cabbf2f7ab722266f1c044d

                    SHA1

                    0ecc72eadb6831118fe55a233a4d29d18d515993

                    SHA256

                    98bd8235ecb92073a3101480fbf9042b4cb630af9ab43fd3dc972e625bc54ea1

                    SHA512

                    a809cb43887c9610201764412e455993845ae0520f9290043a20dcaa50882d1b4ca104ed458abde4a9ff104154ed04736b6648f7305ded8c87c854e4d7c528cd

                  • /root/.mozilla/firefox/pdnxgwza.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite

                    Filesize

                    44KB

                    MD5

                    a8dd7ebaad5528b23f82ccb1534cea18

                    SHA1

                    600daceacfb5cf9df0b66ba7dce4516b2ac4df70

                    SHA256

                    e5b0d02c18ae36c4a220f41fd97c66060c17aaafcbb324a57ccdc2707c44c4ec

                    SHA512

                    67f867a8e2b37fb6bececd5ebc570ca594ea329142badd63d1281d5e735f515a5e329abc6eb9a9d3465aab0a08541b4888018d859964f160a52345ab93532bff

                  • /root/.mozilla/firefox/pdnxgwza.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite

                    Filesize

                    12KB

                    MD5

                    5314ae58bc889b2323fc46d8217fd376

                    SHA1

                    e09a54d802e6c7a9bf3ef73167ec685bfbf28bc7

                    SHA256

                    8b862645cbb1dc9d0cca6d4ff983e4f1cff3b0af59e6a429d9fa1118549a462b

                    SHA512

                    1827062dac487183b1245c7b1da8420b7bd137d81011b195c92d4e79935d0ce7b1d39ab4cb3d16deb42fbb90d07abd0c329d69fcd992e9fea4f165f3367ba25e

                  • /root/.mozilla/firefox/pdnxgwza.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite

                    Filesize

                    44KB

                    MD5

                    7352c8848e88edc39b7fb5e663888187

                    SHA1

                    8c3dffe25cc56c7aec1b782292d6fceed81e6304

                    SHA256

                    7a462086a26978809c719e57a7ea6a25568767fb7532014e8531fda94b660e0a

                    SHA512

                    f2a0dbbab5c2c1702b03bce15a47739481f523e127d1372b40534db9a20b2bc99fb53710ee0e5d44176188817cac704cf4f98cdf087e7e89d244281fcfc3b280

                  • /root/.mozilla/firefox/pdnxgwza.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite

                    Filesize

                    12KB

                    MD5

                    f2013da5bb134fb73f93d134d788f822

                    SHA1

                    38c09e550713b46ca28945e055ad5ad03af25213

                    SHA256

                    2ee16c3e642d7105c67fd59c772ad14dcdf0b40917eff5e5200dbee2077aca40

                    SHA512

                    0e971e3ada2ee74aaec3963abc57cafc92c552cb6fdb882ebe300c543209b99d950a6cd86d8d33ca0847c3a8b66cee896a849c9b5f36ba8fccfa5ca23ee9f15d

                  • /root/.mozilla/firefox/pdnxgwza.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite

                    Filesize

                    44KB

                    MD5

                    759544297aaa61f5fef8ee42d0ae4393

                    SHA1

                    fc2d66f6e60409e3e8d38623ce5f817fc7f571e0

                    SHA256

                    1bd2000cd972e80cefaec6e982ba261d224a818f367de0fdf8c51fa5a05d7ab5

                    SHA512

                    8aaa2ce66f10d46f7c9200af841ac7bd9f5b55c30308a14f0deda44ac62581c45daae45154487c0073a0d5847d5926cbb4072ca64a702ac6b834ad0bb482804f

                  • /root/.mozilla/firefox/pdnxgwza.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite

                    Filesize

                    12KB

                    MD5

                    994bebb82bc25a640bd6fc6329647186

                    SHA1

                    302955bf3b363b1bd0a82b6efb3d2f7dc9e73e0f

                    SHA256

                    228b7143fff21261c55b8bc702ab4ac84c3921b5c591955a9f6e05b3e3a0c6fc

                    SHA512

                    882ea73720bdc366698e035dbf265a1728f0ef2186326ffebe43786ea3b0045f8734cf6c676dbd450895b6fb2302410d519ca48bd490a076c8203ca5aab27772

                  • /root/.mozilla/firefox/pdnxgwza.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite

                    Filesize

                    16KB

                    MD5

                    7429018a2112cc83660b3f8cfb139499

                    SHA1

                    e5d1db486ee51b8e425aa92d17f215fab93060d0

                    SHA256

                    bccf25342b359891cc3cc0d49a3a2a37f0f257dda84bd5a18305ea1a297660cd

                    SHA512

                    d96536f48f12feb5c628b293712c41ce83294f1ca83f2b67705710545503cb713baa92c9d2cd95e19a713a9e2e86cc83fc719edcf14788d7dff9829f96169f38

                  • /root/.mozilla/firefox/pdnxgwza.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

                    Filesize

                    44KB

                    MD5

                    07a412e08825220262ad2890757ff779

                    SHA1

                    f46c127dbc070ded87a6078b3c1c761955f96de8

                    SHA256

                    da640f8b665841b520d2262a21cc3f82aeaa881cf81a1ddae27ef501d66544e4

                    SHA512

                    0134c783bf3293848e479b478ac57a1e0f4202cddfb8b57bc6275aada7345f398cf8a627e9b1c34fd618192c2f0c9737b1da487daf33f9c557ebc1377105582b

                  • /root/.mozilla/firefox/pdnxgwza.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

                    Filesize

                    12KB

                    MD5

                    6dae7aa4f9691823d135e6fcb5a68bb7

                    SHA1

                    977e06b067a1dd4a3ed109b8b452c8227d7573e1

                    SHA256

                    d74c2c52e9577a7e9fb685755cb636679ac58a51b63f5c29aeed3e6e31051c4e

                    SHA512

                    6365f8015b378f7638c0f7cc9e86d674ab2d5904b7fb11dd0d23c1cef2276a29487e82145c55609d134ea83c11e376de3e07ad8ae1f4bff6033474a4759d78b4

                  • /root/.mozilla/firefox/pdnxgwza.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

                    Filesize

                    164KB

                    MD5

                    9c760157c57749ff94ae2b78d9545c4c

                    SHA1

                    86497b648366e1df95da5936a38a5c6e654447f6

                    SHA256

                    5a3ecaea48e4c22ad77ec23026d1268bec9527bf818ee77c175d5b4e35831c7c

                    SHA512

                    5ca602403434aeec6a22bf48a0008661a2c9f36186b1e4daa09de08cf9b5bb640cdf569c0bde491c2a9930d25cc9c52a2b5daa4bba75cda801fc68839243e804

                  • /root/.mozilla/firefox/pdnxgwza.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

                    Filesize

                    148KB

                    MD5

                    dd3f6ba37c670af5953593535e435d04

                    SHA1

                    ecfe4e650a050bce77e8ff7468de04c1b8acc9a4

                    SHA256

                    5cc6fa137a1f3a7d0b615b178877f12c460b22f95702eb7534d5732ee6599561

                    SHA512

                    86e0482543faae6fb279ca71e1e6d6461d32317e74baebb3973e0fde9800107faeb9c2347be6cf8a47556ae43c8e6c224a595e952f621e40ad2c5eba920df2b3

                  • /root/.mozilla/firefox/pdnxgwza.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

                    Filesize

                    232KB

                    MD5

                    02dab7dd59ab6ccf75cd73d0d4ca7cc0

                    SHA1

                    28c0b9bd95f09a1674260e501e9ec9cdcb0eb6c4

                    SHA256

                    92c0cfde3837ce37353c3c54839c7f7a067622c886131a99b9b74eed837df00e

                    SHA512

                    9da3abe0c6fad322aaf28dca0ef5964006f435a7b1505c474762c98bd6ac71f07ee83df881aa97f3991c17b528f45e3a27f3a7060977e1f76ae9a5afaaa01a5e

                  • /root/.mozilla/firefox/pdnxgwza.default-release/times.json

                    Filesize

                    50B

                    MD5

                    680e49738a3160033f32ef3cb874cef5

                    SHA1

                    570a11c7a5615ca6806db6fb530483ac5f1a7973

                    SHA256

                    37939f6c42b2f5086b2082e2a0bd61c4aa1c704d3a352b56fc0d7ef88cfb590b

                    SHA512

                    38bb2c22ac75aaaf2520777dc234fcfec959ccbb205f4d3f9d19847887612fdcc2d2869f60095b4cf7d58975e82fef4ebcb6b293934350834131fc91efe010be

                  • /root/.mozilla/firefox/pdnxgwza.default-release/times.json

                    Filesize

                    47B

                    MD5

                    e8cdcbdb0733c5e40b750ca4099d57c5

                    SHA1

                    311d8ffe7364c52024a3278a6f316ec2f13ed828

                    SHA256

                    055270b6d75ef002f3fcfdb38becd2ec0394e062ca49a10bca9178a14b2fdb35

                    SHA512

                    a56c878b78c2f72d6d446430937f1aab47aaad78aabeba99637c1d49d44611bb3f6db844a851ecbd6139503d94a8c714c54982ecad6bedacb80cfc84c2a97e63

                  • /root/.mozilla/firefox/profiles.ini

                    Filesize

                    259B

                    MD5

                    43db06b85c80e1687520ef19c37e25e2

                    SHA1

                    28c2eb4eb773120d64dd5da1b487cc7484281f03

                    SHA256

                    21f2c18ac3bd5eca5bca4264140188b8b825297ca463044ea9e082dddaf749a4

                    SHA512

                    20bfb8e9422e76fbd5586eaa27555e213f2ce04f6d81452a04ddb3f81092570e25ff991e4a5b514bf7e626fb01da302ad733826f1cb4fb9bbd980d71647234c7