hxxp://rollbit[.]com

Analysis

max time kernel
99s
max time network
102s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20240226-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20240226-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
17-04-2024 10:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://rollbit.com

Score

7^/10

antivm spyware stealer

Malware Config

Signatures

Changes its process name 64 IoCs

Processes:

firefox

description	ioc	pid
Changes the process name, possibly in an attempt to hide itself	glean.dispatche	1624
Changes the process name, possibly in an attempt to hide itself	IPC I/O Parent	1625
Changes the process name, possibly in an attempt to hide itself	IPC I/O Parent	1625
Changes the process name, possibly in an attempt to hide itself	IPC I/O Parent	1625
Changes the process name, possibly in an attempt to hide itself	Backgro~Pool #1	1633
Changes the process name, possibly in an attempt to hide itself	IPDL Background	1632
Changes the process name, possibly in an attempt to hide itself	Backgro~Pool #1	1633
Changes the process name, possibly in an attempt to hide itself	IPDL Background	1632
Changes the process name, possibly in an attempt to hide itself	Socket Thread	1631
Changes the process name, possibly in an attempt to hide itself	Socket Thread	1631
Changes the process name, possibly in an attempt to hide itself	Netlink Monitor	1630
Changes the process name, possibly in an attempt to hide itself	Netlink Monitor	1630
Changes the process name, possibly in an attempt to hide itself	Timer	1629
Changes the process name, possibly in an attempt to hide itself	Timer	1629
Changes the process name, possibly in an attempt to hide itself	HTML5 Parser	1634
Changes the process name, possibly in an attempt to hide itself	HTML5 Parser	1634
Changes the process name, possibly in an attempt to hide itself	JS Watchdog	1636
Changes the process name, possibly in an attempt to hide itself	JS Watchdog	1636
Changes the process name, possibly in an attempt to hide itself	BGReadURLs	1638
Changes the process name, possibly in an attempt to hide itself	BGReadURLs	1638
Changes the process name, possibly in an attempt to hide itself	Cache2 I/O	1639
Changes the process name, possibly in an attempt to hide itself	Cookie	1640
Changes the process name, possibly in an attempt to hide itself	Cookie	1640
Changes the process name, possibly in an attempt to hide itself	StreamTrans #1	1641
Changes the process name, possibly in an attempt to hide itself	StreamTrans #1	1641
Changes the process name, possibly in an attempt to hide itself	TaskCon~ller #1	1643
Changes the process name, possibly in an attempt to hide itself	TaskCon~ller #0	1642
Changes the process name, possibly in an attempt to hide itself	BgIOThr~Pool #1	1644
Changes the process name, possibly in an attempt to hide itself	BgIOThr~Pool #1	1644
Changes the process name, possibly in an attempt to hide itself	StreamTrans #2	1645
Changes the process name, possibly in an attempt to hide itself	StreamTrans #2	1645
Changes the process name, possibly in an attempt to hide itself	QuotaManager IO	1646
Changes the process name, possibly in an attempt to hide itself	QuotaManager IO	1646
Changes the process name, possibly in an attempt to hide itself	IndexedDB #1	1647
Changes the process name, possibly in an attempt to hide itself	IndexedDB #1	1647
Changes the process name, possibly in an attempt to hide itself	IPC Launch	1650
Changes the process name, possibly in an attempt to hide itself	IPC Launch	1650
Changes the process name, possibly in an attempt to hide itself	SandboxReporter	1649
Changes the process name, possibly in an attempt to hide itself	SandboxReporter	1649
Changes the process name, possibly in an attempt to hide itself	Breakpad Server	1648
Changes the process name, possibly in an attempt to hide itself	DOM Worker	1652
Changes the process name, possibly in an attempt to hide itself	DOM Worker	1652
Changes the process name, possibly in an attempt to hide itself	Sandbox Forked	1651
Changes the process name, possibly in an attempt to hide itself	Chroot Helper	1653
Changes the process name, possibly in an attempt to hide itself	StreamTrans #5	1656
Changes the process name, possibly in an attempt to hide itself	StreamTrans #5	1656
Changes the process name, possibly in an attempt to hide itself	StreamTrans #4	1655
Changes the process name, possibly in an attempt to hide itself	StreamTrans #4	1655
Changes the process name, possibly in an attempt to hide itself	StreamTrans #3	1654
Changes the process name, possibly in an attempt to hide itself	StreamTrans #3	1654
Changes the process name, possibly in an attempt to hide itself	MainThread	1651	firefox
Changes the process name, possibly in an attempt to hide itself	IPC I/O Child	1658
Changes the process name, possibly in an attempt to hide itself	IPC I/O Child	1658
Changes the process name, possibly in an attempt to hide itself	IPC I/O Child	1658
Changes the process name, possibly in an attempt to hide itself	Socket Process	1651	firefox
Changes the process name, possibly in an attempt to hide itself	FSBroker1651	1659
Changes the process name, possibly in an attempt to hide itself	FSBroker1651	1659
Changes the process name, possibly in an attempt to hide itself	Backgro~Pool #1	1660
Changes the process name, possibly in an attempt to hide itself	Backgro~Pool #1	1660
Changes the process name, possibly in an attempt to hide itself	Socket Thread	1661
Changes the process name, possibly in an attempt to hide itself	Socket Thread	1661
Changes the process name, possibly in an attempt to hide itself	ProfilerChild	1662
Changes the process name, possibly in an attempt to hide itself	ProfilerChild	1662
Changes the process name, possibly in an attempt to hide itself	Timer	1663

Reads user data of web browsers 64 IoCs

Reads stored browser data which can include saved credentials.

spyware stealer

Processes:

firefox

description	ioc
File opened for reading	/root/.mozilla/firefox/json66vy.default-release
File opened for reading	/root/.mozilla/firefox/json66vy.default-release/sessionstore-backups/recovery.jsonlz4
File opened for reading	/root/.mozilla/firefox/json66vy.default-release/sessionstore-backups/recovery.baklz4
File opened for reading	/root/.mozilla/firefox/json66vy.default-release/places.sqlite
File opened for reading	/root/.mozilla/firefox/json66vy.default-release/key4.db	firefox
File opened for reading	/root/.mozilla/firefox/json66vy.default-release/cert9.db-journal
File opened for reading	/root/.mozilla/firefox/json66vy.default-release/gmp-gmpopenh264/1.8.1.2/gmpopenh264.info
File opened for reading	/root/.mozilla/firefox/json66vy.default-release/extensions	firefox
File opened for reading	/root/.mozilla/firefox/json66vy.default-release/storage.sqlite
File opened for reading	/root/.mozilla/firefox/json66vy.default-release/storage/ls-archive.sqlite-journal
File opened for reading	/root/.mozilla/firefox/json66vy.default-release/permissions.sqlite
File opened for reading	/root/.mozilla/firefox/json66vy.default-release/permissions.sqlite-journal
File opened for reading	/root/.mozilla/firefox/json66vy.default-release/storage
File opened for reading	/root/.mozilla/firefox/json66vy.default-release/handlers.json	firefox
File opened for reading	/root/.mozilla/firefox/json66vy.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-wal
File opened for reading	/root/.mozilla/firefox/json66vy.default-release/prefs.js	firefox
File opened for reading	/root/.mozilla/firefox/json66vy.default-release/cookies.sqlite
File opened for reading	/root/.mozilla/firefox/json66vy.default-release/cookies.sqlite-journal
File opened for reading	/root/.mozilla/firefox/json66vy.default-release/addonStartup.json.lz4	firefox
File opened for reading	/root/.mozilla/firefox/json66vy.default-release/storage.sqlite-journal
File opened for reading	/root/.mozilla/firefox/json66vy.default-release/storage/default
File opened for reading	/root/.mozilla/firefox/json66vy.default-release/key4.db
File opened for reading	/root/.mozilla/firefox/json66vy.default-release/webappsstore.sqlite-journal
File opened for reading	/root/.mozilla/firefox/json66vy.default-release/system-extensions	firefox
File opened for reading	/root/.mozilla/firefox/json66vy.default-release/sessionCheckpoints.json
File opened for reading	/root/.mozilla/firefox/json66vy.default-release/times.json
File opened for reading	/root/.mozilla/firefox/json66vy.default-release/cert9.db	firefox
File opened for reading	/root/.mozilla/firefox/json66vy.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite
File opened for reading	/root/.mozilla/firefox/json66vy.default-release/storage/permanent/chrome/idb
File opened for reading	/root/.mozilla/firefox/json66vy.default-release/sessionstore.js
File opened for reading	/root/.mozilla/firefox/json66vy.default-release/protections.sqlite
File opened for reading	/root/.mozilla/firefox/json66vy.default-release/storage/permanent
File opened for reading	/root/.mozilla/firefox/json66vy.default-release/webappsstore.sqlite-wal
File opened for reading	/root/.mozilla/firefox/json66vy.default-release/storage/permanent/chrome
File opened for reading	/root/.mozilla/firefox/json66vy.default-release/sessionstore-backups/recovery.js
File opened for reading	/root/.mozilla/firefox/json66vy.default-release/favicons.sqlite
File opened for reading	/root/.mozilla/firefox/json66vy.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
File opened for reading	/root/.mozilla/firefox/json66vy.default-release/thumbnails
File opened for reading	/root/.mozilla/firefox/json66vy.default-release/cookies.sqlite	firefox
File opened for reading	/root/.mozilla/firefox/json66vy.default-release/cert_override.txt	firefox
File opened for reading	/root/.mozilla/firefox/json66vy.default-release/browser-extension-data/amazondotcom@search.mozilla.org/storage.js
File opened for reading	/root/.mozilla/firefox/json66vy.default-release/SiteSecurityServiceState.txt
File opened for reading	/root/.mozilla/firefox/json66vy.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite-wal
File opened for reading	/root/.mozilla/firefox/json66vy.default-release/webappsstore.sqlite
File opened for reading	/root/.mozilla/firefox/json66vy.default-release/sessionstore-backups/recovery.bak
File opened for reading	/root/.mozilla/firefox/json66vy.default-release/addons.json
File opened for reading	/root/.mozilla/firefox/json66vy.default-release/pkcs11.txt	firefox
File opened for reading	/root/.mozilla/firefox/json66vy.default-release/ClientAuthRememberList.txt
File opened for reading	/root/.mozilla/firefox/json66vy.default-release/shield-preference-experiments.json
File opened for reading	/root/.mozilla/firefox/json66vy.default-release/cert9.db
File opened for reading	/root/.mozilla/firefox/json66vy.default-release/cookies.sqlite-journal	firefox
File opened for reading	/root/.mozilla/firefox/json66vy.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite-wal
File opened for reading	/root/.mozilla/firefox/json66vy.default-release/cert9.db-journal	firefox
File opened for reading	/root/.mozilla/firefox/json66vy.default-release/storage/temporary
File opened for reading	/root/.mozilla/firefox/json66vy.default-release/favicons.sqlite-wal
File opened for reading	/root/.mozilla/firefox/json66vy.default-release/user.js	firefox
File opened for reading	/root/.mozilla/firefox/json66vy.default-release/extension-preferences.json
File opened for reading	/root/.mozilla/firefox/json66vy.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite-journal
File opened for reading	/root/.mozilla/firefox/json66vy.default-release/AlternateServices.txt
File opened for reading	/root/.mozilla/firefox/json66vy.default-release/xulstore.json	firefox
File opened for reading	/root/.mozilla/firefox/json66vy.default-release/storage/ls-archive.sqlite
File opened for reading	/root/.mozilla/firefox/json66vy.default-release/sessionstore.jsonlz4
File opened for reading	/root/.mozilla/firefox/json66vy.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-journal
File opened for reading	/root/.mozilla/firefox/json66vy.default-release/sessionstore-backups/previous.js

Checks CPU configuration 1 TTPs 1 IoCs
Checks CPU information which indicate if the system is a virtual machine.
antivm

Virtualization/Sandbox Evasion
T1497

Processes:

description ioc

File opened for reading /proc/cpuinfo

description	ioc
File opened for reading	/proc/cpuinfo

Reads CPU attributes 1 TTPs 3 IoCs

System Information Discovery

T1082

Processes:

firefoxfirefox

description	ioc
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/present	firefox

Enumerates kernel/hardware configuration 1 TTPs 55 IoCs

Reads contents of /sys virtual filesystem to enumerate system information.

System Information Discovery

T1082

Processes:

firefoxdbus-daemonfirefox

description	ioc
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/class
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/vendor
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/irq
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/vendor
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/device
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/vendor
File opened for reading	/sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/resource
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/irq
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/class
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/resource
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/irq
File opened for reading	/sys/bus/pci/devices
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/vendor
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/resource
File opened for reading	/sys/kernel/security/apparmor/features/dbus/mask	dbus-daemon
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/class
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/resource
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/irq
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/vendor
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/vendor
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/vendor
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/class
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/device
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/class
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/subsystem_device
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/resource
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/device
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/irq
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/device
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/uevent
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/device
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/vendor
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/irq
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/device
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/device
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/vendor
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/irq
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/class
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/resource
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/vendor
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/class
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/device
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/subsystem_vendor
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/resource
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/resource
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/class
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/irq
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/irq
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/device
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/class
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/resource
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/device

Reads runtime system information 55 IoCs

Reads data from /proc virtual filesystem.

Processes:

dbus-daemonsedfirefoxfirefoxxdg-desktop-portal-gtksedsedgvfsd-fusexdg-permission-storesedxdg-document-portalxdg-desktop-portalsedgvfsd

description	ioc	process
File opened for reading	/proc/mounts	dbus-daemon
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/self/fd/42	firefox
File opened for reading	/proc/self/fd/49	firefox
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/self/fd/47	firefox
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/1529/status
File opened for reading	/proc/1529/attr/current
File opened for reading	/proc/1678/cmdline
File opened for reading	/proc/filesystems	xdg-desktop-portal-gtk
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/self/fd/31	firefox
File opened for reading	/proc/self/fd/44	firefox
File opened for reading	/proc/filesystems	gvfsd-fuse
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/self/fd/33	firefox
File opened for reading	/proc/self/fd/74	firefox
File opened for reading	/proc/self/fd/41	firefox
File opened for reading	/proc/filesystems	xdg-permission-store
File opened for reading	/proc/sys/kernel/cap_last_cap
File opened for reading	/proc/self/task/1616/stat
File opened for reading	/proc/self/mountinfo
File opened for reading	/proc/self/fd/46	firefox
File opened for reading	/proc/self/fd
File opened for reading	/proc/1518/cmdline
File opened for reading	/proc/self/fd/43	firefox
File opened for reading	/proc/self/fd/51	firefox
File opened for reading	/proc/1545/cmdline
File opened for reading	/proc/self/fd/29	firefox
File opened for reading	/proc/1689/cmdline
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/1698/cmdline
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/self/fd/39	firefox
File opened for reading	/proc/self/fd/50	firefox
File opened for reading	/proc/filesystems	xdg-document-portal
File opened for reading	/proc/1693/cmdline
File opened for reading	/proc/self/fd/76	firefox
File opened for reading	/proc/self/stat
File opened for reading	/proc/self/mountinfo	firefox
File opened for reading	/proc/self/fd/38	firefox
File opened for reading	/proc/self/fd/45	firefox
File opened for reading	/proc/filesystems	xdg-desktop-portal
File opened for reading	/proc/self/fd/6	firefox
File opened for reading	/proc/filesystems	dbus-daemon
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/self/task/1657/stat
File opened for reading	/proc/1669/cmdline
File opened for reading	/proc/self/cgroup	firefox
File opened for reading	/proc/1614/cmdline
File opened for reading	/proc/self/fd/48	firefox
File opened for reading	/proc/1674/cmdline
File opened for reading	/proc/filesystems	gvfsd

Writes file to tmp directory 2 IoCs
Malware often drops required files in the /tmp directory.

Processes:

firefox

description ioc process

File opened for modification /tmp/firefox/.parentlock firefox
File opened for modification /tmp/tmpaddon

description	ioc	process
File opened for modification	/tmp/firefox/.parentlock	firefox
File opened for modification	/tmp/tmpaddon

/usr/bin/xdg-open
xdg-open http://rollbit.com
1⤵
PID:1517

/usr/bin/dbus-send
dbus-send --print-reply "--dest=org.freedesktop.DBus" /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager
2⤵
PID:1518

/usr/bin/dbus-launch
dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr
3⤵
PID:1519

/bin/grep
grep " = \\\"xfce4\\\"\$"
2⤵
PID:1531

/usr/bin/xprop
xprop -root _DT_SAVE_MODE
2⤵
PID:1530

/bin/grep
grep -i "^xfce_desktop_window"
2⤵
PID:1533

/usr/bin/xprop
xprop -root
2⤵
PID:1532

/bin/grep
grep -q "^Enlightenment"
2⤵
PID:1535

/bin/uname
uname
2⤵
PID:1536

/bin/grep
grep -q "^file://"
2⤵
PID:1538

/bin/egrep
egrep -q "^[[:alpha:]+\\.\\-]+:"
2⤵
PID:1540

/usr/local/sbin/grep
grep -E -q "^[[:alpha:]+\\.\\-]+:"
2⤵
PID:1540

/usr/local/bin/grep
grep -E -q "^[[:alpha:]+\\.\\-]+:"
2⤵
PID:1540

/usr/sbin/grep
grep -E -q "^[[:alpha:]+\\.\\-]+:"
2⤵
PID:1540

/usr/bin/grep
grep -E -q "^[[:alpha:]+\\.\\-]+:"
2⤵
PID:1540

/sbin/grep
grep -E -q "^[[:alpha:]+\\.\\-]+:"
2⤵
PID:1540

/bin/grep
grep -E -q "^[[:alpha:]+\\.\\-]+:"
2⤵
PID:1540

/usr/bin/xdg-mime
xdg-mime query default x-scheme-handler/http
2⤵
PID:1544

/usr/bin/dbus-send
dbus-send --print-reply "--dest=org.freedesktop.DBus" /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager
3⤵
PID:1545

/usr/bin/dbus-launch
dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr
4⤵
PID:1546

/bin/grep
grep " = \\\"xfce4\\\"\$"
3⤵
PID:1548

/usr/bin/xprop
xprop -root _DT_SAVE_MODE
3⤵
PID:1547

/bin/grep
grep -i "^xfce_desktop_window"
3⤵
PID:1550

/usr/bin/xprop
xprop -root
3⤵
PID:1549

/bin/grep
grep -q "^Enlightenment"
3⤵
PID:1552

/bin/uname
uname
3⤵
PID:1553

/usr/bin/which
which firefox
2⤵
PID:1599

/usr/bin/firefox
/usr/bin/firefox http://rollbit.com
2⤵
PID:1614

/usr/bin/which
which /usr/bin/firefox
3⤵
PID:1615

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox http://rollbit.com
2⤵
- Reads user data of web browsers
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
- Writes file to tmp directory
PID:1614

/usr/bin/dbus-launch
dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr
3⤵
PID:1621

/usr/local/sbin/dbus-launch
dbus-launch "--autolaunch=11c67417355f45d397f6be11f62e85a6" --binary-syntax --close-stderr
3⤵
PID:1666

/usr/local/bin/dbus-launch
dbus-launch "--autolaunch=11c67417355f45d397f6be11f62e85a6" --binary-syntax --close-stderr
3⤵
PID:1666

/usr/sbin/dbus-launch
dbus-launch "--autolaunch=11c67417355f45d397f6be11f62e85a6" --binary-syntax --close-stderr
3⤵
PID:1666

/usr/bin/dbus-launch
dbus-launch "--autolaunch=11c67417355f45d397f6be11f62e85a6" --binary-syntax --close-stderr
3⤵
PID:1666

/usr/bin/dbus-daemon
/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session
1⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1524

/bin/sed
sed -n "s/\$^[[:alnum:]+\\.-]*\$:.*\$/\\1/p"
1⤵
- Reads runtime system information
PID:1543

/bin/sed
sed "s/:/ /g"
1⤵
- Reads runtime system information
PID:1556

/usr/bin/cut
cut -d ";" -f 1
1⤵
PID:1561

/usr/bin/cut
cut -d "=" -f 2
1⤵
PID:1560

/usr/bin/head
head -n 1
1⤵
PID:1559

/bin/grep
grep "x-scheme-handler/http=" /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache
1⤵
PID:1558

/usr/bin/cut
cut -d ";" -f 1
1⤵
PID:1566

/usr/bin/cut
cut -d "=" -f 2
1⤵
PID:1565

/bin/grep
grep "x-scheme-handler/http=" /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache
1⤵
PID:1563

/usr/bin/head
head -n 1
1⤵
PID:1564

/usr/bin/cut
cut -d ";" -f 1
1⤵
PID:1571

/usr/bin/cut
cut -d "=" -f 2
1⤵
PID:1570

/usr/bin/head
head -n 1
1⤵
PID:1569

/bin/grep
grep "x-scheme-handler/http=" /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache
1⤵
PID:1568

/usr/bin/cut
cut -d ";" -f 1
1⤵
PID:1576

/usr/bin/cut
cut -d "=" -f 2
1⤵
PID:1575

/usr/bin/head
head -n 1
1⤵
PID:1574

/bin/grep
grep "x-scheme-handler/http=" /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache
1⤵
PID:1573

/usr/bin/cut
cut -d ";" -f 1
1⤵
PID:1581

/usr/bin/cut
cut -d "=" -f 2
1⤵
PID:1580

/usr/bin/head
head -n 1
1⤵
PID:1579

/bin/grep
grep "x-scheme-handler/http=" /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache
1⤵
PID:1578

/bin/sed
sed "s/:/ /g"
1⤵
- Reads runtime system information
PID:1584

/bin/sed
sed -e "s|-|/|"
1⤵
- Reads runtime system information
PID:1587

/bin/sed
sed -e "s|-|/|"
1⤵
- Reads runtime system information
PID:1590

/usr/bin/cut
cut "-d=" -f 2-
1⤵
PID:1597

/usr/bin/cut
cut "-d=" -f 2-
1⤵
PID:1605

/usr/bin/cut
cut "-d=" -f 2-
1⤵
PID:1608

/usr/bin/cut
cut "-d=" -f 2-
1⤵
PID:1613

/usr/bin/lsb_release
/usr/bin/lsb_release -idrc
1⤵
PID:1637

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -parentBuildID 20230522134052 -prefsLen 19257 -prefMapSize 230809 -appDir /usr/lib/firefox/browser "{b8e85e6d-f28e-4355-bc2d-af5b91a30510}" 1614 true socket
1⤵
- Changes its process name
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1651

/usr/libexec/xdg-desktop-portal
/usr/libexec/xdg-desktop-portal
1⤵
- Reads runtime system information
PID:1669

/usr/libexec/xdg-document-portal
/usr/libexec/xdg-document-portal
1⤵
- Reads runtime system information
PID:1674

/usr/libexec/xdg-permission-store
/usr/libexec/xdg-permission-store
1⤵
- Reads runtime system information
PID:1678

/usr/libexec/xdg-desktop-portal-gtk
/usr/libexec/xdg-desktop-portal-gtk
1⤵
- Reads runtime system information
PID:1689

/usr/lib/gvfs/gvfsd
/usr/lib/gvfs/gvfsd
1⤵
- Reads runtime system information
PID:1693

/usr/lib/gvfs/gvfsd-fuse
/usr/lib/gvfs/gvfsd-fuse /root/.gvfs -f -o big_writes
1⤵
- Reads runtime system information
PID:1698

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Virtualization/Sandbox Evasion

T1497

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

/root/.cache/dconf/user
Filesize
2B

MD5
97e5469b504c8e8fdff3870a9c170505

SHA1
f1e39479b3f84f40a6dca061ace8c910036cb867

SHA256
d96bdf2090bd7dafe1ab0d9f7ffc4720d002c07abbf48df3969af497b1edbfb9

SHA512
0f50466ebbdcf0b5eac69916ebcf8e0b8b300f83c77fb1dd4022f3dada81ca97fea3d3c12bc5c281d281d59a19a839142f2e068af3aa3d79dd5d1e50971b8348

Download Submit
/root/.cache/mozilla/firefox/json66vy.default-release/cache2/entries/066FDF01653F3FD7A81FC6A9F57B2D11D3C85237
Filesize
13KB

MD5
a8d9e0bba90b4adffb51b7a6a2638724

SHA1
09e3183c6da1d379cec93e44425af5aa5eb83b0c

SHA256
5701ae7464c578174bb4512b87553e0999733d0004540a76f4f8430be3821911

SHA512
b25e86c5cee470f9758d009395594ae6bf7b710e8c8c6866dd4f8fb3354885ca738ca4797fe79bfff02eadcac08910e8ac18ce5588240f64992931bfc630fd8e

Download Submit
/root/.cache/mozilla/firefox/json66vy.default-release/cache2/entries/099EB2BF8827A4F91EAB3E38B14650D0205226F2
Filesize
16KB

MD5
b565f70b511ed688471b8b868ef82c8c

SHA1
41617bf548c5ce8900b5fb1a5a88252bfd2f5e7b

SHA256
817b42838819e08609c281d7891067c56f1660e4cf64fa7c01b008955bdba657

SHA512
8dea9ad794352c2e8c67701ed37c0b1bcfe5ae4af867a4b6afb142bb181b71867ed1c3ba18b43ff542f6c1fdeb7000e57741d56788ed086f0e6abaa188db203c

Download Submit
/root/.cache/mozilla/firefox/json66vy.default-release/cache2/entries/1094C727662E3AA0096519B50DB2D08E5B3D2371
Filesize
34KB

MD5
557c7bdef922edfa7a51cb69924a863a

SHA1
2a9bfd65c033660083e83023133be928a74ab632

SHA256
8cbb245b116c3c9de5ba3aafb40e118f00bbf202d6456936ff6114d4bae62191

SHA512
fb705179926572b439bb52d974a2bb981d73871b87935b419bba6f1c60db38208809383b2d5ff66384dc3216a91214184c941079446ad7a3baa503e0544d7c03

Download Submit
/root/.cache/mozilla/firefox/json66vy.default-release/cache2/entries/2F5C1F4DBEC4488EFFC2E09AC3EA2C0323BAD984
Filesize
13KB

MD5
bcfbb1c1256ecdb3afe7ab657b327781

SHA1
4b06a20918a82db324f7c9275c615c40662600bc

SHA256
0b2940de13dc5495f51a35328341e6b0cb3fc683ea8560b2531afebb188943b9

SHA512
137a0933403fdd4b3c19a7f4ff4abc67850e0001bf8ecd2d5b64ac8764780b273fa11fa914760918e67bad0592e7a3d885f838f7497be8e681d1426c4708d0f2

Download Submit
/root/.cache/mozilla/firefox/json66vy.default-release/cache2/entries/35F0A2FF4B4555DF80956150B324D0FA66FD56B3
Filesize
500KB

MD5
c858d569bae16eadd95d70f0c0fd8f1e

SHA1
dbabeed36a51e67240a7294f941e1d588d862839

SHA256
785306de3ff2d44ce3cbfc4c6db44ee318f2641c681f234e70f6b6beea834bbe

SHA512
3398679020e0002cee3cffbb29db322403918cb1b3cfd36563d1cac22260f23bb43ecafb97d09001fd5805d666f31d1b2cba15bed6d294a5838d097850681bf4

Download Submit
/root/.cache/mozilla/firefox/json66vy.default-release/cache2/entries/44230749A38B6989F56217B435A03E84CCADE62D
Filesize
26KB

MD5
02f849b4d0ba60c940e03d085b1fdeeb

SHA1
57d787f5cfa1674fd3d280287bb97c2dbf0675ad

SHA256
4459a250b04e18fa1b071607afe7b40f64385a1852e9a681654cb12e3a88558b

SHA512
464e79fa8d340bfc7bcb677a1a4b85475d467416c87efbab9e4f805ee22bf82fd3117e8b94f34b0afb289abb0ddf8239c9e9792e80ecae4ec8d6dedb5ec2bb60

Download Submit
/root/.cache/mozilla/firefox/json66vy.default-release/cache2/entries/537F4E37E43266B3D908CE3DA434141C2D8B5739
Filesize
36KB

MD5
32065130a9855e7410c8183f3a5bc3f9

SHA1
5a00e59d4b4387bff3a185b1688854e600d86b4b

SHA256
c33c737e3ee0ffcc10c466fd36ec9fe9e438d9f0545f04d10c27d826da08c6fd

SHA512
3a6282a9fe9af6c76a0a9b03bb4e97a77f55b860e987449a894c19d3cf4e95a1274883dc14a1d8951bf3975140cc57914ad78819c626fc243ee8bf713b225882

Download Submit
/root/.cache/mozilla/firefox/json66vy.default-release/cache2/entries/63F48F4F7F1BC3195F5AB831F9794F3DBA2D30E1
Filesize
9KB

MD5
b06dc7bb8611795442508395c240acdb

SHA1
938f7accd59307f4511b0b8da1450214798e1ed5

SHA256
1fbf95a9ee9022fbe289fef824b55728244660dda0b3217336549115950a3f80

SHA512
b348874c383a6e7acf4e15b6682f774f50d463526d9539ee0b4d65d5b786f92e54afd10dd818ea4182feff804211e59adaad591b615449fbb5cf6305aa4a9946

Download Submit
/root/.cache/mozilla/firefox/json66vy.default-release/cache2/entries/7943793AD6EF12CA229A1DF7A721B44C210BBC82
Filesize
34KB

MD5
153ea9d79aede81aedb1fd8f7cf6b830

SHA1
de848ad038c6581abc496613ac290192b435cf17

SHA256
7b23348294175d40b2d7d27b19a93b603fb9c0eb6fadd5d5ae64418a1c209c44

SHA512
6c55acc8f572be6124bbfe005095681b460f1328bc50ee93b2640c23ca88d360964de27697c25c7ad40ec3b9cdc8e8bc5ff3b8a3bcc3e155f290d1940c372301

Download Submit
/root/.cache/mozilla/firefox/json66vy.default-release/cache2/entries/A100D13B31B3B47B8A440E86B5443E2156994819
Filesize
818KB

MD5
4dfc21f82e49b2b41af07cbc6b4ac105

SHA1
fa8568625c8debd4f93f6ff8292ba3b6a6c75f11

SHA256
352772661292e4dfd2059cd6f4bf2d075f477f8c581515240731dcc6c0081a8f

SHA512
1af8a05c92b7bc11d8026465bb70f91d118bc6a17b4a8ef150a2c6711c93e3f93b719bf3cf45bcc3022ce5438a51c69b2077e3324bccb8ab5d9db17f63fd2156

Download Submit
/root/.cache/mozilla/firefox/json66vy.default-release/cache2/entries/B788D3450EE9BCD7CAE9822543E153A810532243
Filesize
14KB

MD5
c5df1f60f8cbc41912094e625b79968a

SHA1
ddb4a8d23ecee6e51ae00488d7b67f2d3dbcb96e

SHA256
732bf90f8758b957e2766db70c6477df12f09011724e2572d87d2683b2c04550

SHA512
ecdc7311041c783daac08866195bdeb64b395c0ec1910309d3b56dbd43d9a61295d90fe4020a47551f6646d8659d57369c846613975a1089635c9039ba943e92

Download Submit
/root/.cache/mozilla/firefox/json66vy.default-release/cache2/entries/C72D4296C2EBC6FD41A9F780CD0C8F30F0FF937C
Filesize
13KB

MD5
acd8c51fa9ecbb52f39530c4ec8d5378

SHA1
1b5c4e4cd6e73ea4a2c73717693f69bc984c29ed

SHA256
6a089093ec7898adfa2f46917a5b923f9f5d22b05b846a98510cd296545954b2

SHA512
d8faa77ad25559530659d7b3bc903ed820d2feab717412c9ace97b64522c3037b9ccfe7c58b194ff86d152fdba7b8b8a12219991040ade6a5a6726de2e4c3f54

Download Submit
/root/.cache/mozilla/firefox/json66vy.default-release/cache2/entries/C72D4296C2EBC6FD41A9F780CD0C8F30F0FF937C
Filesize
13KB

MD5
0431438930116b4aed584ae01745e44a

SHA1
afda9f34003f913ac9edb56eaad8504039c932d1

SHA256
f6a5dc191f96f4f0a073fcd8e78f2d2f3d906f6e400fe51c5f361b113c544abc

SHA512
4d095364071a19927fd2b5606bcf6307f0ffc53452ce4fd13c34a2de434600c8f0bc7ef4d0e1b4f73a8d111500da75c70d047250fbed3cda8e7e950ad630e8c2

Download Submit
/root/.cache/mozilla/firefox/json66vy.default-release/cache2/entries/CD654C7ADB739B7B6774D983700DDDBAC70C3BE0
Filesize
13KB

MD5
d449206aa0b75946cf14e4f6d9671003

SHA1
a65e06609941c87e042bb7f51bb262ffece30726

SHA256
22ecaded4bfc9d4bc1c99b1b132fb394f6c8a539e426f4e15d5afd940900310c

SHA512
9f14f148e62dc28f863681a9e9b9ca9c9d9200a64376294997ae6ead0df992ea50880c27e00de7411d0917854769e8aafe3f3d0bcd0bb1b636fa5ecaa3a17f0f

Download Submit
/root/.cache/mozilla/firefox/json66vy.default-release/cache2/entries/F742E6F6C150267395731D48D97A5CFBA146AD74
Filesize
9KB

MD5
5e85e4bad6d0e0dc20541822e276ebca

SHA1
89407848a6e1a46bb209297a969e12958d0e60f6

SHA256
cdc1602dd050e815c484ca0cbc18fcf2c4051ec17d34c67e87a4ee1aed5381fa

SHA512
b915956a618dd41ed405522e4a94e5a951380fc691b3e59e77b9620f4d8ea451bfe7479537c099b4828fac52b90ae008071a3ed29a65d5bfd63c37f4c51d39ae

Download Submit
/root/.cache/mozilla/firefox/json66vy.default-release/cache2/entries/F8CBD54DDA10F4286A41EC6A537240712D6C2308
Filesize
9KB

MD5
b29c2b0657410b8d3bbe308c347cc65a

SHA1
babc1ca7d60dba10ab5c911f05399b397946d9cc

SHA256
be69b0316c3f0ed4467d9af0d4f502baeb26f8c900cb11e15189099ff6f8604f

SHA512
a6a14cbdf4c10a91def8f43a63cd778ff8688fc8e9dec69c93130bee44a0c4e5ea26d31536b954eed667d84956befc704455e54e4c6bcb58ac9cae554c755add

Download Submit
/root/.dbus/session-bus/11c67417355f45d397f6be11f62e85a6-0
Filesize
466B

MD5
d3d0dc65e83462579b8197ad4520f41a

SHA1
b178d561dabcb4c31966e93ba4c95be1651b74ac

SHA256
44a7d0b23cd1b5aab1eb48b23201ebae1bd57a5e7e56f9fa80df51b4d77263a1

SHA512
7b2baf16a840f58df9f096a9f859f0fd7bbfff3f077d036abcf044f9a045f916dddb33418cc424ea7b37ca3516f1e6ba4b7029c3d2e0fb58edd704a7da4029f5

Download Submit
/root/.mozilla/firefox/Crash Reports/InstallTime20230522134052
Filesize
10B

MD5
81f179ac4bfcf9ca8ca3e5845a2619a1

SHA1
4a162f1106d0587ca45b804055ffd7023ef4de89

SHA256
43f8cee5797439762e1240c9847a6a4a2eebba600b490127ee1054afde200b30

SHA512
060b8d0f387ea08db4331c267d1a9f84740c9f11442ed87666e9d96055b40a0e0991bc9e29676b6700b5b302a782cc8748bb390a9f2a84e486bd5cff0eaf2222

Download Submit
/root/.mozilla/firefox/f3v9yva5.default/times.json
Filesize
47B

MD5
b5f2fee82823fd70eded11f2abdb5872

SHA1
2ac9a3b664bda1783775bad1a349138995e5a867

SHA256
bee68d3d69371f9a7f870d9b4f1a47b19b81a86714541ca270fd638e38a16303

SHA512
c985aa54ab3617c0050cac7828e048f46218f94cba2b3b4a8beabe1b83d8475c4b3ecf5b23364f14bbf3d1377e66049c844666d665f21a0234f10ec9ee8ca1b6

Download Submit
/root/.mozilla/firefox/installs.ini
Filesize
62B

MD5
2e94bdddd260c5f2d2052e8689551cc2

SHA1
1582d4e7cf44c6c722befa3743992a17f036095c

SHA256
8a16487e8a41fa840d4e677c16c1bc9bacafb6cd788918a4d35f0273e3e6c8fe

SHA512
fcd9585b495a00345829ae97908b15c0c6162692bd855c9e63eb606387a540578c691c10fad3b9d68622204189cad2c0d5637fdaa7053c45c699711152189cac

Download Submit
/root/.mozilla/firefox/json66vy.default-release/cert9.db
Filesize
224KB

MD5
ec2fa5f501ea1299e4ac6662a4c53ac3

SHA1
c504be90a6d1b9c39bf0be773f8c11c0e0f30362

SHA256
10d1a70ffa8db8fa8156bcee4029e64d672e8693677da5671ea0c4dc5f127d08

SHA512
a13530c7cd925601ad77406ffd57eafcbeb68b9f10328a17359685d41c1861f33243c69bf6a15b057fa20ff62b9d2bca94a9729b48d56c07bfa4427ef9baa8c4

Download Submit
/root/.mozilla/firefox/json66vy.default-release/compatibility.ini
Filesize
163B

MD5
fe452b7294d5928a9a5863b89ee0a6bd

SHA1
a5d4c245071fa96476ba48b4725bdae7f1b7940f

SHA256
d5bfb07561606a19aa96557ea109b175050dc0eb805cbef9c813503587d77900

SHA512
dc37d8507f08849e3382d2dbafd4a64555dbd57a288c95131e9aefb366630f1585811a9e1456b861bb9d2b816ed88b18ffb7580cd92b41bb9b0227ce1363843e

Download Submit
/root/.mozilla/firefox/json66vy.default-release/content-prefs.sqlite
Filesize
224KB

MD5
1fc2e7b7fe2c5be305dfa9a2bbb60771

SHA1
4967389dea050001cb1af3ec799edb7805c3abb8

SHA256
1953edcac737d1ad3de6fbf69671163882fdc0be5bd21d00378d8d8c753c757a

SHA512
fba536378ab9b5f04d92f1029b92d255c7da445a29e2527647bc16e57d02c179de1e78a2de11db1b00cc54c24d3715980c84c0cde103f47c6150f2e7bb8f93d5

Download Submit
/root/.mozilla/firefox/json66vy.default-release/cookies.sqlite
Filesize
96KB

MD5
9535f5fe817accc769c2c1d3354db39f

SHA1
6af62cf08717cf3bfa84eb1a7b311acf522ce560

SHA256
c53c15fcfac2bb57fdc88d23f932fc244dbaf4020f0f6eaecf0f77a37c21f8c5

SHA512
dc9c2c32eb42dda0a7a711e143aea58c603c1e9d885c3677e9fe86f525e1b0b32a46e240756263e56510b07e764ba69f2de13b90ec18210678242e10cfe17837

Download Submit
/root/.mozilla/firefox/json66vy.default-release/cookies.sqlite
Filesize
96KB

MD5
5caa766855d5613a999f71b7812d6451

SHA1
ad0d9a52a0d5cc7f11858301dbe47377ed99ee37

SHA256
3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27

SHA512
17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

Download Submit
/root/.mozilla/firefox/json66vy.default-release/key4.db
Filesize
288KB

MD5
0bee822778a8bcb6215e2ed8211cd3eb

SHA1
c04bb1d33825ed1ece29a586d96fb87139a47c99

SHA256
eefced6ce737b26a8ff61bdccd34c0882c58da20525b4a230a1a9ce65ea692c0

SHA512
63b8dd122e03e20886a3594f701d2f9f26c7fce1f842bdbb1e93765bc9c44dc753531227923d1b86b4560130d8ca1e7d2fdb5389f73e1e5313fabd408ff25214

Download Submit
/root/.mozilla/firefox/json66vy.default-release/permissions.sqlite
Filesize
96KB

MD5
1c7b7e23ca4b49e50a962c0949f69428

SHA1
a094b8f61c07d0ede3e27b166d6cba7a61c8d500

SHA256
0e5a164fc93b902b198b5da632d11c69985fe7308d4ceb61bcc55c686723b1e1

SHA512
e472bad7218b2d023008eeb64de571e4a955e03d97fbaf7bc262ef94c6a829499541e1d0ebcd7231e2783f253e8351b0dc2a845d14c07048816397975acfd74b

Download Submit
/root/.mozilla/firefox/json66vy.default-release/places.sqlite
Filesize
1.1MB

MD5
7a6a3b674826d1fee5d1c3979af45e1f

SHA1
96f9bc87f177d0c3f8dc53fd8631f755139d2b41

SHA256
f6eb6bebf729f15757cc2b20719ec393b7b4fb3f118d4ad1b2176dc0b85cdac9

SHA512
579cefc874ef2c5d1e08704afcd0a6715648cdd03c60d23aad9d2ced5998d32e00bee871d5d0e4698d8edf6b7808bf88b46a639d4b841acafeff63b81b02fa0f

Download Submit
/root/.mozilla/firefox/json66vy.default-release/prefs-1.js
Filesize
1KB

MD5
8e377c151fc491ffe8341d3b2e5f9740

SHA1
274e9d7f9c87032a332c0ab67ec518d3548be5ae

SHA256
42f02c9288923df2c566b689a222fc9b0370d1d67a2e73fd0509a58938907052

SHA512
97e54bf3ef1e7e756c2f5229360354afb3174478baa01c66404878bba2e714def9077939898419ea1d49a35ba984aba77a88c322c65f0bce5e80910f6fc19630

Download Submit
/root/.mozilla/firefox/json66vy.default-release/prefs-1.js
Filesize
2KB

MD5
f85edef58357187c45767f0614732423

SHA1
48817986868adba3ccb6df08e087d8a7d0ea8a60

SHA256
19d194b8591a6e13a798bf367e181af564e80d6019d868d5e5b08786fbcbae46

SHA512
cbc87008680fd43f811d98f1449f19b7182e96c880a44df6d324ca97326e6908b7780f5fa20d5dcee21e941ea3579d147ecae3261f0a775996fcc2f872eacfdb

Download Submit
/root/.mozilla/firefox/json66vy.default-release/prefs-1.js
Filesize
8KB

MD5
f7e8eee91b402a3f389db732d7dedfba

SHA1
cb02a9f4ad90d11e5835f35c28e3cccb17a99499

SHA256
39f0d85c29a29cb5e292354d6eb9a94e318abb23f305968cd083ea3e3beae2dc

SHA512
f4abacd5f0f7b7c6262ad0e700c1eef203d602f4d5d7a21490fff837d943ae651e121f1421a5f76f1e9f5b0e9a73854f5a91ffb143c1e8b42f0cab98f76e6720

Download Submit
/root/.mozilla/firefox/json66vy.default-release/prefs-1.js
Filesize
8KB

MD5
02481d76dc443885173433ea1f8d0bf7

SHA1
a17a75784efccf88034599e7261d8bd0938ccd0d

SHA256
b73fe71443c208c0e91caa2b96c7a841c2b656957c471e615dc3329f3f5f5185

SHA512
6374e15c08154fc2ed596efcfca87300f684480fe677ee64a832997b8b0529798ecef9df5d8673e1270f770b989b1b38cd3e7d94fa220c30d7fbb20ff37dde21

Download Submit
/root/.mozilla/firefox/json66vy.default-release/prefs-1.js
Filesize
8KB

MD5
acfd72e8394d2ced415d88c9d7734e24

SHA1
caf101c224fff222d5c38f4bb89012393bfb2263

SHA256
5c6b18083a2080268783831629613bab3e087f768c72112413d8b1c99ea84e4d

SHA512
37f40dd065eb116f9374c34d0e6be08041a440ddbb6bf09a19f319b0b69fc828a95f9f1da07bdf9a9a43971b861a926f8d701bc73beb0b1babc55eaf88bf9c9f

Download Submit
/root/.mozilla/firefox/json66vy.default-release/prefs-1.js
Filesize
4KB

MD5
7ebf23dfc1db031a95aa41323604c248

SHA1
7f6326a311e9a1579b15365f5c402f56cb64a304

SHA256
8ab5f7f81859893990a4da0793e9b949362400da616e92c68a1380fc281cf3f5

SHA512
9c510f8fe0770b0532206468c9c0ba552d262dadc173028bbf89f6c39e6601d77d3240aec19ad18b536daeba118911530e46b05a04a48653e25fb750a2261c8e

Download Submit
/root/.mozilla/firefox/json66vy.default-release/prefs.js
Filesize
919B

MD5
f36826d68eac842eeaf8d50c80c58754

SHA1
f8e8a251a8ce041b5f6f178124ca869d857c897e

SHA256
60b84f9a65abcc9ad3670664f461c66e7dc7dc92fc0a0b3bbc3261196a9662d4

SHA512
94cc57ac138d3902131de5000765f0243eb80e3452cbe123a63b61fe5e04c4c9dbcec1c5f192dcd574fbac2f3a93f9a8193671f7a3da51cedc9d0928a2edd8aa

Download Submit
/root/.mozilla/firefox/json66vy.default-release/storage/ls-archive.sqlite
Filesize
96KB

MD5
e0c613bfd69956a19ce2dc5e925aa223

SHA1
14accb230edcd6cb76967cdc6d4e5686db96b5df

SHA256
0d4cb11f6364c46a75f9eaddfca5c660b90dfd515df3afcd5e0baeca28a0f1ab

SHA512
01643c0131a392be92b3f281d7f633c1f502bff19090b0d716f1ac66aefecc3fcf92f393bef66b03089c9b9c6d8aaeb711b6a4f29d5a6729dd188c838f2272d1

Download Submit
/root/.mozilla/firefox/json66vy.default-release/storage/ls-archive.sqlite
Filesize
128KB

MD5
178d71e5529d637ac62f7e75fdd75896

SHA1
339f2b949cc4c207b66aea11137448ba28d36dcb

SHA256
7b0050f1bfaab85c8f9067ae7d7369056ff752c0c852ef1462a96c22169004d4

SHA512
ec0e0105fcfbbae356dd55efbcf92975f35bbe5cb93fcabf4c08443e871957635d14830b27c4e1ddefbbaff8f9b7ec3590bf417a9442e1d7ee3607d14d56f664

Download Submit
/root/.mozilla/firefox/json66vy.default-release/storage/permanent/chrome/.metadata-v2-tmp
Filesize
42B

MD5
a03cb61cfe941c7f2cc4503b93256bed

SHA1
639ef0365969d0cb289f2258a26b3775385c576e

SHA256
e7e2fea61225fc7411c3f9889f6bf2294c8c43acab6ef829a2e08c4816e9d87e

SHA512
c051706016a1231cf2a125fbd10cc122a4611d23dcd814e99662e9198f6dc43ee505b28a4dde057edd4b631387c183af3c4a224441ccb8470aff94d90546509b

Download Submit
/root/.mozilla/firefox/json66vy.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite
Filesize
16KB

MD5
bc0d15099e3044a570d54c4ebaf84c34

SHA1
23e1eaaf6f1f3d3e0db627cc0b6e0a46426d3dee

SHA256
5f3e106271b691dbcfbe5b11d99bc3cda2dd468af633c06d1e78485b82ca7107

SHA512
3a913121007bce4a6f51bfda4ca3bb6984293f00e991e618675461e72cc04d53c06a8076abfa7aa6cad2903ca80051b74b4c97b0e727b7360f4aba1933a2c755

Download Submit
/root/.mozilla/firefox/json66vy.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite
Filesize
44KB

MD5
759544297aaa61f5fef8ee42d0ae4393

SHA1
fc2d66f6e60409e3e8d38623ce5f817fc7f571e0

SHA256
1bd2000cd972e80cefaec6e982ba261d224a818f367de0fdf8c51fa5a05d7ab5

SHA512
8aaa2ce66f10d46f7c9200af841ac7bd9f5b55c30308a14f0deda44ac62581c45daae45154487c0073a0d5847d5926cbb4072ca64a702ac6b834ad0bb482804f

Download Submit
/root/.mozilla/firefox/json66vy.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite
Filesize
12KB

MD5
627ef183eddb27dc22bc07929c2faa08

SHA1
e5f337eb01d8d263e3eb15c109d3f7a590eb5646

SHA256
b2d5c90e47dd5ad73f486238176e08d58f9be556a678344ff980eb19379b3647

SHA512
954dc569cf86056f9ad8e7320431ce9f14ad7a52473cf3c918db8d9a78fafb042026e49d97b135b835ac61be66694d051e9527f6717403d716ff5266b65ad27a

Download Submit
/root/.mozilla/firefox/json66vy.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.files/1
Filesize
809KB

MD5
0c40063de91b8b8297f5398d04d72b22

SHA1
8355767bb03a3d894f5fd142f767518603adb3c7

SHA256
3cd2ee400a959dc53fd60776cbbe220aa752903b658b262788d2be974f341fc8

SHA512
34eef7708b456e637706e6e79a5911efbf1b747fe524dceace14f586ee09907ca2b893afdd0855495014789ecb7805b252b22201be91205e33227ea24aadc2ce

Download Submit
/root/.mozilla/firefox/json66vy.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
Filesize
44KB

MD5
07a412e08825220262ad2890757ff779

SHA1
f46c127dbc070ded87a6078b3c1c761955f96de8

SHA256
da640f8b665841b520d2262a21cc3f82aeaa881cf81a1ddae27ef501d66544e4

SHA512
0134c783bf3293848e479b478ac57a1e0f4202cddfb8b57bc6275aada7345f398cf8a627e9b1c34fd618192c2f0c9737b1da487daf33f9c557ebc1377105582b

Download Submit
/root/.mozilla/firefox/json66vy.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
Filesize
12KB

MD5
29f6f476b184c0b8558ff160dccae9bb

SHA1
0ebbabe261da8d4983263f093742c21e2939b053

SHA256
f33ee8a28a6ff9e9939eb0d830ff265d0e016a9b1808b33ffa9bafd99071c561

SHA512
acd4c5e5734413b17f091d1edd33d1ac43f67fd44d9da91f7d36ef7047a60beead875c3965530a0d6d4609b134599a3a80d73ceb99c65c68b4391aaa06ff42e1

Download Submit
/root/.mozilla/firefox/json66vy.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
Filesize
164KB

MD5
686ac9f56ff4437e0a8d9aff25341d5b

SHA1
5604b78c8336c381bcd9d325f8889c62d733918b

SHA256
fed99de70b6fed53e0cd5c8219176dc5067f771ee876523428570f448ac77446

SHA512
54b8b0d5b2fef61b1e1b3b7ba621e57034df935a2853a978b05e3a9244cb9208f979900be8ae27c3222c90fcbbc374f8bb8fe2cc65884e9001b2026c72318f82

Download Submit
/root/.mozilla/firefox/json66vy.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
Filesize
148KB

MD5
dd3f6ba37c670af5953593535e435d04

SHA1
ecfe4e650a050bce77e8ff7468de04c1b8acc9a4

SHA256
5cc6fa137a1f3a7d0b615b178877f12c460b22f95702eb7534d5732ee6599561

SHA512
86e0482543faae6fb279ca71e1e6d6461d32317e74baebb3973e0fde9800107faeb9c2347be6cf8a47556ae43c8e6c224a595e952f621e40ad2c5eba920df2b3

Download Submit
/root/.mozilla/firefox/json66vy.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
Filesize
260KB

MD5
79e805ba7ae8b8c943945720c43701fb

SHA1
9ef184efc81fd55c0a7dd0fe592a7c11cf59421a

SHA256
e0b626fa2690283b6ee531551f46167c8ae301dac58effab3d5f4540dcb99180

SHA512
07397ba4d1c29245b86747425a8dee1fcbde47e2efc545e315b3b8cec910976f72e3c663c6a0881de0fcd9814361a9697fabfcebed2981b45c0108bb4cd2fa75

Download Submit
/root/.mozilla/firefox/json66vy.default-release/times.json
Filesize
50B

MD5
44de79c689c71fc475c9ace9ee72a5d7

SHA1
423b7fdf42a947d806c8a96fd9544e979112930c

SHA256
04fec15760045ba07cd5363d8c9624ae75beab4bcb8e8b460a156de8c1fa3e43

SHA512
2110a1cb519772dfcfdc2703f42c516a7006b8871cb0bf67dcae05a672cfec23d5538818a162cae7d31707fdee382a5a09d8705269a049a00a013798702b4009

Download Submit
/root/.mozilla/firefox/json66vy.default-release/times.json
Filesize
47B

MD5
34dde087a6166fa8493d6171fb564806

SHA1
dc4deafc75a251be33999d04cc6d6688d308efc8

SHA256
e1564c961e356b8b443d65e39988f1714b4a86c50e1cf2dccff4abe13569a7df

SHA512
bef6eae0d19c82bc85cbdddae5c4bdb659088d18a7d699c1e9193087b243f4379aade014dfc8ae0620ec29bec81fd090c0d309134d172316cbaf6925e2465218

Download Submit
/root/.mozilla/firefox/json66vy.default-release/webappsstore.sqlite
Filesize
96KB

MD5
41c22c9f81a84b1b0e5ee7ec2ff7c545

SHA1
d12424cba9e4e9124bf3f15e556c562b95c9b6a3

SHA256
4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f

SHA512
8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

Download Submit
/root/.mozilla/firefox/profiles.ini
Filesize
259B

MD5
9038ad15a2d8d3c313e9faced72f1d2b

SHA1
e24738ea34bcb57eb9f6a055d0af1d692184e304

SHA256
57b21cdebebd7ce73d6336b17f953cb9b23c6a98c982bf0b306aa88804514d16

SHA512
a5c38bb30c828b956b71bb2399dab0d2ac323f445233a8b264bf08521bb26f0016b83747419d3ddb3ea5ffd1213850187779714c85a429f15b42de0f62579110

Download Submit
/tmp/tmpaddon
Filesize
499KB

MD5
152eda253e242e18443ef3282495bc7c

SHA1
ff0fa85565f21ec4931baad4573b4c0bd08c4019

SHA256
8e03090fee16f6e0ee2e436af8e51d0c3deed6d9f0db80dec048e668fc009a48

SHA512
94531e267314de661b2205c606283fb066d781e5c11027578f2a3c3aa353437c2289544074a28101b6b6f0179f0fe6bd890a0ae2bb6e1cf9053650472576366c

Download Submit