hxxp://ciscobinary[.]openh264[.]org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521[.]zip

Resubmissions

18-04-2024 03:22

240418-dxaq4sah7s 7

18-04-2024 03:19

240418-dvhzpsah2w 7

18-04-2024 03:16

240418-dsz57she63 7

Analysis

max time kernel
44s
max time network
130s
platform
ubuntu-20.04_amd64
resource
ubuntu2004-amd64-20240221-en
resource tags

arch:amd64arch:i386image:ubuntu2004-amd64-20240221-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system
submitted
18-04-2024 03:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip

Score

7^/10

spyware stealer

Malware Config

Signatures

Changes its process name 64 IoCs

Processes:

firefox

description	ioc	pid
Changes the process name, possibly in an attempt to hide itself	gmain	1720
Changes the process name, possibly in an attempt to hide itself	gdbus	1724
Changes the process name, possibly in an attempt to hide itself	glean.dispatche	1728
Changes the process name, possibly in an attempt to hide itself	IPC I/O Parent	1730
Changes the process name, possibly in an attempt to hide itself	IPC I/O Parent	1730
Changes the process name, possibly in an attempt to hide itself	IPC I/O Parent	1730
Changes the process name, possibly in an attempt to hide itself	Timer	1908
Changes the process name, possibly in an attempt to hide itself	Timer	1908
Changes the process name, possibly in an attempt to hide itself	Socket Thread	1910
Changes the process name, possibly in an attempt to hide itself	Netlink Monitor	1909
Changes the process name, possibly in an attempt to hide itself	Socket Thread	1910
Changes the process name, possibly in an attempt to hide itself	Backgro~Pool #1	1912
Changes the process name, possibly in an attempt to hide itself	IPDL Background	1911
Changes the process name, possibly in an attempt to hide itself	Netlink Monitor	1909
Changes the process name, possibly in an attempt to hide itself	Backgro~Pool #1	1912
Changes the process name, possibly in an attempt to hide itself	IPDL Background	1911
Changes the process name, possibly in an attempt to hide itself	HTML5 Parser	1916
Changes the process name, possibly in an attempt to hide itself	HTML5 Parser	1916
Changes the process name, possibly in an attempt to hide itself	pool-firefox	1918
Changes the process name, possibly in an attempt to hide itself	pool-firefox	1917
Changes the process name, possibly in an attempt to hide itself	JS Watchdog	1923
Changes the process name, possibly in an attempt to hide itself	JS Watchdog	1923
Changes the process name, possibly in an attempt to hide itself	BGReadURLs	2018
Changes the process name, possibly in an attempt to hide itself	BGReadURLs	2018
Changes the process name, possibly in an attempt to hide itself	Cache2 I/O	2022
Changes the process name, possibly in an attempt to hide itself	Cookie	2023
Changes the process name, possibly in an attempt to hide itself	Cookie	2023
Changes the process name, possibly in an attempt to hide itself	glxtest:disk$0	2024
Changes the process name, possibly in an attempt to hide itself	StreamTrans #1	2025
Changes the process name, possibly in an attempt to hide itself	StreamTrans #1	2025
Changes the process name, possibly in an attempt to hide itself	TaskCon~ller #1	2027
Changes the process name, possibly in an attempt to hide itself	TaskCon~ller #0	2026
Changes the process name, possibly in an attempt to hide itself	BgIOThr~Pool #1	2028
Changes the process name, possibly in an attempt to hide itself	BgIOThr~Pool #1	2028
Changes the process name, possibly in an attempt to hide itself	StreamTrans #2	2031
Changes the process name, possibly in an attempt to hide itself	StreamTrans #2	2031
Changes the process name, possibly in an attempt to hide itself	QuotaManager IO	2032
Changes the process name, possibly in an attempt to hide itself	QuotaManager IO	2032
Changes the process name, possibly in an attempt to hide itself	IndexedDB #1	2033
Changes the process name, possibly in an attempt to hide itself	IndexedDB #1	2033
Changes the process name, possibly in an attempt to hide itself	SandboxReporter	2035
Changes the process name, possibly in an attempt to hide itself	SandboxReporter	2035
Changes the process name, possibly in an attempt to hide itself	IPC Launch	2036
Changes the process name, possibly in an attempt to hide itself	IPC Launch	2036
Changes the process name, possibly in an attempt to hide itself	Breakpad Server	2034
Changes the process name, possibly in an attempt to hide itself	Sandbox Forked	2037
Changes the process name, possibly in an attempt to hide itself	DOM Worker	2038
Changes the process name, possibly in an attempt to hide itself	DOM Worker	2038
Changes the process name, possibly in an attempt to hide itself	Chroot Helper	2039
Changes the process name, possibly in an attempt to hide itself	MainThread	2037	firefox
Changes the process name, possibly in an attempt to hide itself	IPC I/O Child	2041
Changes the process name, possibly in an attempt to hide itself	IPC I/O Child	2041
Changes the process name, possibly in an attempt to hide itself	IPC I/O Child	2041
Changes the process name, possibly in an attempt to hide itself	FSBroker2037	2042
Changes the process name, possibly in an attempt to hide itself	FSBroker2037	2042
Changes the process name, possibly in an attempt to hide itself	Socket Process	2037	firefox
Changes the process name, possibly in an attempt to hide itself	Backgro~Pool #1	2043
Changes the process name, possibly in an attempt to hide itself	Backgro~Pool #1	2043
Changes the process name, possibly in an attempt to hide itself	Socket Thread	2044
Changes the process name, possibly in an attempt to hide itself	Socket Thread	2044
Changes the process name, possibly in an attempt to hide itself	ProfilerChild	2045
Changes the process name, possibly in an attempt to hide itself	ProfilerChild	2045
Changes the process name, possibly in an attempt to hide itself	Timer	2046
Changes the process name, possibly in an attempt to hide itself	Timer	2046

Reads user data of web browsers 64 IoCs

Reads stored browser data which can include saved credentials.

spyware stealer

Processes:

firefox

description	ioc
File opened for reading	/root/.mozilla/firefox/akc8f0h7.default-release/logins.json
File opened for reading	/root/.mozilla/firefox/akc8f0h7.default-release/permissions.sqlite
File opened for reading	/root/.mozilla/firefox/akc8f0h7.default-release/pkcs11.txt	firefox
File opened for reading	/root/.mozilla/firefox/akc8f0h7.default-release/sessionstore-backups/recovery.baklz4
File opened for reading	/root/.mozilla/firefox/akc8f0h7.default-release/content-prefs.sqlite-journal
File opened for reading	/root/.mozilla/firefox/akc8f0h7.default-release/places.sqlite-journal	firefox
File opened for reading	/root/.mozilla/firefox/akc8f0h7.default-release/favicons.sqlite	firefox
File opened for reading	/root/.mozilla/firefox/akc8f0h7.default-release/storage.sqlite-journal
File opened for reading	/root/.mozilla/firefox/akc8f0h7.default-release/sessionstore-backups/recovery.js
File opened for reading	/root/.mozilla/firefox/akc8f0h7.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite
File opened for reading	/root/.mozilla/firefox/akc8f0h7.default-release/places.sqlite-wal	firefox
File opened for reading	/root/.mozilla/firefox/akc8f0h7.default-release/extension-preferences.json
File opened for reading	/root/.mozilla/firefox/akc8f0h7.default-release/cert9.db-journal
File opened for reading	/root/.mozilla/firefox/akc8f0h7.default-release/xulstore.json	firefox
File opened for reading	/root/.mozilla/firefox/akc8f0h7.default-release/favicons.sqlite-wal	firefox
File opened for reading	/root/.mozilla/firefox/akc8f0h7.default-release/sessionstore-backups/previous.jsonlz4
File opened for reading	/root/.mozilla/firefox/akc8f0h7.default-release/sessionstore.jsonlz4
File opened for reading	/root/.mozilla/firefox/akc8f0h7.default-release/handlers.json	firefox
File opened for reading	/root/.mozilla/firefox/akc8f0h7.default-release/cert9.db	firefox
File opened for reading	/root/.mozilla/firefox/akc8f0h7.default-release/cert9.db-journal	firefox
File opened for reading	/root/.mozilla/firefox/akc8f0h7.default-release/storage/permanent/chrome/idb
File opened for reading	/root/.mozilla/firefox/akc8f0h7.default-release/times.json
File opened for reading	/root/.mozilla/firefox/akc8f0h7.default-release/key4.db	firefox
File opened for reading	/root/.mozilla/firefox/akc8f0h7.default-release/compatibility.ini	firefox
File opened for reading	/root/.mozilla/firefox/akc8f0h7.default-release/prefs.js	firefox
File opened for reading	/root/.mozilla/firefox/akc8f0h7.default-release/storage
File opened for reading	/root/.mozilla/firefox/akc8f0h7.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite-journal
File opened for reading	/root/.mozilla/firefox/akc8f0h7.default-release/extensions.json
File opened for reading	/root/.mozilla/firefox/akc8f0h7.default-release/shield-preference-experiments.json
File opened for reading	/root/.mozilla/firefox/akc8f0h7.default-release/extensions	firefox
File opened for reading	/root/.mozilla/firefox/akc8f0h7.default-release/storage/ls-archive.sqlite
File opened for reading	/root/.mozilla/firefox/akc8f0h7.default-release/storage.sqlite
File opened for reading	/root/.mozilla/firefox/akc8f0h7.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
File opened for reading	/root/.mozilla/firefox/akc8f0h7.default-release/addons.json
File opened for reading	/root/.mozilla/firefox/akc8f0h7.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite-journal
File opened for reading	/root/.mozilla/firefox/akc8f0h7.default-release/sessionCheckpoints.json
File opened for reading	/root/.mozilla/firefox/akc8f0h7.default-release/cert9.db
File opened for reading	/root/.mozilla/firefox/akc8f0h7.default-release/cookies.sqlite
File opened for reading	/root/.mozilla/firefox/akc8f0h7.default-release
File opened for reading	/root/.mozilla/firefox/akc8f0h7.default-release/storage/permanent/chrome
File opened for reading	/root/.mozilla/firefox/akc8f0h7.default-release/sessionstore-backups/previous.js
File opened for reading	/root/.mozilla/firefox/akc8f0h7.default-release/sessionstore-backups/recovery.bak
File opened for reading	/root/.mozilla/firefox/akc8f0h7.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite-journal
File opened for reading	/root/.mozilla/firefox/akc8f0h7.default-release/key4.db-journal	firefox
File opened for reading	/root/.mozilla/firefox/akc8f0h7.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-journal
File opened for reading	/root/.mozilla/firefox/akc8f0h7.default-release/key4.db
File opened for reading	/root/.mozilla/firefox/akc8f0h7.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite-wal
File opened for reading	/root/.mozilla/firefox/akc8f0h7.default-release/addonStartup.json.lz4	firefox
File opened for reading	/root/.mozilla/firefox/akc8f0h7.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite-wal
File opened for reading	/root/.mozilla/firefox/akc8f0h7.default-release/permissions.sqlite-journal
File opened for reading	/root/.mozilla/firefox/akc8f0h7.default-release	firefox
File opened for reading	/root/.mozilla/firefox/akc8f0h7.default-release/places.sqlite	firefox
File opened for reading	/root/.mozilla/firefox/akc8f0h7.default-release/favicons.sqlite-journal	firefox
File opened for reading	/root/.mozilla/firefox/akc8f0h7.default-release/cert_override.txt	firefox
File opened for reading	/root/.mozilla/firefox/akc8f0h7.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite
File opened for reading	/root/.mozilla/firefox/akc8f0h7.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-wal
File opened for reading	/root/.mozilla/firefox/akc8f0h7.default-release/content-prefs.sqlite
File opened for reading	/root/.mozilla/firefox/akc8f0h7.default-release/cookies.sqlite-journal
File opened for reading	/root/.mozilla/firefox/akc8f0h7.default-release/cookies.sqlite	firefox
File opened for reading	/root/.mozilla/firefox/akc8f0h7.default-release/cookies.sqlite-journal	firefox
File opened for reading	/root/.mozilla/firefox/akc8f0h7.default-release/storage/ls-archive.sqlite-journal
File opened for reading	/root/.mozilla/firefox/akc8f0h7.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite-wal
File opened for reading	/root/.mozilla/firefox/akc8f0h7.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite
File opened for reading	/root/.mozilla/firefox/akc8f0h7.default-release/user.js	firefox

Reads CPU attributes 1 TTPs 4 IoCs

System Information Discovery

T1082

Processes:

firefoxfirefoxfirefox

description	ioc	process
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/present

Enumerates kernel/hardware configuration 1 TTPs 59 IoCs

Reads contents of /sys virtual filesystem to enumerate system information.

System Information Discovery

T1082

Processes:

glxtestdbus-daemonfirefoxfirefoxfirefox

description	ioc	process
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/vendor	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/irq	glxtest
File opened for reading	/sys/bus/pci/devices	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/device	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/class	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/class	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/resource	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/resource	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/resource	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/device	glxtest
File opened for reading	/sys/kernel/security/apparmor/features/dbus/mask	dbus-daemon
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/irq	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/class	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/vendor	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/resource	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/device	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/resource	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/resource	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/device	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/device	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/resource	glxtest
File opened for reading	/sys/devices/system/cpu	glxtest
File opened for reading	/sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us	firefox
File opened for reading	/sys/devices/system/cpu
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/class	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/device	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/irq	glxtest
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/uevent	glxtest
File opened for reading	/sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/class	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/resource	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/irq	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/vendor	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/vendor	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/class	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/irq	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/vendor	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/device	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/vendor	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/vendor	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/resource	glxtest
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/subsystem_device	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/irq	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/class	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/irq	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/vendor	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/class	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/class	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/vendor	glxtest
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/vendor	glxtest
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/subsystem_vendor	glxtest
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/irq	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/device	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/device	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/irq	glxtest
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/device	glxtest

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

Processes:

xdg-document-portalsedfirefoxfirefoxxdg-permission-storedconf-servicedbus-daemongvfsd-trashfirefoxnautilussedsedxdg-desktop-portal-gtksedgvfsd-fusexdg-desktop-portalgvfsdglxtestsed

description	ioc	process
File opened for reading	/proc/filesystems	xdg-document-portal
File opened for reading	/proc/2064/cmdline
File opened for reading	/proc/sys/kernel/cap_last_cap
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/self/fd/38	firefox
File opened for reading	/proc/2059/cmdline
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/filesystems	xdg-permission-store
File opened for reading	/proc/cmdline	dconf-service
File opened for reading	/proc/mounts	dbus-daemon
File opened for reading	/proc/self/mountinfo
File opened for reading	/proc/self/fd/35	firefox
File opened for reading	/proc/self/mountinfo	firefox
File opened for reading	/proc/self/mountinfo	gvfsd-trash
File opened for reading	/proc/self/mountinfo	firefox
File opened for reading	/proc/self/fd/48	firefox
File opened for reading	/proc/2090/cmdline
File opened for reading	/proc/filesystems	nautilus
File opened for reading	/proc/self/task/2228/stat
File opened for reading	/proc/filesystems	dbus-daemon
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/self/fd/46	firefox
File opened for reading	/proc/self/fd/47	firefox
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/1588/cmdline
File opened for reading	/proc/self/fd/43	firefox
File opened for reading	/proc/self/cgroup	firefox
File opened for reading	/proc/self/fd/36	firefox
File opened for reading	/proc/self/task/2040/stat
File opened for reading	/proc/2068/cmdline
File opened for reading	/proc/filesystems	xdg-desktop-portal-gtk
File opened for reading	/proc/2085/cmdline
File opened for reading	/proc/self/fd/52	firefox
File opened for reading	/proc/2111/cmdline
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/1489/attr/current
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/filesystems	gvfsd-fuse
File opened for reading	/proc/self/fd/32	firefox
File opened for reading	/proc/2077/cmdline
File opened for reading	/proc/2108/cmdline
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/self/fd/49	firefox
File opened for reading	/proc/self/fd/50	firefox
File opened for reading	/proc/filesystems	xdg-desktop-portal
File opened for reading	/proc/filesystems	gvfsd
File opened for reading	/proc/self/stat
File opened for reading	/proc/filesystems	glxtest
File opened for reading	/proc/self/fd/30	firefox
File opened for reading	/proc/self/fd/42	firefox
File opened for reading	/proc/self/fd/75	firefox
File opened for reading	/proc/self/fd/44	firefox
File opened for reading	/proc/self/fd
File opened for reading	/proc/1475/cmdline
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/self/fd/51	firefox
File opened for reading	/proc/self/fd/37	firefox
File opened for reading	/proc/filesystems	dconf-service
File opened for reading	/proc/2103/cmdline
File opened for reading	/proc/1489/status
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/self/fd/10	firefox
File opened for reading	/proc/filesystems	gvfsd-trash

Writes file to tmp directory 2 IoCs
Malware often drops required files in the /tmp directory.

Processes:

firefox

description ioc process

File opened for modification /tmp/firefox/.parentlock firefox
File opened for modification /tmp/ZtQYCgbY.zip firefox

description	ioc	process
File opened for modification	/tmp/firefox/.parentlock	firefox
File opened for modification	/tmp/ZtQYCgbY.zip	firefox

/usr/bin/xdg-open
xdg-open http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
1⤵
PID:1474

/usr/bin/dbus-send
dbus-send --print-reply "--dest=org.freedesktop.DBus" /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager
2⤵
PID:1475

/usr/bin/dbus-launch
dbus-launch --autolaunch 4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr
3⤵
PID:1479

/usr/bin/grep
grep " = \\\"xfce4\\\"\$"
2⤵
PID:1491

/usr/bin/xprop
xprop -root _DT_SAVE_MODE
2⤵
PID:1490

/usr/bin/grep
grep -i "^xfce_desktop_window"
2⤵
PID:1494

/usr/bin/xprop
xprop -root
2⤵
PID:1493

/usr/bin/grep
grep -q "^Enlightenment"
2⤵
PID:1496

/usr/bin/uname
uname
2⤵
PID:1497

/usr/bin/grep
grep -q "^file://"
2⤵
PID:1499

/usr/bin/egrep
egrep -q "^[[:alpha:]+\\.\\-]+:"
2⤵
PID:1501

/usr/local/sbin/grep
grep -E -q "^[[:alpha:]+\\.\\-]+:"
2⤵
PID:1501

/usr/local/bin/grep
grep -E -q "^[[:alpha:]+\\.\\-]+:"
2⤵
PID:1501

/usr/sbin/grep
grep -E -q "^[[:alpha:]+\\.\\-]+:"
2⤵
PID:1501

/usr/bin/grep
grep -E -q "^[[:alpha:]+\\.\\-]+:"
2⤵
PID:1501

/usr/bin/xdg-mime
xdg-mime query default x-scheme-handler/http
2⤵
PID:1505

/usr/bin/dbus-send
dbus-send --print-reply "--dest=org.freedesktop.DBus" /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager
3⤵
PID:1506

/usr/bin/dbus-launch
dbus-launch --autolaunch 4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr
4⤵
PID:1507

/usr/bin/grep
grep " = \\\"xfce4\\\"\$"
3⤵
PID:1509

/usr/bin/xprop
xprop -root _DT_SAVE_MODE
3⤵
PID:1508

/usr/bin/grep
grep -i "^xfce_desktop_window"
3⤵
PID:1511

/usr/bin/xprop
xprop -root
3⤵
PID:1510

/usr/bin/grep
grep -q "^Enlightenment"
3⤵
PID:1513

/usr/bin/uname
uname
3⤵
PID:1514

/usr/bin/which
which firefox
2⤵
PID:1557

/usr/bin/firefox
/usr/bin/firefox http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
2⤵
PID:1588

/usr/bin/which
which /usr/bin/firefox
3⤵
PID:1589

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
2⤵
- Reads user data of web browsers
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
- Writes file to tmp directory
PID:1588

/usr/local/sbin/dbus-launch
dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
3⤵
PID:1721

/usr/local/bin/dbus-launch
dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
3⤵
PID:1721

/usr/sbin/dbus-launch
dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
3⤵
PID:1721

/usr/bin/dbus-launch
dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
3⤵
PID:1721

/usr/lib/firefox/glxtest
/usr/lib/firefox/glxtest -f 13
3⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1729

/usr/local/sbin/dbus-launch
dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
3⤵
PID:2048

/usr/local/bin/dbus-launch
dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
3⤵
PID:2048

/usr/sbin/dbus-launch
dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
3⤵
PID:2048

/usr/bin/dbus-launch
dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
3⤵
PID:2048

/usr/bin/dbus-daemon
/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session
1⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1484

/usr/bin/sed
sed -n "s/\$^[[:alnum:]+\\.-]*\$:.*\$/\\1/p"
1⤵
- Reads runtime system information
PID:1504

/usr/bin/sed
sed "s/:/ /g"
1⤵
- Reads runtime system information
PID:1517

/usr/bin/head
head -n 1
1⤵
PID:1520

/usr/bin/cut
cut -d ";" -f 1
1⤵
PID:1522

/usr/bin/cut
cut -d "=" -f 2
1⤵
PID:1521

/usr/bin/grep
grep "x-scheme-handler/http=" /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache
1⤵
PID:1519

/usr/bin/head
head -n 1
1⤵
PID:1525

/usr/bin/cut
cut -d ";" -f 1
1⤵
PID:1527

/usr/bin/cut
cut -d "=" -f 2
1⤵
PID:1526

/usr/bin/grep
grep "x-scheme-handler/http=" /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache
1⤵
PID:1524

/usr/bin/cut
cut -d "=" -f 2
1⤵
PID:1531

/usr/bin/cut
cut -d ";" -f 1
1⤵
PID:1532

/usr/bin/grep
grep "x-scheme-handler/http=" /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache
1⤵
PID:1529

/usr/bin/head
head -n 1
1⤵
PID:1530

/usr/bin/head
head -n 1
1⤵
PID:1535

/usr/bin/cut
cut -d ";" -f 1
1⤵
PID:1537

/usr/bin/cut
cut -d "=" -f 2
1⤵
PID:1536

/usr/bin/grep
grep "x-scheme-handler/http=" /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache
1⤵
PID:1534

/usr/bin/cut
cut -d ";" -f 1
1⤵
PID:1542

/usr/bin/head
head -n 1
1⤵
PID:1540

/usr/bin/cut
cut -d "=" -f 2
1⤵
PID:1541

/usr/bin/grep
grep "x-scheme-handler/http=" /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache
1⤵
PID:1539

/usr/bin/sed
sed "s/:/ /g"
1⤵
- Reads runtime system information
PID:1545

/usr/bin/sed
sed -e "s|-|/|"
1⤵
- Reads runtime system information
PID:1548

/usr/bin/sed
sed -e "s|-|/|"
1⤵
- Reads runtime system information
PID:1551

/usr/bin/cut
cut "-d=" -f 2-
1⤵
PID:1556

/usr/bin/cut
cut "-d=" -f 2-
1⤵
PID:1560

/usr/bin/cut
cut "-d=" -f 2-
1⤵
PID:1563

/usr/bin/cut
cut "-d=" -f 2-
1⤵
PID:1581

/usr/bin/lsb_release
/usr/bin/lsb_release -idrc
1⤵
PID:1925

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -parentBuildID 20240108143603 -prefsLen 20252 -prefMapSize 231436 -appDir /usr/lib/firefox/browser "{3736ebbd-6de1-461d-9599-73511c3471ae}" 1588 true socket
1⤵
- Changes its process name
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:2037

/usr/libexec/xdg-desktop-portal
/usr/libexec/xdg-desktop-portal
1⤵
- Reads runtime system information
PID:2059

/usr/libexec/xdg-document-portal
/usr/libexec/xdg-document-portal
1⤵
- Reads runtime system information
PID:2064

/usr/libexec/xdg-permission-store
/usr/libexec/xdg-permission-store
1⤵
- Reads runtime system information
PID:2068

/usr/libexec/xdg-desktop-portal-gtk
/usr/libexec/xdg-desktop-portal-gtk
1⤵
- Reads runtime system information
PID:2077

/usr/libexec/gvfsd
/usr/libexec/gvfsd
1⤵
- Reads runtime system information
PID:2085

/usr/libexec/gvfsd-trash
/usr/libexec/gvfsd-trash --spawner :1.8 /org/gtk/gvfs/exec_spaw/0
2⤵
- Reads runtime system information
PID:2111

/usr/libexec/gvfsd-fuse
/usr/libexec/gvfsd-fuse /root/.cache/gvfs -f -o big_writes
1⤵
- Reads runtime system information
PID:2090

/usr/libexec/dconf-service
/usr/libexec/dconf-service
1⤵
- Reads runtime system information
PID:2103

/usr/bin/nautilus
/usr/bin/nautilus --gapplication-service
1⤵
- Reads runtime system information
PID:2108

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -childID 4 -isForBrowser -prefsLen 28854 -prefMapSize 231436 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{3dd1e0e9-6c45-49a2-820f-8279f618f344}" 1588 true tab
1⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:2209

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

/root/.cache/dconf/user
Filesize
2B

MD5
c4103f122d27677c9db144cae1394a66

SHA1
1489f923c4dca729178b3e3233458550d8dddf29

SHA256
96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7

SHA512
5ea71dc6d0b4f57bf39aadd07c208c35f06cd2bac5fde210397f70de11d439c62ec1cdf3183758865fd387fcea0bada2f6c37a4a17851dd1d78fefe6f204ee54

Download Submit
/root/.cache/mozilla/firefox/akc8f0h7.default-release/cache2/entries/037778A55E1B7E9BED3390289866D09402D6C913
Filesize
9KB

MD5
ebb08b02a53679b082a19f09c51a425f

SHA1
c53653bcbdc400c5f0fb0ff99d1e1b88079a7e15

SHA256
423f783f5ceef7569bf2a76b2fcafbd62992668db1dfcbfa6cda54e450e72c6c

SHA512
6217d28b9e28eac16f08a3432ee4a33f7bd46bf9139326aa263ad2aac26595ce362348237706823851f800519ea6ed89ae6eda37a4ce4750bd9b793ef0f16243

Download Submit
/root/.cache/mozilla/firefox/akc8f0h7.default-release/cache2/entries/037778A55E1B7E9BED3390289866D09402D6C913
Filesize
9KB

MD5
a4c0d7dd39ee22d962568d9ee27be75a

SHA1
8fa86def47ed611ba5d495f3fd48e71c05838f62

SHA256
65124c60cbaabd55f65aa6aac62ac3c2099a750967a3a9db223982f871dc993b

SHA512
dbd2fc478b52a7af8950505b4138ac7cdd2e2a8ef5f236a41a9e2055474bde11dc276c65ef2e155fa587a57f3942d48859768dbff69a6cb49c8cd9bcfaf9f0a7

Download Submit
/root/.cache/mozilla/firefox/akc8f0h7.default-release/cache2/entries/039090029E64BC91E87E77199A6A6BE11FC39B6F
Filesize
142B

MD5
78a03af504ad1545866e85a03d19d50d

SHA1
c0204cc782feeefc5f1444dca7e87595b23b3efe

SHA256
61e63d3382ac5603f1b5a672983d8381e1490545db93d1f1e232dd99e22d5f88

SHA512
48777e76c94d9c895792fa17d2ca67e638351ac1bc46c510728a5476288eae581663ed3431370b46947c6781baba9594ee3a0d8c7a019ba26aee7e08ef1baa30

Download Submit
/root/.cache/mozilla/firefox/akc8f0h7.default-release/cache2/entries/0EC4CDE0C33626CA7FA76264533E1686E66A2198
Filesize
22KB

MD5
1c4f748cf70fe18dca5c8862a12cc63b

SHA1
d60f5f90987748943f16c110d5dc6190a5af11a9

SHA256
489fdf668a52eb126411ce83ab9148f6aa69477401a696ceb8d2d097b046e11b

SHA512
5fcb75983d34ded7f44f3a3cc14beca0585dd50cecd11d0129e6d34117741b597d2b7dd7710a35278db7cb853e777c093c524a0da7a5be600d734eed145a65ab

Download Submit
/root/.cache/mozilla/firefox/akc8f0h7.default-release/cache2/entries/0EDDF8C091E2FED62E44BEDDDC1723F5BF38FE4F
Filesize
102B

MD5
500e6aaf94223d5ffc1b22bffdd839e7

SHA1
c779e78d1b805df2b47f8ad392865fafa4ca0733

SHA256
c3ad69be59d93a49802adf9c614c3fbf4679faeaa915fb4aa7bfaaa37bdd4211

SHA512
32eac04a9443f5650c178ea54578969ad4519b3e76af46def5845b21e44ad388dc1b3d5f3189e3c3ac9289b0bafb070ab7b20de8f5fdf0369c0c46aa0624fbf0

Download Submit
/root/.cache/mozilla/firefox/akc8f0h7.default-release/cache2/entries/109D080055C1548CE320A422FD98DA1D5E1A5BC8
Filesize
9KB

MD5
8f509e5f58b7fc3fd6a25c37e55116b5

SHA1
510013801ed9b0088451cf4212d6827f3839113e

SHA256
2139f0e163b305a80908af8acb6d7e4f38759eee531c7bae478fef7c58a550ec

SHA512
003da1f68221300be8da348e5ec2f953f0f2de5c0421cb5a26d37de6ee031890876555c667580067ae5bf7d38bcd28f42e3475f05a872ef6fe081052086654db

Download Submit
/root/.cache/mozilla/firefox/akc8f0h7.default-release/cache2/entries/11D4B015E14B1F9AB0E5EEFBBDCD2CD392027BB6
Filesize
18KB

MD5
5207b5c74d1c18746c5aca8339fcace0

SHA1
f5ccedcb5731a8410a3293e5d9d105b1aa75b6c1

SHA256
fa47135e5b0194e9dc5a014cc75b00b27afcc4d81f4ab964a355305e74f75437

SHA512
adee7da5f503019257638ac708b81174ab704aa2f8176ad41e1d106311e0f580376cfb4c3b6148f34cc5d59c1b5223ac82c30333dcd6fdcdda3224bd7ad5ed55

Download Submit
/root/.cache/mozilla/firefox/akc8f0h7.default-release/cache2/entries/22F59957B7E08CD6CCFED6AF2A1DF26FE157DF40
Filesize
102KB

MD5
35ec33b7eff4a7e9e7e2e627d5f6532c

SHA1
e667ac1ea4314f2f73abee97eec37489a21ecea3

SHA256
31d15e4e8182847b3f1216bd85552ba8644c0379c7041f06dfde60a8afef8f08

SHA512
20e6355a243ec2a45a6b0a57d5a56a9ead39f8b8bbc915cfbea676de964d03ecd5dcdd55cbdd0f58b7a46373d3d3eab47b6137b76a1fb3a96877975f26b62faf

Download Submit
/root/.cache/mozilla/firefox/akc8f0h7.default-release/cache2/entries/252CE8AC445A184A1F4A1C6C6D4ADB8AE41B7776
Filesize
75KB

MD5
8129dcf52e5ca6f07f185aaaa5936ec1

SHA1
ea6cbd4f216d5d4d134827151134502387dd60c1

SHA256
e6ba135f49577344b0f625ce92797200fc442d2c947e869e3aa592ee9ddb862e

SHA512
7f5b00e1e89086f442a1a7f5efc7dcc5266aa88567e5bda01b0391a36f8554b66d1e13a4baa5a5b47be8f2688ca4209786d54f6b61aa76a55ca854d43c50a2bc

Download Submit
/root/.cache/mozilla/firefox/akc8f0h7.default-release/cache2/entries/3C9B2D192D535C347CDA9FB12BFC88FD40CF0382
Filesize
95KB

MD5
87328d4911b8710539ea0ab71eb83171

SHA1
e13a9676d28c01ccd58ef8e2544006dfa24218ce

SHA256
87bd81c3d1fd8b8396374143218691d1bcf7da52d1e584305e11d9841102a541

SHA512
1f01da3d8eb62e756bcb6a0eda36731bae2843fa65d640cbe27904c7358c84b3361cc2b82b0be18efa51e8fb1c588a1d6e18171a12678d7ab6045d41f3fb8735

Download Submit
/root/.cache/mozilla/firefox/akc8f0h7.default-release/cache2/entries/3F5BD2A3838305545BAF11838A20DDE8D3F6CABE
Filesize
9KB

MD5
907b5a54c52cb0bf95e3a8c5fcf01904

SHA1
72dec349a34f440c55bcfafca1b6a86d693f3a92

SHA256
1b77b5b34a6a96cfa060a64d75fc82bb2c2a29ff4d6feb4d54be4d9edd467798

SHA512
b9f5065cc7b2bebed124183c40896a66fd05f7a03dc7a45ee5625344aa50196108bbd3c0160b58f93d81281c57b69028614592140b4e5274d3658c770046a26b

Download Submit
/root/.cache/mozilla/firefox/akc8f0h7.default-release/cache2/entries/58FA4C93D2C2293EB9F0554BA83740A06674316F
Filesize
9KB

MD5
e461ea620b1a232601c9875b84a82cf3

SHA1
18de03277682e8997e1b9c81b1749cf29c922663

SHA256
fe0d4e4e7859a0d93ff957be0926235d371a9184a32e07b8a66c068ee39634d3

SHA512
b19d410291b1b9d0f0f96433e7199fc86ba3004a08b38956de651b419648fc5e18f3547953598a9830c8038fd94742d21a46cbe6c773c4883e5db3097773f0b0

Download Submit
/root/.cache/mozilla/firefox/akc8f0h7.default-release/cache2/entries/6762E24BB9F66A6430B9C774503510453B4EBA21
Filesize
9KB

MD5
d2cf09fcd5f0f5d989fb1b3f7a086254

SHA1
f7d47415f4e534d6fde743d3f43c8524c8667418

SHA256
192c250908b7cc681f9f3a536a2c69d55cbe851396b13dbb67703562f3597fcf

SHA512
32f89474f5924ec3e3488a72892a2a0dfcdefe3015463d5a41f3e406ea059269e6cfff74a32fdc3cf70c7d08ee9f8d4f4f73b9ec9e3eed50064fa63c380f4449

Download Submit
/root/.cache/mozilla/firefox/akc8f0h7.default-release/cache2/entries/7DB3359FF1AE28D679D8DE03A74F2C06BC18D50B
Filesize
9KB

MD5
8c8f2ec7c7b49d7d5181a89129b815d7

SHA1
691626e4a4260848531c4a162ed778e56bf23522

SHA256
a3b017a54153dd61de09d445d769ea7265320853619e07d742893f95d8b345dd

SHA512
eed1b2642c0438f822e406d45be7907c33dc1296c365dab4e26dc6c576a36476ed34fb0f10623e0394d076e0df97d215ecac1a05f5b711183194cd719503b493

Download Submit
/root/.cache/mozilla/firefox/akc8f0h7.default-release/cache2/entries/87E9A5CAE9B8160871853E3EDF072FE9E561436D
Filesize
110B

MD5
b61ef167bc372737a1d5ad9453f6027b

SHA1
7f8fd13c973041ea03475f4477ff650270a486c4

SHA256
4013719897fac8d11495fdf660a217bba5ee0e6592ddf96d1e39d5a6a2b999ec

SHA512
b2ba26fab4bdc61abde0557e09212f4c9662410b012d14da754fb5572ff250cd459c9f03b59eac03576121b984faf18ac5b92ee2df552d98d1254375532ff126

Download Submit
/root/.cache/mozilla/firefox/akc8f0h7.default-release/cache2/entries/A8743ACDA513FF27A72604EA39BAAE662138F0B9
Filesize
10KB

MD5
ccc23f9b87309af2af1453aff2440f99

SHA1
907a43e44a7c3b74e3bda8a4ad0becfe0246e72d

SHA256
010c5962cb70a6a191221f7e98dcf8de4d5b22f32e94521c348671338a8d2efb

SHA512
91ada615c15487dbc1ce45b1bf13a8b2881871c0b397fc5420b7255458089218f58325479853ccfd746f6c6023830f7a216f7c00d23285e93d404886ccb5b36a

Download Submit
/root/.cache/mozilla/firefox/akc8f0h7.default-release/cache2/entries/C72D4296C2EBC6FD41A9F780CD0C8F30F0FF937C
Filesize
13KB

MD5
486d8dd46072e9b8c72e42585e06bc2a

SHA1
a4f4e79f2652f8ff61efcc1e7fa169bbf34fb251

SHA256
ba9fd8c840b2f3868a37d558c37de04e4ada854ad0780678f296f75f7e72d4d0

SHA512
78731fb2bedba727bfe3c00b53ee5792d100b5a92ec3f6d82b28ba097c09f012ad10940154b897be3a67eba51e10fdbfb94f9763322efdde72406807e64412c9

Download Submit
/root/.cache/mozilla/firefox/akc8f0h7.default-release/cache2/entries/D154E1CD66DAEBBC055D1D367858E65F2CC266C5
Filesize
9KB

MD5
30fbce34b9d8903f0628751996e436f9

SHA1
582cef2b5ad7b494a0776da3d78611648815e9c5

SHA256
5a859394621e47cddc75bfd4bc25fb10bf1a0c0a3f4d58aa8a909af264a86eff

SHA512
5b0feb21bca7104eb7bc9764fef2040fcc2894de32ef74b6ab04556ed3e50ada34c8a938c126b1137cb524110e11cf8904889e4fe11963ad5e626e0574e01837

Download Submit
/root/.cache/mozilla/firefox/akc8f0h7.default-release/cache2/entries/D8EF12DD3F5A0B350AEDF5A0EBB7935D12C12CE3
Filesize
9KB

MD5
9223a40ff7fd7e26d67c8c45430f437c

SHA1
a0d00d54f154cef74994dcca4756579cf21066d8

SHA256
9b30ecc5708cbe9aa237f250d5c2a11e97f0a1e2e6b4622bd183994ef1cc8539

SHA512
3f35339231ca52f3f7d72e8a9e2b291c0490db2a94ef83366c6511d10c82228e86211efb9008a087b114a6cab4d962d6d6d447acd0f9709bf8b0de2d68649d7b

Download Submit
/root/.dbus/session-bus/4816dd152e8c48ff97e9117d197c13d8-0
Filesize
466B

MD5
566d6bc273f43509d23f92471c751c53

SHA1
daae506c951858cca22b2b8a3e11ba31a2aa495c

SHA256
4bc735898d36d1d9a314602a048d3523398da79e2d259a23e4ad1efdfcff73b4

SHA512
ced92cb1549ddd6d2776dca98f0536600b3c089e22fec55e0cf34480a46e0e3f56f50a407f46598656793b8bfbd56d14520d366fce0f76f9384c0edaa9669e1c

Download Submit
/root/.mozilla/firefox/Crash Reports/InstallTime20240108143603
Filesize
10B

MD5
e2bb8a265ccf6723a1d830500f0bc62b

SHA1
3f55cabfd2ed96e5335381672c06c4afafbff26d

SHA256
dfce7959305a4d85919c8a39bde0cc15f6f5e01251e10b8dc1fb226d0442a8ac

SHA512
9dba03f4e5d48fde6846d014d1059e03367c354d69471e1378338c06bbe6a34f794375e74df23b4b7107fb48675db142e71be4a33a314f1b7902efab8e182df3

Download Submit
/root/.mozilla/firefox/akc8f0h7.default-release/cert9.db
Filesize
224KB

MD5
514e02ee5f142b0de77939bf50199004

SHA1
cd446191459931e3c05a1ff14304b67f99bd854d

SHA256
741bc872087b0409bfc3cf0d5b14faf5222e61afdf0d4410164930c002f08bda

SHA512
8cd3ec830c30cf7dd4393b03ad142f84a1c2055dcca723eaa0ca71fbb831b248159d6cd1ebc5727d2fb6404ae82c45cd7dfc7472b17f72426cc12cda789f9f22

Download Submit
/root/.mozilla/firefox/akc8f0h7.default-release/compatibility.ini
Filesize
163B

MD5
2d41a6f5736821b90ef44850dd3873fe

SHA1
a47c4bc1431234a5b58e460ede5b571acd38e562

SHA256
b4bf5c8334f6db20ae94105141ae7a721342ddccd94ec65289dc291e76a31814

SHA512
047a1455211e7aa29ef5f32f07c89d8a0c8d86d871bc664e4d8958a2a014dbe32f0613cd9eb66e7307c0e2439f74ca0b829652a52fa48e8c60d64b41f69914eb

Download Submit
/root/.mozilla/firefox/akc8f0h7.default-release/content-prefs.sqlite
Filesize
256KB

MD5
4d0986c1aae43177b7c80b67d05bc787

SHA1
8b9b91959e197f43288a7cf300c179143463f3d8

SHA256
d2c2233f1033bd7ed263755bd51d61ec2d592ad1b8589f785295adfdf0b0cfa0

SHA512
99864a128f4528815142b83f4e6d2348deab834a98e2b730d54e62028d62cc7ee802cf715a98061071049f851d56a953f7bc067c2f573db595b8fcf5988f3e1b

Download Submit
/root/.mozilla/firefox/akc8f0h7.default-release/cookies.sqlite
Filesize
96KB

MD5
26ff39b359947b71a5fadd950fac34f0

SHA1
66e5830e4dca79225f41adc13a077d8e5dd8084b

SHA256
aecbaf3e1df1332d4f14a11480db712eb4aa91581eb4e942c580bf675f592a45

SHA512
7fae7b9ff4362e12f00acdc898f6f679718bdd28dc959684333086de7bacd162338dc266810f9f3f6dfa3dc228291efd6bb325e2e8573ca0e6a699059a145f11

Download Submit
/root/.mozilla/firefox/akc8f0h7.default-release/cookies.sqlite
Filesize
96KB

MD5
102a8b6e82208a1b69224bdca8a5b10f

SHA1
8413dc3772127c4159e6d6b51372990a06b805ee

SHA256
5ebf89b32937916a76a8432832040cf0f6b99c2f006cc42f856712d403ec182c

SHA512
49c5c27c6749a7a73b4b944eea64ceb053a272619e6319bfd433ffbe126c8fbccc110961018165a4c7de781a86cf38d2bd9e52ec71b10bc73c9fd05fe841a46c

Download Submit
/root/.mozilla/firefox/akc8f0h7.default-release/favicons.sqlite
Filesize
224KB

MD5
aff3f84fda6516b87050f171d68531ea

SHA1
6b82d182412601c057bfc591cc6b9a8932c84c73

SHA256
5203714a71df85f81969a193cac50befa4b1e70841b9b2d3ea348d3b99657172

SHA512
aacbaa66d86f8b3f299cead818a0883bb900588da822148b4ac7543a0fa4ee399c14a69534ae55bfd0e7b18630b93f04e0e0174b7d586e0d536c20760b5d65d8

Download Submit
/root/.mozilla/firefox/akc8f0h7.default-release/key4.db
Filesize
288KB

MD5
0aa3289fcccd49abab1ccf2097b488c2

SHA1
99602d3a6a8975121d2fc77ca5e2ea02a414d2a0

SHA256
7372be5f51ffefb45d108bdbc736213b34d7c2ccc30cd30827b62fc2001051ce

SHA512
927f5f2de191953094a87f2bf79f1349f83d7115d46b4c50ecdafda1763e8ac435e9933aeadc5a46de1d5e7217f98ff07953192308a81aac2f33d8f153d864e3

Download Submit
/root/.mozilla/firefox/akc8f0h7.default-release/permissions.sqlite
Filesize
96KB

MD5
a5e5f5933046e8b41084a2f032a8d18d

SHA1
bcb0531327a9365decbe69666afef7d2d5fd70a6

SHA256
05031885f4fe9cf6c3b0562e5cf7302452b809cdd33f02e7f396f173f785293b

SHA512
6ebb1c2904fcb851541cf08448336330bd2e3d482a8f34cb3f7c68a88c9e591d268b03c112816e3807abee087f719336cd0c183e54f937bad5d4b4fcac54c310

Download Submit
/root/.mozilla/firefox/akc8f0h7.default-release/places.sqlite
Filesize
1.4MB

MD5
d063409cd794083ce232a534c649e7d9

SHA1
87b72754a85ac7b5ce9cb7357301fca0083599c5

SHA256
ef35fe04b25a6769b83dbc72c70c75f5f3b0ac5077498c20d534698c033765f6

SHA512
fec97118a67f797d9ec1015543efcc92eb19420cf148d21c2c5dd7e0e5f3d54c33305a736f56764018a01a14e864e8bb0813186ed2238529ad7a7766b42d4bd3

Download Submit
/root/.mozilla/firefox/akc8f0h7.default-release/prefs-1.js
Filesize
7KB

MD5
6b92130d9b44c0f36cd713a9ad20043a

SHA1
fb3b4639dd410d5edb726f978dadfa19aecbd517

SHA256
a026525a0bb5727bdd917d894f4f0c969c26a5b74bf2cb15e70b6e0f5b33deed

SHA512
698449d931bc1e4d646f6135bc55a65ab2bd97f9fe17e113e9224f14163d37a7be84e9ba41f4d8f03ef73c2aac5d88bb614d27afe103ef81e2ff48271bbe36aa

Download Submit
/root/.mozilla/firefox/akc8f0h7.default-release/prefs-1.js
Filesize
1KB

MD5
bea51179cbf439150657db6b3a41bc0a

SHA1
b7c7ce019ef3f3009a4926a97c78e3e5615b36ea

SHA256
b0c30abc56666f19d9b7113a77b0f8dc664d28485806b9ee15ca59cce008dcf9

SHA512
f6f68bb9f3c138fb9bed732afb601694ca7462b049353a8b430ba74973c3664b76b084de0d2d5bf461e0cc0e4ace08e83d5c26a28432ec5c0289f92fda7acb52

Download Submit
/root/.mozilla/firefox/akc8f0h7.default-release/prefs-1.js
Filesize
1KB

MD5
ee5f4fe6b718c82afa9e26c4f6096036

SHA1
75f7dacded78e1d88941c7ccf13f534eb0758477

SHA256
a2542af4dfc4649e2710dbd4263722fa103ea50b5b19731cd753f3a7a9412c6f

SHA512
67a1a2effc808ce97f82204f75ab6e541a0b8605d5affd76db681883946aaa5129f597cf589a5c404493468f1e06ec7ef276da90636e58ed5dea4ae71478dab7

Download Submit
/root/.mozilla/firefox/akc8f0h7.default-release/prefs-1.js
Filesize
2KB

MD5
ea02407c8293e3cf439b9b73bb9608fc

SHA1
56c93cd352bc5e3cfba61962e5532534f60d6bdf

SHA256
5708ec7b155e8e5cd4bbe4be71d14d4b06544a128efd76d3cb24a12589c81bc4

SHA512
2133331f1f90620838d92eda833276c1568af516b12977c23ca77662d65e9586969ccc78c149eca4fb45033de98fbb4c1a661f9d96a1e395141b8e7910e7a94d

Download Submit
/root/.mozilla/firefox/akc8f0h7.default-release/prefs-1.js
Filesize
2KB

MD5
7508b432eb46d17ccbdfc214dab6d578

SHA1
cdf26f7b092a6e047c323ef47db4accd7033f4a6

SHA256
52322d5747d36753aee34048364c6e20e7baf54ddc98be0a018c4f9ad1ba713d

SHA512
cd4a09f0768a8768ed52c45e7e9d47510a97ffa2a954c01334faf862c3010c9bc9b026803662d22087ca484295fe02276dcede4564467e929f3311174a6ffce0

Download Submit
/root/.mozilla/firefox/akc8f0h7.default-release/prefs-1.js
Filesize
4KB

MD5
b1408ac6e324ee0f89ad2eda3dd36b0e

SHA1
100b3d368ba67c3a71f6984228b9283531bf2542

SHA256
db5c149852bb02982336475b720bf5d4100c98d08a2769140bcae9e619f90e82

SHA512
ebe5b8cc7b75285bc58bc634349cecf2b109ee2fb4a2840961aee0fe4bd2ce9ca7e8cf896d66c9f5e8b5ce135fd061b819ad15984e33dc7c91dda1c8a4f6affb

Download Submit
/root/.mozilla/firefox/akc8f0h7.default-release/prefs.js
Filesize
776B

MD5
da70740695c5be1ab59c6d29cf7ba99f

SHA1
8fe686827404a3b8a665545d643b092f86d762a8

SHA256
938c19d79c175a667617684934fa6aafe212cdd1195e4fbc1c6de36c5f312e8d

SHA512
73236e071c2723bba84320a42e6d934450b09715eb0cceb1bdb1135934ed5578b1cdc8a175bf9a18fb81d834631c2a974cd4d6e29f15eab2886affc0b7e21054

Download Submit
/root/.mozilla/firefox/akc8f0h7.default-release/storage/ls-archive.sqlite
Filesize
96KB

MD5
e1121e3dd3c8a9c384f879bdddcff219

SHA1
625f25a1a5ff8527ab3105636fa7aecb9affd234

SHA256
766b9f50254b4e5526b0cde2911512956262596d8937f8630805d3c70802a066

SHA512
03e1cee2e75b2b609b8344a40995de09de837e940d2012f2fea65d9c70eecbcd3345b66b852f32211b38b06a4370f06f02ca7521e29e7113e2e12a6a7752be31

Download Submit
/root/.mozilla/firefox/akc8f0h7.default-release/storage/ls-archive.sqlite
Filesize
128KB

MD5
0d2b18bbf091633c4fe1ebdd197dfa15

SHA1
c150dc37042d92d30efed6cbc1b536eb66ec1a3e

SHA256
fe63ee867e0f229a0bcc48b771afeec394c362ac6d0c2bd6907c7202097bd228

SHA512
59d202bfaf236bdcfc05a3e148a773d15a3bdff23be26fb2cbfd059fee6c4a516c7a59de0a3bc97df1419c34464e1346354979ddda1062101121522f22d8156d

Download Submit
/root/.mozilla/firefox/akc8f0h7.default-release/storage/permanent/chrome/.metadata-v2-tmp
Filesize
36B

MD5
2d62fc0973e3aecdc1b8ed22f17eaa04

SHA1
7b660c3736a90a98ae498acfe5d325d1746c1d44

SHA256
0d706b6de05b7dbf2b89fb95f9e838024f914899bb8d61a584f3fce6e391e457

SHA512
e18a2ba5cb9df7ee09f8e093b4bed0f2e6394c3c4bac67ec66947b532872d1d9a5cdfc379bbaf71a29018332fac58d6a8ecbe6d2347bc54b4ccf5f30f03369ef

Download Submit
/root/.mozilla/firefox/akc8f0h7.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite
Filesize
44KB

MD5
488403dd59d861961dbf2e5317cc6e55

SHA1
bcb13cf819bdc370762237a075f14a9be0728a50

SHA256
8645149962df6c816291521b6cb45e9acf79da6bdc3a727ba00c71eb720de4ef

SHA512
4e60bc58fdc1ffe3662b83fc9af3e0ec5af90eeb25da8e60a70717e3588676e135f6cc5a8d57a37c2cd2ce3a3661e665e2688d00799dd834945d5f0964750805

Download Submit
/root/.mozilla/firefox/akc8f0h7.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite
Filesize
12KB

MD5
e60b5313fc4ec92d50befeaf4c62e938

SHA1
ac2cc0d82f337479a1052a8fbf9446ae71dc1ce0

SHA256
5e52e5796628d38bf7bbd7b7f95e41616edd3fccc496e04466ecfa9c76bdec04

SHA512
7c1d8095fb8e99f013f7d89af9c35fd60bc5f2e002b174952e1f3340f513fdd6beb0af61ce43b50000c87f1c7b5dde131f304ffeb75c491aa88dbf6a27196272

Download Submit
/root/.mozilla/firefox/akc8f0h7.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite
Filesize
44KB

MD5
f1cd629017b1fe58fc80953ebd4754b6

SHA1
01e02178484458797c2b682325b26b2633fe8466

SHA256
81bf3da297b9ee8270bea383d9479cd7951e35f552361230358e3a35e1f44567

SHA512
afb775074af046014236a312865a1811de3bfb97f8df057541401867140fcc236259ab237712a7d3bc012ff84cf90330e4e122374cd09c194c4c145f575fb95a

Download Submit
/root/.mozilla/firefox/akc8f0h7.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite
Filesize
12KB

MD5
96d0e6ed6dfd858f34f2cdf7306a4e9d

SHA1
75f66611217561ac547d0cc365cf6a15621e4ac4

SHA256
8a867ebd85b3573baeecfac36e9a9bf0b7dcef7cc0efa75df0357729d45cac2e

SHA512
1e421603e9dc8e3f74e411d90bcfb4fc3d6d1797f6770c176ab5b90001fc0fe46a55572cfe02d3849754bbe380f6dbe807187ebb869c91a755982156d8a78d8e

Download Submit
/root/.mozilla/firefox/akc8f0h7.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite
Filesize
44KB

MD5
1ea539584c41fd171d307fb9e740d499

SHA1
de3d1a3d6a0173bcd30c89f148cd732d0ae614eb

SHA256
aaa3461e12a1343eb5803894e1ef6894014b75b26ef264f29ece30b1cea3aa83

SHA512
22b145864127c0f223522016c6ba0a67e06a36aeba135e546f4d77000f436d5060064eb988b7aafdb451e39f70d0afd20313d15507dd531234ac25d60e9d935c

Download Submit
/root/.mozilla/firefox/akc8f0h7.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite
Filesize
12KB

MD5
403f62fccf2cd9a388422102063f4020

SHA1
1caff99198da7c0ba16799778f54377e4d425660

SHA256
30f0c83db559b3a1cea3541893c67d0a1bd89356825b9263b7424fa28a8e2444

SHA512
252bff37a18fd2e776b4f52b0806afd1ebc56711682566fc94848a2e9c249ddf61733ed4eca72932a216c2f69f8ced5b08ff9b4439b05003a7876ab7b81af4f4

Download Submit
/root/.mozilla/firefox/akc8f0h7.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
Filesize
44KB

MD5
225fe36c4bb990de9670b27368d655a2

SHA1
1dc382bec9af9b4bd0308dea1908ab6933834828

SHA256
2185235a458ef8924a1370bb956dd1d65d1f7bbffda08289275e072b65d5d1db

SHA512
11eb31a930a336c13869b0d385df555d7fba32ecea26bf513398dca2a35439643b0896a94c4696ffb439eef18b7f85982155dd12beddef784fe4ed1e86d2d1c2

Download Submit
/root/.mozilla/firefox/akc8f0h7.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
Filesize
12KB

MD5
f5a959245ad9fcb34d3a04882a2462ec

SHA1
69ddb8f41e817517c5b7ce872a9dc2fc0b4dd886

SHA256
6a53a45ce1e4cd73cc28041bd46973a504a20f0b9bb572c684e7c083c83eaa25

SHA512
68abac54eb2cae1a6d90729388e6ef7074135e081de636e57c62157820436cbef39557cb2c6a50785ac78675f7ab261bea72717671c346a36891988effb3f88d

Download Submit
/root/.mozilla/firefox/akc8f0h7.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
Filesize
156KB

MD5
8b4d1a288c6fa278842d5b799bf99106

SHA1
9450483fafa572007d3c74d8e97ab055590241aa

SHA256
400c41411fe559a8fe8875689528295a7cab6201271ef50d1d64cdd3b2a2592b

SHA512
6bc2a6a0905546d7f779338691e68dd44c8d044b168d261fa38ea84d1c1208c09c6e704ad360193b4cf230e2ef23e133e0e135d5c2813a328b4549c112207bcc

Download Submit
/root/.mozilla/firefox/akc8f0h7.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
Filesize
116KB

MD5
bbe9e4471c97fb1b270eb793922a00e8

SHA1
a1da47669a2b512be64ba97e8bbd587887d2c24f

SHA256
dedbbbca17668696789b6525ec93fadbb5731e96df326c7d84ce355fe0ca1bac

SHA512
1df28b24c05bd0931c3fab72bf6283d4a4df4253bd28060bf9abaf8fa0b9fd91e7790c28d7972287ac82a1bf04eecd3fab8acdaa26dfd394b3493280c7474f1d

Download Submit
/root/.mozilla/firefox/akc8f0h7.default-release/times.json
Filesize
50B

MD5
68e6f729e6bba1eef4d15fb7a16b57cc

SHA1
3cfb80270d639fad45b0e7c7b4e51826fa95bc58

SHA256
09713267065cb142fe601ca90cd05506cf29c5e19e1254e167a9dc01c4402e6a

SHA512
421d0edc825478b7d06d4af14ff40a2c08474fc42711f7c5a86d37f2da70c710ad2dfdea652be7b764948acc1c0fd5485c2b9b148ffe5de5a9760a45580e499c

Download Submit
/root/.mozilla/firefox/akc8f0h7.default-release/times.json
Filesize
47B

MD5
fabf9252ea3be3ff5a20a1efe52b9ac0

SHA1
3e8b17308713493f60a14e847c3d0666fd3e03f4

SHA256
50be15cd76157bd3acfb733dd4ef1cce7b63cac764e57daa76e5d973762c5703

SHA512
a544ea3a922cc76a55f2aa9e86b3f8728c2e498da3f3ab6f7ec07b5256da3a4a285448714aada028fc9bf33ac78d4c981603a9205e5d24e7eecc9a492f144c3c

Download Submit
/root/.mozilla/firefox/installs.ini
Filesize
62B

MD5
81b685f0c558b7a8a33a0b9ed6dd952f

SHA1
714ef90a997adbd17379726fde81c671e4077852

SHA256
034f33f2e5852a0a909978cffba7a6e7eb062d12a002754a1c4a46898e163e4f

SHA512
34d7a14750c4b9820bf861a73fef072473f44255392d7b839277930b83c4a8ac70432aaaac2dfc6bd6712b6c6baf83c226f82ddf047bbbc6187c5fd95090655d

Download Submit
/root/.mozilla/firefox/profiles.ini
Filesize
259B

MD5
e87252f18220afcabc9200fb78a14f95

SHA1
6093ba117e222cd9a4db38c552511def11f7f969

SHA256
517f779c5448b93a9b36a9e4656d4630129104b52bbd49e6f66d929cecc5285a

SHA512
ce985a343591cfcb4ffa45fd47065906fad532f5ca2f117347244cc397137b2176293e1707eea0870efb96c8d46e0ea86bb52f708ff5acba3c7ad8c288d59618

Download Submit
/root/.mozilla/firefox/y14hea48.default/times.json
Filesize
47B

MD5
2bf2a718c36192760e33e82ff932e6f2

SHA1
15a3e35c5a7a419c32d17ef24ca6577d7e3531fd

SHA256
7bebd2866fa65cd35f017b4950fa58e92aab5958f86540cd552fbf2f70afd951

SHA512
affca3fa7517ac5612c23902bd3a9a1f00ab04a65094a012d2dd4a2861e53d25cc4fceed5c0beb121dd8dc71e9d8928c5e0e421476decd5e2283fdebae0a59f5

Download Submit
/root/Downloads/ZtQYCgbY.zip.part
Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit