hxxps://www[.]1337x[.]to/torrent/1306606/Left-4-Dead-2-v2-1-4-0-AutoUpdate-Multilanguage-No-Steam-OrangeBox/

Analysis

max time kernel
30s
max time network
34s
platform
ubuntu-20.04_amd64
resource
ubuntu2004-amd64-20240221-en
resource tags

arch:amd64arch:i386image:ubuntu2004-amd64-20240221-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system
submitted
18-04-2024 13:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.1337x.to/torrent/1306606/Left-4-Dead-2-v2-1-4-0-AutoUpdate-Multilanguage-No-Steam-OrangeBox/

Score

7^/10

spyware stealer

Malware Config

Signatures

Changes its process name 64 IoCs

Processes:

firefox

description	ioc	pid
Changes the process name, possibly in an attempt to hide itself	gmain	1802
Changes the process name, possibly in an attempt to hide itself	gdbus	1807
Changes the process name, possibly in an attempt to hide itself	glean.dispatche	1811
Changes the process name, possibly in an attempt to hide itself	IPC I/O Parent	1813
Changes the process name, possibly in an attempt to hide itself	IPC I/O Parent	1813
Changes the process name, possibly in an attempt to hide itself	IPC I/O Parent	1813
Changes the process name, possibly in an attempt to hide itself	Backgro~Pool #1	2014
Changes the process name, possibly in an attempt to hide itself	Socket Thread	2012
Changes the process name, possibly in an attempt to hide itself	IPDL Background	2013
Changes the process name, possibly in an attempt to hide itself	Backgro~Pool #1	2014
Changes the process name, possibly in an attempt to hide itself	Socket Thread	2012
Changes the process name, possibly in an attempt to hide itself	IPDL Background	2013
Changes the process name, possibly in an attempt to hide itself	Timer	2010
Changes the process name, possibly in an attempt to hide itself	Netlink Monitor	2011
Changes the process name, possibly in an attempt to hide itself	Timer	2010
Changes the process name, possibly in an attempt to hide itself	Netlink Monitor	2011
Changes the process name, possibly in an attempt to hide itself	HTML5 Parser	2015
Changes the process name, possibly in an attempt to hide itself	HTML5 Parser	2015
Changes the process name, possibly in an attempt to hide itself	pool-firefox	2017
Changes the process name, possibly in an attempt to hide itself	pool-firefox	2016
Changes the process name, possibly in an attempt to hide itself	JS Watchdog	2019
Changes the process name, possibly in an attempt to hide itself	JS Watchdog	2019
Changes the process name, possibly in an attempt to hide itself	BGReadURLs	2021
Changes the process name, possibly in an attempt to hide itself	BGReadURLs	2021
Changes the process name, possibly in an attempt to hide itself	glxtest:disk$0	2022
Changes the process name, possibly in an attempt to hide itself	Cache2 I/O	2023
Changes the process name, possibly in an attempt to hide itself	Cookie	2024
Changes the process name, possibly in an attempt to hide itself	Cookie	2024
Changes the process name, possibly in an attempt to hide itself	StreamTrans #1	2025
Changes the process name, possibly in an attempt to hide itself	StreamTrans #1	2025
Changes the process name, possibly in an attempt to hide itself	TaskCon~ller #1	2027
Changes the process name, possibly in an attempt to hide itself	TaskCon~ller #0	2026
Changes the process name, possibly in an attempt to hide itself	BgIOThr~Pool #1	2028
Changes the process name, possibly in an attempt to hide itself	BgIOThr~Pool #1	2028
Changes the process name, possibly in an attempt to hide itself	StreamTrans #2	2029
Changes the process name, possibly in an attempt to hide itself	StreamTrans #2	2029
Changes the process name, possibly in an attempt to hide itself	StreamTrans #4	2031
Changes the process name, possibly in an attempt to hide itself	StreamTrans #4	2031
Changes the process name, possibly in an attempt to hide itself	StreamTrans #5	2032
Changes the process name, possibly in an attempt to hide itself	StreamTrans #3	2030
Changes the process name, possibly in an attempt to hide itself	StreamTrans #5	2032
Changes the process name, possibly in an attempt to hide itself	StreamTrans #3	2030
Changes the process name, possibly in an attempt to hide itself	StreamTrans #6	2033
Changes the process name, possibly in an attempt to hide itself	StreamTrans #6	2033
Changes the process name, possibly in an attempt to hide itself	QuotaManager IO	2034
Changes the process name, possibly in an attempt to hide itself	QuotaManager IO	2034
Changes the process name, possibly in an attempt to hide itself	IndexedDB #1	2073
Changes the process name, possibly in an attempt to hide itself	IndexedDB #1	2073
Changes the process name, possibly in an attempt to hide itself	IPC Launch	2076
Changes the process name, possibly in an attempt to hide itself	IPC Launch	2076
Changes the process name, possibly in an attempt to hide itself	SandboxReporter	2075
Changes the process name, possibly in an attempt to hide itself	SandboxReporter	2075
Changes the process name, possibly in an attempt to hide itself	Breakpad Server	2074
Changes the process name, possibly in an attempt to hide itself	Sandbox Forked	2077
Changes the process name, possibly in an attempt to hide itself	DOM Worker	2078
Changes the process name, possibly in an attempt to hide itself	DOM Worker	2078
Changes the process name, possibly in an attempt to hide itself	Chroot Helper	2079
Changes the process name, possibly in an attempt to hide itself	MainThread	2077	firefox
Changes the process name, possibly in an attempt to hide itself	IPC I/O Child	2081
Changes the process name, possibly in an attempt to hide itself	IPC I/O Child	2081
Changes the process name, possibly in an attempt to hide itself	IPC I/O Child	2081
Changes the process name, possibly in an attempt to hide itself	Socket Process	2077	firefox
Changes the process name, possibly in an attempt to hide itself	Backgro~Pool #1	2082
Changes the process name, possibly in an attempt to hide itself	Backgro~Pool #1	2082

Reads user data of web browsers 50 IoCs

Reads stored browser data which can include saved credentials.

spyware stealer

Processes:

firefox

description	ioc
File opened for reading	/root/.mozilla/firefox/f2f5cfbk.default-release
File opened for reading	/root/.mozilla/firefox/f2f5cfbk.default-release/key4.db
File opened for reading	/root/.mozilla/firefox/f2f5cfbk.default-release/system-extensions	firefox
File opened for reading	/root/.mozilla/firefox/f2f5cfbk.default-release/permissions.sqlite
File opened for reading	/root/.mozilla/firefox/f2f5cfbk.default-release/key4.db	firefox
File opened for reading	/root/.mozilla/firefox/f2f5cfbk.default-release/sessionstore-backups/recovery.js
File opened for reading	/root/.mozilla/firefox/f2f5cfbk.default-release/storage/ls-archive.sqlite
File opened for reading	/root/.mozilla/firefox/f2f5cfbk.default-release/pkcs11.txt	firefox
File opened for reading	/root/.mozilla/firefox/f2f5cfbk.default-release/storage/ls-archive.sqlite-journal
File opened for reading	/root/.mozilla/firefox/f2f5cfbk.default-release/storage/permanent/chrome
File opened for reading	/root/.mozilla/firefox/f2f5cfbk.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-journal
File opened for reading	/root/.mozilla/firefox/f2f5cfbk.default-release/sessionstore-backups/previous.jsonlz4
File opened for reading	/root/.mozilla/firefox/f2f5cfbk.default-release/addonStartup.json.lz4	firefox
File opened for reading	/root/.mozilla/firefox/f2f5cfbk.default-release/cert9.db-journal
File opened for reading	/root/.mozilla/firefox/f2f5cfbk.default-release/cert9.db	firefox
File opened for reading	/root/.mozilla/firefox/f2f5cfbk.default-release/key4.db-journal	firefox
File opened for reading	/root/.mozilla/firefox/f2f5cfbk.default-release/cert_override.txt	firefox
File opened for reading	/root/.mozilla/firefox/f2f5cfbk.default-release/sessionstore.js
File opened for reading	/root/.mozilla/firefox/f2f5cfbk.default-release/xulstore.json	firefox
File opened for reading	/root/.mozilla/firefox/f2f5cfbk.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite-journal
File opened for reading	/root/.mozilla/firefox/f2f5cfbk.default-release/sessionstore-backups/recovery.jsonlz4
File opened for reading	/root/.mozilla/firefox/f2f5cfbk.default-release/times.json
File opened for reading	/root/.mozilla/firefox/f2f5cfbk.default-release/permissions.sqlite-journal
File opened for reading	/root/.mozilla/firefox/f2f5cfbk.default-release/sessionstore-backups/previous.js
File opened for reading	/root/.mozilla/firefox/f2f5cfbk.default-release/extension-preferences.json
File opened for reading	/root/.mozilla/firefox/f2f5cfbk.default-release/cookies.sqlite	firefox
File opened for reading	/root/.mozilla/firefox/f2f5cfbk.default-release/prefs.js	firefox
File opened for reading	/root/.mozilla/firefox/f2f5cfbk.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite-wal
File opened for reading	/root/.mozilla/firefox/f2f5cfbk.default-release/storage
File opened for reading	/root/.mozilla/firefox/f2f5cfbk.default-release/storage/permanent/chrome/idb
File opened for reading	/root/.mozilla/firefox/f2f5cfbk.default-release	firefox
File opened for reading	/root/.mozilla/firefox/f2f5cfbk.default-release/sessionstore-backups/recovery.baklz4
File opened for reading	/root/.mozilla/firefox/f2f5cfbk.default-release/cert9.db
File opened for reading	/root/.mozilla/firefox/f2f5cfbk.default-release/sessionstore-backups/recovery.bak
File opened for reading	/root/.mozilla/firefox/f2f5cfbk.default-release/cookies.sqlite
File opened for reading	/root/.mozilla/firefox/f2f5cfbk.default-release/cookies.sqlite-journal
File opened for reading	/root/.mozilla/firefox/f2f5cfbk.default-release/storage.sqlite
File opened for reading	/root/.mozilla/firefox/f2f5cfbk.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
File opened for reading	/root/.mozilla/firefox/f2f5cfbk.default-release/cert9.db-journal	firefox
File opened for reading	/root/.mozilla/firefox/f2f5cfbk.default-release/storage.sqlite-journal
File opened for reading	/root/.mozilla/firefox/f2f5cfbk.default-release/cookies.sqlite-journal	firefox
File opened for reading	/root/.mozilla/firefox/f2f5cfbk.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite
File opened for reading	/root/.mozilla/firefox/f2f5cfbk.default-release/compatibility.ini	firefox
File opened for reading	/root/.mozilla/firefox/f2f5cfbk.default-release/user.js	firefox
File opened for reading	/root/.mozilla/firefox/f2f5cfbk.default-release/extensions.json
File opened for reading	/root/.mozilla/firefox/f2f5cfbk.default-release/extensions	firefox
File opened for reading	/root/.mozilla/firefox/f2f5cfbk.default-release/handlers.json	firefox
File opened for reading	/root/.mozilla/firefox/f2f5cfbk.default-release/addons.json
File opened for reading	/root/.mozilla/firefox/f2f5cfbk.default-release/sessionCheckpoints.json
File opened for reading	/root/.mozilla/firefox/f2f5cfbk.default-release/sessionstore.jsonlz4

Reads CPU attributes 1 TTPs 4 IoCs

System Information Discovery

T1082

Processes:

firefoxfirefoxfirefox

description	ioc	process
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/present	firefox

Enumerates kernel/hardware configuration 1 TTPs 58 IoCs

Reads contents of /sys virtual filesystem to enumerate system information.

System Information Discovery

T1082

Processes:

glxtestdbus-daemonfirefoxfirefoxfirefox

description	ioc	process
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/irq	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/device	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/vendor	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/vendor	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/device	glxtest
File opened for reading	/sys/devices/system/cpu	glxtest
File opened for reading	/sys/kernel/security/apparmor/features/dbus/mask	dbus-daemon
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/irq	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/class	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/irq	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/vendor	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/irq	glxtest
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/device	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/class	glxtest
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/uevent	glxtest
File opened for reading	/sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us	firefox
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/subsystem_device	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/resource	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/class	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/irq	glxtest
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/subsystem_vendor	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/irq	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/device	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/resource	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/class	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/device	glxtest
File opened for reading	/sys/bus/pci/devices	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/resource	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/class	glxtest
File opened for reading	/sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/vendor	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/resource	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/irq	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/vendor	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/device	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/resource	glxtest
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/device	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/class	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/resource	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/vendor	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/irq	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/vendor	glxtest
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/vendor	glxtest
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/resource	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/class	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/resource	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/irq	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/vendor	glxtest
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/device	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/class	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/vendor	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/device	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/class	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/device	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/resource	glxtest

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

Processes:

dbus-daemonsedsedfirefoxxdg-desktop-portal-gtkxdg-permission-storegvfsd-trashdconf-servicefirefoxxdg-document-portalnautilusfirefoxsedgvfsd-fusesedgvfsdsed

description	ioc
File opened for reading	/proc/2143/cmdline
File opened for reading	/proc/2146/cmdline
File opened for reading	/proc/filesystems	dbus-daemon
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/self/fd/40	firefox
File opened for reading	/proc/2105/cmdline
File opened for reading	/proc/2138/cmdline
File opened for reading	/proc/mounts	dbus-daemon
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/self/mountinfo
File opened for reading	/proc/self/fd/43	firefox
File opened for reading	/proc/filesystems	xdg-desktop-portal-gtk
File opened for reading	/proc/self/fd/48	firefox
File opened for reading	/proc/self/fd/51	firefox
File opened for reading	/proc/filesystems	xdg-permission-store
File opened for reading	/proc/filesystems	gvfsd-trash
File opened for reading	/proc/self/fd/30	firefox
File opened for reading	/proc/self/fd/46	firefox
File opened for reading	/proc/self/fd/47	firefox
File opened for reading	/proc/cmdline	dconf-service
File opened for reading	/proc/self/cgroup	firefox
File opened for reading	/proc/self/fd/49	firefox
File opened for reading	/proc/self/cgroup	firefox
File opened for reading	/proc/filesystems	xdg-document-portal
File opened for reading	/proc/filesystems	nautilus
File opened for reading	/proc/self/fd/44	firefox
File opened for reading	/proc/self/task/2080/stat
File opened for reading	/proc/2100/cmdline
File opened for reading	/proc/self/mountinfo	firefox
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/self/fd/36	firefox
File opened for reading	/proc/1490/status
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/self/fd/32	firefox
File opened for reading	/proc/self/fd/52	firefox
File opened for reading	/proc/2128/cmdline
File opened for reading	/proc/self/fd/50	firefox
File opened for reading	/proc/self/fd/10	firefox
File opened for reading	/proc/2109/cmdline
File opened for reading	/proc/filesystems	gvfsd-fuse
File opened for reading	/proc/1490/attr/current
File opened for reading	/proc/1509/cmdline
File opened for reading	/proc/self/stat
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/2123/cmdline
File opened for reading	/proc/self/task/2199/stat
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/self/fd/42	firefox
File opened for reading	/proc/filesystems	dconf-service
File opened for reading	/proc/self/mountinfo	firefox
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/self/fd/45	firefox
File opened for reading	/proc/self/mountinfo	gvfsd-trash
File opened for reading	/proc/self/fd/75	firefox
File opened for reading	/proc/sys/kernel/cap_last_cap
File opened for reading	/proc/self/task/1577/stat
File opened for reading	/proc/filesystems	gvfsd
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/2119/cmdline
File opened for reading	/proc/self/fd
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/1575/cmdline

Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.

Processes:

firefox

description ioc process

File opened for modification /tmp/firefox/.parentlock firefox

description	ioc	process
File opened for modification	/tmp/firefox/.parentlock	firefox

/usr/bin/xdg-open
xdg-open https://www.1337x.to/torrent/1306606/Left-4-Dead-2-v2-1-4-0-AutoUpdate-Multilanguage-No-Steam-OrangeBox/
1⤵
PID:1444

/usr/bin/dbus-send
dbus-send --print-reply "--dest=org.freedesktop.DBus" /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager
2⤵
PID:1447

/usr/bin/dbus-launch
dbus-launch --autolaunch 4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr
3⤵
PID:1449

/usr/bin/grep
grep " = \\\"xfce4\\\"\$"
2⤵
PID:1494

/usr/bin/xprop
xprop -root _DT_SAVE_MODE
2⤵
PID:1493

/usr/bin/grep
grep -i "^xfce_desktop_window"
2⤵
PID:1497

/usr/bin/xprop
xprop -root
2⤵
PID:1496

/usr/bin/grep
grep -q "^Enlightenment"
2⤵
PID:1499

/usr/bin/uname
uname
2⤵
PID:1500

/usr/bin/grep
grep -q "^file://"
2⤵
PID:1502

/usr/bin/egrep
egrep -q "^[[:alpha:]+\\.\\-]+:"
2⤵
PID:1504

/usr/local/sbin/grep
grep -E -q "^[[:alpha:]+\\.\\-]+:"
2⤵
PID:1504

/usr/local/bin/grep
grep -E -q "^[[:alpha:]+\\.\\-]+:"
2⤵
PID:1504

/usr/sbin/grep
grep -E -q "^[[:alpha:]+\\.\\-]+:"
2⤵
PID:1504

/usr/bin/grep
grep -E -q "^[[:alpha:]+\\.\\-]+:"
2⤵
PID:1504

/usr/bin/xdg-mime
xdg-mime query default x-scheme-handler/https
2⤵
PID:1508

/usr/bin/dbus-send
dbus-send --print-reply "--dest=org.freedesktop.DBus" /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager
3⤵
PID:1509

/usr/bin/dbus-launch
dbus-launch --autolaunch 4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr
4⤵
PID:1510

/usr/bin/grep
grep " = \\\"xfce4\\\"\$"
3⤵
PID:1512

/usr/bin/xprop
xprop -root _DT_SAVE_MODE
3⤵
PID:1511

/usr/bin/grep
grep -i "^xfce_desktop_window"
3⤵
PID:1514

/usr/bin/xprop
xprop -root
3⤵
PID:1513

/usr/bin/grep
grep -q "^Enlightenment"
3⤵
PID:1516

/usr/bin/uname
uname
3⤵
PID:1517

/usr/bin/which
which firefox
2⤵
PID:1560

/usr/bin/firefox
/usr/bin/firefox https://www.1337x.to/torrent/1306606/Left-4-Dead-2-v2-1-4-0-AutoUpdate-Multilanguage-No-Steam-OrangeBox/
2⤵
PID:1575

/usr/bin/which
which /usr/bin/firefox
3⤵
PID:1576

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox https://www.1337x.to/torrent/1306606/Left-4-Dead-2-v2-1-4-0-AutoUpdate-Multilanguage-No-Steam-OrangeBox/
2⤵
- Reads user data of web browsers
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
- Writes file to tmp directory
PID:1575

/usr/local/sbin/dbus-launch
dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
3⤵
PID:1804

/usr/local/bin/dbus-launch
dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
3⤵
PID:1804

/usr/sbin/dbus-launch
dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
3⤵
PID:1804

/usr/bin/dbus-launch
dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
3⤵
PID:1804

/usr/lib/firefox/glxtest
/usr/lib/firefox/glxtest -f 13
3⤵
- Enumerates kernel/hardware configuration
PID:1812

/usr/local/sbin/dbus-launch
dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
3⤵
PID:2088

/usr/local/bin/dbus-launch
dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
3⤵
PID:2088

/usr/sbin/dbus-launch
dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
3⤵
PID:2088

/usr/bin/dbus-launch
dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
3⤵
PID:2088

/usr/bin/dbus-daemon
/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session
1⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1473

/usr/bin/sed
sed -n "s/\$^[[:alnum:]+\\.-]*\$:.*\$/\\1/p"
1⤵
- Reads runtime system information
PID:1507

/usr/bin/sed
sed "s/:/ /g"
1⤵
- Reads runtime system information
PID:1520

/usr/bin/head
head -n 1
1⤵
PID:1523

/usr/bin/cut
cut -d ";" -f 1
1⤵
PID:1525

/usr/bin/cut
cut -d "=" -f 2
1⤵
PID:1524

/usr/bin/grep
grep "x-scheme-handler/https=" /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache
1⤵
PID:1522

/usr/bin/cut
cut -d ";" -f 1
1⤵
PID:1530

/usr/bin/head
head -n 1
1⤵
PID:1528

/usr/bin/cut
cut -d "=" -f 2
1⤵
PID:1529

/usr/bin/grep
grep "x-scheme-handler/https=" /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache
1⤵
PID:1527

/usr/bin/head
head -n 1
1⤵
PID:1533

/usr/bin/cut
cut -d ";" -f 1
1⤵
PID:1535

/usr/bin/cut
cut -d "=" -f 2
1⤵
PID:1534

/usr/bin/grep
grep "x-scheme-handler/https=" /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache
1⤵
PID:1532

/usr/bin/cut
cut -d ";" -f 1
1⤵
PID:1540

/usr/bin/cut
cut -d "=" -f 2
1⤵
PID:1539

/usr/bin/head
head -n 1
1⤵
PID:1538

/usr/bin/grep
grep "x-scheme-handler/https=" /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache
1⤵
PID:1537

/usr/bin/cut
cut -d ";" -f 1
1⤵
PID:1545

/usr/bin/head
head -n 1
1⤵
PID:1543

/usr/bin/grep
grep "x-scheme-handler/https=" /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache
1⤵
PID:1542

/usr/bin/cut
cut -d "=" -f 2
1⤵
PID:1544

/usr/bin/sed
sed "s/:/ /g"
1⤵
- Reads runtime system information
PID:1548

/usr/bin/sed
sed -e "s|-|/|"
1⤵
- Reads runtime system information
PID:1551

/usr/bin/sed
sed -e "s|-|/|"
1⤵
- Reads runtime system information
PID:1554

/usr/bin/cut
cut "-d=" -f 2-
1⤵
PID:1559

/usr/bin/cut
cut "-d=" -f 2-
1⤵
PID:1563

/usr/bin/cut
cut "-d=" -f 2-
1⤵
PID:1568

/usr/bin/cut
cut "-d=" -f 2-
1⤵
PID:1574

/usr/bin/lsb_release
/usr/bin/lsb_release -idrc
1⤵
PID:2020

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -parentBuildID 20240108143603 -prefsLen 20252 -prefMapSize 231436 -appDir /usr/lib/firefox/browser "{36731c00-4817-4331-ace4-ff4ffbdc6dec}" 1575 true socket
1⤵
- Changes its process name
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:2077

/usr/libexec/xdg-desktop-portal
/usr/libexec/xdg-desktop-portal
1⤵
PID:2100

/usr/libexec/xdg-document-portal
/usr/libexec/xdg-document-portal
1⤵
- Reads runtime system information
PID:2105

/usr/libexec/xdg-permission-store
/usr/libexec/xdg-permission-store
1⤵
- Reads runtime system information
PID:2109

/usr/libexec/xdg-desktop-portal-gtk
/usr/libexec/xdg-desktop-portal-gtk
1⤵
- Reads runtime system information
PID:2119

/usr/libexec/gvfsd
/usr/libexec/gvfsd
1⤵
- Reads runtime system information
PID:2123

/usr/libexec/gvfsd-trash
/usr/libexec/gvfsd-trash --spawner :1.8 /org/gtk/gvfs/exec_spaw/0
2⤵
- Reads runtime system information
PID:2146

/usr/libexec/gvfsd-fuse
/usr/libexec/gvfsd-fuse /root/.cache/gvfs -f -o big_writes
1⤵
- Reads runtime system information
PID:2128

/usr/libexec/dconf-service
/usr/libexec/dconf-service
1⤵
- Reads runtime system information
PID:2138

/usr/bin/nautilus
/usr/bin/nautilus --gapplication-service
1⤵
- Reads runtime system information
PID:2143

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 22579 -prefMapSize 231436 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{3558b756-d66f-49a0-bbc2-5e35b4fa6c66}" 1575 true tab
1⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:2192

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

/root/.cache/dconf/user
Filesize
2B

MD5
4381fcf19c7214def45db3ececcfe54c

SHA1
6bc896c1c613812cb90989f1ee99b46ccc697e8f

SHA256
9f1afa4dc124cba73134e82ff50f17c8f7164257c79fed9a13f5943a6acb8e3d

SHA512
b078e46e8056e15676cbe187dfbd10d129c3962e103c8c8acd3d719664de8396f20644162db08b3c5c938124b8342d60c17ada1f5a7deb932fa61be82d336d9c

Download Submit
/root/.cache/mozilla/firefox/f2f5cfbk.default-release/cache2/entries/D0F48A0632B6C451791F4257697E861961F06A6F
Filesize
52B

MD5
b6b9077206979c4dc4a253e9d03b0cf8

SHA1
a2c357d330fdfe5df6dfc4358d31cf6a723190f5

SHA256
16cc70e1420d75837e0fbd6175973e07ff655eaf0f1226a1a6b978d0990b8d4c

SHA512
6738754760192930a1f1c0d181e309b6a79df06a90768715715d9b4cf91a9ba04572edbee72f41e4fd64d524761622747494ff6cd8c9f0a7f273c2eaf6bb87c5

Download Submit
/root/.dbus/session-bus/4816dd152e8c48ff97e9117d197c13d8-0
Filesize
466B

MD5
846029c702ab010127627e45068bbaab

SHA1
b269c056ebd734c11d7c415e7aa5655c562dcc5b

SHA256
ce1b97ad8d8288e16a854e7a9e89149bb6295ba04c2633b4182b30d40697cc57

SHA512
36399362a056a512c5a7dd8ab63855a78ee802a21636b90aecbfd3c7fe9d63965e2ee883ef3d8ead48d23a5f07c7f2e8a3d1e7bd5449f4bfce425844254022fc

Download Submit
/root/.mozilla/firefox/0vn81w67.default/times.json
Filesize
47B

MD5
be0ce3ad52fbb1ba0ac957fff5a3e68c

SHA1
b3568981a051efad22e304e960c1fe2beff05446

SHA256
baf944def73b08e68b78d4d1b669b37a66cd2ae40cac84c02635d4ee5dc5a80e

SHA512
185152a13029acd24df66c1039316d6cbd1c9f9d707107f167941642146302a29fb7387a3810e42bee4b9aae6b4f647047c3125c41fc5e12ce10ccf43e506cc7

Download Submit
/root/.mozilla/firefox/Crash Reports/InstallTime20240108143603
Filesize
10B

MD5
991238757b82c581b30ee82bcb521ff4

SHA1
3b27665f87d5764d19cb438bfa3cb19fc378ca6c

SHA256
06163909da7b124b27627c0c908b2719b3f92938268a4a79e1364811c3eeff2a

SHA512
e6b4e4e97afa138a338f47c05fd8c1286f6e95edba1355f789cca4c3fa70aa977c6bb04aa8ce84aaf58bda666d50fa48f47aae39d77f562acea7fdc9a1c8049c

Download Submit
/root/.mozilla/firefox/f2f5cfbk.default-release/cert9.db
Filesize
224KB

MD5
81f3d6747329ae82873384b179dfe7a9

SHA1
f8733bf1890627462eabc6cab31f54811c634eea

SHA256
572c7df930b3f5f6bcb70f930d9ca9909dfb7874d0fc4bf0023bef5a1237c07c

SHA512
f6b140aa768ebced884933dff8eb4495d38eb1659fcf0433ebc0784ee9cd87c559207e3fbdd5bf981e789a721a986cd405823237bd22d00fef62f5fd74e00146

Download Submit
/root/.mozilla/firefox/f2f5cfbk.default-release/compatibility.ini
Filesize
163B

MD5
2d41a6f5736821b90ef44850dd3873fe

SHA1
a47c4bc1431234a5b58e460ede5b571acd38e562

SHA256
b4bf5c8334f6db20ae94105141ae7a721342ddccd94ec65289dc291e76a31814

SHA512
047a1455211e7aa29ef5f32f07c89d8a0c8d86d871bc664e4d8958a2a014dbe32f0613cd9eb66e7307c0e2439f74ca0b829652a52fa48e8c60d64b41f69914eb

Download Submit
/root/.mozilla/firefox/f2f5cfbk.default-release/cookies.sqlite
Filesize
96KB

MD5
26ff39b359947b71a5fadd950fac34f0

SHA1
66e5830e4dca79225f41adc13a077d8e5dd8084b

SHA256
aecbaf3e1df1332d4f14a11480db712eb4aa91581eb4e942c580bf675f592a45

SHA512
7fae7b9ff4362e12f00acdc898f6f679718bdd28dc959684333086de7bacd162338dc266810f9f3f6dfa3dc228291efd6bb325e2e8573ca0e6a699059a145f11

Download Submit
/root/.mozilla/firefox/f2f5cfbk.default-release/cookies.sqlite
Filesize
96KB

MD5
102a8b6e82208a1b69224bdca8a5b10f

SHA1
8413dc3772127c4159e6d6b51372990a06b805ee

SHA256
5ebf89b32937916a76a8432832040cf0f6b99c2f006cc42f856712d403ec182c

SHA512
49c5c27c6749a7a73b4b944eea64ceb053a272619e6319bfd433ffbe126c8fbccc110961018165a4c7de781a86cf38d2bd9e52ec71b10bc73c9fd05fe841a46c

Download Submit
/root/.mozilla/firefox/f2f5cfbk.default-release/key4.db
Filesize
288KB

MD5
b5edacdd51bb8d7c48d3f8ed78a6b53d

SHA1
895cbd2010c171a4522a4f95eff2f55b056bb9fe

SHA256
bb0a76ddbee2c6cf71653eea100dc4cca88ed12d75187da3ec947749a59032a3

SHA512
cf1184967e98d37ad49c269eaa91bbed531c618e165a469be3c0f045b227149fb22eee751d2e5f06399aa8fc0be9a229bd13d0a2d2f69a6646ac1cefa504b0b8

Download Submit
/root/.mozilla/firefox/f2f5cfbk.default-release/permissions.sqlite
Filesize
96KB

MD5
652770017ccd3217c70066cdb7213d35

SHA1
61bcaddfc3b435b399490896b7d6055269ab6653

SHA256
660ccd2cc3805ef44ddd244134e82179df1708a253571afb5062d1b38939bd9a

SHA512
db4b111d760e1a67d63248a677e8487a2ecc31e89362641bcde5ef1d8bbf893b57ad70922fcebbc961d686520361f5bf0c6b7c217ac1b9164e3d275be2dc9db1

Download Submit
/root/.mozilla/firefox/f2f5cfbk.default-release/prefs-1.js
Filesize
1KB

MD5
15a6a665da1bd61777d7384d022bcd15

SHA1
9cc33c71ec76ecf0b5bb968548c945dffac220e0

SHA256
66830ed521bd18a1e4e58509af66c00adc8be5d2fdaa39718cd10a6b92a9cbfc

SHA512
7ab52ad3f217d179777ea7ccfeb6ab689285a7dcd161d1a76ffd1e45b2f8b563d20b70cd56198f9f1533c8cfe7f8dcfa5873e3c66a3cea89227408a1af97d162

Download Submit
/root/.mozilla/firefox/f2f5cfbk.default-release/prefs-1.js
Filesize
1KB

MD5
6d59e68f690188d5d8156d367d2f7d7a

SHA1
cd3344fc70c66e4b37a536b0719690ff0ad22725

SHA256
576bb2f07318f9ade78744411acf80d22713430f7e695adbcdabcf705316fa16

SHA512
3e8cd909dab0df283587e3b79d2b9b2d3569c5972f161d46a8179c07f0a9158858ca1fac0f73d10d2a1ffc3f93b5837a4386483603957c244bf1f721d9f85a4c

Download Submit
/root/.mozilla/firefox/f2f5cfbk.default-release/prefs-1.js
Filesize
1KB

MD5
f46810fdd7757b3f4055a780ccaba597

SHA1
5022cef6829988a09f389cfe5dff01c68ed92981

SHA256
cf910a5dada26a1c56e1829fbd0c681c897371579f0cc4ccc246951c415bd40a

SHA512
87f5fdaee6863c220c4af84afb645d5bab7e1e536ff0ce1c15cfca295c7545197c990609db8bd10ffa3c88de98f671574f83bedf22f8168ddc16cbfb0c7a54ce

Download Submit
/root/.mozilla/firefox/f2f5cfbk.default-release/prefs-1.js
Filesize
2KB

MD5
185da4c5146754b157870946b5aa1bd6

SHA1
e3662a9d6482acec5148b35ad16507e8dde94383

SHA256
323ddbd6002c1ef5f59773b00a3e6f42328b3844c93da69a93c1c2dfb020b5e6

SHA512
a2de6afca913748fe1d1f2ae885c5c5ec89da421884fc82555d4c31ee62cb64ffa117889fe5bc0ed44ae57fa5f55bef3a926f36b54bc620c6250c300a5332412

Download Submit
/root/.mozilla/firefox/f2f5cfbk.default-release/prefs-1.js
Filesize
2KB

MD5
2284f93e40d336260a21b2e5baf4f287

SHA1
544f64aefaf0cff0dd7d5e138b277e0c3b61b033

SHA256
f37cf67e90777860f1d9e0c1ddc5cb82b16a8ac265fb80b5131f6945a96a28f6

SHA512
e52276dc324ec924475ad7351fed8583f6a7a7380194b079b81bee0d27160fb883a842eac1214dec35ba4be9c3471b267cd6c6faed5e7612df741684cf0d415a

Download Submit
/root/.mozilla/firefox/f2f5cfbk.default-release/prefs-1.js
Filesize
2KB

MD5
32d4dd0e9353a90b06cce088c886e25a

SHA1
c96285ad9f818047221bdeee6f0c44b31be501f0

SHA256
a58969b87bceeeb48779deed0796646b25410fe20b9873940e163683b839c153

SHA512
db068eac317dbc1b7a8041d378cd8840e0f3f0196c949926a4ea66ebf1bd14263bbb82eeec27bd94c7b9d3aa230f79a180a9cee0fa026df7c8bd7b0b81d6a6c5

Download Submit
/root/.mozilla/firefox/f2f5cfbk.default-release/prefs.js
Filesize
776B

MD5
af696fcf38d9f52e64776ee09de4d17c

SHA1
38f9c116f657d7ac5defff9b6f343fbd96ad0967

SHA256
1d9595dba3bb93eb30af67e4cf9d8aa19fa7b41445c30356233cc29d7f0568f3

SHA512
412844467143e0ad002b685b0847b40132ad6687909f4470d610ce720239154e8f3fa770396e0ca3c480d9858483d9dde286e92413fd9fa8a9a81a7ea01100b8

Download Submit
/root/.mozilla/firefox/f2f5cfbk.default-release/storage/ls-archive.sqlite
Filesize
96KB

MD5
e1121e3dd3c8a9c384f879bdddcff219

SHA1
625f25a1a5ff8527ab3105636fa7aecb9affd234

SHA256
766b9f50254b4e5526b0cde2911512956262596d8937f8630805d3c70802a066

SHA512
03e1cee2e75b2b609b8344a40995de09de837e940d2012f2fea65d9c70eecbcd3345b66b852f32211b38b06a4370f06f02ca7521e29e7113e2e12a6a7752be31

Download Submit
/root/.mozilla/firefox/f2f5cfbk.default-release/storage/ls-archive.sqlite
Filesize
128KB

MD5
0d2b18bbf091633c4fe1ebdd197dfa15

SHA1
c150dc37042d92d30efed6cbc1b536eb66ec1a3e

SHA256
fe63ee867e0f229a0bcc48b771afeec394c362ac6d0c2bd6907c7202097bd228

SHA512
59d202bfaf236bdcfc05a3e148a773d15a3bdff23be26fb2cbfd059fee6c4a516c7a59de0a3bc97df1419c34464e1346354979ddda1062101121522f22d8156d

Download Submit
/root/.mozilla/firefox/f2f5cfbk.default-release/storage/permanent/chrome/.metadata-v2-tmp
Filesize
36B

MD5
d948de3bc84fc4d9a65bd4bb0a226566

SHA1
46f5b4166073b1f884b4687a504f24a8df163381

SHA256
7f91c398c2239448bddb27985ad73665788fc367d795cd39e3725843f0a832af

SHA512
9a763e12573603d3c73c7a2cd2d2729b510b84e6d47396beefaef1a3f0e00652aeec45abda884c2dcb9f6b2d12fe08f3f5481a5f36590f98f70faf8a9f701a74

Download Submit
/root/.mozilla/firefox/f2f5cfbk.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite
Filesize
4KB

MD5
bcde68669893a50fb9cfb04287548922

SHA1
a24b2381e35c18221d539bd38ea71f5bd2cdafd2

SHA256
ff730b365a266f12339de84e74ba0eb1991e349f83c1056d510ec9f8ffb4a5c1

SHA512
6eeaf26b26e414cbefc67590c61ce0182879426bb5af5e9ef1722f09560027086189cbbc81a9ad168706ba254df4f79c27d4e3d6f011bd8a6f669a22ff9ba122

Download Submit
/root/.mozilla/firefox/f2f5cfbk.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
Filesize
44KB

MD5
225fe36c4bb990de9670b27368d655a2

SHA1
1dc382bec9af9b4bd0308dea1908ab6933834828

SHA256
2185235a458ef8924a1370bb956dd1d65d1f7bbffda08289275e072b65d5d1db

SHA512
11eb31a930a336c13869b0d385df555d7fba32ecea26bf513398dca2a35439643b0896a94c4696ffb439eef18b7f85982155dd12beddef784fe4ed1e86d2d1c2

Download Submit
/root/.mozilla/firefox/f2f5cfbk.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
Filesize
12KB

MD5
0cb94551592039b4630d7d713f02d346

SHA1
bd5ebda204f22425d3283da5c7e2c69ca61b78e2

SHA256
d6dfa86da92c61a0d58727a197aea6594b8d02e080d4dbc7bfc157ae4e20f49c

SHA512
73253824f3f8661dff4ad926ef202ab0f3a4e2ea082ee6d3c47b3800c827968e0821b4001f5f72a7629632125f0f7ac6c1d420b50799f281912ab98a81b61a9f

Download Submit
/root/.mozilla/firefox/f2f5cfbk.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
Filesize
156KB

MD5
b96529895f2123a1ab3528035a4895e2

SHA1
e968cc5d08c946e162683c9ee3e45948127e88fd

SHA256
8a53106c76ff3d8dd1d146255b65d6b452a1584f17a4c0bfefde1ba38dfa88b9

SHA512
4b87c3e2426cb22a9fe8c5448d5e452595a7fade4816fbd024eb165a472a1c8124f21d75738d085548121bbe59c4d2cf42aba8bb1c4fd60accfb25e96376ef7e

Download Submit
/root/.mozilla/firefox/f2f5cfbk.default-release/times.json
Filesize
50B

MD5
c0a12d703a7c31c4ef05e632b118de91

SHA1
1e1b6779ab0ec75273b0e5d47839910dcd12bf2e

SHA256
eed483c3f1030e7ac210c3cd2a6ba809b7405dc88e71c497395cb2a900792d19

SHA512
aba02c51b375bf9c253d8d8c34dfca1f1ac04e6e5a2e4325d5dca843645191ea8e38aa399067d592176208ccb1a71549ed5a297b1b6bd04a3cf41bd6892e698d

Download Submit
/root/.mozilla/firefox/f2f5cfbk.default-release/times.json
Filesize
47B

MD5
0c1926d59404603c0311a62f38e2002d

SHA1
6ea36fe9fadc28cb38fab45f8e5cd012e3c8c2b1

SHA256
9a9f5968fcb31130ce36fac8f49bfe8bbd7c11d8c8bce85a460b4a5f0d218d69

SHA512
817876bf3c4dc96e16104451b8598404ddd05068776f04423e2344e98922a29e818edc094f9d61c5225b99877144e8239513b75978ac78290340f47fab04ab70

Download Submit
/root/.mozilla/firefox/installs.ini
Filesize
62B

MD5
d9af337aea782932145897b2290b8d68

SHA1
20506e2fb89d00f53f2a23187f129f19fad03ceb

SHA256
d193866f9bfaa18322d556a97ad1845c6b8ddac9d9af118ac1c4f1e360b5a8de

SHA512
a8130ae57c3224a1c5d5590902e5553a89ef13d73231e834411f1664c834155dd4716b3f26a874908028f6f3ff6455af36879557b9e04aa3b9cf6ccb65fa6ac5

Download Submit
/root/.mozilla/firefox/profiles.ini
Filesize
259B

MD5
7626ab00662275fdb0a4130054ae7a44

SHA1
ee73f43a4dfc9c48bea0a0fd0c8c0f526f0a61c4

SHA256
5f34c17f21af94f5502b172d666b1c3d6eb217fd5bb271d56230c30f9212985d

SHA512
4299cdf850278d9eebe4191b895057205ae19f3b038e02aa139be675ecf121e7f549ebf06127224990445a208da144a833cc076468fa3fe93a816f5be2518505

Download Submit