hxxps://zws[.]im/%F3%A0%81%AF%F3%A0%81%A7%F3%A0%81%AB%F3%A0%81%B4%F3%A0%81%B6%F3%A0%81%AD%F3%A0%81%A3

Resubmissions

18-04-2024 17:34

240418-v5f2jabf7x 6

18-04-2024 17:28

240418-v15jbsad94 7

Analysis

max time kernel
17s
max time network
25s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20240226-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20240226-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
18-04-2024 17:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://zws.im/%F3%A0%81%AF%F3%A0%81%A7%F3%A0%81%AB%F3%A0%81%B4%F3%A0%81%B6%F3%A0%81%AD%F3%A0%81%A3

Score

7^/10

antivm spyware stealer

Malware Config

Signatures

Changes its process name 64 IoCs

Processes:

firefox

description	ioc	pid
Changes the process name, possibly in an attempt to hide itself	glean.dispatche	1628
Changes the process name, possibly in an attempt to hide itself	IPC I/O Parent	1629
Changes the process name, possibly in an attempt to hide itself	IPC I/O Parent	1629
Changes the process name, possibly in an attempt to hide itself	IPC I/O Parent	1629
Changes the process name, possibly in an attempt to hide itself	Socket Thread	1632
Changes the process name, possibly in an attempt to hide itself	Backgro~Pool #1	1634
Changes the process name, possibly in an attempt to hide itself	IPDL Background	1633
Changes the process name, possibly in an attempt to hide itself	Socket Thread	1632
Changes the process name, possibly in an attempt to hide itself	Backgro~Pool #1	1634
Changes the process name, possibly in an attempt to hide itself	IPDL Background	1633
Changes the process name, possibly in an attempt to hide itself	Netlink Monitor	1631
Changes the process name, possibly in an attempt to hide itself	Netlink Monitor	1631
Changes the process name, possibly in an attempt to hide itself	Timer	1630
Changes the process name, possibly in an attempt to hide itself	Timer	1630
Changes the process name, possibly in an attempt to hide itself	HTML5 Parser	1635
Changes the process name, possibly in an attempt to hide itself	HTML5 Parser	1635
Changes the process name, possibly in an attempt to hide itself	JS Watchdog	1637
Changes the process name, possibly in an attempt to hide itself	JS Watchdog	1637
Changes the process name, possibly in an attempt to hide itself	BGReadURLs	1639
Changes the process name, possibly in an attempt to hide itself	BGReadURLs	1639
Changes the process name, possibly in an attempt to hide itself	Cache2 I/O	1640
Changes the process name, possibly in an attempt to hide itself	Cookie	1641
Changes the process name, possibly in an attempt to hide itself	Cookie	1641
Changes the process name, possibly in an attempt to hide itself	StreamTrans #1	1642
Changes the process name, possibly in an attempt to hide itself	StreamTrans #1	1642
Changes the process name, possibly in an attempt to hide itself	TaskCon~ller #1	1644
Changes the process name, possibly in an attempt to hide itself	TaskCon~ller #0	1643
Changes the process name, possibly in an attempt to hide itself	BgIOThr~Pool #1	1645
Changes the process name, possibly in an attempt to hide itself	BgIOThr~Pool #1	1645
Changes the process name, possibly in an attempt to hide itself	QuotaManager IO	1646
Changes the process name, possibly in an attempt to hide itself	QuotaManager IO	1646
Changes the process name, possibly in an attempt to hide itself	IndexedDB #1	1661
Changes the process name, possibly in an attempt to hide itself	IndexedDB #1	1661
Changes the process name, possibly in an attempt to hide itself	IPC Launch	1664
Changes the process name, possibly in an attempt to hide itself	IPC Launch	1664
Changes the process name, possibly in an attempt to hide itself	SandboxReporter	1663
Changes the process name, possibly in an attempt to hide itself	SandboxReporter	1663
Changes the process name, possibly in an attempt to hide itself	Breakpad Server	1662
Changes the process name, possibly in an attempt to hide itself	Sandbox Forked	1665
Changes the process name, possibly in an attempt to hide itself	DOM Worker	1666
Changes the process name, possibly in an attempt to hide itself	DOM Worker	1666
Changes the process name, possibly in an attempt to hide itself	Chroot Helper	1667
Changes the process name, possibly in an attempt to hide itself	StreamTrans #5	1672
Changes the process name, possibly in an attempt to hide itself	StreamTrans #4	1671
Changes the process name, possibly in an attempt to hide itself	StreamTrans #5	1672
Changes the process name, possibly in an attempt to hide itself	StreamTrans #4	1671
Changes the process name, possibly in an attempt to hide itself	StreamTrans #3	1670
Changes the process name, possibly in an attempt to hide itself	StreamTrans #3	1670
Changes the process name, possibly in an attempt to hide itself	StreamTrans #2	1669
Changes the process name, possibly in an attempt to hide itself	StreamTrans #2	1669
Changes the process name, possibly in an attempt to hide itself	MainThread	1665	firefox
Changes the process name, possibly in an attempt to hide itself	IPC I/O Child	1673
Changes the process name, possibly in an attempt to hide itself	IPC I/O Child	1673
Changes the process name, possibly in an attempt to hide itself	IPC I/O Child	1673
Changes the process name, possibly in an attempt to hide itself	FSBroker1665	1674
Changes the process name, possibly in an attempt to hide itself	FSBroker1665	1674
Changes the process name, possibly in an attempt to hide itself	Socket Process	1665	firefox
Changes the process name, possibly in an attempt to hide itself	Backgro~Pool #1	1675
Changes the process name, possibly in an attempt to hide itself	Backgro~Pool #1	1675
Changes the process name, possibly in an attempt to hide itself	Socket Thread	1676
Changes the process name, possibly in an attempt to hide itself	Socket Thread	1676
Changes the process name, possibly in an attempt to hide itself	ProfilerChild	1677
Changes the process name, possibly in an attempt to hide itself	ProfilerChild	1677
Changes the process name, possibly in an attempt to hide itself	Timer	1678

Reads user data of web browsers 64 IoCs

Reads stored browser data which can include saved credentials.

spyware stealer

Processes:

firefox

description	ioc	process
File opened for reading	/root/.mozilla/firefox/k9kwm2vk.default-release/addonStartup.json.lz4	firefox
File opened for reading	/root/.mozilla/firefox/k9kwm2vk.default-release/ClientAuthRememberList.txt
File opened for reading	/root/.mozilla/firefox/k9kwm2vk.default-release/cert9.db
File opened for reading	/root/.mozilla/firefox/k9kwm2vk.default-release/extensions	firefox
File opened for reading	/root/.mozilla/firefox/k9kwm2vk.default-release/sessionstore.jsonlz4
File opened for reading	/root/.mozilla/firefox/k9kwm2vk.default-release/addons.json
File opened for reading	/root/.mozilla/firefox/k9kwm2vk.default-release/pkcs11.txt	firefox
File opened for reading	/root/.mozilla/firefox/k9kwm2vk.default-release/key4.db
File opened for reading	/root/.mozilla/firefox/k9kwm2vk.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite
File opened for reading	/root/.mozilla/firefox/k9kwm2vk.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite-journal
File opened for reading	/root/.mozilla/firefox/k9kwm2vk.default-release/storage
File opened for reading	/root/.mozilla/firefox/k9kwm2vk.default-release/sessionCheckpoints.json
File opened for reading	/root/.mozilla/firefox/k9kwm2vk.default-release/key4.db-journal	firefox
File opened for reading	/root/.mozilla/firefox/k9kwm2vk.default-release/sessionstore.js
File opened for reading	/root/.mozilla/firefox/k9kwm2vk.default-release/shield-preference-experiments.json
File opened for reading	/root/.mozilla/firefox/k9kwm2vk.default-release/cookies.sqlite-journal
File opened for reading	/root/.mozilla/firefox/k9kwm2vk.default-release/extensions.json
File opened for reading	/root/.mozilla/firefox/k9kwm2vk.default-release/cookies.sqlite	firefox
File opened for reading	/root/.mozilla/firefox/k9kwm2vk.default-release/times.json
File opened for reading	/root/.mozilla/firefox/k9kwm2vk.default-release/storage.sqlite
File opened for reading	/root/.mozilla/firefox/k9kwm2vk.default-release/cookies.sqlite-journal	firefox
File opened for reading	/root/.mozilla/firefox/k9kwm2vk.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite
File opened for reading	/root/.mozilla/firefox/k9kwm2vk.default-release/search.json.mozlz4
File opened for reading	/root/.mozilla/firefox/k9kwm2vk.default-release/content-prefs.sqlite-journal
File opened for reading	/root/.mozilla/firefox/k9kwm2vk.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite-journal
File opened for reading	/root/.mozilla/firefox/k9kwm2vk.default-release/extension-preferences.json
File opened for reading	/root/.mozilla/firefox/k9kwm2vk.default-release
File opened for reading	/root/.mozilla/firefox/k9kwm2vk.default-release/storage/permanent/chrome
File opened for reading	/root/.mozilla/firefox/k9kwm2vk.default-release/permissions.sqlite-journal
File opened for reading	/root/.mozilla/firefox/k9kwm2vk.default-release/cert9.db-journal
File opened for reading	/root/.mozilla/firefox/k9kwm2vk.default-release/prefs.js	firefox
File opened for reading	/root/.mozilla/firefox/k9kwm2vk.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-wal
File opened for reading	/root/.mozilla/firefox/k9kwm2vk.default-release/sessionstore-backups/previous.jsonlz4
File opened for reading	/root/.mozilla/firefox/k9kwm2vk.default-release/sessionstore-backups/recovery.bak
File opened for reading	/root/.mozilla/firefox/k9kwm2vk.default-release/storage.sqlite-journal
File opened for reading	/root/.mozilla/firefox/k9kwm2vk.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
File opened for reading	/root/.mozilla/firefox/k9kwm2vk.default-release/SiteSecurityServiceState.txt
File opened for reading	/root/.mozilla/firefox/k9kwm2vk.default-release/AlternateServices.txt
File opened for reading	/root/.mozilla/firefox/k9kwm2vk.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite-wal
File opened for reading	/root/.mozilla/firefox/k9kwm2vk.default-release/system-extensions	firefox
File opened for reading	/root/.mozilla/firefox/k9kwm2vk.default-release/storage/ls-archive.sqlite
File opened for reading	/root/.mozilla/firefox/k9kwm2vk.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite-wal
File opened for reading	/root/.mozilla/firefox/k9kwm2vk.default-release/cert_override.txt	firefox
File opened for reading	/root/.mozilla/firefox/k9kwm2vk.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-journal
File opened for reading	/root/.mozilla/firefox/k9kwm2vk.default-release/sessionstore-backups/recovery.baklz4
File opened for reading	/root/.mozilla/firefox/k9kwm2vk.default-release/xulstore.json	firefox
File opened for reading	/root/.mozilla/firefox/k9kwm2vk.default-release/cookies.sqlite
File opened for reading	/root/.mozilla/firefox/k9kwm2vk.default-release/storage/ls-archive.sqlite-journal
File opened for reading	/root/.mozilla/firefox/k9kwm2vk.default-release/storage/permanent/chrome/idb
File opened for reading	/root/.mozilla/firefox/k9kwm2vk.default-release	firefox
File opened for reading	/root/.mozilla/firefox/k9kwm2vk.default-release/handlers.json	firefox
File opened for reading	/root/.mozilla/firefox/k9kwm2vk.default-release/permissions.sqlite
File opened for reading	/root/.mozilla/firefox/k9kwm2vk.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite
File opened for reading	/root/.mozilla/firefox/k9kwm2vk.default-release/user.js	firefox
File opened for reading	/root/.mozilla/firefox/k9kwm2vk.default-release/key4.db	firefox
File opened for reading	/root/.mozilla/firefox/k9kwm2vk.default-release/content-prefs.sqlite
File opened for reading	/root/.mozilla/firefox/k9kwm2vk.default-release/compatibility.ini	firefox
File opened for reading	/root/.mozilla/firefox/k9kwm2vk.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite-journal
File opened for reading	/root/.mozilla/firefox/k9kwm2vk.default-release/cert9.db	firefox
File opened for reading	/root/.mozilla/firefox/k9kwm2vk.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite-wal
File opened for reading	/root/.mozilla/firefox/k9kwm2vk.default-release/sessionstore-backups/recovery.jsonlz4
File opened for reading	/root/.mozilla/firefox/k9kwm2vk.default-release/cert9.db-journal	firefox
File opened for reading	/root/.mozilla/firefox/k9kwm2vk.default-release/sessionstore-backups/recovery.js
File opened for reading	/root/.mozilla/firefox/k9kwm2vk.default-release/sessionstore-backups/previous.js

Checks CPU configuration 1 TTPs 1 IoCs
Checks CPU information which indicate if the system is a virtual machine.
antivm

Virtualization/Sandbox Evasion
T1497

Processes:

description ioc

File opened for reading /proc/cpuinfo

description	ioc
File opened for reading	/proc/cpuinfo

Reads CPU attributes 1 TTPs 11 IoCs

System Information Discovery

T1082

Processes:

firefoxfirefoxfirefoxfirefoxfirefoxfirefox

description	ioc	process
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
File opened for reading	/sys/devices/system/cpu/present
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index2/size
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index3/size
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/present	firefox

Enumerates kernel/hardware configuration 1 TTPs 60 IoCs

Reads contents of /sys virtual filesystem to enumerate system information.

System Information Discovery

T1082

Processes:

firefoxfirefoxfirefoxdbus-daemonfirefoxfirefoxfirefox

description	ioc
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/irq
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/class
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/device
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/resource
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/resource
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/class
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/uevent
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/vendor
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/device
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/resource
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/class
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/vendor
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/vendor
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/vendor
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/class
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/irq
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/vendor
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/resource
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/resource
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/device
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/irq
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/vendor
File opened for reading	/sys/bus/pci/devices
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/device
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/vendor
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/device
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/irq
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/device
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/irq
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/irq
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/device
File opened for reading	/sys/devices/system/cpu
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/irq
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/vendor
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/resource
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/vendor
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/class
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/class
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/subsystem_vendor
File opened for reading	/sys/kernel/security/apparmor/features/dbus/mask	dbus-daemon
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/resource
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/class
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/vendor
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/device
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/resource
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/device
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/irq
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/class
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/class
File opened for reading	/sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us	firefox
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/device
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/irq
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/subsystem_device
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/resource
File opened for reading	/sys/devices/system/cpu	firefox

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

Processes:

firefoxdbus-daemonfirefoxfirefoxsedsedxdg-permission-storesedsedxdg-desktop-portalfirefoxxdg-document-portalsedfirefoxfirefoxgvfsd-fuse

description	ioc
File opened for reading	/proc/self/fd
File opened for reading	/proc/1539/attr/current
File opened for reading	/proc/self/task/1744/stat
File opened for reading	/proc/1760/statm
File opened for reading	/proc/self/fd/76	firefox
File opened for reading	/proc/mounts	dbus-daemon
File opened for reading	/proc/self/stat
File opened for reading	/proc/self/fd/48	firefox
File opened for reading	/proc/self/mountinfo	firefox
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/filesystems	dbus-daemon
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/self/fd/39	firefox
File opened for reading	/proc/self/fd/35	firefox
File opened for reading	/proc/filesystems	xdg-permission-store
File opened for reading	/proc/1708/cmdline
File opened for reading	/proc/1738/smaps
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/self/fd/36	firefox
File opened for reading	/proc/self/fd/41	firefox
File opened for reading	/proc/self/fd/42	firefox
File opened for reading	/proc/self/fd/51	firefox
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/1622/cmdline
File opened for reading	/proc/self/fd/46	firefox
File opened for reading	/proc/1760/smaps
File opened for reading	/proc/1555/cmdline
File opened for reading	/proc/self/task/1668/stat
File opened for reading	/proc/filesystems	xdg-desktop-portal
File opened for reading	/proc/1693/cmdline
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/self/fd/43	firefox
File opened for reading	/proc/self/fd/47	firefox
File opened for reading	/proc/filesystems	xdg-document-portal
File opened for reading	/proc/self/fd/6	firefox
File opened for reading	/proc/self/fd/72	firefox
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/self/cgroup	firefox
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/self/task/1814/stat
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/sys/kernel/cap_last_cap
File opened for reading	/proc/1539/status
File opened for reading	/proc/self/fd/40	firefox
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/1689/cmdline
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/1738/statm
File opened for reading	/proc/self/task/1624/stat
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/self/fd/45	firefox
File opened for reading	/proc/1704/cmdline
File opened for reading	/proc/1713/cmdline
File opened for reading	/proc/self/mountinfo
File opened for reading	/proc/filesystems	gvfsd-fuse
File opened for reading	/proc/self/fd/97	firefox
File opened for reading	/proc/self/fd/31	firefox
File opened for reading	/proc/1534/cmdline
File opened for reading	/proc/self/fd/49	firefox

Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.

Processes:

firefox

description ioc process

File opened for modification /tmp/firefox/.parentlock firefox

description	ioc	process
File opened for modification	/tmp/firefox/.parentlock	firefox

/usr/bin/xdg-open
xdg-open "https://zws.im/%F3%A0%81%AF%F3%A0%81%A7%F3%A0%81%AB%F3%A0%81%B4%F3%A0%81%B6%F3%A0%81%AD%F3%A0%81%A3"
1⤵
PID:1533

/usr/bin/dbus-send
dbus-send --print-reply "--dest=org.freedesktop.DBus" /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager
2⤵
PID:1534

/usr/bin/dbus-launch
dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr
3⤵
PID:1535

/bin/grep
grep " = \\\"xfce4\\\"\$"
2⤵
PID:1541

/usr/bin/xprop
xprop -root _DT_SAVE_MODE
2⤵
PID:1540

/bin/grep
grep -i "^xfce_desktop_window"
2⤵
PID:1543

/usr/bin/xprop
xprop -root
2⤵
PID:1542

/bin/grep
grep -q "^Enlightenment"
2⤵
PID:1545

/bin/uname
uname
2⤵
PID:1546

/bin/grep
grep -q "^file://"
2⤵
PID:1548

/bin/egrep
egrep -q "^[[:alpha:]+\\.\\-]+:"
2⤵
PID:1550

/usr/local/sbin/grep
grep -E -q "^[[:alpha:]+\\.\\-]+:"
2⤵
PID:1550

/usr/local/bin/grep
grep -E -q "^[[:alpha:]+\\.\\-]+:"
2⤵
PID:1550

/usr/sbin/grep
grep -E -q "^[[:alpha:]+\\.\\-]+:"
2⤵
PID:1550

/usr/bin/grep
grep -E -q "^[[:alpha:]+\\.\\-]+:"
2⤵
PID:1550

/sbin/grep
grep -E -q "^[[:alpha:]+\\.\\-]+:"
2⤵
PID:1550

/bin/grep
grep -E -q "^[[:alpha:]+\\.\\-]+:"
2⤵
PID:1550

/usr/bin/xdg-mime
xdg-mime query default x-scheme-handler/https
2⤵
PID:1554

/usr/bin/dbus-send
dbus-send --print-reply "--dest=org.freedesktop.DBus" /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager
3⤵
PID:1555

/usr/bin/dbus-launch
dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr
4⤵
PID:1556

/bin/grep
grep " = \\\"xfce4\\\"\$"
3⤵
PID:1558

/usr/bin/xprop
xprop -root _DT_SAVE_MODE
3⤵
PID:1557

/bin/grep
grep -i "^xfce_desktop_window"
3⤵
PID:1560

/usr/bin/xprop
xprop -root
3⤵
PID:1559

/bin/grep
grep -q "^Enlightenment"
3⤵
PID:1562

/bin/uname
uname
3⤵
PID:1563

/usr/bin/which
which firefox
2⤵
PID:1610

/usr/bin/firefox
/usr/bin/firefox "https://zws.im/%F3%A0%81%AF%F3%A0%81%A7%F3%A0%81%AB%F3%A0%81%B4%F3%A0%81%B6%F3%A0%81%AD%F3%A0%81%A3"
2⤵
PID:1622

/usr/bin/which
which /usr/bin/firefox
3⤵
PID:1623

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox "https://zws.im/%F3%A0%81%AF%F3%A0%81%A7%F3%A0%81%AB%F3%A0%81%B4%F3%A0%81%B6%F3%A0%81%AD%F3%A0%81%A3"
2⤵
- Reads user data of web browsers
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
- Writes file to tmp directory
PID:1622

/usr/bin/dbus-launch
dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr
3⤵
PID:1627

/usr/local/sbin/dbus-launch
dbus-launch "--autolaunch=11c67417355f45d397f6be11f62e85a6" --binary-syntax --close-stderr
3⤵
PID:1681

/usr/local/bin/dbus-launch
dbus-launch "--autolaunch=11c67417355f45d397f6be11f62e85a6" --binary-syntax --close-stderr
3⤵
PID:1681

/usr/sbin/dbus-launch
dbus-launch "--autolaunch=11c67417355f45d397f6be11f62e85a6" --binary-syntax --close-stderr
3⤵
PID:1681

/usr/bin/dbus-launch
dbus-launch "--autolaunch=11c67417355f45d397f6be11f62e85a6" --binary-syntax --close-stderr
3⤵
PID:1681

/usr/bin/dbus-daemon
/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session
1⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1537

/bin/sed
sed -n "s/\$^[[:alnum:]+\\.-]*\$:.*\$/\\1/p"
1⤵
- Reads runtime system information
PID:1553

/bin/sed
sed "s/:/ /g"
1⤵
- Reads runtime system information
PID:1566

/usr/bin/cut
cut -d ";" -f 1
1⤵
PID:1571

/usr/bin/cut
cut -d "=" -f 2
1⤵
PID:1570

/usr/bin/head
head -n 1
1⤵
PID:1569

/bin/grep
grep "x-scheme-handler/https=" /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache
1⤵
PID:1568

/usr/bin/cut
cut -d ";" -f 1
1⤵
PID:1576

/usr/bin/head
head -n 1
1⤵
PID:1574

/usr/bin/cut
cut -d "=" -f 2
1⤵
PID:1575

/bin/grep
grep "x-scheme-handler/https=" /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache
1⤵
PID:1573

/usr/bin/cut
cut -d ";" -f 1
1⤵
PID:1581

/usr/bin/cut
cut -d "=" -f 2
1⤵
PID:1580

/usr/bin/head
head -n 1
1⤵
PID:1579

/bin/grep
grep "x-scheme-handler/https=" /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache
1⤵
PID:1578

/usr/bin/cut
cut -d ";" -f 1
1⤵
PID:1586

/usr/bin/cut
cut -d "=" -f 2
1⤵
PID:1585

/usr/bin/head
head -n 1
1⤵
PID:1584

/bin/grep
grep "x-scheme-handler/https=" /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache
1⤵
PID:1583

/usr/bin/cut
cut -d ";" -f 1
1⤵
PID:1591

/usr/bin/cut
cut -d "=" -f 2
1⤵
PID:1590

/usr/bin/head
head -n 1
1⤵
PID:1589

/bin/grep
grep "x-scheme-handler/https=" /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache
1⤵
PID:1588

/bin/sed
sed "s/:/ /g"
1⤵
- Reads runtime system information
PID:1594

/bin/sed
sed -e "s|-|/|"
1⤵
- Reads runtime system information
PID:1597

/bin/sed
sed -e "s|-|/|"
1⤵
- Reads runtime system information
PID:1600

/usr/bin/cut
cut "-d=" -f 2-
1⤵
PID:1605

/usr/bin/cut
cut "-d=" -f 2-
1⤵
PID:1613

/usr/bin/cut
cut "-d=" -f 2-
1⤵
PID:1616

/usr/bin/cut
cut "-d=" -f 2-
1⤵
PID:1621

/usr/bin/lsb_release
/usr/bin/lsb_release -idrc
1⤵
PID:1638

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -parentBuildID 20230522134052 -prefsLen 19257 -prefMapSize 230809 -appDir /usr/lib/firefox/browser "{e0baf316-3ccc-4682-9329-00a2a2099efa}" 1622 true socket
1⤵
- Changes its process name
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1665

/usr/libexec/xdg-desktop-portal
/usr/libexec/xdg-desktop-portal
1⤵
- Reads runtime system information
PID:1684

/usr/libexec/xdg-document-portal
/usr/libexec/xdg-document-portal
1⤵
- Reads runtime system information
PID:1689

/usr/libexec/xdg-permission-store
/usr/libexec/xdg-permission-store
1⤵
- Reads runtime system information
PID:1693

/usr/libexec/xdg-desktop-portal-gtk
/usr/libexec/xdg-desktop-portal-gtk
1⤵
PID:1704

/usr/lib/gvfs/gvfsd
/usr/lib/gvfs/gvfsd
1⤵
PID:1708

/usr/lib/gvfs/gvfsd-fuse
/usr/lib/gvfs/gvfsd-fuse /root/.gvfs -f -o big_writes
1⤵
- Reads runtime system information
PID:1713

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 21807 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser "{d633cbb0-a16f-4a61-a9db-3c7e1ee54f51}" 1622 true tab
1⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1738

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 21475 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser "{76bbf9d0-04b4-4c32-ba32-8d51e87cb275}" 1622 true tab
1⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1760

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 21824 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser "{4d8671e2-35ef-479e-be0f-67a25050365e}" 1622 true tab
1⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1788

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -childID 4 -isForBrowser -prefsLen 27881 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser "{843cf083-b324-48c6-b209-70efceba64a0}" 1622 true tab
1⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1810

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Virtualization/Sandbox Evasion

T1497

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

/root/.cache/dconf/user
Filesize
2B

MD5
c4103f122d27677c9db144cae1394a66

SHA1
1489f923c4dca729178b3e3233458550d8dddf29

SHA256
96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7

SHA512
5ea71dc6d0b4f57bf39aadd07c208c35f06cd2bac5fde210397f70de11d439c62ec1cdf3183758865fd387fcea0bada2f6c37a4a17851dd1d78fefe6f204ee54

Download Submit
/root/.cache/mozilla/firefox/k9kwm2vk.default-release/cache2/entries/3D1E19D09F398691ABF62061591970855193B42F
Filesize
13KB

MD5
9aaa091cf9fe613b456f16594c6e3405

SHA1
4481a9cd01a5a0ad89d17e93105eedf399dbc108

SHA256
0ac10f5da5eb1180bf2ef2593cad8890e4361f4f3e16027bca24981342aecf99

SHA512
7b0fd5a52fd52c228fe2b97f0555303caeb89247dbca04e801f084ebf7b0b218a2c7fd8b20568222b03feafad2e6fc873df9bccd8ec59da32813b7b8268dacb3

Download Submit
/root/.dbus/session-bus/11c67417355f45d397f6be11f62e85a6-0
Filesize
466B

MD5
42a3c28d11ff70f466d45c966811eff2

SHA1
7180d1bcec4cb158d53dca36cc15906df99b87a1

SHA256
5ca535369cb1f627f090d2ce072860fdd6e820bc6cbbc485381a5c433f4ee3e4

SHA512
bf5acc1476d177af05978ec7c5138b54e7a793a71ec39ba9e797a9fa8b28977405b8460f59c770c4f395bb026380c639643b20ba63710104d65f2e4a3c54504a

Download Submit
/root/.mozilla/firefox/Crash Reports/InstallTime20230522134052
Filesize
10B

MD5
88d8223126c5ffe3335bf65665a07fd1

SHA1
20f420927d3007eade2ae93e47af60336610e289

SHA256
7b13746477c48a6ef7b14c491297f81348201e31722d61ddb7b152e67ae37541

SHA512
4b464cc00992b2e3c609f4d566d9493ea3b6202a9b2939b8b16ad86f7737a7579f2161a163e39e7253d0bfdb6cca5926d63599df3cc3792858de7218e3de2755

Download Submit
/root/.mozilla/firefox/i8pa0nvl.default/times.json
Filesize
47B

MD5
d187710af763d3372ed8b404f8809249

SHA1
d52350e8248580aad6919dea209540276c8e50a6

SHA256
c22fac2648de94e68e72cbaadc726683e4085745a04b39cfff591bc892dc49ba

SHA512
dd13adb0ed6e1eb4f92f5122f9042d4bb31aa571102f5442a1ccf629e6cb9f8ebc36dbdd96835e38d235080973d8ff76662d02424d3b68be351708b44dda289a

Download Submit
/root/.mozilla/firefox/installs.ini
Filesize
62B

MD5
14cb4a99e68b1a7db9d3037ad5708368

SHA1
a25fda83308ccce405590131561eddfaea500830

SHA256
ead5fb4304e2e769598e3d0f2e54f1afec62ff02cdc5f1efbc5437906fb6c58d

SHA512
1666c73f7b2a3bb370e9c5c46eddd2156fad2d8c1d27115d35b84fb2aef65957a2ebc747feb2bc927f8ad1ed192eccfe1fdac30dcda5b485b874cc62e59e30b3

Download Submit
/root/.mozilla/firefox/k9kwm2vk.default-release/cert9.db
Filesize
224KB

MD5
a1b629b137904f104fb4150848cb3cc2

SHA1
3963777a5b1511ff3a6683fa4bffd7fdb5d0f4e4

SHA256
8f318d67f42376489abe4aba3f2a5fddbab7365baf6de8a1dbfd7b5b03b2837b

SHA512
ce9a040d04c964881228efc8f1372a0c72fb1c192bc7e99e5e37f86781eb3fe3c8c1be9b7e60ee8b284d50cc0bf1795062b20aac4f5cefb4923cd4d85c4c4cff

Download Submit
/root/.mozilla/firefox/k9kwm2vk.default-release/cert9.db
Filesize
224KB

MD5
b304beff19fe7933675132a801fe07ab

SHA1
53f5d4115f114eebce45af632e13b3d128506419

SHA256
f949cc09911eb759714dac266a8e257cc3b6b0b089059fe556db5d7d637656da

SHA512
050c7ad8df2fd5a1a2125c57483f71aaabfa27daf960c584130d0c4bd5533697088ebcf18da7ef78ff39b1e63fe055272467e5cb5059f2c4315cedb65a50c0f5

Download Submit
/root/.mozilla/firefox/k9kwm2vk.default-release/cert9.db
Filesize
224KB

MD5
e5033f263c75995f91c48a613bbb0376

SHA1
5f05cd30ba85c98b3b93c22a3a6589cac2856411

SHA256
55d5e1c9bd6d15953010ec6c11eee13e00b124d8e38410714cfc6bd86a805e9e

SHA512
8b655b71cf93d9c0c631ab36fd7b8aee1ee63ce95324278f43027b9c72b6df556d518536f97dc72e54143aeb9e4a0c0c2c42a984c68bf1cbbf82e3e96e1c1b9d

Download Submit
/root/.mozilla/firefox/k9kwm2vk.default-release/compatibility.ini
Filesize
163B

MD5
fe452b7294d5928a9a5863b89ee0a6bd

SHA1
a5d4c245071fa96476ba48b4725bdae7f1b7940f

SHA256
d5bfb07561606a19aa96557ea109b175050dc0eb805cbef9c813503587d77900

SHA512
dc37d8507f08849e3382d2dbafd4a64555dbd57a288c95131e9aefb366630f1585811a9e1456b861bb9d2b816ed88b18ffb7580cd92b41bb9b0227ce1363843e

Download Submit
/root/.mozilla/firefox/k9kwm2vk.default-release/cookies.sqlite
Filesize
96KB

MD5
9535f5fe817accc769c2c1d3354db39f

SHA1
6af62cf08717cf3bfa84eb1a7b311acf522ce560

SHA256
c53c15fcfac2bb57fdc88d23f932fc244dbaf4020f0f6eaecf0f77a37c21f8c5

SHA512
dc9c2c32eb42dda0a7a711e143aea58c603c1e9d885c3677e9fe86f525e1b0b32a46e240756263e56510b07e764ba69f2de13b90ec18210678242e10cfe17837

Download Submit
/root/.mozilla/firefox/k9kwm2vk.default-release/cookies.sqlite
Filesize
96KB

MD5
5caa766855d5613a999f71b7812d6451

SHA1
ad0d9a52a0d5cc7f11858301dbe47377ed99ee37

SHA256
3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27

SHA512
17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

Download Submit
/root/.mozilla/firefox/k9kwm2vk.default-release/key4.db
Filesize
288KB

MD5
3e3519673a789f95ffea6e9a3480ed6c

SHA1
eda795d36ce0438039f01700cc40efdc201e5cdb

SHA256
afd5cbd8c37500ebc305dfa3a1a6eae53621170deb7c12231fef959f511656c9

SHA512
6da9749afdf8211f2f9a08e8a9a60854804d6392847aef8815476dbb70c4cdd7b5e3fd8abe0cf803f63e1e241b314917a4692d8e5f7e3f2f4b1947e661e1644a

Download Submit
/root/.mozilla/firefox/k9kwm2vk.default-release/permissions.sqlite
Filesize
96KB

MD5
e432efe180ce2c680e4b2ffafb4e8429

SHA1
4fbae1a40604b21910ac8528b0d542109904e95b

SHA256
c8bbb9453ad096a3266bfecdb021eab7c3f5d36cbbd59af523a5e7f7d6614383

SHA512
4be548129aaab7978d67189891e238e250f9faea6263375f63fe1823ebe5dd9b7285993c177ac57b3818ba1f07271e54a56c6a6278413bbcd0b094fc3c6b3aae

Download Submit
/root/.mozilla/firefox/k9kwm2vk.default-release/prefs-1.js
Filesize
1KB

MD5
37686c0de8fee38d82e70cf7dad13e4c

SHA1
2c85b08e1b79aed51e38b459ac26efef0da61aa6

SHA256
2ffc951a02fdecbc7ca334ddb0ad150cfa2b71de8dcb2feb0568710c4f8166cb

SHA512
b1259401af236c678124fcd9fc3023cc907ff5aa6dc5252a58804a60867050ad969d14794e2a1fbceebbd53663157d4598653935f70702da834a40b9b1cd6a5f

Download Submit
/root/.mozilla/firefox/k9kwm2vk.default-release/prefs-1.js
Filesize
2KB

MD5
47c1f372c9c82652645b3b73e56d4cb1

SHA1
810cbfc67a71343d35de263e9ad86a381c948f47

SHA256
57d1a061cfa7ff10b09971f70009d925f37b35676478049d650a3543ac382b8a

SHA512
7e07589a8f5a9f876745de565c5d93cd8f662101f1a623740a2bb7337af7722351da933105b25514432aafda80d77a85e6649136ca70286ecc86712d9fd5d6b3

Download Submit
/root/.mozilla/firefox/k9kwm2vk.default-release/prefs-1.js
Filesize
2KB

MD5
f9c6171c4297f4f6008856e0c524b726

SHA1
8f4241e670c4c926869dd37644d8e3b55efaaf3e

SHA256
4bfb339d52182852a994d6a62fc0ffc089a1bce6d917f50842c95471b10eb8d7

SHA512
3a23550a2e6a9c8d29b63b5f17eb4f1ef1a9b4335247d4a82386c82c7f4a8fcce2ca600d9ebdb4742658af81fa1461510291037be3973d917758e9d33c6f7caf

Download Submit
/root/.mozilla/firefox/k9kwm2vk.default-release/prefs-1.js
Filesize
3KB

MD5
0f39a16747678e44d9a9c0ed79938500

SHA1
8368ed90b91846846ef73d1bbb17d68d6919ae45

SHA256
f848c64f1b9b7fb200fece8111d850c3d727032180cd3484dc0e197f528b12b6

SHA512
c1cf0c414f67d06f7932494becb4190e540f56b5234aa4c143d7c8854a6b2465757acc46f764be649a5c21f96d39962eb40daeaddd0985eaf8361e1081a2b2ee

Download Submit
/root/.mozilla/firefox/k9kwm2vk.default-release/prefs-1.js
Filesize
4KB

MD5
f17ef9838a6dfb2f00a2afd46c76aa94

SHA1
8fbb2061699bfd2650eb6798801cc6d0251f6c41

SHA256
aa27a8bec02e4d1d0b6b19d0518c64ea5aa94ee49b75f6dc1a2a0c9c48da5a33

SHA512
f3b2ec3dd2e244690881af4b6abad4380b7e384caedf139ade9cbd71398c53927dbe000a2bb9b1b54c4318ba7e465438ccdacdd5c0bd11697db24cdfd4c784e3

Download Submit
/root/.mozilla/firefox/k9kwm2vk.default-release/prefs.js
Filesize
1KB

MD5
88183e2cab830d2133ab1c79ad85fa5b

SHA1
c83fea184e6b2a1995a8bc272ff73f1d53adfd0b

SHA256
0c0e592b09311eab49e4f4dfcf7cf3958d268829e96646a023e9c5c6997fed3d

SHA512
78e76ee917734e1074823d2e41122bd633188faf0c1cadad480bea2b3b715c87fc8f6b94d266f5729fc47f7a024de9d138c6a2de0b350986e0ae215839a0b78d

Download Submit
/root/.mozilla/firefox/k9kwm2vk.default-release/storage/ls-archive.sqlite
Filesize
96KB

MD5
e0c613bfd69956a19ce2dc5e925aa223

SHA1
14accb230edcd6cb76967cdc6d4e5686db96b5df

SHA256
0d4cb11f6364c46a75f9eaddfca5c660b90dfd515df3afcd5e0baeca28a0f1ab

SHA512
01643c0131a392be92b3f281d7f633c1f502bff19090b0d716f1ac66aefecc3fcf92f393bef66b03089c9b9c6d8aaeb711b6a4f29d5a6729dd188c838f2272d1

Download Submit
/root/.mozilla/firefox/k9kwm2vk.default-release/storage/ls-archive.sqlite
Filesize
128KB

MD5
178d71e5529d637ac62f7e75fdd75896

SHA1
339f2b949cc4c207b66aea11137448ba28d36dcb

SHA256
7b0050f1bfaab85c8f9067ae7d7369056ff752c0c852ef1462a96c22169004d4

SHA512
ec0e0105fcfbbae356dd55efbcf92975f35bbe5cb93fcabf4c08443e871957635d14830b27c4e1ddefbbaff8f9b7ec3590bf417a9442e1d7ee3607d14d56f664

Download Submit
/root/.mozilla/firefox/k9kwm2vk.default-release/storage/permanent/chrome/.metadata-v2-tmp
Filesize
42B

MD5
14cb03637161f449169d1cfc83407c89

SHA1
2929d2fccfdd043e04fed636143523a487032d78

SHA256
d51f2438af37a1ceea863eb7c5eaab92bb214af5807126426fc7ec2cf5bd817a

SHA512
eca7d7ec7a061cc2fb09ae8be6f8151247e3e11f586411e9531f52d35bc70aa736e8c0f4e360e6d44fe23d69458f843e32e4b84849cac0c7bc1ad2acc3757c9a

Download Submit
/root/.mozilla/firefox/k9kwm2vk.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite
Filesize
44KB

MD5
a8dd7ebaad5528b23f82ccb1534cea18

SHA1
600daceacfb5cf9df0b66ba7dce4516b2ac4df70

SHA256
e5b0d02c18ae36c4a220f41fd97c66060c17aaafcbb324a57ccdc2707c44c4ec

SHA512
67f867a8e2b37fb6bececd5ebc570ca594ea329142badd63d1281d5e735f515a5e329abc6eb9a9d3465aab0a08541b4888018d859964f160a52345ab93532bff

Download Submit
/root/.mozilla/firefox/k9kwm2vk.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite
Filesize
12KB

MD5
f032f3ec5c8a4f3aa10c1d83e1377199

SHA1
03b3af51221cfce1118526e010434a4a189a1dbe

SHA256
06f3799fabc1dd573febde9f193f39b61b7856bbcac322a12554ad281eb65964

SHA512
0b77a12cb0c692482a23c98f912ea587e99267d38973983241218c53cb278be6cd88371d79f98c0b31f7bda000582014d552d94b209d1211f72a635a6e725861

Download Submit
/root/.mozilla/firefox/k9kwm2vk.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite
Filesize
44KB

MD5
7352c8848e88edc39b7fb5e663888187

SHA1
8c3dffe25cc56c7aec1b782292d6fceed81e6304

SHA256
7a462086a26978809c719e57a7ea6a25568767fb7532014e8531fda94b660e0a

SHA512
f2a0dbbab5c2c1702b03bce15a47739481f523e127d1372b40534db9a20b2bc99fb53710ee0e5d44176188817cac704cf4f98cdf087e7e89d244281fcfc3b280

Download Submit
/root/.mozilla/firefox/k9kwm2vk.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite
Filesize
12KB

MD5
45d2de1e1d7b50b92ff65da1dd313280

SHA1
05e8d1db77204a8e9cc53984e9936da3ad7ea071

SHA256
65367673abcaf911becfe5d8e8f65180d1e2ffa78ac92e22aed35ccb0bac1416

SHA512
3a65914cb689bba45a1ee666e82c89ab17261c4df0a058269b450b6fc07960d54b03cb44be72022679d505fc40749b78e118762a013131b45603a1b314bad0b3

Download Submit
/root/.mozilla/firefox/k9kwm2vk.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite
Filesize
44KB

MD5
759544297aaa61f5fef8ee42d0ae4393

SHA1
fc2d66f6e60409e3e8d38623ce5f817fc7f571e0

SHA256
1bd2000cd972e80cefaec6e982ba261d224a818f367de0fdf8c51fa5a05d7ab5

SHA512
8aaa2ce66f10d46f7c9200af841ac7bd9f5b55c30308a14f0deda44ac62581c45daae45154487c0073a0d5847d5926cbb4072ca64a702ac6b834ad0bb482804f

Download Submit
/root/.mozilla/firefox/k9kwm2vk.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite
Filesize
12KB

MD5
f14e0d731cf2fadee47b2e34fba7a56a

SHA1
6683c278c9db869b50957d809985a07d2d461c08

SHA256
a6732f1de19b9afa98ab85ce02e2eee92e32534419d03e66088ecc4fc6379bfa

SHA512
dba29f532a8d11c9220942b9b8ab7e204b145d1f2995efd7aad68e071ed4a3eed852d439140a59594d4f7da97163a2624f14212e7c7aa6cdb710a34f5f78098e

Download Submit
/root/.mozilla/firefox/k9kwm2vk.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite
Filesize
16KB

MD5
2f277b9d68666892b45f5a44f4164cfe

SHA1
a080ea482161dd799ecd3a735c87842a3cf73643

SHA256
5a86732fe4bb3593d7a1e71ac1427474a43fb0aaadbb88794471b01fed96b13d

SHA512
9d73f0b3e83141e50ed091ad44010f998dda995c239f0b612b528c1562d0561b20a2e9a030b5833cc6be26d79dcc2b8e5378d51f1529450e8d4b931e1e622a16

Download Submit
/root/.mozilla/firefox/k9kwm2vk.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
Filesize
44KB

MD5
07a412e08825220262ad2890757ff779

SHA1
f46c127dbc070ded87a6078b3c1c761955f96de8

SHA256
da640f8b665841b520d2262a21cc3f82aeaa881cf81a1ddae27ef501d66544e4

SHA512
0134c783bf3293848e479b478ac57a1e0f4202cddfb8b57bc6275aada7345f398cf8a627e9b1c34fd618192c2f0c9737b1da487daf33f9c557ebc1377105582b

Download Submit
/root/.mozilla/firefox/k9kwm2vk.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
Filesize
12KB

MD5
bd3306d5aba94a6195a1b44ddd388cd2

SHA1
7a2e68bbe743e439beb2f460cdf6f0c300484531

SHA256
b37f5a5e66ad80397351e0d2a748030d1cc22abc79db27612f66ef8ce8f003fa

SHA512
48b35fbc858bb1247ab6f9539e1de5cd9efc7a0d4927788c7f7d840c598040d8330c6ebea25618cdcaec1fe46b5e15095ab1d6dcc15bf16d9224de8a18ffc5cd

Download Submit
/root/.mozilla/firefox/k9kwm2vk.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
Filesize
164KB

MD5
ae05d1658e90be440fd59f70df027791

SHA1
39d4303da6360c21e6d5d33ac0ea7dcb489cf3f3

SHA256
fa84cf02dd4647e4176464b52a473ed5bf2acbae3247825837442fc21c25d16b

SHA512
6199cf6556378ab2b36cb33379ebe1e874dced0c61db8b2911eb29e5689c4699cbbdcf68091b0c847ca4aaf2167985f043b9ef01d36c480ef321c891aaa180c6

Download Submit
/root/.mozilla/firefox/k9kwm2vk.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
Filesize
148KB

MD5
dd3f6ba37c670af5953593535e435d04

SHA1
ecfe4e650a050bce77e8ff7468de04c1b8acc9a4

SHA256
5cc6fa137a1f3a7d0b615b178877f12c460b22f95702eb7534d5732ee6599561

SHA512
86e0482543faae6fb279ca71e1e6d6461d32317e74baebb3973e0fde9800107faeb9c2347be6cf8a47556ae43c8e6c224a595e952f621e40ad2c5eba920df2b3

Download Submit
/root/.mozilla/firefox/k9kwm2vk.default-release/times.json
Filesize
50B

MD5
8f1e0e0db1d544d1d9e34752ab5ac62b

SHA1
06eacc472cec0ddc30e353878118a5598ea203ab

SHA256
e19aadf5865b2e4a2ce93086062c82b623a27dde8269f519b71f8d0f06c40fec

SHA512
82e027d767de6465d17678c35983ddfaa0c21ee13d451f119f9a895e141b17e794def1499ad939be5fc57dbef13d566e4b7f585b84aaf81e80812ebb8164d63e

Download Submit
/root/.mozilla/firefox/k9kwm2vk.default-release/times.json
Filesize
47B

MD5
5504b042dce5dfb26f1a04053944d6d3

SHA1
1ff929e0389596e6d5a4d940e9429240f19726e3

SHA256
5e22fb10247e7db9fe469259f355c30a80ab222f5d111a9aa170dc63c5b33535

SHA512
d3dd67c7889c8da82a063683aae4af54529151b99a82e36502a2439c1cbc0992a3e0a560b0e38f5bd6a12ef4a9425dc8431a932f49a12e947455278813e56360

Download Submit
/root/.mozilla/firefox/profiles.ini
Filesize
259B

MD5
f379e0c4973a5020851f02d7d5385f90

SHA1
e8c824b3ec70a468e6c109ee7b6b1f457adba0e9

SHA256
81fb0ac9cfa4fee45a43e7be50d3781d2f3ea35f0ec7874ced4856ced03b1674

SHA512
0d3b4641a77dad8e1731918145b15ca478dbe1068c0caf96be190183da5286d5fb06142a6a3e76eedbb8e0edc94466b65b487d626072000a2ad031b8b40bc775

Download Submit