hxxps://www[.]youtube[.]com/watch?v=SJKVdJycZEI

Analysis

max time kernel
4s
max time network
42s
platform
ubuntu-20.04_amd64
resource
ubuntu2004-amd64-20240221-en
resource tags

arch:amd64arch:i386image:ubuntu2004-amd64-20240221-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system
submitted
19-04-2024 04:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/watch?v=SJKVdJycZEI

Score

7^/10

spyware stealer

Malware Config

Signatures

Changes its process name 64 IoCs

Processes:

firefox

description	ioc	pid
Changes the process name, possibly in an attempt to hide itself	gmain	1624
Changes the process name, possibly in an attempt to hide itself	gdbus	1628
Changes the process name, possibly in an attempt to hide itself	glean.dispatche	1631
Changes the process name, possibly in an attempt to hide itself	IPC I/O Parent	1633
Changes the process name, possibly in an attempt to hide itself	IPC I/O Parent	1633
Changes the process name, possibly in an attempt to hide itself	IPC I/O Parent	1633
Changes the process name, possibly in an attempt to hide itself	HTML5 Parser	1830
Changes the process name, possibly in an attempt to hide itself	HTML5 Parser	1830
Changes the process name, possibly in an attempt to hide itself	Backgro~Pool #1	1829
Changes the process name, possibly in an attempt to hide itself	Backgro~Pool #1	1829
Changes the process name, possibly in an attempt to hide itself	IPDL Background	1828
Changes the process name, possibly in an attempt to hide itself	IPDL Background	1828
Changes the process name, possibly in an attempt to hide itself	Socket Thread	1827
Changes the process name, possibly in an attempt to hide itself	Socket Thread	1827
Changes the process name, possibly in an attempt to hide itself	Netlink Monitor	1826
Changes the process name, possibly in an attempt to hide itself	Netlink Monitor	1826
Changes the process name, possibly in an attempt to hide itself	Timer	1825
Changes the process name, possibly in an attempt to hide itself	Timer	1825
Changes the process name, possibly in an attempt to hide itself	pool-firefox	1834
Changes the process name, possibly in an attempt to hide itself	pool-firefox	1833
Changes the process name, possibly in an attempt to hide itself	JS Watchdog	1837
Changes the process name, possibly in an attempt to hide itself	JS Watchdog	1837
Changes the process name, possibly in an attempt to hide itself	BGReadURLs	1887
Changes the process name, possibly in an attempt to hide itself	BGReadURLs	1887
Changes the process name, possibly in an attempt to hide itself	glxtest:disk$0	1886
Changes the process name, possibly in an attempt to hide itself	Cache2 I/O	1888
Changes the process name, possibly in an attempt to hide itself	Cookie	1889
Changes the process name, possibly in an attempt to hide itself	Cookie	1889
Changes the process name, possibly in an attempt to hide itself	StreamTrans #1	1906
Changes the process name, possibly in an attempt to hide itself	StreamTrans #1	1906
Changes the process name, possibly in an attempt to hide itself	TaskCon~ller #1	1912
Changes the process name, possibly in an attempt to hide itself	TaskCon~ller #0	1911
Changes the process name, possibly in an attempt to hide itself	BgIOThr~Pool #1	1922
Changes the process name, possibly in an attempt to hide itself	BgIOThr~Pool #1	1922
Changes the process name, possibly in an attempt to hide itself	QuotaManager IO	1990
Changes the process name, possibly in an attempt to hide itself	QuotaManager IO	1990
Changes the process name, possibly in an attempt to hide itself	IndexedDB #1	1991
Changes the process name, possibly in an attempt to hide itself	IndexedDB #1	1991
Changes the process name, possibly in an attempt to hide itself	IPC Launch	1994
Changes the process name, possibly in an attempt to hide itself	IPC Launch	1994
Changes the process name, possibly in an attempt to hide itself	SandboxReporter	1993
Changes the process name, possibly in an attempt to hide itself	SandboxReporter	1993
Changes the process name, possibly in an attempt to hide itself	Breakpad Server	1992
Changes the process name, possibly in an attempt to hide itself	DOM Worker	1996
Changes the process name, possibly in an attempt to hide itself	DOM Worker	1996
Changes the process name, possibly in an attempt to hide itself	Sandbox Forked	1995
Changes the process name, possibly in an attempt to hide itself	Chroot Helper	1997
Changes the process name, possibly in an attempt to hide itself	StreamTrans #4	2001
Changes the process name, possibly in an attempt to hide itself	StreamTrans #4	2001
Changes the process name, possibly in an attempt to hide itself	StreamTrans #3	2000
Changes the process name, possibly in an attempt to hide itself	StreamTrans #3	2000
Changes the process name, possibly in an attempt to hide itself	StreamTrans #2	1999
Changes the process name, possibly in an attempt to hide itself	StreamTrans #2	1999
Changes the process name, possibly in an attempt to hide itself	MainThread	1995	firefox
Changes the process name, possibly in an attempt to hide itself	IPC I/O Child	2002
Changes the process name, possibly in an attempt to hide itself	IPC I/O Child	2002
Changes the process name, possibly in an attempt to hide itself	IPC I/O Child	2002
Changes the process name, possibly in an attempt to hide itself	Worker Launcher	2003
Changes the process name, possibly in an attempt to hide itself	Worker Launcher	2003
Changes the process name, possibly in an attempt to hide itself	Socket Process	1995	firefox
Changes the process name, possibly in an attempt to hide itself	Backgro~Pool #1	2004
Changes the process name, possibly in an attempt to hide itself	Backgro~Pool #1	2004
Changes the process name, possibly in an attempt to hide itself	Socket Thread	2005
Changes the process name, possibly in an attempt to hide itself	Socket Thread	2005

Reads user data of web browsers 52 IoCs

Reads stored browser data which can include saved credentials.

spyware stealer

Processes:

firefox

description	ioc	process
File opened for reading	/root/.mozilla/firefox/0yxqiy0n.default-release/compatibility.ini	firefox
File opened for reading	/root/.mozilla/firefox/0yxqiy0n.default-release/system-extensions	firefox
File opened for reading	/root/.mozilla/firefox/0yxqiy0n.default-release/sessionstore-backups/previous.jsonlz4
File opened for reading	/root/.mozilla/firefox/0yxqiy0n.default-release/shield-preference-experiments.json
File opened for reading	/root/.mozilla/firefox/0yxqiy0n.default-release/permissions.sqlite
File opened for reading	/root/.mozilla/firefox/0yxqiy0n.default-release/sessionstore-backups/recovery.jsonlz4
File opened for reading	/root/.mozilla/firefox/0yxqiy0n.default-release/cookies.sqlite-journal	firefox
File opened for reading	/root/.mozilla/firefox/0yxqiy0n.default-release/storage
File opened for reading	/root/.mozilla/firefox/0yxqiy0n.default-release/sessionstore-backups/previous.js
File opened for reading	/root/.mozilla/firefox/0yxqiy0n.default-release/addonStartup.json.lz4	firefox
File opened for reading	/root/.mozilla/firefox/0yxqiy0n.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
File opened for reading	/root/.mozilla/firefox/0yxqiy0n.default-release/cert_override.txt	firefox
File opened for reading	/root/.mozilla/firefox/0yxqiy0n.default-release/cert9.db
File opened for reading	/root/.mozilla/firefox/0yxqiy0n.default-release/user.js	firefox
File opened for reading	/root/.mozilla/firefox/0yxqiy0n.default-release/permissions.sqlite-journal
File opened for reading	/root/.mozilla/firefox/0yxqiy0n.default-release/cookies.sqlite	firefox
File opened for reading	/root/.mozilla/firefox/0yxqiy0n.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-journal
File opened for reading	/root/.mozilla/firefox/0yxqiy0n.default-release/xulstore.json	firefox
File opened for reading	/root/.mozilla/firefox/0yxqiy0n.default-release/times.json
File opened for reading	/root/.mozilla/firefox/0yxqiy0n.default-release/handlers.json	firefox
File opened for reading	/root/.mozilla/firefox/0yxqiy0n.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-wal
File opened for reading	/root/.mozilla/firefox/0yxqiy0n.default-release/addons.json
File opened for reading	/root/.mozilla/firefox/0yxqiy0n.default-release/key4.db	firefox
File opened for reading	/root/.mozilla/firefox/0yxqiy0n.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite
File opened for reading	/root/.mozilla/firefox/0yxqiy0n.default-release/storage/ls-archive.sqlite-journal
File opened for reading	/root/.mozilla/firefox/0yxqiy0n.default-release/storage/permanent/chrome/idb
File opened for reading	/root/.mozilla/firefox/0yxqiy0n.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite-wal
File opened for reading	/root/.mozilla/firefox/0yxqiy0n.default-release/sessionstore.jsonlz4
File opened for reading	/root/.mozilla/firefox/0yxqiy0n.default-release/sessionstore-backups/recovery.bak
File opened for reading	/root/.mozilla/firefox/0yxqiy0n.default-release/extensions.json
File opened for reading	/root/.mozilla/firefox/0yxqiy0n.default-release/storage.sqlite
File opened for reading	/root/.mozilla/firefox/0yxqiy0n.default-release/pkcs11.txt	firefox
File opened for reading	/root/.mozilla/firefox/0yxqiy0n.default-release	firefox
File opened for reading	/root/.mozilla/firefox/0yxqiy0n.default-release/prefs.js	firefox
File opened for reading	/root/.mozilla/firefox/0yxqiy0n.default-release/sessionstore-backups/recovery.baklz4
File opened for reading	/root/.mozilla/firefox/0yxqiy0n.default-release/storage.sqlite-journal
File opened for reading	/root/.mozilla/firefox/0yxqiy0n.default-release/storage/ls-archive.sqlite
File opened for reading	/root/.mozilla/firefox/0yxqiy0n.default-release/storage/permanent/chrome
File opened for reading	/root/.mozilla/firefox/0yxqiy0n.default-release/key4.db-journal	firefox
File opened for reading	/root/.mozilla/firefox/0yxqiy0n.default-release/extension-preferences.json
File opened for reading	/root/.mozilla/firefox/0yxqiy0n.default-release/cert9.db	firefox
File opened for reading	/root/.mozilla/firefox/0yxqiy0n.default-release/cert9.db-journal
File opened for reading	/root/.mozilla/firefox/0yxqiy0n.default-release/key4.db
File opened for reading	/root/.mozilla/firefox/0yxqiy0n.default-release/sessionstore.js
File opened for reading	/root/.mozilla/firefox/0yxqiy0n.default-release/cookies.sqlite
File opened for reading	/root/.mozilla/firefox/0yxqiy0n.default-release/cookies.sqlite-journal
File opened for reading	/root/.mozilla/firefox/0yxqiy0n.default-release/extensions	firefox
File opened for reading	/root/.mozilla/firefox/0yxqiy0n.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite-journal
File opened for reading	/root/.mozilla/firefox/0yxqiy0n.default-release
File opened for reading	/root/.mozilla/firefox/0yxqiy0n.default-release/sessionCheckpoints.json
File opened for reading	/root/.mozilla/firefox/0yxqiy0n.default-release/cert9.db-journal	firefox
File opened for reading	/root/.mozilla/firefox/0yxqiy0n.default-release/sessionstore-backups/recovery.js

Reads CPU attributes 1 TTPs 5 IoCs

System Information Discovery

T1082

Processes:

firefoxfirefoxfirefoxfirefox

description	ioc	process
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/present	firefox

Enumerates kernel/hardware configuration 1 TTPs 60 IoCs

Reads contents of /sys virtual filesystem to enumerate system information.

System Information Discovery

T1082

Processes:

glxtestfirefoxfirefoxfirefoxdbus-daemonfirefox

description	ioc	process
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/vendor	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/device	glxtest
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/subsystem_device	glxtest
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/irq	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/resource	glxtest
File opened for reading	/sys/devices/system/cpu	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/device	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/device	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/resource	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/vendor	glxtest
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/uevent	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/device	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/irq	glxtest
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/device	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/class	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/class	glxtest
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/vendor	glxtest
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/device	glxtest
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/subsystem_vendor	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/irq	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/vendor	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/irq	glxtest
File opened for reading	/sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us	firefox
File opened for reading	/sys/bus/pci/devices	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/resource	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/class	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/irq	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/resource	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/device	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/irq	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/class	glxtest
File opened for reading	/sys/kernel/security/apparmor/features/dbus/mask	dbus-daemon
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/irq	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/device	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/class	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/irq	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/resource	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/vendor	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/class	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/class	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/class	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/resource	glxtest
File opened for reading	/sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/resource	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/vendor	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/vendor	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/device	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/device	glxtest
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/resource	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/vendor	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/class	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/vendor	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/irq	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/vendor	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/resource	glxtest
File opened for reading	/sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us	firefox

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

Processes:

firefoxfirefoxxdg-document-portalfirefoxxdg-desktop-portalgvfsd-trashglxtestsedfirefoxdconf-servicedbus-daemonsedsedsedgvfsd-fusesedxdg-permission-storexdg-desktop-portal-gtk

description	ioc	process
File opened for reading	/proc/self/fd/39	firefox
File opened for reading	/proc/2035/cmdline
File opened for reading	/proc/2102/cmdline
File opened for reading	/proc/self/mountinfo	firefox
File opened for reading	/proc/filesystems	xdg-document-portal
File opened for reading	/proc/2029/cmdline
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/self/fd/37	firefox
File opened for reading	/proc/self/fd/48	firefox
File opened for reading	/proc/filesystems	xdg-desktop-portal
File opened for reading	/proc/self/fd
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/filesystems	gvfsd-trash
File opened for reading	/proc/filesystems	glxtest
File opened for reading	/proc/self/mountinfo	firefox
File opened for reading	/proc/2097/cmdline
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/self/fd/44	firefox
File opened for reading	/proc/self/mountinfo	firefox
File opened for reading	/proc/self/mountinfo
File opened for reading	/proc/self/fd/38	firefox
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/cmdline	dconf-service
File opened for reading	/proc/filesystems	dbus-daemon
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/1567/cmdline
File opened for reading	/proc/self/mountinfo	gvfsd-trash
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/self/fd/43	firefox
File opened for reading	/proc/self/fd/47	firefox
File opened for reading	/proc/self/fd/51	firefox
File opened for reading	/proc/self/fd/46	firefox
File opened for reading	/proc/1479/cmdline
File opened for reading	/proc/1500/cmdline
File opened for reading	/proc/self/fd/40	firefox
File opened for reading	/proc/self/fd/45	firefox
File opened for reading	/proc/filesystems	gvfsd-fuse
File opened for reading	/proc/self/fd/36	firefox
File opened for reading	/proc/self/fd/75	firefox
File opened for reading	/proc/self/cgroup	firefox
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/self/fd/32	firefox
File opened for reading	/proc/filesystems	xdg-permission-store
File opened for reading	/proc/2044/cmdline
File opened for reading	/proc/self/fd/10	firefox
File opened for reading	/proc/2057/cmdline
File opened for reading	/proc/self/cgroup	firefox
File opened for reading	/proc/sys/kernel/cap_last_cap
File opened for reading	/proc/1484/attr/current
File opened for reading	/proc/self/task/1569/stat
File opened for reading	/proc/self/fd/41	firefox
File opened for reading	/proc/self/fd/30	firefox
File opened for reading	/proc/2024/cmdline
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/1484/status
File opened for reading	/proc/self/fd/49	firefox
File opened for reading	/proc/filesystems	dconf-service
File opened for reading	/proc/self/task/2122/stat
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/self/fd/52	firefox
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/filesystems	xdg-desktop-portal-gtk

Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.

Processes:

firefox

description ioc process

File opened for modification /tmp/firefox/.parentlock firefox

description	ioc	process
File opened for modification	/tmp/firefox/.parentlock	firefox

/usr/bin/xdg-open
xdg-open "https://www.youtube.com/watch?v=SJKVdJycZEI"
1⤵
PID:1478

/usr/bin/dbus-send
dbus-send --print-reply "--dest=org.freedesktop.DBus" /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager
2⤵
PID:1479

/usr/bin/dbus-launch
dbus-launch --autolaunch 4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr
3⤵
PID:1480

/usr/bin/grep
grep " = \\\"xfce4\\\"\$"
2⤵
PID:1486

/usr/bin/xprop
xprop -root _DT_SAVE_MODE
2⤵
PID:1485

/usr/bin/grep
grep -i "^xfce_desktop_window"
2⤵
PID:1488

/usr/bin/xprop
xprop -root
2⤵
PID:1487

/usr/bin/grep
grep -q "^Enlightenment"
2⤵
PID:1490

/usr/bin/uname
uname
2⤵
PID:1491

/usr/bin/grep
grep -q "^file://"
2⤵
PID:1493

/usr/bin/egrep
egrep -q "^[[:alpha:]+\\.\\-]+:"
2⤵
PID:1495

/usr/local/sbin/grep
grep -E -q "^[[:alpha:]+\\.\\-]+:"
2⤵
PID:1495

/usr/local/bin/grep
grep -E -q "^[[:alpha:]+\\.\\-]+:"
2⤵
PID:1495

/usr/sbin/grep
grep -E -q "^[[:alpha:]+\\.\\-]+:"
2⤵
PID:1495

/usr/bin/grep
grep -E -q "^[[:alpha:]+\\.\\-]+:"
2⤵
PID:1495

/usr/bin/xdg-mime
xdg-mime query default x-scheme-handler/https
2⤵
PID:1499

/usr/bin/dbus-send
dbus-send --print-reply "--dest=org.freedesktop.DBus" /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager
3⤵
PID:1500

/usr/bin/dbus-launch
dbus-launch --autolaunch 4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr
4⤵
PID:1504

/usr/bin/grep
grep " = \\\"xfce4\\\"\$"
3⤵
PID:1507

/usr/bin/xprop
xprop -root _DT_SAVE_MODE
3⤵
PID:1506

/usr/bin/grep
grep -i "^xfce_desktop_window"
3⤵
PID:1509

/usr/bin/xprop
xprop -root
3⤵
PID:1508

/usr/bin/grep
grep -q "^Enlightenment"
3⤵
PID:1511

/usr/bin/uname
uname
3⤵
PID:1512

/usr/bin/which
which firefox
2⤵
PID:1555

/usr/bin/firefox
/usr/bin/firefox "https://www.youtube.com/watch?v=SJKVdJycZEI"
2⤵
PID:1567

/usr/bin/which
which /usr/bin/firefox
3⤵
PID:1568

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox "https://www.youtube.com/watch?v=SJKVdJycZEI"
2⤵
- Reads user data of web browsers
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
- Writes file to tmp directory
PID:1567

/usr/local/sbin/dbus-launch
dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
3⤵
PID:1625

/usr/local/bin/dbus-launch
dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
3⤵
PID:1625

/usr/sbin/dbus-launch
dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
3⤵
PID:1625

/usr/bin/dbus-launch
dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
3⤵
PID:1625

/usr/lib/firefox/glxtest
/usr/lib/firefox/glxtest -f 13
3⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1632

/usr/local/sbin/dbus-launch
dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
3⤵
PID:2009

/usr/local/bin/dbus-launch
dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
3⤵
PID:2009

/usr/sbin/dbus-launch
dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
3⤵
PID:2009

/usr/bin/dbus-launch
dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
3⤵
PID:2009

/usr/bin/dbus-daemon
/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session
1⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1482

/usr/bin/sed
sed -n "s/\$^[[:alnum:]+\\.-]*\$:.*\$/\\1/p"
1⤵
- Reads runtime system information
PID:1498

/usr/bin/sed
sed "s/:/ /g"
1⤵
- Reads runtime system information
PID:1515

/usr/bin/cut
cut -d ";" -f 1
1⤵
PID:1520

/usr/bin/cut
cut -d "=" -f 2
1⤵
PID:1519

/usr/bin/head
head -n 1
1⤵
PID:1518

/usr/bin/grep
grep "x-scheme-handler/https=" /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache
1⤵
PID:1517

/usr/bin/cut
cut -d ";" -f 1
1⤵
PID:1525

/usr/bin/cut
cut -d "=" -f 2
1⤵
PID:1524

/usr/bin/head
head -n 1
1⤵
PID:1523

/usr/bin/grep
grep "x-scheme-handler/https=" /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache
1⤵
PID:1522

/usr/bin/cut
cut -d ";" -f 1
1⤵
PID:1530

/usr/bin/cut
cut -d "=" -f 2
1⤵
PID:1529

/usr/bin/head
head -n 1
1⤵
PID:1528

/usr/bin/grep
grep "x-scheme-handler/https=" /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache
1⤵
PID:1527

/usr/bin/cut
cut -d ";" -f 1
1⤵
PID:1535

/usr/bin/cut
cut -d "=" -f 2
1⤵
PID:1534

/usr/bin/head
head -n 1
1⤵
PID:1533

/usr/bin/grep
grep "x-scheme-handler/https=" /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache
1⤵
PID:1532

/usr/bin/cut
cut -d ";" -f 1
1⤵
PID:1540

/usr/bin/cut
cut -d "=" -f 2
1⤵
PID:1539

/usr/bin/head
head -n 1
1⤵
PID:1538

/usr/bin/grep
grep "x-scheme-handler/https=" /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache
1⤵
PID:1537

/usr/bin/sed
sed "s/:/ /g"
1⤵
- Reads runtime system information
PID:1543

/usr/bin/sed
sed -e "s|-|/|"
1⤵
- Reads runtime system information
PID:1546

/usr/bin/sed
sed -e "s|-|/|"
1⤵
- Reads runtime system information
PID:1549

/usr/bin/cut
cut "-d=" -f 2-
1⤵
PID:1554

/usr/bin/cut
cut "-d=" -f 2-
1⤵
PID:1558

/usr/bin/cut
cut "-d=" -f 2-
1⤵
PID:1561

/usr/bin/cut
cut "-d=" -f 2-
1⤵
PID:1566

/usr/bin/lsb_release
/usr/bin/lsb_release -idrc
1⤵
PID:1839

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -parentBuildID 20240108143603 -prefsLen 20252 -prefMapSize 231436 -appDir /usr/lib/firefox/browser "{7bfeea7f-3a71-4f20-be66-76baf0692976}" 1567 true socket
1⤵
- Changes its process name
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1995

/usr/libexec/xdg-desktop-portal
/usr/libexec/xdg-desktop-portal
1⤵
- Reads runtime system information
PID:2024

/usr/libexec/xdg-document-portal
/usr/libexec/xdg-document-portal
1⤵
- Reads runtime system information
PID:2029

/usr/libexec/xdg-permission-store
/usr/libexec/xdg-permission-store
1⤵
- Reads runtime system information
PID:2035

/usr/libexec/xdg-desktop-portal-gtk
/usr/libexec/xdg-desktop-portal-gtk
1⤵
- Reads runtime system information
PID:2044

/usr/libexec/gvfsd
/usr/libexec/gvfsd
1⤵
PID:2052

/usr/libexec/gvfsd-trash
/usr/libexec/gvfsd-trash --spawner :1.8 /org/gtk/gvfs/exec_spaw/0
2⤵
- Reads runtime system information
PID:2105

/usr/libexec/gvfsd-fuse
/usr/libexec/gvfsd-fuse /root/.cache/gvfs -f -o big_writes
1⤵
- Reads runtime system information
PID:2057

/usr/libexec/dconf-service
/usr/libexec/dconf-service
1⤵
- Reads runtime system information
PID:2097

/usr/bin/nautilus
/usr/bin/nautilus --gapplication-service
1⤵
PID:2102

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 22702 -prefMapSize 231436 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{8433665b-eee1-4e0e-b0a9-4c7a56b834ec}" 1567 true tab
1⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:2115

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 22370 -prefMapSize 231436 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{0b5d773f-56ec-4f4a-94f3-5fd3907d3196}" 1567 true tab
1⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:2138

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

/root/.cache/dconf/user
Filesize
2B

MD5
314054f444cbd77adb854c1b70288041

SHA1
c99743d8d48b8fa1ed7a4cafdfcd8b3b579f8ccb

SHA256
f09a7a12954169ae595d12d870e69a4c0092003157d72523d626d2a3990241e2

SHA512
a3e58d4775f5681f89f48abcd0046defc431181b974f571cd6c8c62939233440c02c631f2990eb73d484b944d1c678fd5da7634557f6d8a8700ccf704f843a86

Download Submit
/root/.cache/dconf/user
Filesize
2B

MD5
c4103f122d27677c9db144cae1394a66

SHA1
1489f923c4dca729178b3e3233458550d8dddf29

SHA256
96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7

SHA512
5ea71dc6d0b4f57bf39aadd07c208c35f06cd2bac5fde210397f70de11d439c62ec1cdf3183758865fd387fcea0bada2f6c37a4a17851dd1d78fefe6f204ee54

Download Submit
/root/.cache/mozilla/firefox/0yxqiy0n.default-release/cache2/entries/1611007487CDFCDB9FE43793C68D8984CF7DD7AA
Filesize
9KB

MD5
7f32467770cda3da8e73384e9b71bcd5

SHA1
89698159883275bf895a40b7b5e73ef25622f8c1

SHA256
41e0b0d29255855f636dc634e5216f8f190520cf3cf2e3e09a656976642cc4cc

SHA512
3626bb0949f362bd13ec522f8ef658051388cbcd3f30136ab01f88f41319102e59f7474fdab9c3b8e5d878564bf84eb49faf27cc760fc57962890cf912251232

Download Submit
/root/.cache/mozilla/firefox/0yxqiy0n.default-release/cache2/entries/3D1E19D09F398691ABF62061591970855193B42F
Filesize
13KB

MD5
24419c46a7b487869a600ef72d46e14e

SHA1
816f005089b1061425a4bcf83c3a8da0335b9f20

SHA256
6dfb29e4614f6e5bcafcd46ba585eb73e5b384f1f0bb78fe8ef11e0994005ef6

SHA512
fc95de55fd8aca548da579f0454cd79e6246c2b91a0e828e068aacde56f031033494b56c30f1fde46a771521db0f5274452d4a45f43491e8d6d5dc5743ee091b

Download Submit
/root/.cache/mozilla/firefox/0yxqiy0n.default-release/cache2/entries/90E321EE94230DCDBDCD2EC0B77C695A4FC21F78
Filesize
9KB

MD5
b718367a058ffede7457060db57d0fce

SHA1
55a65f45ca317e9c04764ad37bfd47fd5a70b685

SHA256
b91a8d59064d20a0177468be60045dd78712bfe873c6c1875239f4b6e1fbaa8b

SHA512
bbf8358484a732f2d8c1cba5dab804831cd547668138c19ebc4e5a6490e28d3786c810bea5416ca65dfd8a321277e98d30fe8d992dbd6694a0e37e6b8b8ce094

Download Submit
/root/.dbus/session-bus/4816dd152e8c48ff97e9117d197c13d8-0
Filesize
466B

MD5
d5f4f14101c23736e0a115cc6d8836a0

SHA1
cdbd3476ef31c949ec1bbfede2533a3d70da895f

SHA256
51a89905ffbe1c25baeae2cd85c32bc73f0857d084b6e526c6f43956347a345d

SHA512
bf9aa48e1d5d52ebb6d45112c9e403121664b8e6ddec98c5e816e5c582775ac7c433b028049b025ee19ebb5d293ea89415d1e1890b08f5460c3266c1cf8ac86a

Download Submit
/root/.mozilla/firefox/0yxqiy0n.default-release/cert9.db
Filesize
224KB

MD5
18411ee352dd4f248e4d8d9a9242b0ac

SHA1
32b24784c5694fa388882c8f143340ddfb5731cb

SHA256
9ec76b54e5cb52d2273c89bdae306832d93587c3aa4346c1b8d9a157d5f97e60

SHA512
a67aef779f4171d74e03c9107857b519cb8355ee458f15c65c3a2f3240bb2ce242caf75fbac589a0d35b0064b5371fe217b89bcf294093170145d7205dc65b5b

Download Submit
/root/.mozilla/firefox/0yxqiy0n.default-release/cert9.db
Filesize
224KB

MD5
8c81eee9272dc4a1cc9f8332c8bd7411

SHA1
eaae44e8a6017deb47e877f3dbd2b8c4377ffdb1

SHA256
3b6b7d63361062082a6ffc08d555b70dd175a2efc90d8d20308532b0ecaed3a5

SHA512
3b6ad31f56158afb920f06d44d14e40a603cd717513c44c7123cfff9679be79a36fd7154b4af89b1e89004f6f1b32cf772ede8946d3d2ce382db3cba162e4e03

Download Submit
/root/.mozilla/firefox/0yxqiy0n.default-release/compatibility.ini
Filesize
163B

MD5
2d41a6f5736821b90ef44850dd3873fe

SHA1
a47c4bc1431234a5b58e460ede5b571acd38e562

SHA256
b4bf5c8334f6db20ae94105141ae7a721342ddccd94ec65289dc291e76a31814

SHA512
047a1455211e7aa29ef5f32f07c89d8a0c8d86d871bc664e4d8958a2a014dbe32f0613cd9eb66e7307c0e2439f74ca0b829652a52fa48e8c60d64b41f69914eb

Download Submit
/root/.mozilla/firefox/0yxqiy0n.default-release/cookies.sqlite
Filesize
96KB

MD5
26ff39b359947b71a5fadd950fac34f0

SHA1
66e5830e4dca79225f41adc13a077d8e5dd8084b

SHA256
aecbaf3e1df1332d4f14a11480db712eb4aa91581eb4e942c580bf675f592a45

SHA512
7fae7b9ff4362e12f00acdc898f6f679718bdd28dc959684333086de7bacd162338dc266810f9f3f6dfa3dc228291efd6bb325e2e8573ca0e6a699059a145f11

Download Submit
/root/.mozilla/firefox/0yxqiy0n.default-release/cookies.sqlite
Filesize
96KB

MD5
102a8b6e82208a1b69224bdca8a5b10f

SHA1
8413dc3772127c4159e6d6b51372990a06b805ee

SHA256
5ebf89b32937916a76a8432832040cf0f6b99c2f006cc42f856712d403ec182c

SHA512
49c5c27c6749a7a73b4b944eea64ceb053a272619e6319bfd433ffbe126c8fbccc110961018165a4c7de781a86cf38d2bd9e52ec71b10bc73c9fd05fe841a46c

Download Submit
/root/.mozilla/firefox/0yxqiy0n.default-release/key4.db
Filesize
288KB

MD5
1a863381937c37c481ad78698a7b7bce

SHA1
475df912dcd33cdc996a29ba06b2781aab1fab60

SHA256
104bf8aad116c46a7ad124768b519025b8a36fae7ea6f44cc2cbcf3fba572215

SHA512
381d985f6ddb4552b5c49bb5a7d46f0e4e783e72ac13dd2c5fd22d24f185e153f2c1fef6f439ac6e57912ad235f890af37dcda111eefe606ae5facec4bfd905d

Download Submit
/root/.mozilla/firefox/0yxqiy0n.default-release/permissions.sqlite
Filesize
96KB

MD5
652770017ccd3217c70066cdb7213d35

SHA1
61bcaddfc3b435b399490896b7d6055269ab6653

SHA256
660ccd2cc3805ef44ddd244134e82179df1708a253571afb5062d1b38939bd9a

SHA512
db4b111d760e1a67d63248a677e8487a2ecc31e89362641bcde5ef1d8bbf893b57ad70922fcebbc961d686520361f5bf0c6b7c217ac1b9164e3d275be2dc9db1

Download Submit
/root/.mozilla/firefox/0yxqiy0n.default-release/prefs-1.js
Filesize
2KB

MD5
fa8c67d82b622d0c7fd9b423a20a6d90

SHA1
68ef53e06ccc5ae81882f757da0e14e0ad0d549e

SHA256
be0f78605ac57094e0280f0e774518dc84a1d55617ab1c4fa0135dd123852476

SHA512
7b4932c21a7c17c655dfb751f1d9378d51b728931c86becc85976116cb79e12f92783e89cf3f9e7ffd60250e1b06f0671e3136e1984c60737933bcd019c88996

Download Submit
/root/.mozilla/firefox/0yxqiy0n.default-release/prefs-1.js
Filesize
2KB

MD5
a9db6ea38d9ab0a281ef8f3f14afc2d0

SHA1
19b30f679e4d46ecec95dd81b06340fa808171d9

SHA256
fdc6bf460e44b1b1f5ed0a57825cd0f6570dd6cd3909285c84d5d95ac7cdd39c

SHA512
5a6b2a876f5af64999e2bc073fd85c5ec2422bb64413f4cb0c2165144cc85f367cedd55a7f41e3874e5597b55365afaf3197b96d8fc327faff08bfcfd7e9df14

Download Submit
/root/.mozilla/firefox/0yxqiy0n.default-release/prefs-1.js
Filesize
2KB

MD5
74985160f2983c2e1703e4f9dbaf6bae

SHA1
04f8162d8bb6afbed7c2763739e07654a1892395

SHA256
f7a4389bc74f926a6ba25ed55c360bc5ee1a3d832a22d5161d06fcb55606fc31

SHA512
3aee0a08efc5a2bc35d30b9eb66d413519b8022e96901702385f979fedbf20884d611dd9c9c2660c32f6d3b22d631c87167e713264428c4ec5cad706e2643c0c

Download Submit
/root/.mozilla/firefox/0yxqiy0n.default-release/prefs.js
Filesize
1KB

MD5
ae2734b53b69679abb010d658f2f6fb2

SHA1
a1f4be3082c377d9e702126b2ae3b82b79e7a4f3

SHA256
9f173612c697aa19625aa8be3370de744ef3d2fc57194beafe0fab2208d93ce1

SHA512
145c825076fc24666e236b9836c5c37b093c380d324c4b40c577220ba199226a617d95ed7a6d894f241bc5028fcd99604d1d3459758061f425c5a8907ca529aa

Download Submit
/root/.mozilla/firefox/0yxqiy0n.default-release/storage/ls-archive.sqlite
Filesize
96KB

MD5
e1121e3dd3c8a9c384f879bdddcff219

SHA1
625f25a1a5ff8527ab3105636fa7aecb9affd234

SHA256
766b9f50254b4e5526b0cde2911512956262596d8937f8630805d3c70802a066

SHA512
03e1cee2e75b2b609b8344a40995de09de837e940d2012f2fea65d9c70eecbcd3345b66b852f32211b38b06a4370f06f02ca7521e29e7113e2e12a6a7752be31

Download Submit
/root/.mozilla/firefox/0yxqiy0n.default-release/storage/ls-archive.sqlite
Filesize
128KB

MD5
0d2b18bbf091633c4fe1ebdd197dfa15

SHA1
c150dc37042d92d30efed6cbc1b536eb66ec1a3e

SHA256
fe63ee867e0f229a0bcc48b771afeec394c362ac6d0c2bd6907c7202097bd228

SHA512
59d202bfaf236bdcfc05a3e148a773d15a3bdff23be26fb2cbfd059fee6c4a516c7a59de0a3bc97df1419c34464e1346354979ddda1062101121522f22d8156d

Download Submit
/root/.mozilla/firefox/0yxqiy0n.default-release/storage/permanent/chrome/.metadata-v2-tmp
Filesize
36B

MD5
9552a2d70ae7a08f545f3e0f94432e07

SHA1
d0a7f0ea102e8d0ae29c9cb366b7a1f5c7f047a7

SHA256
5348d2f175056b4c3395d6325dfcf309e72f10ef3dffebb50a94096652ed143b

SHA512
9e1da904e78856f1f81d8c0839b0560820df6587a7134169b3d3b826e2fd7d9fd088d805f6ebde41de90000a79b6deb7ef67eb6899dad10d19ae1c3c5a781b36

Download Submit
/root/.mozilla/firefox/0yxqiy0n.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite
Filesize
44KB

MD5
1ea539584c41fd171d307fb9e740d499

SHA1
de3d1a3d6a0173bcd30c89f148cd732d0ae614eb

SHA256
aaa3461e12a1343eb5803894e1ef6894014b75b26ef264f29ece30b1cea3aa83

SHA512
22b145864127c0f223522016c6ba0a67e06a36aeba135e546f4d77000f436d5060064eb988b7aafdb451e39f70d0afd20313d15507dd531234ac25d60e9d935c

Download Submit
/root/.mozilla/firefox/0yxqiy0n.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite
Filesize
12KB

MD5
0f2cd183695f2867eea5d86964355c51

SHA1
1be8ee17bd97ec744730855155cf8b5837828327

SHA256
9f4c1e3ea49e522cbdb1623674726c139a1ef4c13cf6e0cc3b46362b0d688e33

SHA512
65c5e799420f6185df4bbcfd262e6769269dcb6affb1e9072929065f333edd30697d73fec662fe7ae55d88efeec5f6edac0ad83b9c7feebb92d331c09f338983

Download Submit
/root/.mozilla/firefox/0yxqiy0n.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
Filesize
44KB

MD5
225fe36c4bb990de9670b27368d655a2

SHA1
1dc382bec9af9b4bd0308dea1908ab6933834828

SHA256
2185235a458ef8924a1370bb956dd1d65d1f7bbffda08289275e072b65d5d1db

SHA512
11eb31a930a336c13869b0d385df555d7fba32ecea26bf513398dca2a35439643b0896a94c4696ffb439eef18b7f85982155dd12beddef784fe4ed1e86d2d1c2

Download Submit
/root/.mozilla/firefox/0yxqiy0n.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
Filesize
12KB

MD5
ebb775ae974536170a8ec2796348a12d

SHA1
c19ce8a8a35171851c95c3eb8b07dc1bef69bf7d

SHA256
88c6b668738705ef68cec73b5e31b94512e308fd5a6e21865aff6355acffdffe

SHA512
2f45188f170770883ad5fbf305c586f8d948e7b367afde9d46190a3cb2ba24588778a30b85f999c733ba0a28e212846f66e43ca14e85cccf0b3e4b9a3b8493db

Download Submit
/root/.mozilla/firefox/0yxqiy0n.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
Filesize
156KB

MD5
11d4e0b887170c2f1f80a1149bb085e4

SHA1
abf928b31051b4bd8a921244679e62095f54a727

SHA256
3d920c9c3d4b878ad070afe95d01b72f1a712c24485f6a9abc1239222368be20

SHA512
1a203163bd68f7bed9e8dff448dd634f28900bf2e76092c1dbbe2f1bcfeb9f4d011bfc3118237137dcf19e32518d5bf55596c5e5fa61a97c9c50de209823f45d

Download Submit
/root/.mozilla/firefox/0yxqiy0n.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
Filesize
116KB

MD5
bbe9e4471c97fb1b270eb793922a00e8

SHA1
a1da47669a2b512be64ba97e8bbd587887d2c24f

SHA256
dedbbbca17668696789b6525ec93fadbb5731e96df326c7d84ce355fe0ca1bac

SHA512
1df28b24c05bd0931c3fab72bf6283d4a4df4253bd28060bf9abaf8fa0b9fd91e7790c28d7972287ac82a1bf04eecd3fab8acdaa26dfd394b3493280c7474f1d

Download Submit
/root/.mozilla/firefox/0yxqiy0n.default-release/times.json
Filesize
50B

MD5
f095178b520b3e1f196cb97714818a62

SHA1
2fc5cd4c90f1a8052796897dbb5287164848b21d

SHA256
ee1d823948693f38cafccf3c3f0c40cd743998f726a930f23b1e039ac51ae5d9

SHA512
7ebc529f4f8128d2cf27ad3c40607442cc32e6a6625e1473d726f2cea5a958aab697dfc9bec4a5166f31ee8cc70d8ccb51180b6211afbbcb0d716f1a033ae87c

Download Submit
/root/.mozilla/firefox/0yxqiy0n.default-release/times.json
Filesize
47B

MD5
586be60cbad68780438ce57def897c4e

SHA1
7cae7104e39d1ac9f321d02c00a537c5658d47ce

SHA256
2780b1fd333962246b731b8894f3615c86e089dc40397da2ba1f63dff2fa9c49

SHA512
72f95dbdd541f9ae8ee2f6911d64cb700d5dee964fc62cbaad55a70e48a4fda11e03fc092d2ca7923e841ed9fc56542ae8caaf18e14a5e506336105f97c67623

Download Submit
/root/.mozilla/firefox/Crash Reports/InstallTime20240108143603
Filesize
10B

MD5
d0659d1bbd9d8dccb499bc9f3b805e40

SHA1
dff2cb40fc715b35f48807efb7672b24006564eb

SHA256
f35082e3006f72800c0a2568519640ae7333294a70be99e060670cc17333bf78

SHA512
792c39c914157ce75d6ca41429471c6985a35d6d22f1914d77927adc09e8a20f074a991dae53612d7ff108dbad9f526ee5277ec0c8f61fb53ecc5f7fddc17178

Download Submit
/root/.mozilla/firefox/installs.ini
Filesize
62B

MD5
cb358e0744e9a939d2e4bf193a107163

SHA1
d512f596bb8434a32e683dc687d21fa0facd1d31

SHA256
bb93285102034cb0b6965cbec69eec63b3a077342df74720da068719e8ec01e2

SHA512
132d210197ec44d973f8e6cf5116ef8020c4a1998493ecbebcf8d9133cc1c1801694af97c9d321356913ec7d1d6f1f0859f0a992bea47298bff6235c281d4674

Download Submit
/root/.mozilla/firefox/profiles.ini
Filesize
259B

MD5
accc85fe804a5168ee519aeb1cc74f20

SHA1
34f58973064aee95c7ac65e792b6ff774757aaf0

SHA256
27e4eb96f58c0acc4fb956004b363cd3639d23e171861dca9ed8b1ec73af1066

SHA512
0bb841a9044621c65a63fbdaaf8dd29bc2df8ef21af20c7aeab45e66f84eaa2cd3b50f587158ab4f66432d444d90d28f1ecffef23505b2e0dfa9289423239171

Download Submit