Overview

overview

6

Static

static

1

URLScan

urlscan

https://www.youtube....

ubuntu-18.04-amd64

3

https://www.youtube....

ubuntu-20.04-amd64

6

https://www.youtube....

ubuntu-22.04-amd64

1

https://www.youtube....

ubuntu-24.04-amd64

1

Analysis

  • max time kernel
    2337s
  • max time network
    2333s
  • platform
    ubuntu-20.04_amd64
  • resource
    ubuntu2004-amd64-20240508-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2004-amd64-20240508-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system
  • submitted
    25-05-2024 12:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa0VDMkljcTZHckRVNEQ4UU1mVlhrYmZ4aWNHQXxBQ3Jtc0tuZmNUemprdjVXbFpqZlhVakFVeWtsd0xUelNmQ0xmX3NQSGFrbnU0b0EtWUNQcFd3UG43cm9nT3RHdVhLYUVGZkQzU0FCZ2xGTkg4MTA2UXZSWERZdjlIaTVvZ2NkNnh2eEtPcW5VNnJrenRRTjBGWQ&q=https%3A%2F%2Fgo.enderman.ch%2Fmalware-generator&v=GiixWxddP_M

Score
6/10
antivm

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs
  • Changes its process name 64 IoCs
  • Checks CPU configuration 1 TTPs 3 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

    antivm
  • Reads CPU attributes 1 TTPs 52 IoCs
  • Enumerates kernel/hardware configuration 1 TTPs 64 IoCs

    Reads contents of /sys virtual filesystem to enumerate system information.

  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 16 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /usr/bin/xdg-open
    xdg-open "https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa0VDMkljcTZHckRVNEQ4UU1mVlhrYmZ4aWNHQXxBQ3Jtc0tuZmNUemprdjVXbFpqZlhVakFVeWtsd0xUelNmQ0xmX3NQSGFrbnU0b0EtWUNQcFd3UG43cm9nT3RHdVhLYUVGZkQzU0FCZ2xGTkg4MTA2UXZSWERZdjlIaTVvZ2NkNnh2eEtPcW5VNnJrenRRTjBGWQ&q=https%3A%2F%2Fgo.enderman.ch%2Fmalware-generator&v=GiixWxddP_M"
    1⤵
      PID:1440
      • /usr/bin/dbus-send
        dbus-send --print-reply "--dest=org.freedesktop.DBus" /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager
        2⤵
          PID:1441
          • /usr/bin/dbus-launch
            dbus-launch --autolaunch 4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr
            3⤵
              PID:1442
              • /usr/bin/dbus-daemon
                /usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session
                4⤵
                • Reads runtime system information
                PID:1444
                • /usr/libexec/xdg-desktop-portal
                  /usr/libexec/xdg-desktop-portal
                  5⤵
                  • Reads runtime system information
                  PID:1572
                • /usr/libexec/xdg-document-portal
                  /usr/libexec/xdg-document-portal
                  5⤵
                    PID:1578
                  • /usr/libexec/xdg-permission-store
                    /usr/libexec/xdg-permission-store
                    5⤵
                      PID:1583
                    • /usr/libexec/xdg-desktop-portal-gtk
                      /usr/libexec/xdg-desktop-portal-gtk
                      5⤵
                        PID:1592
                      • /usr/libexec/gvfsd
                        /usr/libexec/gvfsd
                        5⤵
                          PID:1597
                          • /usr/libexec/gvfsd-trash
                            /usr/libexec/gvfsd-trash --spawner :1.8 /org/gtk/gvfs/exec_spaw/0
                            6⤵
                              PID:1644
                          • /usr/libexec/dconf-service
                            /usr/libexec/dconf-service
                            5⤵
                              PID:1617
                            • /usr/bin/nautilus
                              /usr/bin/nautilus --gapplication-service
                              5⤵
                              • Reads CPU attributes
                              • Reads runtime system information
                              PID:1622
                            • /usr/bin/gnome-keyring-daemon
                              /usr/bin/gnome-keyring-daemon --start --foreground "--components=secrets"
                              5⤵
                                PID:1793
                              • /usr/libexec/gvfs-udisks2-volume-monitor
                                /usr/libexec/gvfs-udisks2-volume-monitor
                                5⤵
                                • Reads runtime system information
                                PID:1804
                              • /usr/libexec/gvfs-afc-volume-monitor
                                /usr/libexec/gvfs-afc-volume-monitor
                                5⤵
                                  PID:1810
                                • /usr/libexec/gvfs-mtp-volume-monitor
                                  /usr/libexec/gvfs-mtp-volume-monitor
                                  5⤵
                                  • Enumerates kernel/hardware configuration
                                  PID:1816
                                • /usr/libexec/gvfs-gphoto2-volume-monitor
                                  /usr/libexec/gvfs-gphoto2-volume-monitor
                                  5⤵
                                  • Enumerates kernel/hardware configuration
                                  PID:1821
                                • /usr/libexec/gvfs-goa-volume-monitor
                                  /usr/libexec/gvfs-goa-volume-monitor
                                  5⤵
                                    PID:1826
                                  • /usr/libexec/goa-daemon
                                    /usr/libexec/goa-daemon
                                    5⤵
                                    • Reads runtime system information
                                    PID:1831
                                  • /usr/libexec/goa-identity-service
                                    /usr/libexec/goa-identity-service
                                    5⤵
                                      PID:1851
                              • /usr/bin/grep
                                grep " = \\\"xfce4\\\"\$"
                                2⤵
                                  PID:1448
                                • /usr/bin/xprop
                                  xprop -root _DT_SAVE_MODE
                                  2⤵
                                    PID:1447
                                  • /usr/bin/grep
                                    grep -i "^xfce_desktop_window"
                                    2⤵
                                      PID:1450
                                    • /usr/bin/xprop
                                      xprop -root
                                      2⤵
                                        PID:1449
                                      • /usr/bin/grep
                                        grep -q "^Enlightenment"
                                        2⤵
                                          PID:1452
                                        • /usr/bin/uname
                                          uname
                                          2⤵
                                            PID:1453
                                          • /usr/bin/grep
                                            grep -q "^file://"
                                            2⤵
                                              PID:1455
                                            • /usr/bin/egrep
                                              egrep -q "^[[:alpha:]+\\.\\-]+:"
                                              2⤵
                                                PID:1457
                                              • /usr/local/sbin/grep
                                                grep -E -q "^[[:alpha:]+\\.\\-]+:"
                                                2⤵
                                                  PID:1457
                                                • /usr/local/bin/grep
                                                  grep -E -q "^[[:alpha:]+\\.\\-]+:"
                                                  2⤵
                                                    PID:1457
                                                  • /usr/sbin/grep
                                                    grep -E -q "^[[:alpha:]+\\.\\-]+:"
                                                    2⤵
                                                      PID:1457
                                                    • /usr/bin/grep
                                                      grep -E -q "^[[:alpha:]+\\.\\-]+:"
                                                      2⤵
                                                        PID:1457
                                                      • /usr/bin/sed
                                                        sed -n "s/\\(^[[:alnum:]+\\.-]*\\):.*\$/\\1/p"
                                                        2⤵
                                                          PID:1460
                                                        • /usr/bin/xdg-mime
                                                          xdg-mime query default x-scheme-handler/https
                                                          2⤵
                                                            PID:1461
                                                            • /usr/bin/dbus-send
                                                              dbus-send --print-reply "--dest=org.freedesktop.DBus" /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager
                                                              3⤵
                                                              • Reads runtime system information
                                                              PID:1462
                                                              • /usr/bin/dbus-launch
                                                                dbus-launch --autolaunch 4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr
                                                                4⤵
                                                                  PID:1463
                                                              • /usr/bin/grep
                                                                grep " = \\\"xfce4\\\"\$"
                                                                3⤵
                                                                  PID:1465
                                                                • /usr/bin/xprop
                                                                  xprop -root _DT_SAVE_MODE
                                                                  3⤵
                                                                    PID:1464
                                                                  • /usr/bin/grep
                                                                    grep -i "^xfce_desktop_window"
                                                                    3⤵
                                                                      PID:1467
                                                                    • /usr/bin/xprop
                                                                      xprop -root
                                                                      3⤵
                                                                        PID:1466
                                                                      • /usr/bin/grep
                                                                        grep -q "^Enlightenment"
                                                                        3⤵
                                                                          PID:1469
                                                                        • /usr/bin/uname
                                                                          uname
                                                                          3⤵
                                                                            PID:1470
                                                                          • /usr/bin/sed
                                                                            sed "s/:/ /g"
                                                                            3⤵
                                                                              PID:1473
                                                                            • /usr/bin/cut
                                                                              cut -d ";" -f 1
                                                                              3⤵
                                                                                PID:1478
                                                                              • /usr/bin/cut
                                                                                cut -d "=" -f 2
                                                                                3⤵
                                                                                  PID:1477
                                                                                • /usr/bin/head
                                                                                  head -n 1
                                                                                  3⤵
                                                                                    PID:1476
                                                                                  • /usr/bin/grep
                                                                                    grep "x-scheme-handler/https=" /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache
                                                                                    3⤵
                                                                                      PID:1475
                                                                                    • /usr/bin/cut
                                                                                      cut -d ";" -f 1
                                                                                      3⤵
                                                                                        PID:1483
                                                                                      • /usr/bin/cut
                                                                                        cut -d "=" -f 2
                                                                                        3⤵
                                                                                          PID:1482
                                                                                        • /usr/bin/head
                                                                                          head -n 1
                                                                                          3⤵
                                                                                            PID:1481
                                                                                          • /usr/bin/grep
                                                                                            grep "x-scheme-handler/https=" /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache
                                                                                            3⤵
                                                                                              PID:1480
                                                                                            • /usr/bin/cut
                                                                                              cut -d ";" -f 1
                                                                                              3⤵
                                                                                                PID:1488
                                                                                              • /usr/bin/cut
                                                                                                cut -d "=" -f 2
                                                                                                3⤵
                                                                                                  PID:1487
                                                                                                • /usr/bin/head
                                                                                                  head -n 1
                                                                                                  3⤵
                                                                                                    PID:1486
                                                                                                  • /usr/bin/grep
                                                                                                    grep "x-scheme-handler/https=" /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache
                                                                                                    3⤵
                                                                                                      PID:1485
                                                                                                    • /usr/bin/cut
                                                                                                      cut -d ";" -f 1
                                                                                                      3⤵
                                                                                                        PID:1493
                                                                                                      • /usr/bin/cut
                                                                                                        cut -d "=" -f 2
                                                                                                        3⤵
                                                                                                          PID:1492
                                                                                                        • /usr/bin/head
                                                                                                          head -n 1
                                                                                                          3⤵
                                                                                                            PID:1491
                                                                                                          • /usr/bin/grep
                                                                                                            grep "x-scheme-handler/https=" /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache
                                                                                                            3⤵
                                                                                                              PID:1490
                                                                                                            • /usr/bin/cut
                                                                                                              cut -d ";" -f 1
                                                                                                              3⤵
                                                                                                                PID:1498
                                                                                                              • /usr/bin/cut
                                                                                                                cut -d "=" -f 2
                                                                                                                3⤵
                                                                                                                  PID:1497
                                                                                                                • /usr/bin/head
                                                                                                                  head -n 1
                                                                                                                  3⤵
                                                                                                                    PID:1496
                                                                                                                  • /usr/bin/grep
                                                                                                                    grep "x-scheme-handler/https=" /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache
                                                                                                                    3⤵
                                                                                                                      PID:1495
                                                                                                                  • /usr/bin/sed
                                                                                                                    sed "s/:/ /g"
                                                                                                                    2⤵
                                                                                                                      PID:1501
                                                                                                                    • /usr/bin/sed
                                                                                                                      sed -e "s|-|/|"
                                                                                                                      2⤵
                                                                                                                      • Reads runtime system information
                                                                                                                      PID:1504
                                                                                                                    • /usr/bin/sed
                                                                                                                      sed -e "s|-|/|"
                                                                                                                      2⤵
                                                                                                                        PID:1507
                                                                                                                      • /usr/bin/cut
                                                                                                                        cut "-d=" -f 2-
                                                                                                                        2⤵
                                                                                                                          PID:1512
                                                                                                                        • /usr/bin/which
                                                                                                                          which firefox
                                                                                                                          2⤵
                                                                                                                            PID:1513
                                                                                                                          • /usr/bin/cut
                                                                                                                            cut "-d=" -f 2-
                                                                                                                            2⤵
                                                                                                                              PID:1516
                                                                                                                            • /usr/bin/cut
                                                                                                                              cut "-d=" -f 2-
                                                                                                                              2⤵
                                                                                                                                PID:1519
                                                                                                                              • /usr/bin/cut
                                                                                                                                cut "-d=" -f 2-
                                                                                                                                2⤵
                                                                                                                                  PID:1524
                                                                                                                                • /usr/bin/firefox
                                                                                                                                  /usr/bin/firefox "https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa0VDMkljcTZHckRVNEQ4UU1mVlhrYmZ4aWNHQXxBQ3Jtc0tuZmNUemprdjVXbFpqZlhVakFVeWtsd0xUelNmQ0xmX3NQSGFrbnU0b0EtWUNQcFd3UG43cm9nT3RHdVhLYUVGZkQzU0FCZ2xGTkg4MTA2UXZSWERZdjlIaTVvZ2NkNnh2eEtPcW5VNnJrenRRTjBGWQ&q=https%3A%2F%2Fgo.enderman.ch%2Fmalware-generator&v=GiixWxddP_M"
                                                                                                                                  2⤵
                                                                                                                                    PID:1525
                                                                                                                                    • /usr/bin/which
                                                                                                                                      which /usr/bin/firefox
                                                                                                                                      3⤵
                                                                                                                                        PID:1526
                                                                                                                                    • /usr/lib/firefox/firefox
                                                                                                                                      /usr/lib/firefox/firefox "https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa0VDMkljcTZHckRVNEQ4UU1mVlhrYmZ4aWNHQXxBQ3Jtc0tuZmNUemprdjVXbFpqZlhVakFVeWtsd0xUelNmQ0xmX3NQSGFrbnU0b0EtWUNQcFd3UG43cm9nT3RHdVhLYUVGZkQzU0FCZ2xGTkg4MTA2UXZSWERZdjlIaTVvZ2NkNnh2eEtPcW5VNnJrenRRTjBGWQ&q=https%3A%2F%2Fgo.enderman.ch%2Fmalware-generator&v=GiixWxddP_M"
                                                                                                                                      2⤵
                                                                                                                                      • Checks CPU configuration
                                                                                                                                      • Reads CPU attributes
                                                                                                                                      • Enumerates kernel/hardware configuration
                                                                                                                                      • Reads runtime system information
                                                                                                                                      • Writes file to tmp directory
                                                                                                                                      PID:1525
                                                                                                                                      • /usr/local/sbin/dbus-launch
                                                                                                                                        dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
                                                                                                                                        3⤵
                                                                                                                                          PID:1533
                                                                                                                                        • /usr/local/bin/dbus-launch
                                                                                                                                          dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
                                                                                                                                          3⤵
                                                                                                                                            PID:1533
                                                                                                                                          • /usr/sbin/dbus-launch
                                                                                                                                            dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
                                                                                                                                            3⤵
                                                                                                                                              PID:1533
                                                                                                                                            • /usr/bin/dbus-launch
                                                                                                                                              dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
                                                                                                                                              3⤵
                                                                                                                                                PID:1533
                                                                                                                                              • /usr/lib/firefox/glxtest
                                                                                                                                                /usr/lib/firefox/glxtest -f 13
                                                                                                                                                3⤵
                                                                                                                                                • Enumerates kernel/hardware configuration
                                                                                                                                                PID:1536
                                                                                                                                              • /usr/bin/lsb_release
                                                                                                                                                /usr/bin/lsb_release -idrc
                                                                                                                                                3⤵
                                                                                                                                                  PID:1548
                                                                                                                                                • /usr/local/sbin/dbus-launch
                                                                                                                                                  dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
                                                                                                                                                  3⤵
                                                                                                                                                    PID:1558
                                                                                                                                                  • /usr/local/bin/dbus-launch
                                                                                                                                                    dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
                                                                                                                                                    3⤵
                                                                                                                                                      PID:1558
                                                                                                                                                    • /usr/sbin/dbus-launch
                                                                                                                                                      dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
                                                                                                                                                      3⤵
                                                                                                                                                        PID:1558
                                                                                                                                                      • /usr/bin/dbus-launch
                                                                                                                                                        dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
                                                                                                                                                        3⤵
                                                                                                                                                          PID:1558
                                                                                                                                                        • /usr/lib/firefox/firefox
                                                                                                                                                          /usr/lib/firefox/firefox -contentproc -parentBuildID 20240108143603 -prefsLen 21691 -prefMapSize 235269 -appDir /usr/lib/firefox/browser "{2a1e96c6-41f3-4da9-96ce-1cb2082646f6}" 1525 true socket
                                                                                                                                                          3⤵
                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                          PID:1570
                                                                                                                                                        • /usr/lib/firefox/firefox
                                                                                                                                                          /usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 20430 -prefMapSize 235269 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{d57bfe31-1986-4fac-bb57-1e3ab90ed351}" 1525 true tab
                                                                                                                                                          3⤵
                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                          • Enumerates kernel/hardware configuration
                                                                                                                                                          • Reads runtime system information
                                                                                                                                                          PID:1657
                                                                                                                                                        • /usr/lib/firefox/firefox
                                                                                                                                                          /usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 28531 -prefMapSize 235269 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{91788693-32f4-4cfc-bffb-9655f74fa349}" 1525 true tab
                                                                                                                                                          3⤵
                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                          • Reads runtime system information
                                                                                                                                                          PID:1704
                                                                                                                                                        • /usr/lib/firefox/firefox
                                                                                                                                                          /usr/lib/firefox/firefox -contentproc -parentBuildID 20240108143603 -sandboxingKind 0 -prefsLen 29281 -prefMapSize 235269 -appDir /usr/lib/firefox/browser "{3339aa4f-50fe-441e-9876-cbfc1e9a4f31}" 1525 true utility
                                                                                                                                                          3⤵
                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                          PID:1734
                                                                                                                                                        • /usr/lib/firefox/firefox
                                                                                                                                                          /usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 25441 -prefMapSize 235269 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{8ee7665d-9a58-4f99-8176-bb1e94095f4f}" 1525 true tab
                                                                                                                                                          3⤵
                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                          • Enumerates kernel/hardware configuration
                                                                                                                                                          PID:1736
                                                                                                                                                        • /usr/lib/firefox/firefox
                                                                                                                                                          /usr/lib/firefox/firefox -contentproc -childID 4 -isForBrowser -prefsLen 25441 -prefMapSize 235269 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{dbb4c507-37e1-4eb7-a2f2-264c6dac67b3}" 1525 true tab
                                                                                                                                                          3⤵
                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                          PID:1755
                                                                                                                                                        • /usr/lib/firefox/firefox
                                                                                                                                                          /usr/lib/firefox/firefox -contentproc -childID 5 -isForBrowser -prefsLen 25441 -prefMapSize 235269 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{a722d645-f724-45af-8759-4182de9962e5}" 1525 true tab
                                                                                                                                                          3⤵
                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                          PID:1759
                                                                                                                                                        • /usr/lib/firefox/firefox
                                                                                                                                                          /usr/lib/firefox/firefox -contentproc -childID 6 -isForBrowser -prefsLen 28747 -prefMapSize 235269 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{10b3958d-3b4c-49ab-953c-cbadf1457da3}" 1525 true tab
                                                                                                                                                          3⤵
                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                          • Enumerates kernel/hardware configuration
                                                                                                                                                          PID:1886
                                                                                                                                                        • /usr/lib/firefox/firefox
                                                                                                                                                          /usr/lib/firefox/firefox -contentproc -childID 7 -isForBrowser -prefsLen 33312 -prefMapSize 235269 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{1786c07b-39fc-48b7-b2a3-27fcdd98663b}" 1525 true tab
                                                                                                                                                          3⤵
                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                          • Enumerates kernel/hardware configuration
                                                                                                                                                          • Reads runtime system information
                                                                                                                                                          PID:1912
                                                                                                                                                        • /usr/lib/firefox/firefox
                                                                                                                                                          /usr/lib/firefox/firefox -contentproc -childID 8 -isForBrowser -prefsLen 28747 -prefMapSize 235269 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{ec9acea2-6f63-4bb5-bbf0-633248e67d0f}" 1525 true tab
                                                                                                                                                          3⤵
                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                          • Reads runtime system information
                                                                                                                                                          PID:1996
                                                                                                                                                        • /usr/lib/firefox/firefox
                                                                                                                                                          /usr/lib/firefox/firefox -contentproc -childID 9 -isForBrowser -prefsLen 28747 -prefMapSize 235269 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{ed0fa4b3-ce62-42e8-b227-6b69a6b00959}" 1525 true tab
                                                                                                                                                          3⤵
                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                          • Enumerates kernel/hardware configuration
                                                                                                                                                          • Reads runtime system information
                                                                                                                                                          PID:2018
                                                                                                                                                        • /usr/lib/firefox/firefox
                                                                                                                                                          /usr/lib/firefox/firefox -contentproc -childID 10 -isForBrowser -prefsLen 28747 -prefMapSize 235269 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{52cb6e74-d8f8-48fc-9ffb-9c5b60217817}" 1525 true tab
                                                                                                                                                          3⤵
                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                          • Reads runtime system information
                                                                                                                                                          PID:2022
                                                                                                                                                        • /usr/bin/speech-dispatcher
                                                                                                                                                          /usr/bin/speech-dispatcher --spawn --communication-method unix_socket --socket-path /root/.cache/speech-dispatcher/speechd.sock
                                                                                                                                                          3⤵
                                                                                                                                                            PID:2055
                                                                                                                                                            • /bin/sh
                                                                                                                                                              sh -c "type espeak > /dev/null 2>&1"
                                                                                                                                                              4⤵
                                                                                                                                                                PID:2056
                                                                                                                                                              • /bin/sh
                                                                                                                                                                sh -c "type mbrola > /dev/null 2>&1"
                                                                                                                                                                4⤵
                                                                                                                                                                  PID:2057
                                                                                                                                                                • /bin/sh
                                                                                                                                                                  sh -c "type espeak > /dev/null 2>&1"
                                                                                                                                                                  4⤵
                                                                                                                                                                    PID:2058
                                                                                                                                                                  • /bin/sh
                                                                                                                                                                    sh -c "type espeak-ng > /dev/null 2>&1"
                                                                                                                                                                    4⤵
                                                                                                                                                                      PID:2059
                                                                                                                                                                    • /bin/sh
                                                                                                                                                                      sh -c "type mbrola > /dev/null 2>&1"
                                                                                                                                                                      4⤵
                                                                                                                                                                        PID:2060
                                                                                                                                                                      • /bin/sh
                                                                                                                                                                        sh -c "type curl > /dev/null 2>&1"
                                                                                                                                                                        4⤵
                                                                                                                                                                          PID:2061
                                                                                                                                                                        • /bin/sh
                                                                                                                                                                          sh -c "type epos-say > /dev/null 2>&1"
                                                                                                                                                                          4⤵
                                                                                                                                                                            PID:2062
                                                                                                                                                                          • /bin/sh
                                                                                                                                                                            sh -c "type say > /dev/null 2>&1"
                                                                                                                                                                            4⤵
                                                                                                                                                                              PID:2063
                                                                                                                                                                            • /bin/sh
                                                                                                                                                                              sh -c "type pico2wave > /dev/null 2>&1"
                                                                                                                                                                              4⤵
                                                                                                                                                                                PID:2064
                                                                                                                                                                              • /bin/sh
                                                                                                                                                                                sh -c "type llia_phon > /dev/null 2>&1"
                                                                                                                                                                                4⤵
                                                                                                                                                                                  PID:2065
                                                                                                                                                                                • /bin/sh
                                                                                                                                                                                  sh -c "type mbrola > /dev/null 2>&1"
                                                                                                                                                                                  4⤵
                                                                                                                                                                                    PID:2066
                                                                                                                                                                                  • /bin/sh
                                                                                                                                                                                    sh -c "type /opt/swift/bin/swift > /dev/null 2>&1"
                                                                                                                                                                                    4⤵
                                                                                                                                                                                      PID:2067
                                                                                                                                                                                    • /usr/lib/speech-dispatcher-modules/sd_espeak-ng
                                                                                                                                                                                      /usr/lib/speech-dispatcher-modules/sd_espeak-ng /etc/speech-dispatcher/modules/espeak-ng.conf
                                                                                                                                                                                      4⤵
                                                                                                                                                                                        PID:2068
                                                                                                                                                                                      • /usr/lib/speech-dispatcher-modules/sd_generic
                                                                                                                                                                                        /usr/lib/speech-dispatcher-modules/sd_generic /etc/speech-dispatcher/modules/mary-generic.conf
                                                                                                                                                                                        4⤵
                                                                                                                                                                                          PID:2073
                                                                                                                                                                                        • /usr/lib/speech-dispatcher-modules/sd_dummy
                                                                                                                                                                                          /usr/lib/speech-dispatcher-modules/sd_dummy /etc/speech-dispatcher/modules/dummy.conf
                                                                                                                                                                                          4⤵
                                                                                                                                                                                            PID:2075
                                                                                                                                                                                        • /usr/lib/firefox/firefox
                                                                                                                                                                                          /usr/lib/firefox/firefox -contentproc -childID 11 -isForBrowser -prefsLen 28800 -prefMapSize 235269 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{95e0afbe-7f7f-4bc6-85cf-4fa80ddc9c12}" 1525 true tab
                                                                                                                                                                                          3⤵
                                                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                                                          • Reads runtime system information
                                                                                                                                                                                          PID:2080
                                                                                                                                                                                        • /usr/lib/firefox/firefox
                                                                                                                                                                                          /usr/lib/firefox/firefox -contentproc -childID 12 -isForBrowser -prefsLen 28800 -prefMapSize 235269 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{0cce2251-337b-44c4-a670-f461729e155e}" 1525 true tab
                                                                                                                                                                                          3⤵
                                                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                                                          PID:2108
                                                                                                                                                                                        • /usr/lib/firefox/firefox
                                                                                                                                                                                          /usr/lib/firefox/firefox -contentproc -childID 13 -isForBrowser -prefsLen 28800 -prefMapSize 235269 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{76891728-1477-4ec2-8edf-e910cbaca6b7}" 1525 true tab
                                                                                                                                                                                          3⤵
                                                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                                                          • Enumerates kernel/hardware configuration
                                                                                                                                                                                          • Reads runtime system information
                                                                                                                                                                                          PID:2127
                                                                                                                                                                                        • /usr/lib/firefox/firefox
                                                                                                                                                                                          /usr/lib/firefox/firefox -contentproc -childID 14 -isForBrowser -prefsLen 28800 -prefMapSize 235269 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{fa44cbfd-0e4a-4e66-8e14-0ffd6343f0e5}" 1525 true tab
                                                                                                                                                                                          3⤵
                                                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                                                          • Enumerates kernel/hardware configuration
                                                                                                                                                                                          • Reads runtime system information
                                                                                                                                                                                          PID:2147
                                                                                                                                                                                        • /usr/lib/firefox/firefox
                                                                                                                                                                                          /usr/lib/firefox/firefox -contentproc -childID 15 -isForBrowser -prefsLen 28800 -prefMapSize 235269 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{5bc0f774-c452-4489-88f1-ee0a8e8ce408}" 1525 true tab
                                                                                                                                                                                          3⤵
                                                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                                                          PID:2168
                                                                                                                                                                                        • /usr/lib/firefox/firefox
                                                                                                                                                                                          /usr/lib/firefox/firefox -contentproc -childID 16 -isForBrowser -prefsLen 29106 -prefMapSize 235269 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{98c6281b-5961-4f70-8f58-9d1a492d2b13}" 1525 true tab
                                                                                                                                                                                          3⤵
                                                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                                                          • Reads runtime system information
                                                                                                                                                                                          PID:2269
                                                                                                                                                                                        • /usr/lib/firefox/firefox
                                                                                                                                                                                          /usr/lib/firefox/firefox -contentproc -childID 17 -isForBrowser -prefsLen 34226 -prefMapSize 235269 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{f5f1b6ac-d3f2-4e6b-bbe8-d26dc351ed75}" 1525 true tab
                                                                                                                                                                                          3⤵
                                                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                                                          • Enumerates kernel/hardware configuration
                                                                                                                                                                                          • Reads runtime system information
                                                                                                                                                                                          PID:2297
                                                                                                                                                                                        • /usr/lib/firefox/firefox
                                                                                                                                                                                          /usr/lib/firefox/firefox -contentproc -childID 18 -isForBrowser -prefsLen 29337 -prefMapSize 235269 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{477d5567-d66a-4f30-88a5-fd89a9ddc58f}" 1525 true tab
                                                                                                                                                                                          3⤵
                                                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                                                          • Enumerates kernel/hardware configuration
                                                                                                                                                                                          PID:2317
                                                                                                                                                                                        • /usr/lib/firefox/firefox
                                                                                                                                                                                          /usr/lib/firefox/firefox -contentproc -childID 19 -isForBrowser -prefsLen 35005 -prefMapSize 235269 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{cd3aaa7d-d420-400a-af9e-795eefebb422}" 1525 true tab
                                                                                                                                                                                          3⤵
                                                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                                                          • Reads runtime system information
                                                                                                                                                                                          PID:2393
                                                                                                                                                                                      • /usr/bin/grep
                                                                                                                                                                                        grep -q "%s"
                                                                                                                                                                                        2⤵
                                                                                                                                                                                          PID:2479
                                                                                                                                                                                        • /usr/bin/x-www-browser
                                                                                                                                                                                          x-www-browser "https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa0VDMkljcTZHckRVNEQ4UU1mVlhrYmZ4aWNHQXxBQ3Jtc0tuZmNUemprdjVXbFpqZlhVakFVeWtsd0xUelNmQ0xmX3NQSGFrbnU0b0EtWUNQcFd3UG43cm9nT3RHdVhLYUVGZkQzU0FCZ2xGTkg4MTA2UXZSWERZdjlIaTVvZ2NkNnh2eEtPcW5VNnJrenRRTjBGWQ&q=https%3A%2F%2Fgo.enderman.ch%2Fmalware-generator&v=GiixWxddP_M"
                                                                                                                                                                                          2⤵
                                                                                                                                                                                            PID:2480
                                                                                                                                                                                            • /usr/bin/which
                                                                                                                                                                                              which /usr/bin/x-www-browser
                                                                                                                                                                                              3⤵
                                                                                                                                                                                                PID:2481
                                                                                                                                                                                            • /usr/lib/firefox/firefox
                                                                                                                                                                                              /usr/lib/firefox/firefox "https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa0VDMkljcTZHckRVNEQ4UU1mVlhrYmZ4aWNHQXxBQ3Jtc0tuZmNUemprdjVXbFpqZlhVakFVeWtsd0xUelNmQ0xmX3NQSGFrbnU0b0EtWUNQcFd3UG43cm9nT3RHdVhLYUVGZkQzU0FCZ2xGTkg4MTA2UXZSWERZdjlIaTVvZ2NkNnh2eEtPcW5VNnJrenRRTjBGWQ&q=https%3A%2F%2Fgo.enderman.ch%2Fmalware-generator&v=GiixWxddP_M"
                                                                                                                                                                                              2⤵
                                                                                                                                                                                              • Checks CPU configuration
                                                                                                                                                                                              • Reads CPU attributes
                                                                                                                                                                                              • Enumerates kernel/hardware configuration
                                                                                                                                                                                              • Reads runtime system information
                                                                                                                                                                                              • Writes file to tmp directory
                                                                                                                                                                                              PID:2480
                                                                                                                                                                                              • /usr/local/sbin/dbus-launch
                                                                                                                                                                                                dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
                                                                                                                                                                                                3⤵
                                                                                                                                                                                                  PID:2485
                                                                                                                                                                                                • /usr/local/bin/dbus-launch
                                                                                                                                                                                                  dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                    PID:2485
                                                                                                                                                                                                  • /usr/sbin/dbus-launch
                                                                                                                                                                                                    dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                      PID:2485
                                                                                                                                                                                                    • /usr/bin/dbus-launch
                                                                                                                                                                                                      dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                        PID:2485
                                                                                                                                                                                                      • /usr/lib/firefox/glxtest
                                                                                                                                                                                                        /usr/lib/firefox/glxtest -f 13
                                                                                                                                                                                                        3⤵
                                                                                                                                                                                                        • Enumerates kernel/hardware configuration
                                                                                                                                                                                                        PID:2488
                                                                                                                                                                                                      • /usr/bin/lsb_release
                                                                                                                                                                                                        /usr/bin/lsb_release -idrc
                                                                                                                                                                                                        3⤵
                                                                                                                                                                                                          PID:2500
                                                                                                                                                                                                        • /usr/local/sbin/dbus-launch
                                                                                                                                                                                                          dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
                                                                                                                                                                                                          3⤵
                                                                                                                                                                                                            PID:2524
                                                                                                                                                                                                          • /usr/local/bin/dbus-launch
                                                                                                                                                                                                            dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
                                                                                                                                                                                                            3⤵
                                                                                                                                                                                                              PID:2524
                                                                                                                                                                                                            • /usr/sbin/dbus-launch
                                                                                                                                                                                                              dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
                                                                                                                                                                                                              3⤵
                                                                                                                                                                                                                PID:2524
                                                                                                                                                                                                              • /usr/bin/dbus-launch
                                                                                                                                                                                                                dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
                                                                                                                                                                                                                3⤵
                                                                                                                                                                                                                  PID:2524
                                                                                                                                                                                                                • /usr/lib/firefox/firefox
                                                                                                                                                                                                                  /usr/lib/firefox/firefox -contentproc -parentBuildID 20240108143603 -prefsLen 29296 -prefMapSize 236978 -appDir /usr/lib/firefox/browser "{c73a29ad-5b6a-4b1b-857d-383f2fafdaff}" 2480 true socket
                                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                                  • Reads CPU attributes
                                                                                                                                                                                                                  • Reads runtime system information
                                                                                                                                                                                                                  PID:2537
                                                                                                                                                                                                                • /usr/lib/firefox/firefox
                                                                                                                                                                                                                  /usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 23582 -prefMapSize 236978 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{2612924a-de9e-431f-9f98-65e99eeaf5c5}" 2480 true tab
                                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                                  • Reads CPU attributes
                                                                                                                                                                                                                  • Reads runtime system information
                                                                                                                                                                                                                  PID:2555
                                                                                                                                                                                                                • /usr/lib/firefox/firefox
                                                                                                                                                                                                                  /usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 33782 -prefMapSize 236978 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{b564b502-cb14-4097-8efc-37d094b7c156}" 2480 true tab
                                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                                  • Reads CPU attributes
                                                                                                                                                                                                                  • Reads runtime system information
                                                                                                                                                                                                                  PID:2617
                                                                                                                                                                                                                • /usr/lib/firefox/firefox
                                                                                                                                                                                                                  /usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 27928 -prefMapSize 236978 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{f2b959a9-33f2-4211-9784-9d2cd92a3b12}" 2480 true tab
                                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                                  • Reads CPU attributes
                                                                                                                                                                                                                  • Enumerates kernel/hardware configuration
                                                                                                                                                                                                                  • Reads runtime system information
                                                                                                                                                                                                                  PID:2652
                                                                                                                                                                                                                • /usr/lib/firefox/firefox
                                                                                                                                                                                                                  /usr/lib/firefox/firefox -contentproc -parentBuildID 20240108143603 -sandboxingKind 0 -prefsLen 33782 -prefMapSize 236978 -appDir /usr/lib/firefox/browser "{37446a57-dcd3-4618-9e3b-6fb1c0f52a70}" 2480 true utility
                                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                                  • Reads CPU attributes
                                                                                                                                                                                                                  PID:2682
                                                                                                                                                                                                                • /usr/lib/firefox/firefox
                                                                                                                                                                                                                  /usr/lib/firefox/firefox -contentproc -childID 4 -isForBrowser -prefsLen 33782 -prefMapSize 236978 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{2b205403-089d-42f6-aa98-b464f870b62f}" 2480 true tab
                                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                                  • Reads CPU attributes
                                                                                                                                                                                                                  • Reads runtime system information
                                                                                                                                                                                                                  PID:2698
                                                                                                                                                                                                                • /usr/lib/firefox/firefox
                                                                                                                                                                                                                  /usr/lib/firefox/firefox -contentproc -childID 5 -isForBrowser -prefsLen 27928 -prefMapSize 236978 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{0d35643a-5b15-4281-b2a2-3596269cc2d1}" 2480 true tab
                                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                                  • Reads CPU attributes
                                                                                                                                                                                                                  PID:2717
                                                                                                                                                                                                              • /usr/bin/grep
                                                                                                                                                                                                                grep -q "%s"
                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                  PID:3140
                                                                                                                                                                                                                • /usr/bin/firefox
                                                                                                                                                                                                                  firefox "https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa0VDMkljcTZHckRVNEQ4UU1mVlhrYmZ4aWNHQXxBQ3Jtc0tuZmNUemprdjVXbFpqZlhVakFVeWtsd0xUelNmQ0xmX3NQSGFrbnU0b0EtWUNQcFd3UG43cm9nT3RHdVhLYUVGZkQzU0FCZ2xGTkg4MTA2UXZSWERZdjlIaTVvZ2NkNnh2eEtPcW5VNnJrenRRTjBGWQ&q=https%3A%2F%2Fgo.enderman.ch%2Fmalware-generator&v=GiixWxddP_M"
                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                    PID:3141
                                                                                                                                                                                                                    • /usr/bin/which
                                                                                                                                                                                                                      which /usr/bin/firefox
                                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                                        PID:3142
                                                                                                                                                                                                                    • /usr/lib/firefox/firefox
                                                                                                                                                                                                                      /usr/lib/firefox/firefox "https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa0VDMkljcTZHckRVNEQ4UU1mVlhrYmZ4aWNHQXxBQ3Jtc0tuZmNUemprdjVXbFpqZlhVakFVeWtsd0xUelNmQ0xmX3NQSGFrbnU0b0EtWUNQcFd3UG43cm9nT3RHdVhLYUVGZkQzU0FCZ2xGTkg4MTA2UXZSWERZdjlIaTVvZ2NkNnh2eEtPcW5VNnJrenRRTjBGWQ&q=https%3A%2F%2Fgo.enderman.ch%2Fmalware-generator&v=GiixWxddP_M"
                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                      • Checks CPU configuration
                                                                                                                                                                                                                      • Reads CPU attributes
                                                                                                                                                                                                                      • Reads runtime system information
                                                                                                                                                                                                                      • Writes file to tmp directory
                                                                                                                                                                                                                      PID:3141
                                                                                                                                                                                                                      • /usr/local/sbin/dbus-launch
                                                                                                                                                                                                                        dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
                                                                                                                                                                                                                        3⤵
                                                                                                                                                                                                                          PID:3146
                                                                                                                                                                                                                        • /usr/local/bin/dbus-launch
                                                                                                                                                                                                                          dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
                                                                                                                                                                                                                          3⤵
                                                                                                                                                                                                                            PID:3146
                                                                                                                                                                                                                          • /usr/sbin/dbus-launch
                                                                                                                                                                                                                            dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
                                                                                                                                                                                                                            3⤵
                                                                                                                                                                                                                              PID:3146
                                                                                                                                                                                                                            • /usr/bin/dbus-launch
                                                                                                                                                                                                                              dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
                                                                                                                                                                                                                              3⤵
                                                                                                                                                                                                                                PID:3146
                                                                                                                                                                                                                              • /usr/lib/firefox/glxtest
                                                                                                                                                                                                                                /usr/lib/firefox/glxtest -f 14
                                                                                                                                                                                                                                3⤵
                                                                                                                                                                                                                                • Enumerates kernel/hardware configuration
                                                                                                                                                                                                                                • Reads runtime system information
                                                                                                                                                                                                                                PID:3149
                                                                                                                                                                                                                              • /usr/bin/lsb_release
                                                                                                                                                                                                                                /usr/bin/lsb_release -idrc
                                                                                                                                                                                                                                3⤵
                                                                                                                                                                                                                                  PID:3162
                                                                                                                                                                                                                                • /usr/local/sbin/dbus-launch
                                                                                                                                                                                                                                  dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
                                                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                                                    PID:3171
                                                                                                                                                                                                                                  • /usr/local/bin/dbus-launch
                                                                                                                                                                                                                                    dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
                                                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                                                      PID:3171
                                                                                                                                                                                                                                    • /usr/sbin/dbus-launch
                                                                                                                                                                                                                                      dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
                                                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                                                        PID:3171
                                                                                                                                                                                                                                      • /usr/bin/dbus-launch
                                                                                                                                                                                                                                        dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
                                                                                                                                                                                                                                        3⤵
                                                                                                                                                                                                                                          PID:3171
                                                                                                                                                                                                                                        • /usr/lib/firefox/firefox
                                                                                                                                                                                                                                          /usr/lib/firefox/firefox -contentproc -parentBuildID 20240108143603 -prefsLen 29529 -prefMapSize 237210 -appDir /usr/lib/firefox/browser "{4757a958-e596-4992-bb90-725229c0e03d}" 3141 true socket
                                                                                                                                                                                                                                          3⤵
                                                                                                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                                                                                                          • Enumerates kernel/hardware configuration
                                                                                                                                                                                                                                          • Reads runtime system information
                                                                                                                                                                                                                                          PID:3183
                                                                                                                                                                                                                                        • /usr/lib/firefox/firefox
                                                                                                                                                                                                                                          /usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 23582 -prefMapSize 237210 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{5bfa030a-4e26-420a-bc05-e94bc7a6981a}" 3141 true tab
                                                                                                                                                                                                                                          3⤵
                                                                                                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                                                                                                          • Enumerates kernel/hardware configuration
                                                                                                                                                                                                                                          • Reads runtime system information
                                                                                                                                                                                                                                          PID:3196
                                                                                                                                                                                                                                        • /usr/lib/firefox/firefox
                                                                                                                                                                                                                                          /usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 34126 -prefMapSize 237210 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{c6461166-30bf-427f-a616-143997d4cb17}" 3141 true tab
                                                                                                                                                                                                                                          3⤵
                                                                                                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                                                                                                          • Reads runtime system information
                                                                                                                                                                                                                                          PID:3268
                                                                                                                                                                                                                                        • /usr/lib/firefox/firefox
                                                                                                                                                                                                                                          /usr/lib/firefox/firefox -contentproc -parentBuildID 20240108143603 -sandboxingKind 0 -prefsLen 34126 -prefMapSize 237210 -appDir /usr/lib/firefox/browser "{6c72d512-05e9-4a38-9f03-6936e66e2a88}" 3141 true utility
                                                                                                                                                                                                                                          3⤵
                                                                                                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                                                                                                          • Enumerates kernel/hardware configuration
                                                                                                                                                                                                                                          • Reads runtime system information
                                                                                                                                                                                                                                          PID:3307
                                                                                                                                                                                                                                        • /usr/lib/firefox/firefox
                                                                                                                                                                                                                                          /usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 27981 -prefMapSize 237210 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{78afa405-9321-4c47-92a2-92da7d7c77b2}" 3141 true tab
                                                                                                                                                                                                                                          3⤵
                                                                                                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                                                                                                          • Enumerates kernel/hardware configuration
                                                                                                                                                                                                                                          PID:3310
                                                                                                                                                                                                                                        • /usr/lib/firefox/firefox
                                                                                                                                                                                                                                          /usr/lib/firefox/firefox -contentproc -childID 4 -isForBrowser -prefsLen 27981 -prefMapSize 237210 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{0800b994-c9c1-4a15-8506-e447229c6058}" 3141 true tab
                                                                                                                                                                                                                                          3⤵
                                                                                                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                                                                                                          • Reads runtime system information
                                                                                                                                                                                                                                          PID:3319
                                                                                                                                                                                                                                        • /usr/lib/firefox/firefox
                                                                                                                                                                                                                                          /usr/lib/firefox/firefox -contentproc -childID 5 -isForBrowser -prefsLen 27981 -prefMapSize 237210 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{699100d8-53ac-4bef-8925-850efaed89df}" 3141 true tab
                                                                                                                                                                                                                                          3⤵
                                                                                                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                                                                                                          PID:3329
                                                                                                                                                                                                                                        • /usr/lib/firefox/firefox
                                                                                                                                                                                                                                          /usr/lib/firefox/firefox -contentproc -childID 6 -isForBrowser -prefsLen 34126 -prefMapSize 237210 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{a29732e0-9e22-44e3-8eaa-beb22e03afc0}" 3141 true tab
                                                                                                                                                                                                                                          3⤵
                                                                                                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                                                                                                          • Enumerates kernel/hardware configuration
                                                                                                                                                                                                                                          PID:3383
                                                                                                                                                                                                                                        • /usr/lib/firefox/firefox
                                                                                                                                                                                                                                          /usr/lib/firefox/firefox -contentproc -childID 7 -isForBrowser -prefsLen 28196 -prefMapSize 237210 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{4bef6738-2dc5-461d-a453-4bb4fef3df74}" 3141 true tab
                                                                                                                                                                                                                                          3⤵
                                                                                                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                                                                                                          • Reads runtime system information
                                                                                                                                                                                                                                          PID:3471
                                                                                                                                                                                                                                        • /usr/lib/firefox/firefox
                                                                                                                                                                                                                                          /usr/lib/firefox/firefox -contentproc -childID 8 -isForBrowser -prefsLen 28284 -prefMapSize 237210 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{1a34fa16-bc06-4150-888c-d8f669839e8c}" 3141 true tab
                                                                                                                                                                                                                                          3⤵
                                                                                                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                                                                                                          PID:3543
                                                                                                                                                                                                                                        • /usr/lib/firefox/firefox
                                                                                                                                                                                                                                          /usr/lib/firefox/firefox -contentproc -childID 9 -isForBrowser -prefsLen 28284 -prefMapSize 237210 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{2dd8ec57-4b5d-478b-b7eb-e1aa8827341f}" 3141 true tab
                                                                                                                                                                                                                                          3⤵
                                                                                                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                                                                                                          • Enumerates kernel/hardware configuration
                                                                                                                                                                                                                                          • Reads runtime system information
                                                                                                                                                                                                                                          PID:3604
                                                                                                                                                                                                                                      • /usr/bin/grep
                                                                                                                                                                                                                                        grep -q "%s"
                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                          PID:3631
                                                                                                                                                                                                                                        • /usr/bin/grep
                                                                                                                                                                                                                                          grep -q "%s"
                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                            PID:3636
                                                                                                                                                                                                                                          • /usr/bin/grep
                                                                                                                                                                                                                                            grep -q "%s"
                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                              PID:3638
                                                                                                                                                                                                                                            • /usr/bin/grep
                                                                                                                                                                                                                                              grep -q "%s"
                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                PID:3642
                                                                                                                                                                                                                                              • /usr/bin/grep
                                                                                                                                                                                                                                                grep -q "%s"
                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                  PID:3644
                                                                                                                                                                                                                                                • /usr/bin/grep
                                                                                                                                                                                                                                                  grep -q "%s"
                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                    PID:3646
                                                                                                                                                                                                                                                  • /usr/bin/grep
                                                                                                                                                                                                                                                    grep -q "%s"
                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                      PID:3648
                                                                                                                                                                                                                                                    • /usr/bin/grep
                                                                                                                                                                                                                                                      grep -q "%s"
                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                        PID:3650
                                                                                                                                                                                                                                                      • /usr/bin/grep
                                                                                                                                                                                                                                                        grep -q "%s"
                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                          PID:3652
                                                                                                                                                                                                                                                        • /usr/bin/grep
                                                                                                                                                                                                                                                          grep -q "%s"
                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                            PID:3654
                                                                                                                                                                                                                                                          • /usr/bin/grep
                                                                                                                                                                                                                                                            grep -q "%s"
                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                              PID:3656
                                                                                                                                                                                                                                                            • /usr/bin/grep
                                                                                                                                                                                                                                                              grep -q "%s"
                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                PID:3658
                                                                                                                                                                                                                                                              • /usr/bin/grep
                                                                                                                                                                                                                                                                grep -q "%s"
                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                  PID:3660
                                                                                                                                                                                                                                                                • /usr/bin/grep
                                                                                                                                                                                                                                                                  grep -q "%s"
                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                    PID:3662
                                                                                                                                                                                                                                                                • /usr/libexec/gvfsd-fuse
                                                                                                                                                                                                                                                                  /usr/libexec/gvfsd-fuse /root/.cache/gvfs -f -o big_writes
                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                    PID:1602

                                                                                                                                                                                                                                                                  Network

                                                                                                                                                                                                                                                                  MITRE ATT&CK Matrix ATT&CK v13

                                                                                                                                                                                                                                                                  Initial Access

                                                                                                                                                                                                                                                                  Execution

                                                                                                                                                                                                                                                                  Persistence

                                                                                                                                                                                                                                                                  Privilege Escalation

                                                                                                                                                                                                                                                                  Defense Evasion

                                                                                                                                                                                                                                                                  Virtualization/Sandbox Evasion

                                                                                                                                                                                                                                                                  1
                                                                                                                                                                                                                                                                  T1497

                                                                                                                                                                                                                                                                  Credential Access

                                                                                                                                                                                                                                                                  Discovery

                                                                                                                                                                                                                                                                  Virtualization/Sandbox Evasion

                                                                                                                                                                                                                                                                  1
                                                                                                                                                                                                                                                                  T1497

                                                                                                                                                                                                                                                                  System Information Discovery

                                                                                                                                                                                                                                                                  2
                                                                                                                                                                                                                                                                  T1082

                                                                                                                                                                                                                                                                  Lateral Movement

                                                                                                                                                                                                                                                                  Collection

                                                                                                                                                                                                                                                                  Exfiltration

                                                                                                                                                                                                                                                                  Command and Control

                                                                                                                                                                                                                                                                  Web Service

                                                                                                                                                                                                                                                                  1
                                                                                                                                                                                                                                                                  T1102

                                                                                                                                                                                                                                                                  Impact

                                                                                                                                                                                                                                                                  Resource Development

                                                                                                                                                                                                                                                                  Reconnaissance

                                                                                                                                                                                                                                                                  Replay Monitor

                                                                                                                                                                                                                                                                  Loading Replay Monitor...

                                                                                                                                                                                                                                                                  Downloads

                                                                                                                                                                                                                                                                  • /root/.cache/speech-dispatcher/log/dummy.log
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    129B

                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                    b2b3a649e7e18f578a7d885627764958

                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                    9581944e1dd494b74896964a2b2db251428849be

                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                    4d0663e7c2b22f2942d0e8eb992e7cce6350a01bde90d941a4fb1fab1e65065a

                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                    db150cd21eeea03ae2a4e0a1325f3f5d60343d08de349cb27e1da0a51402301b6271ede58f69377dc0d337e9db1071d5921a4d26f81427b74d361959d2c823e7

                                                                                                                                                                                                                                                                    Download Submit
                                                                                                                                                                                                                                                                  • /root/.cache/speech-dispatcher/log/espeak-ng.log
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    52B

                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                    ef84f4e65f11da983c74a7bb8edb00e4

                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                    6a6b59b99ceba44216cfa42e5be6a1d641615ded

                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                    f56bc2309418b8e3f485b18fa4cc2a641912f03a08e3555387faa6fb925ca547

                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                    85019f18beeea67e60030755b3181fc3305eaade197200bd37a956dab9c4aea9ca0006f350c9def753c2036ddf851822733e9a050829b563624e9fec52fe784d

                                                                                                                                                                                                                                                                    Download Submit
                                                                                                                                                                                                                                                                  • /root/.cache/speech-dispatcher/log/mary-generic.log
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    151B

                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                    7b92a4d1d104620c17b8b007b82f4ea6

                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                    fd86d4191806d10aa33baa3f47d2251dbacf461e

                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                    7a0cea6035a30a623000fec0b0b03f597049663dcf103bb47af898a2e5db4966

                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                    64620869fc6c85c667f7543c5fecc6771756bf2d429295a2c6f3397deab885e373ed2542625de8e67ce696bc506c300c43a14ccb482f628b17e869cb07f0e2d2

                                                                                                                                                                                                                                                                    Download Submit
                                                                                                                                                                                                                                                                  • /root/.cache/speech-dispatcher/log/speech-dispatcher.log
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    3KB

                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                    134fa4f3c0be64e709e5c45604bf94da

                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                    0a5647c35756fb168a2f4bc85ee168e160e34b4a

                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                    4420336b3bf554c0f6b622c5a51177aab3531765f7dcd1cb0afbbeec8ba212e7

                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                    4a151725d905bcad33fafaad08361b10b0641609a85a77f3b7cf0fa4ba9f38bb1114d521288a456dbfbc4ec55f53e624cad45bbae985499eb3a9a6b26a091d54

                                                                                                                                                                                                                                                                    Download Submit
                                                                                                                                                                                                                                                                  • /root/.cache/speech-dispatcher/pid/speech-dispatcher.pid
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    5B

                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                    52d7a40a7be3ea1a8b2314025d158d88

                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                    5477ffdfba14552df2cd9b39552f2bd1498da469

                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                    13a6f599a6ae3f33c37fa4318b97e20e3134da1af9237ac1d1d983174a3fc4a3

                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                    6ac6a94091b1355e56dbc5f61519e564e467b5028e6aaaadabd0ac8a8c12a550bb13fae8022170ee08a0b6d75049c8d72f6cd34b5494c7be8807fc58f33cb707

                                                                                                                                                                                                                                                                    Download Submit
                                                                                                                                                                                                                                                                  • /tmp/tmp-2by.xpi
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    3.3MB

                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                    b7e53c62f11a06942e570e7328f51262

                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                    42602151e77466de951ddcb42a2b9970887b35cc

                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                    7679aab89c69ee5099114b89c21a8f4b8c521b16a30cd1072d2288b7e3c643a3

                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                    3f0318671c93001e7fe19f0b8e32daced91977eece6aee8b4e1378aff141644d9c2507902a754088a349775c43b62b89f32fe7ace2b23759a4bdbd76dc184266

                                                                                                                                                                                                                                                                    Download Submit
                                                                                                                                                                                                                                                                  • /tmp/tmp-afk.xpi
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    15KB

                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                    c743debc772b8222a505c19b694670b3

                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                    ef814dad7ae91892fe710e7984a1bb98a4788b71

                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                    b229c77635e4e89ab586144aea2fcc977a2c5e51509a84ac884fa59e29ee7792

                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                    6ca43b5772345761c7a855216a7d8e56d56bda5a70256e8260ff1bf10aec5f542955c6fe1f4139bd6aff5f45fbdbe9f3c8ce87fe9959dc1ff6f1f92751e95478

                                                                                                                                                                                                                                                                    Download Submit
                                                                                                                                                                                                                                                                  • /tmp/tmp-epz.xpi
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    424KB

                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                    373c306337bf36ffaf2c1ad98fc98a80

                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                    4d19241d2e830ada52c545f84b6b4e6b7f96d1e4

                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                    c9e36d1d8e32a223da367bdc83133f2436103eb5f16460c7cce2096376e78b68

                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                    d2befa4ea3ba92ad0b1447b0d6fcd16c1707305e6cafd74fde64f9ca8bb05d0dd4163521d7ff6aa3723db6e1610021c710903961855bcfd5153da8a40f7bdc03

                                                                                                                                                                                                                                                                    Download Submit
                                                                                                                                                                                                                                                                  • /tmp/tmp-ezm.xpi
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    826KB

                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                    9a19f5e0a4be22a5a25021cb4aaa534f

                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                    30d55c6e9937fa23b3dd7f3d03b989e1421ffacb

                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                    b56f30cea753a9c4d1c0e078c0e5e635f1885ea7e40305cee59b9e145fad0a6c

                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                    7ce917c3a607c51c653fbd83577ae8624107381a2dbe9901b2ffbc34b9a40238ecd6da6d9db55dd4201625efa5cee3e5c6e2437d764c36e51a4828cd72b2f5a0

                                                                                                                                                                                                                                                                    Download Submit
                                                                                                                                                                                                                                                                  • /tmp/tmp-gme.xpi
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    453KB

                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                    9ffa28345298d70647e37fe19e9c972c

                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                    4c5aa7a08e77bc780d133464bc86fd359c3fbb2c

                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                    26ca52178f68e33d7da4ac3fc8ae1479ba6f98a0ec827ecb7faf097413235bb6

                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                    68a3365d27a598b907002e8a52a235a39b41b417040f39508f9b2cf7929bbaacf13b468137bec7ace300781c615b9ccf366d73bc1a2b7013a3f676c00358622a

                                                                                                                                                                                                                                                                    Download Submit
                                                                                                                                                                                                                                                                  • /tmp/tmp-kbm.xpi
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    1.1MB

                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                    45c90d43112d0c92f3efc29efc4cdd1d

                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                    c6b45810e1f9097ff66908c1e4f698ff77e7ff5a

                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                    fed46723702c79d0d2dcd2132901402b6c391f9fef8efbb58635b5ea9e47476f

                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                    adc7d7e53d309ddf228f2de2489596c8b6d57f0184b4fc80d4d04ef01fcf1ae934c7e44203bea49a2746bf3ff736914e8d2f7093dc9cad1f65db977445e25356

                                                                                                                                                                                                                                                                    Download Submit
                                                                                                                                                                                                                                                                  • /tmp/tmp-kzz.xpi
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    36.6MB

                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                    fc7c0e267a795f6e7e3d2f2530b3ce84

                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                    e7d64162df3ed1b86b82f1aa34d3c88c80d4c566

                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                    d1b2d0105b1792694aa37829239c12d1eae9ca5a4482ba933d93d45ae69e3304

                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                    c6424108f8b0a9ee851ac347cb8b541e3d0ae219599ba8eee28620176c5f516bacbc874407ed23f3989712ad61b665190aa66d39381398e745544d1cd9691b81

                                                                                                                                                                                                                                                                    Download Submit
                                                                                                                                                                                                                                                                  • /tmp/tmp-pm3.xpi
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    110KB

                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                    6a54d839387ec9becf60293f079956b3

                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                    e18543c97095be8394a5fdc6b1c771cdc9cd89c7

                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                    1b3b22b3d50fe101e76e931ec2a0207b547f272c970db72b7ed72d4ff065f2d6

                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                    ac498a29773a41dab90f052c1aa2de54c9c74643d860d4409c7a4769117f41d308a40c706c81566eec15890b6acc7285a1267a538bda13f286e2117084bbbfa4

                                                                                                                                                                                                                                                                    Download Submit
                                                                                                                                                                                                                                                                  • /tmp/tmp-uqk.xpi
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    7.4MB

                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                    57fc50c7ff5ce22528ba7e6000acb7a8

                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                    d0b577c6ec69747eaceeaf568be58daea43fc841

                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                    a5b82c4e121452fea270af8b08ac50433ebef8e9ba646742d5fb5acb0116119c

                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                    7ea39f17a226a3f9158656810e535484b8d296404055442dd4dff0f548a91ebb7737ba63a66d63b6622f41b1c89f760c8c022946e0ec4b5586b30682c2c61ae1

                                                                                                                                                                                                                                                                    Download Submit
                                                                                                                                                                                                                                                                  • /tmp/tmp-xad.xpi
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    197KB

                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                    483e0a2cf3416a5eb2c23513e2613551

                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                    edf26c54aab247456641a35d9460aff39c4071c4

                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                    77efc42567960695ab4fade263e201cca0b85c1af8dd1dd69906b0950fa46a8c

                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                    7807d063dafa79219c749c12844010410762f2899ba4869491e46aea1a2b541970f6b7cc97c6aee6868d47cd49d9da244920a11ef0e08a9c070b5affbbbce255

                                                                                                                                                                                                                                                                    Download Submit
                                                                                                                                                                                                                                                                  • /tmp/tmp-xmx.xpi
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    37KB

                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                    b3f2a082a70f8505b378f7d378c53fb7

                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                    a77d6747ad285b0ff0f434ddb2d8bb697d1155cb

                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                    87dae4816d9c80567add867d8e03be11d8219997496d7e92aaaff40486717303

                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                    d6760ed664b3c11c8a505b1a0161636d16020a6bf381800f595f7b8cf41311453f316b3ffd810a7352fb314cb100e5a619501337f0a9c4db2cf25a8818691a06

                                                                                                                                                                                                                                                                    Download Submit
                                                                                                                                                                                                                                                                  • /tmp/tmpaddon
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    569KB

                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                    30082ae40dc48af6343db2fd22cfc645

                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                    3eb577555ee638e8beb01173e8f29e172747a728

                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                    85d4b95f9b2075daee9b0e64bce8d9d7343d0dda10e6072d7f9485a68472ee76

                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                    53a58bfb4c8124ad4f7655b99bfdea290033a085e0796b19245b33b91c0948fdac9f0c3e817130b352493a65d9a7a0fc8a7c1eedc618cdaa2b4580734a11cd9c

                                                                                                                                                                                                                                                                    Download Submit