Create Interactive Tour

Analysis Report http://www.tm.a.prd.aadg.akadns.net

Overview

General Information

Sample URL:	http://www.tm.a.prd.aadg.akadns.net
Analysis ID:	332080
Most interesting Screenshot:

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false

Signatures

Creates hidden files and/or directories

Queries the installed Ubuntu/CentOS release

Uses the "uname" system call to query kernel version information (possible evasion)

Writes ELF files to disk

Classification

Startup

system is lnxubuntu1

exo-open (PID: 4624, Parent: 4549, MD5: 39c5fa78f1cb3d950b9944f784018d3a) Arguments: exo-open http://www.tm.a.prd.aadg.akadns.net

exo-open New Fork (PID: 4633, Parent: 4624)

exo-open New Fork (PID: 4634, Parent: 4633)

exo-helper-1 (PID: 4634, Parent: 3310, MD5: c27a648e34ba5ce625d064af015be147) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1 --launch WebBrowser http://www.tm.a.prd.aadg.akadns.net

exo-helper-1 New Fork (PID: 4643, Parent: 4634)

sensible-browser (PID: 4643, Parent: 4634, MD5: a5909f49ad9c97574d2b4c49cc24905d) Arguments: /bin/sh /usr/bin/sensible-browser http://www.tm.a.prd.aadg.akadns.net

x-www-browser (PID: 4643, Parent: 4634, MD5: 42b33a4578e4a51d8a5d1010c466a9d7) Arguments: /bin/sh /usr/bin/x-www-browser http://www.tm.a.prd.aadg.akadns.net

x-www-browser New Fork (PID: 4644, Parent: 4643)

which (PID: 4644, Parent: 4643, MD5: e942f154ef9d9974366551d2d231d936) Arguments: /bin/sh /usr/bin/which /usr/bin/x-www-browser

firefox (PID: 4643, Parent: 4634, MD5: a4440256f73e7450b27eeb48d0d5f804) Arguments: /usr/lib/firefox/firefox http://www.tm.a.prd.aadg.akadns.net

firefox New Fork (PID: 4648, Parent: 4643)

firefox New Fork (PID: 4679, Parent: 4643)

firefox New Fork (PID: 4692, Parent: 4643)

dbus-launch (PID: 4692, Parent: 4643, MD5: e4a469f27d130d783c21ce9c1c4456c3) Arguments: dbus-launch --autolaunch f0b45546524a75b2e6e8e8a55aab94da --binary-syntax --close-stderr

firefox New Fork (PID: 4702, Parent: 4643)

lsb_release (PID: 4702, Parent: 4643, MD5: 18cba7de7bfedd0d9f027bd1c54cc2b2) Arguments: /usr/bin/python3 -Es /usr/bin/lsb_release -idrc

firefox New Fork (PID: 4721, Parent: 4643)

dbus-launch (PID: 4721, Parent: 4643, MD5: e4a469f27d130d783c21ce9c1c4456c3) Arguments: dbus-launch --autolaunch=f0b45546524a75b2e6e8e8a55aab94da --binary-syntax --close-stderr

firefox New Fork (PID: 4749, Parent: 4643)

firefox (PID: 4749, Parent: 4643, MD5: a4440256f73e7450b27eeb48d0d5f804) Arguments: /usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -intPrefs 6:50|7:-1|19:0|34:1000|42:20|43:5|44:10|51:0|57:128|58:10000|63:0|65:400|66:1|67:0|68:0|69:100|74:0|75:120|76:120|159:2|160:1|164:60|165:30|166:512000|175:5000|177:6|191:8192|192:524288|193:5|206:10000|227:24|228:32768|230:0|231:0|240:5|244:1048576|246:100|247:5000|249:600|250:4|251:1|260:2000|277:3|290:60000|308:300|309:30| -boolPrefs 1:0|2:0|4:1|5:0|24:1|27:0|28:1|29:1|31:1|32:1|33:1|36:0|37:0|38:1|41:1|45:1|46:0|47:0|48:1|49:1|50:1|52:0|55:1|56:1|59:0|60:0|61:0|62:0|64:0|70:1|71:1|72:0|73:1|77:1|78:1|79:0|80:0|81:1|82:1|83:0|84:1|87:0|88:0|91:1|92:1|96:1|97:1|98:0|99:1|100:0|101:0|103:0|104:0|105:1|106:1|107:1|110:1|111:1|112:1|113:1|114:1|115:0|116:0|117:0|119:0|120:1|121:1|122:0|123:0|124:0|125:0|127:1|128:0|129:1|130:1|131:1|132:0|133:0|134:1|135:1|136:1|137:1|138:0|139:1|140:1|141:1|142:1|143:1|144:1|145:0|146:1|147:1|148:0|1 50:0|152:0|153:0|154:0|155:1|156:1|157:1|158:1|161:1|162:0|172:0|173:0|174:1|178:0|180:1|181:0|182:1|184:1|186:0|187:0|190:0|194:1|195:0|196:1|197:1|198:0|201:1|205:1|207:1|208:0|210:1|213:0|225:0|226:0|229:0|232:0|234:1|235:1|237:1|238:0|245:1|248:1|253:0|254:0|255:0|256:1|257:1|258:0|259:1|264:0|267:1|268:1|269:1|270:1|271:1|272:0|273:0|279:1|282:0|283:0|284:1|285:1|286:0|287:1|288:1|289:1|291:0|292:0|294:0|303:1|304:1|305:0|306:0|307:0| -stringPrefs "3:7;release|151:0;|212:3;1.0|223:332; \\u00A0\\u00BC\\u00BD\\u00BE\\u01C3\\u02D0\\u0337\\u0338\\u0589\\u058A\\u05C3\\u05F4\\u0609\\u060A\\u066A\\u06D4\\u0701\\u0702\\u0703\\u0704\\u115F\\u1160\\u1735\\u2000\\u2001\\u2002\\u2003\\u2004\\u2005\\u2006\\u2007\\u2008\\u2009\\u200A\\u200B\\u200E\\u200F\\u2010\\u2019\\u2024\\u2027\\u2028\\u2029\\u202A\\u202B\\u202C\\u202D\\u202E\\u202F\\u2039\\u203A\\u2041\\u2044\\u2052\\u205F\\u2153\\u2154\\u2155\\u2156\\u2157\\u2158\\u2159\\u215A\\u215B\\u215C\\u215D\\u215E\\u215F\\u2215\\u2236\\u23AE\\u2571\\u29F6\\u29F8\\u2AFB\\u2AFD\\u2FF0\\u2FF1" -schedulerPrefs 0001,2 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appdir /usr/lib/firefox/browser 4643 true tab

firefox New Fork (PID: 4805, Parent: 4643)

firefox (PID: 4805, Parent: 4643, MD5: a4440256f73e7450b27eeb48d0d5f804) Arguments: /usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -intPrefs 6:50|7:-1|19:0|34:1000|42:20|43:5|44:10|51:0|57:128|58:10000|63:0|65:400|66:1|67:0|68:0|69:100|74:0|75:120|76:120|159:2|160:1|164:60|165:30|166:512000|175:5000|177:6|191:8192|192:524288|193:5|206:10000|227:24|228:32768|230:0|231:0|240:5|244:1048576|246:100|247:5000|249:600|250:4|251:1|260:2000|277:3|290:60000|308:300|309:30| -boolPrefs 1:0|2:0|4:1|5:0|24:1|27:0|28:1|29:1|31:1|32:1|33:1|36:0|37:0|38:1|41:1|45:1|46:0|47:0|48:1|49:1|50:1|52:0|55:1|56:1|59:0|60:0|61:0|62:0|64:0|70:1|71:1|72:0|73:1|77:1|78:1|79:0|80:0|81:1|82:1|83:0|84:1|87:0|88:0|91:1|92:1|96:1|97:1|98:0|99:1|100:0|101:0|103:0|104:0|105:1|106:1|107:1|110:1|111:1|112:1|113:1|114:1|115:0|116:0|117:0|119:0|120:1|121:1|122:0|123:0|124:0|125:0|127:1|128:0|129:1|130:1|131:1|132:0|133:0|134:1|135:1|136:1|137:1|138:0|139:1|140:1|141:1|142:1|143:1|144:1|145:0|146:1|147:1|148:0|1 50:0|152:0|153:0|154:0|155:1|156:1|157:1|158:1|161:1|162:0|172:0|173:0|174:1|178:0|180:1|181:0|182:1|184:1|186:0|187:0|190:0|194:1|195:0|196:1|197:1|198:0|201:1|205:1|207:1|208:0|210:1|213:0|225:0|226:0|229:0|232:0|234:1|235:1|237:1|238:0|245:1|248:1|253:0|254:0|255:0|256:1|257:1|258:0|259:1|264:0|267:1|268:1|269:1|270:1|271:1|272:0|273:0|279:1|282:0|283:0|284:1|285:1|286:0|287:1|288:1|289:1|291:0|292:0|294:0|303:1|304:1|305:0|306:0|307:0| -stringPrefs "3:7;release|151:0;|212:3;1.0|223:332; \\u00A0\\u00BC\\u00BD\\u00BE\\u01C3\\u02D0\\u0337\\u0338\\u0589\\u058A\\u05C3\\u05F4\\u0609\\u060A\\u066A\\u06D4\\u0701\\u0702\\u0703\\u0704\\u115F\\u1160\\u1735\\u2000\\u2001\\u2002\\u2003\\u2004\\u2005\\u2006\\u2007\\u2008\\u2009\\u200A\\u200B\\u200E\\u200F\\u2010\\u2019\\u2024\\u2027\\u2028\\u2029\\u202A\\u202B\\u202C\\u202D\\u202E\\u202F\\u2039\\u203A\\u2041\\u2044\\u2052\\u205F\\u2153\\u2154\\u2155\\u2156\\u2157\\u2158\\u2159\\u215A\\u215B\\u215C\\u215D\\u215E\\u215F\\u2215\\u2236\\u23AE\\u2571\\u29F6\\u29F8\\u2AFB\\u2AFD\\u2FF0\\u2FF1" -schedulerPrefs 0001,2 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appdir /usr/lib/firefox/browser 4643 true tab

cleanup

Yara Overview

No yara matches

Signature Overview

• Networking
• System Summary
• Persistence and Installation Behavior
• Malware Analysis System Evasion
• Language, Device and Operating System Detection

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: places.sqlite-wal.32.dr	String found in binary or memory: http://check.torproject.org/gro.tcejorprot.kcehc.
Source: E293DE1609300BB1B8A8CA45B3A45EB3CB38903B.32.dr	String found in binary or memory: http://ciscobinary.openh264.org/openh264-linux64-6c2e7008f8bbe2ff90100972f97071eb87ec37cb.zip
Source: E293DE1609300BB1B8A8CA45B3A45EB3CB38903B.32.dr	String found in binary or memory: http://ciscobinary.openh264.org/openh264-linux64-6c2e7008f8bbe2ff90100972f97071eb87ec37cb.zipnecko:c
Source: scriptCache-child-new.bin.32.dr	String found in binary or memory: http://lists.w3.org/Archives/Public/www-xml-linking-comments/2001AprJun/att-0074/01-NOTE-FIXptr-2001
Source: scriptCache-child-new.bin.32.dr	String found in binary or memory: http://mozilla.org/
Source: scriptCache-child-new.bin.32.dr	String found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: scriptCache-child-new.bin.32.dr	String found in binary or memory: http://segment7.net/mozilla/links/links.html
Source: scriptCache-child-new.bin.32.dr	String found in binary or memory: http://segment7.net/mozilla/links/links.html.
Source: scriptCache-child-new.bin.32.dr	String found in binary or memory: http://sub.mozilla.org/
Source: places.sqlite-wal.32.dr	String found in binary or memory: http://wiki.ubuntu.com/moc.utnubu.ikiw.
Source: scriptCache-child-new.bin.32.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: places.sqlite-wal.32.dr	String found in binary or memory: http://www.debian.org/gro.naibed.www.
Source: scriptCache-new.bin.32.dr	String found in binary or memory: http://www.mozilla.org/2006/addons-blocklist
Source: scriptCache-new.bin.32.dr	String found in binary or memory: http://www.mozilla.org/2006/addons-blocklisti
Source: scriptCache-new.bin.32.dr	String found in binary or memory: http://www.mozilla.org/2006/addons-blocklistihttp://www.mozilla.org/newlayout/xml/parsererror.xmlcch
Source: scriptCache-new.bin.32.dr	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: scriptCache-new.bin.32.dr	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul/
Source: scriptCache-new.bin.32.dr	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul/customizableui-special-;browser.uiCust
Source: scriptCache-new.bin.32.dr	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul;
Source: scriptCache-new.bin.32.dr	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul;browser.uiCustomization.debug
Source: scriptCache-new.bin.32.dr	String found in binary or memory: http://www.mozilla.org/newlayout/xml/parsererror.xmlc
Source: scriptCache-new.bin.32.dr	String found in binary or memory: http://www.openh264.org/
Source: recovery.jsonlz4.tmp.32.dr, 2B498AE400A03BFFA597CE5FBDFFC3C2728885A0.32.dr, 4710CE71E693FA7973F1CCBD0ECCF13C7EA4B4D2.32.dr	String found in binary or memory: http://www.tm.a.prd.aadg.akadns.net/
Source: 01B7F78F63B56F8645F1C2139AEC515BBA8005CB.32.dr	String found in binary or memory: http://www.tm.a.prd.aadg.akadns.net/favicon.ico
Source: 01B7F78F63B56F8645F1C2139AEC515BBA8005CB.32.dr	String found in binary or memory: http://www.tm.a.prd.aadg.akadns.net/favicon.icostrongly-framed1request-methodGETresponse-headHTTP/1.
Source: 2B498AE400A03BFFA597CE5FBDFFC3C2728885A0.32.dr	String found in binary or memory: http://www.tm.a.prd.aadg.akadns.net/necko:classified1strongly-framed1request-methodGETresponse-headH
Source: 4710CE71E693FA7973F1CCBD0ECCF13C7EA4B4D2.32.dr	String found in binary or memory: http://www.tm.a.prd.aadg.akadns.net/predictor::seen1
Source: places.sqlite-wal.32.dr	String found in binary or memory: http://www.tm.a.prd.aadg.akadns.net/ten.sndaka.gdaa.drp.a.mt.www.
Source: places.sqlite-wal.32.dr	String found in binary or memory: http://www.ubuntu.com/moc.utnubu.www.
Source: places.sqlite-wal.32.dr	String found in binary or memory: https://answers.launchpad.net/ubuntu/
Source: scriptCache-child-new.bin.32.dr	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1083410
Source: scriptCache-new.bin.32.dr	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1100294
Source: scriptCache-child-new.bin.32.dr	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1172586
Source: scriptCache-new.bin.32.dr	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1238180
Source: scriptCache-new.bin.32.dr	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1243643
Source: scriptCache-child-new.bin.32.dr	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1378770#c6
Source: scriptCache-new.bin.32.dr	String found in binary or memory: https://developer.mozilla.org/docs/JavaScript_OS.File
Source: scriptCache-new.bin.32.dr	String found in binary or memory: https://developer.mozilla.org/en-US/docs/JavaScript_OS.File/OS.File.Info#Cross-platform_Attributes/
Source: scriptCache-new.bin.32.dr	String found in binary or memory: https://developer.mozilla.org/en-US/docs/JavaScript_OS.File/OS.File.Info#Cross-platform_Attributes/_
Source: scriptCache-new.bin.32.dr	String found in binary or memory: https://discovery.addons-dev.allizom.org
Source: scriptCache-new.bin.32.dr	String found in binary or memory: https://discovery.addons.allizom.orgQ
Source: scriptCache-new.bin.32.dr	String found in binary or memory: https://discovery.addons.allizom.orgQhttps://discovery.addons-dev.allizom.org
Source: scriptCache-new.bin.32.dr	String found in binary or memory: https://discovery.addons.mozilla.org
Source: scriptCache-new.bin.32.dr	String found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/c61f5f5ead48c78a80c80db5c489bdc7cfaf8175
Source: scriptCache-new.bin.32.dr	String found in binary or memory: https://normandy.cdn.mozilla.net/api/v1O
Source: scriptCache-new.bin.32.dr	String found in binary or memory: https://normandy.cdn.mozilla.net/api/v1Oextensions.shield-recipe-client.api_urlQextensions.shield-re
Source: scriptCache-child-new.bin.32.dr	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/report_error/?tpl=mozilla
Source: scriptCache-new.bin.32.dr	String found in binary or memory: https://screenshots.firefox.com/
Source: scriptCache-child-new.bin.32.dr	String found in binary or memory: https://screenshots.firefox.com/#tour
Source: 7D0DF88A5F52C22C222EA72EA1AC18B62CF57B56.32.dr	String found in binary or memory: https://search.services.mozilla.com/1/firefox/59.0/release-cck-ubuntu/en-US/CH/canonical/1.0
Source: scriptCache-new.bin.32.dr	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shielde
Source: scriptCache-new.bin.32.dr	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shieldeextensions.shield-recipe-client
Source: places.sqlite-wal.32.dr	String found in binary or memory: https://support.mozilla.org/en-US/products/firefoxgro.allizom.troppus.
Source: scriptCache-new.bin.32.dr	String found in binary or memory: https://support.mozilla.org/kb/flash-protected-mode-autodisabled
Source: scriptCache-new.bin.32.dr	String found in binary or memory: https://support.mozilla.org/kb/reset-firefox-easily-fix-most-problems
Source: scriptCache-new.bin.32.dr	String found in binary or memory: https://support.mozilla.org/kb/warning-unresponsive-script#w_other-causes
Source: scriptCache-child-new.bin.32.dr	String found in binary or memory: https://www.antiphishing.org//
Source: scriptCache-child-new.bin.32.dr	String found in binary or memory: https://www.google.com/about/unwanted-software-policy.html
Source: scriptCache-new.bin.32.dr	String found in binary or memory: https://www.google.com/policies/privacy/3
Source: scriptCache-new.bin.32.dr	String found in binary or memory: https://www.google.com/policies/privacy/3https://www.widevine.com/
Source: places.sqlite-wal.32.dr	String found in binary or memory: https://www.mozilla.org/en-US/about/gro.allizom.www.
Source: places.sqlite-wal.32.dr	String found in binary or memory: https://www.mozilla.org/en-US/contribute/gro.allizom.www.
Source: places.sqlite-wal.32.dr	String found in binary or memory: https://www.mozilla.org/en-US/firefox/59.0/firstrun/Welcome
Source: places.sqlite-wal.32.dr	String found in binary or memory: https://www.mozilla.org/en-US/firefox/central/gro.allizom.www.
Source: places.sqlite-wal.32.dr	String found in binary or memory: https://www.mozilla.org/en-US/firefox/customize/gro.allizom.www.
Source: places.sqlite-wal.32.dr	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: places.sqlite-wal.32.dr	String found in binary or memory: https://www.mozilla.org/media/img/firefox/template/page-image.4b108ed0b8d8.png
Source: places.sqlite-wal.32.dr	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: scriptCache-child-new.bin.32.dr	String found in binary or memory: https://www.stopbadware.org/firefox
Source: scriptCache-new.bin.32.dr	String found in binary or memory: https://www.widevine.com/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 33908
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 35936
Source: unknown	Network traffic detected: HTTP traffic on port 35936 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 36414 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 45524 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 33908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 36414
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 45524

Source: classification engine

Classification label: clean2.lin@0/68@0/0

Source: /usr/bin/exo-open (PID: 4624)	Directory: /home/user/.cache
Source: /usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1 (PID: 4634)	Directory: /home/user/.cache
Source: /usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1 (PID: 4634)	Directory: /home/user/.local
Source: /usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1 (PID: 4634)	Directory: /home/user/.config
Source: /usr/lib/firefox/firefox (PID: 4643)	Directory: /home/user/.cache

Source: /usr/lib/firefox/firefox (PID: 4643)

File written: /home/user/.mozilla/firefox/v9nzj3nw.default/gmp-gmpopenh264/1.7.1/libgmpopenh264.so.tmp

Jump to dropped file

Source: /usr/bin/exo-open (PID: 4624)	Queries kernel information via 'uname':
Source: /usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1 (PID: 4634)	Queries kernel information via 'uname':
Source: /usr/lib/firefox/firefox (PID: 4643)	Queries kernel information via 'uname':
Source: /usr/lib/firefox/firefox (PID: 4679)	Queries kernel information via 'uname':
Source: /usr/bin/dbus-launch (PID: 4692)	Queries kernel information via 'uname':
Source: /usr/bin/dbus-launch (PID: 4721)	Queries kernel information via 'uname':
Source: /usr/lib/firefox/firefox (PID: 4749)	Queries kernel information via 'uname':
Source: /usr/lib/firefox/firefox (PID: 4805)	Queries kernel information via 'uname':

Source: tmpaddon.32.dr

Binary or memory string: hgFsR

Source: /usr/lib/firefox/firefox (PID: 4702)

Arguments: /usr/bin/lsb_release -> /usr/bin/python3 -Es /usr/bin/lsb_release -idrc

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	Hidden Files and Directories1	OS Credential Dumping	Security Software Discovery11	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Application Layer Protocol1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://www.tm.a.prd.aadg.akadns.net	0%	Avira URL Cloud	safe

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://discovery.addons.allizom.orgQ	0%	Avira URL Cloud	safe
https://discovery.addons-dev.allizom.org	0%	Avira URL Cloud	safe
http://segment7.net/mozilla/links/links.html	0%	Avira URL Cloud	safe
http://segment7.net/mozilla/links/links.html.	0%	Avira URL Cloud	safe
https://discovery.addons.allizom.orgQhttps://discovery.addons-dev.allizom.org	0%	Avira URL Cloud	safe
https://www.antiphishing.org//	0%	Avira URL Cloud	safe

Domains and IPs Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
prod.balrog.prod.cloudops.mozgcp.net	35.244.181.201	true	false	unknown
locprod2-elb-us-west-2.prod.mozaws.net	44.237.173.75	true	false	high
search.r53-2.services.mozilla.com	34.213.158.239	true	false	high
pipeline-incoming-prod-elb-149169523.us-west-2.elb.amazonaws.com	54.201.107.8	true	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://discovery.addons.allizom.orgQ	scriptCache-new.bin.32.dr	false	Avira URL Cloud: safe	unknown
http://www.apache.org/licenses/LICENSE-2.0	scriptCache-child-new.bin.32.dr	false		high
http://mozilla.org/	scriptCache-child-new.bin.32.dr	false		high
https://normandy.cdn.mozilla.net/api/v1Oextensions.shield-recipe-client.api_urlQextensions.shield-re	scriptCache-new.bin.32.dr	false		high
https://screenshots.firefox.com/	scriptCache-new.bin.32.dr	false		high
https://hg.mozilla.org/releases/mozilla-release/rev/c61f5f5ead48c78a80c80db5c489bdc7cfaf8175	scriptCache-new.bin.32.dr	false		high
http://www.debian.org/gro.naibed.www.	places.sqlite-wal.32.dr	false		high
https://support.mozilla.org/en-US/products/firefoxgro.allizom.troppus.	places.sqlite-wal.32.dr	false		high
https://bugzilla.mozilla.org/show_bug.cgi?id=1083410	scriptCache-child-new.bin.32.dr	false		high
https://www.widevine.com/	scriptCache-new.bin.32.dr	false		high
https://screenshots.firefox.com/#tour	scriptCache-child-new.bin.32.dr	false		high
http://wiki.ubuntu.com/moc.utnubu.ikiw.	places.sqlite-wal.32.dr	false		high
https://bugzilla.mozilla.org/show_bug.cgi?id=1172586	scriptCache-child-new.bin.32.dr	false		high
https://support.mozilla.org/kb/warning-unresponsive-script#w_other-causes	scriptCache-new.bin.32.dr	false		high
https://developer.mozilla.org/en-US/docs/JavaScript_OS.File/OS.File.Info#Cross-platform_Attributes/_	scriptCache-new.bin.32.dr	false		high
https://support.mozilla.org/kb/reset-firefox-easily-fix-most-problems	scriptCache-new.bin.32.dr	false		high
https://discovery.addons-dev.allizom.org	scriptCache-new.bin.32.dr	false	Avira URL Cloud: safe	unknown
https://answers.launchpad.net/ubuntu/	places.sqlite-wal.32.dr	false		high
http://mozilla.org/MPL/2.0/.	scriptCache-child-new.bin.32.dr	false		high
http://www.ubuntu.com/moc.utnubu.www.	places.sqlite-wal.32.dr	false		high
https://bugzilla.mozilla.org/show_bug.cgi?id=1238180	scriptCache-new.bin.32.dr	false		high
http://segment7.net/mozilla/links/links.html	scriptCache-child-new.bin.32.dr	false	Avira URL Cloud: safe	unknown
https://bugzilla.mozilla.org/show_bug.cgi?id=1243643	scriptCache-new.bin.32.dr	false		high
http://sub.mozilla.org/	scriptCache-child-new.bin.32.dr	false		high
https://bugzilla.mozilla.org/show_bug.cgi?id=1100294	scriptCache-new.bin.32.dr	false		high
https://developer.mozilla.org/docs/JavaScript_OS.File	scriptCache-new.bin.32.dr	false		high
http://www.openh264.org/	scriptCache-new.bin.32.dr	false		high
https://developer.mozilla.org/en-US/docs/JavaScript_OS.File/OS.File.Info#Cross-platform_Attributes/	scriptCache-new.bin.32.dr	false		high
http://segment7.net/mozilla/links/links.html.	scriptCache-child-new.bin.32.dr	false	Avira URL Cloud: safe	unknown
https://support.mozilla.org/kb/flash-protected-mode-autodisabled	scriptCache-new.bin.32.dr	false		high
https://discovery.addons.mozilla.org	scriptCache-new.bin.32.dr	false		high
https://discovery.addons.allizom.orgQhttps://discovery.addons-dev.allizom.org	scriptCache-new.bin.32.dr	false	Avira URL Cloud: safe	unknown
https://www.antiphishing.org//	scriptCache-child-new.bin.32.dr	false	Avira URL Cloud: safe	unknown
http://check.torproject.org/gro.tcejorprot.kcehc.	places.sqlite-wal.32.dr	false		high
https://bugzilla.mozilla.org/show_bug.cgi?id=1378770#c6	scriptCache-child-new.bin.32.dr	false		high
https://normandy.cdn.mozilla.net/api/v1O	scriptCache-new.bin.32.dr	false		high
https://www.stopbadware.org/firefox	scriptCache-child-new.bin.32.dr	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
34.213.158.239	unknown	United States	16509	AMAZON-02US	false
35.244.181.201	unknown	United States	15169	GOOGLEUS	false
44.237.173.75	unknown	United States	16509	AMAZON-02US	false
54.201.107.8	unknown	United States	16509	AMAZON-02US	false

General Information

Joe Sandbox Version:	31.0.0 Red Diamond
Analysis ID:	332080
Start date:	18.12.2020
Start time:	08:25:20
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 4m 28s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://www.tm.a.prd.aadg.akadns.net
Analysis system description:	Ubuntu Linux 16.04 x64 (Kernel 4.4.0-116, Firefox 59.0, Document Viewer 3.18.2, LibreOffice 5.1.6.2, OpenJDK 1.8.0_171)
Detection:	CLEAN
Classification:	clean2.lin@0/68@0/0
Warnings:	Show All Excluded IPs from analysis (whitelisted): 40.126.1.135, 40.126.1.139, 20.190.129.16, 20.190.129.134, 40.126.1.165, 40.126.1.167, 20.190.129.23, 40.126.1.144, 65.9.68.19, 65.9.68.38, 65.9.68.129, 65.9.68.51, 23.55.161.185, 23.55.161.211 Excluded domains from analysis (whitelisted): a19.dscg10.akamai.net, ciscobinary.openh264.org, incoming.telemetry.mozilla.org, a17.rackcdn.com.mdc.edgesuite.net, www.tm.a.prd.aadg.akadns.net, aus5.mozilla.org, search.services.mozilla.com, location.services.mozilla.com, activity-stream-icons.services.mozilla.com VT rate limit hit for: http://www.tm.a.prd.aadg.akadns.net

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

/home/user/.cache/dconf/user Download File
Process:	/usr/lib/firefox/firefox
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	93B885ADFE0DA089CDF634904FD59F71
SHA1:	5BA93C9DB0CFF93F52B521D7420E43F6EDA2784F
SHA-256:	6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D
SHA-512:	B8244D028981D693AF7B456AF8EFA4CAD63D282E19FF14942C246E50D9351D22704A802A71C3580B6370DE4CEB293C324A8423342557D4E5C38438F0E36910EE
Malicious:	false
Reputation:	low
Preview:	.

/home/user/.cache/mozilla/firefox/v9nzj3nw.default/activity-stream.tippytop.json.tmp Download File
Process:	/usr/lib/firefox/firefox
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	96113
Entropy (8bit):	5.0756665025116785
Encrypted:	false
SSDEEP:	1536:kXDomowJN7k+wUXZKZAlc+getRnEC0spZ8WFoDDEOvhtff0+cq+8B5VLJP3qXZdM:kTcUEH2kbH
MD5:	875EFA80007DE94BEC47BC0FEDB1BA32
SHA1:	D9B57155A49CF6C3DE8DF540475BAAD65E553EB8
SHA-256:	0EB76B11EDE606B12756AF141C0042B3ED5279AC397CC16D092120A5931CEC2A
SHA-512:	22C6D79E76D6358F645799F1DA16FF87F42377B3EB68C0FE583B01F0A6C09481641686F2C42C0ECC1E96B3A97191DA355B94942CF473729BE5E940CB4F303DA7
Malicious:	false
Reputation:	low
Preview:	{"sites":{"01net.com":{"image_url":"https://static.bfmtv.com/ressources/favicon/site01net/apple-touch-icon-144x144.png"},"104.com.tw":{"image_url":"https://static.104.com.tw/logo/104logo_o_152x152_appletouchicon.png"},"1111.com.tw":{"image_url":"https://www.1111.com.tw/1111app/images/1111-job-1.png"},"123rf.com":{"image_url":"https://static-cdn.123rf.com/images/faviconBig.png"},"1688.com":{"image_url":"http://m.1688.com/144px.png"},"17173.com":{"image_url":"http://ue1.17173cdn.com/a/www/index/2015/m/img/touch-icon-120x120.png"},"17track.net":{"image_url":"http://res.17track.net/global-v2/imgs/oauth_image/apple_touch_152x152.png"},"1and1.com":{"image_url":"https://www.1and1.com/modules/frontend-elements/img/components/header/apple-touch-icon-114x114px.png"},"1tv.ru":{"image_url":"https://static.1tv.ru/assets/web/favicon/android-chrome-192x192-2414f320deff0830ead81c2d9e7da72f.png"},"20minutes.fr":{"image_url":"https://assets-v.20mn.fr/favicons/favicon-194x194.png"},"20minutos.es":{"image

/home/user/.cache/mozilla/firefox/v9nzj3nw.default/cache2/entries/01B7F78F63B56F8645F1C2139AEC515BBA8005CB Download File
Process:	/usr/lib/firefox/firefox
File Type:	PGP\011Secret Key -
Category:	dropped
Size (bytes):	296
Entropy (8bit):	5.2980797705177265
Encrypted:	false
SSDEEP:	6:cvglYc4pznMLMWHC5AWlX5TxmKnD4kF7VFEqM8dt5nF7VFEqX:cvglUmHA9lX51mKn8EaG9
MD5:	FA82653E032DA802DEB855F1BC35110D
SHA1:	6FAA47A21B941517E0E9D0BB150F818F18DE673B
SHA-256:	090282D4E43CBE39C03CC6CF00DEBD591167DDE41BD80FEDD44520FCE8C63595
SHA-512:	4DAB4DC063CD20B0B87A6206B713CFD42DEFF68BD95BD83D7F0498A57474FF487D4AB6C07E2EC10B52503C7427960E5DB339ED789931971DB0DAB0E19964AE62
Malicious:	false
Reputation:	low
Preview:	..?........._.g._.g.Bs.........0....:http://www.tm.a.prd.aadg.akadns.net/favicon.ico.strongly-framed.1.request-method.GET.response-head.HTTP/1.1 400 Bad Request..Date: Fri, 18 Dec 2020 07:25:56 GMT...original-response-headers.Transfer-Encoding: chunked..Date: Fri, 18 Dec 2020 07:25:56 GMT.......

/home/user/.cache/mozilla/firefox/v9nzj3nw.default/cache2/entries/2B498AE400A03BFFA597CE5FBDFFC3C2728885A0 Download File
Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	361
Entropy (8bit):	5.218413047215672
Encrypted:	false
SSDEEP:	6:ueUCc4pznFK8C5AWlX5TxmKnD4kF7VFEqM8dt5nF7VFEqVQeO7WqeO7W0Jl/:FHA9lX51mKn8EaGQpLp7Jt
MD5:	4788C9C89610005963247FB661F4CC86
SHA1:	CE7A419D135888773DDF31BBB25C55DD7BBED87E
SHA-256:	94AB41715B4C17691DD7B4F06D3E4AC4528A36566EA21B148DF4976298D99EBF
SHA-512:	0B4FE074018AF6FFE2E8BCE9FE7079F93AF08F8B88AFAE065AF84E47753069FB9C3672E97165A4C2D18BD861A730785281F33F1C3749E1E23CEA4D5C75786BB4
Malicious:	false
Reputation:	low
Preview:	............_.g._.g.Br.........%....:http://www.tm.a.prd.aadg.akadns.net/.necko:classified.1.strongly-framed.1.request-method.GET.response-head.HTTP/1.1 400 Bad Request..Date: Fri, 18 Dec 2020 07:25:56 GMT...original-response-headers.Transfer-Encoding: chunked..Date: Fri, 18 Dec 2020 07:25:56 GMT...net-response-time-onstart.78.net-response-time-onstop.79.....

/home/user/.cache/mozilla/firefox/v9nzj3nw.default/cache2/entries/4710CE71E693FA7973F1CCBD0ECCF13C7EA4B4D2 Download File
Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	114
Entropy (8bit):	4.662290954617008
Encrypted:	false
SSDEEP:	3:fHY/lhlG8eWtb9vX3XDkAJS45jLzIEVcX8sX3u+llln:vY3dZlXDFc4pzndsHHl/n
MD5:	0C863E4943440440A5CE594225030FA0
SHA1:	1077DE0BFD8CA617ABE83845245F05AA9E8AEEA0
SHA-256:	24273B7FDC05C5BF655F9DCDD5B75E33D591D16755FC965DA75D94851DEEB088
SHA-512:	EACF2BB18012E6ACAC1A37A37C33D2FCE604801A13DC38F29400D4CD5FB44C72EA61281032456289AAED74B251D35286E2528F095626B5835F60401414058379
Malicious:	false
Reputation:	low
Preview:	5/"........._.g._.g.Br.........7....~predictor-origin,:http://www.tm.a.prd.aadg.akadns.net/.predictor::seen.1.....

/home/user/.cache/mozilla/firefox/v9nzj3nw.default/cache2/entries/7D0DF88A5F52C22C222EA72EA1AC18B62CF57B56 Download File
Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	17261
Entropy (8bit):	5.975308138050515
Encrypted:	false
SSDEEP:	384:yZf5RZ8Tf5Um5hOZHqkfvf5RZ8Tf5Um5hOZHqkfN:yZBRGTxUmbONRXBRGTxUmbONRV
MD5:	5A2FA83B716A79BAED97180F5866785B
SHA1:	912B08ECC2E3577FD34189ED40EE547252D06FC7
SHA-256:	0D85CC3960A69D5C4B8B9F659AC41F4155337A0F60DCBDB087A58E7CDC19EEE7
SHA-512:	03D51CFC6219FD9D16655BBD87CE4ADD23B5DE2129EA40E8CB6E91284B2EE0BF306B968F019F57D334F978618E79AC650F7CE75EE75398178ADDC7D1D61995C5
Malicious:	false
Reputation:	low
Preview:	{"cohort": "nov17-1", "interval": 86400, "settings": {"visibleDefaultEngines": ["amazondotcom", "bing", "ebay-ch", "google", "twitter", "wikipedia", "ddg"]}}...Z.........._.g._.g.Br.........]....:https://search.services.mozilla.com/1/firefox/59.0/release-cck-ubuntu/en-US/CH/canonical/1.0.necko:classified.1.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAQAAgAAAAAAAAAAAAAAAAAAAAAB4vFIJp5wRkeyPxAQ9RJGKPqbqVvKO0mKuIl8ec8o/uhmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAbkMIIG4DCCBcigAwIBAgIQAt4CMcFuYGMCNcufow2/wTANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5EaWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTkxMjEwMDAwMDAwWhcNMjIwMjEwMTIwMDAwWjCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxHDAaBgNVBAoTE01vemlsbGEgQ29ycG9yYXRpb24xFzAVBgNVBAsTDkNsb3VkIFNlcnZpY2VzMR8wHQYDVQQDDBYqLnNlcnZpY2VzLm1vemlsbGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApJfZS3Xc++qIYqh70MSR

/home/user/.cache/mozilla/firefox/v9nzj3nw.default/cache2/entries/E293DE1609300BB1B8A8CA45B3A45EB3CB38903B Download File
Process:	/usr/lib/firefox/firefox
File Type:	Zip archive data, at least v2.0 to extract
Category:	dropped
Size (bytes):	526842
Entropy (8bit):	7.992156599421215
Encrypted:	true
SSDEEP:	6144:fH96w9G/EB7uVRo9yYvJbu6nCs0F1hLi5q+jJYbBVLbPscKsJvUb4XPwmyPNJ+yt:l6+6VRZYxANhLeIDA2e4XPICtcv83kX
MD5:	0F78FFAFC59FDBC1623F2471A0F53604
SHA1:	0AFF5190BD5D8CA627F486C977CE4560AF07F09B
SHA-256:	ED6083A3989AFD629BC485610D998408A07C8D3432D6FC7D3F7D75D34D4FCB52
SHA-512:	29C9B0913248CF51086E04AD190F5D096357C2E5C13E807AC092585A0F1BC3D6F4EBEF41669E7B117C63B930B060519913681AD9D8CBE4F468645376B6999E19
Malicious:	false
Reputation:	low
Preview:	PK........ ..K.a.a...t.......gmpopenh264.infoUT......Y...Yux..............K.M.RH.-./H..023.rI-N..,(...Rp..P..)M..SH./R.......K-..0.3.3.r..,.RH.K.OI.-.LI.............PK......../..K..V2U....y......libgmpopenh264.soUT...)..Y)..Yux..............].\S... "bDT......b.UP......^"E...b..=.]c=..w..5....7..z.'....w..ss/L6.........{.....q._..-..K.[...R.-...rn.)..M...lI...-yO.......).#.....{zu..%...w...<..N...{..+.i._....>.9...O...H.g.K.Z....=..:................-..jy'....mu".5\...c..\)R.W....<.4..36.....2.2...9n.$.....WQ.2...X.Sm=.2....L:..yR;..2"ci...........{...3.4.+!3n.JU..9...rNj.-1V.x....c"..j...}....._-i.../7.ZK+.g\|.T,.c^5(.t...\e].^e..I..;gpr.X.2.L."...<...X.I..j.<L8.<{....t(...7RYH...+..D&\...~....Ld.IE..3.:.....rv.8....4.....Frf.Db...=.U...yf3..2cSN&..r...&..u9.....Y..%.U\.g6Z^..../w.......IEF9&..3.9.X.o.p....:S\......Is.l ....q...m..\....c../.!m7.M.\|l.....4....T&.ff&..L$z.q`....X.\5..".iV.3.rNdy.2...\|...s........w.*.!..Le....716"....

/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/allow-flashallow-digest256.pset Download File
Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	16
Entropy (8bit):	0.3372900666170139
Encrypted:	false
SSDEEP:	3:kl:s
MD5:	076933FF9904D1110D896E2C525E39E5
SHA1:	4188442577FA77F25820D9B2D01CC446E30684AC
SHA-256:	4CBBD8CA5215B8D161AEC181A74B694F4E24B001D5B081DC0030ED797A8973E0
SHA-512:	6FCEE9A7B7A7B821D241C03C82377928BC6882E7A08C78A4221199BFA220CDC55212273018EE613317C8293BB8D1CE08D1E017508E94E06AB85A734C99C7CC34
Malicious:	false
Reputation:	low
Preview:	................

/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/allow-flashallow-digest256.sbstore Download File
Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	232
Entropy (8bit):	3.59524688231097
Encrypted:	false
SSDEEP:	3:VUystlMl3YLLLLLLLLLLLZ69kHrRbXq6Eeqy8A5ljGR9:ek3klm7eQA5Nq
MD5:	D886A47C89D9C49C795DA345BC236990
SHA1:	59E863E0D2B4E428D8C738D48FA0F6F7BAC36849
SHA-256:	A03C5E2656D2F292BF5794C8EEB8D223CD6BA4F4BFB2ED1F325460E879D0BCF7
SHA-512:	8B5A117BC33463F181458F0A99C14657B365CE2A7695DB346D2D086109176AD019DBD5A5F34F09DC3438E6C89CA93D83875DAA6D463EB06D995A2523FE51A5ED
Malicious:	false
Reputation:	low
Preview:	;.1..............................C.X....x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x.......5...8........G...r.E...&Y...Z.;O.C.X....Y9.H...]..

/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/base-track-digest256.pset Download File
Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	16
Entropy (8bit):	0.3372900666170139
Encrypted:	false
SSDEEP:	3:kl:s
MD5:	076933FF9904D1110D896E2C525E39E5
SHA1:	4188442577FA77F25820D9B2D01CC446E30684AC
SHA-256:	4CBBD8CA5215B8D161AEC181A74B694F4E24B001D5B081DC0030ED797A8973E0
SHA-512:	6FCEE9A7B7A7B821D241C03C82377928BC6882E7A08C78A4221199BFA220CDC55212273018EE613317C8293BB8D1CE08D1E017508E94E06AB85A734C99C7CC34
Malicious:	false
Reputation:	low
Preview:	................

/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/base-track-digest256.sbstore Download File
Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	64888
Entropy (8bit):	7.7710650452659005
Encrypted:	false
SSDEEP:	1536:J7tZqAZd4q6vSJlE9OWethUbEd5AX3hzQ/dIzU:JfqdvSJl+G9+3hCZ
MD5:	CD82F4495EAFE523B9B6B938C828611B
SHA1:	F81F7EDE77BAEB51D397DF96E337677E4957DB7B
SHA-256:	576A0D2C3AD8D66BB202439B18F9FD563F92D9DDD9582A3C4CCE0ECAFD4F0908
SHA-512:	2AE3B849C601B9614FA26C77FD63B9C022A5871E0A4322929DD3589F14F5AA4E4A368C41FC2BF732CD861B1DB9542D889172812C2CD2242006562FC24E78F7E7
Malicious:	false
Reputation:	low
Preview:	;.1..............................$(Z....x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x.........0...6....#....O......Rg.m../.$(Z...z+...m....S..5..6..H.e..B...$(Z.Yo..V..}B1.1k.........oS...y%..$(Z.q#..QD.:..",=(.....l.......7.O..$(Z....q.......A-@..R.,.m.....4.$(Z......AS..F...b.. .V....o.Rs.3.$(Z...ua...`...-.#,..{....D..RI....$(Z..'.Y.....<~..H.(.).}...7...#w..$(Z.N...P......o.}4.<......'.@py....$(Z.U.......V.yb...n......E.>.....$(Z.Y..(.xZ..}...aFfuj.x.......@..$(Z.h}...W@hC..6.B\|xoU/VY.p.....4..$(Z...#...g.T..<BwH.t...4..#.jN:...$(Z..Z7.15.J@h...Q..x....k.?.{..B.$(Z..p..i...W.H..JQ.y\\|3vD.~.).f..$(Z...U....X..3.}..,.>..c."9o.<.$(Z...C.....8u..H.....a..j..Xb..n..$(Z..mR......D..qD#...w....f.O.?...$(Z.Sx..W......v.>7v...>..g.{......$(Z.S.~,(.F."o.d.L.-P..h...v...\..$(Z...5X.....=....z'c..^..R.{..<..$(Z..l...-...>..X.^..8..`...%.Y#...$(Z...s...R!C>.W.$.........

/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/block-flash-digest256.pset Download File
Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	16
Entropy (8bit):	0.3372900666170139
Encrypted:	false
SSDEEP:	3:kl:s
MD5:	076933FF9904D1110D896E2C525E39E5
SHA1:	4188442577FA77F25820D9B2D01CC446E30684AC
SHA-256:	4CBBD8CA5215B8D161AEC181A74B694F4E24B001D5B081DC0030ED797A8973E0
SHA-512:	6FCEE9A7B7A7B821D241C03C82377928BC6882E7A08C78A4221199BFA220CDC55212273018EE613317C8293BB8D1CE08D1E017508E94E06AB85A734C99C7CC34
Malicious:	false
Reputation:	low
Preview:	................

/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/block-flash-digest256.sbstore Download File
Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	7648
Entropy (8bit):	7.734433994790214
Encrypted:	false
SSDEEP:	192:9R3/tArlx3czyJ7ALpZ8X7WIisGQchKjmD9ls6ZqOgC:Lvarn3czxLDuliuyD9lLZ7F
MD5:	0E8FE60CCD7E9B4C32589A5743A95302
SHA1:	190F3BC536C9489C707AE31DA32BF86947EA5D78
SHA-256:	2B124D4026850A3CFFD28DBACB58AEC28F7DCD4D40BC14E52BBE96D60CE4E749
SHA-512:	0AF17BD91464F26072F42BACFBB6BA72E68FA07B9D5801A92B14624CC51EBD00AB127272CECD8DF6FE650FE07BF170FD6422D70C2E8CD8F9AD94BC11548446BD
Malicious:	false
Reputation:	low
Preview:	;.1.............................f/Y....x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x........T..]..h...........t.V..@..'.f/Y.hy..../..s:....@R$.Q...w..V...f/Y..Y..1...c./!>O.3!..2...f L.x.6f/Y..&F.}......ez.N.R..j....3.;.if/Y....t.J....b.n...5aL...../...f/Y.dm....5.S.k...y+.....T.....Q>f/Y..-..nj.p..z....g...^T......f/Y...`.t9..(...@..'..u.8v%.d..^.f/Y...Z>Z_.b.[).B!/..U.W.y!.G.u..f/Y..@..WG...PAG.I=tsO.......`.N.f/Y.f?..G....;.c.`X....z....j...K\|f/Y.j....A-'v...].]-.....Q..L.4.Jf/Y.{a...!.-#...7.b..\h.4.~..=.ff/Y..{B.7...Bx.K..@.v...76."..hf/Y..;..Q.......!.<...Bd9I.....Mf/Y.B..mFYTJ..5..yj".T.........f/Y. ..'.',1...D......".L/......e.Yf/Y.!W..C..W$........8h.A..Nr;}mf/Y.[..6n.ZkJ.....2........xn..f/Y..,..8n..-E.....s.\|.N..2..Z..f/Y....C.EI....21w.l...Q.p ....f..f/Y.K....J..+.C:...v1...jo.7......f/Y.C."..c.].,@.....u.}.....~

/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/block-flashsubdoc-digest256.pset Download File
Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	16
Entropy (8bit):	0.3372900666170139
Encrypted:	false
SSDEEP:	3:kl:s
MD5:	076933FF9904D1110D896E2C525E39E5
SHA1:	4188442577FA77F25820D9B2D01CC446E30684AC
SHA-256:	4CBBD8CA5215B8D161AEC181A74B694F4E24B001D5B081DC0030ED797A8973E0
SHA-512:	6FCEE9A7B7A7B821D241C03C82377928BC6882E7A08C78A4221199BFA220CDC55212273018EE613317C8293BB8D1CE08D1E017508E94E06AB85A734C99C7CC34
Malicious:	false
Reputation:	low
Preview:	................

/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/block-flashsubdoc-digest256.sbstore Download File
Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	82744
Entropy (8bit):	7.772258239877141
Encrypted:	false
SSDEEP:	1536:RXoNNS+GqTr4HlEGVibr7rF5HlwU67HJxPU659kHvfrk++:RYfSAr4FRibr7rhojLPb5sU
MD5:	04824A1F92353F43EBB9E7F74B7476FD
SHA1:	C2636E8FFA8A5256D7D1F21E147101356E783114
SHA-256:	B48E58EBAB82E4C376F16150A3FFF850C1111FF1F5985D68819CFD6F0DB159D2
SHA-512:	92914B56FB2BDCDDCC1BEE2BF4DC98420CF0B923D380BB889C8A6EBC333D74EA4DDCA915218BEA0E729782C4904983424F1DE15BE7087C5A5338AED7319A03E5
Malicious:	false
Reputation:	low
Preview:	;.1.............................a.!Z....x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x.........0...6....#....O......Rg.m../a.!Z....Nt.HO5..... ..UM..7<....a.!Z...R..Cl.&/ZM....L...n..9.k.7<.a.!Z...z+...m....S..5..6..H.e..B..a.!Z.Yo..V..}B1.1k.........oS...y%.a.!Z.a{.{..>...M.3....[.THR..>...a.!Z.b.K#.... ..!D.n...}...#k..N..a.!Z.q#..QD.:..",=(.....l.......7.O.a.!Z....q.......A-@..R.,.m.....4a.!Z...Z....]..v..M.&.t...C.D.PA.h..a.!Z......AS..F...b.. .V....o.Rs.3a.!Z...ua...`...-.#,..{....D..RI...a.!Z..'.Y.....<~..H.(.).}...7...#w.a.!Z.N...P......o.}4.<......'.@py...a.!Z.U.......V.yb...n......E.>....a.!Z.V..<.>>....r..In+....v. :L.~..a.!Z.Y..(.xZ..}...aFfuj.x.......@.a.!Z.h}...W@hC..6.B\|xoU/VY.p.....4.a.!Z...#...g.T..<BwH.t...4..#.jN:..a.!Z..Z7.15.J@h...Q..x....k.?.{..Ba.!Z..p..i...W.H..JQ.y\\|3vD.~.).f..a.!Z..)Z.ns.@......O..F...c.9[x.pa.!Z...U....X..3.}..,.>..c."

/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/except-flash-digest256.pset Download File
Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	16
Entropy (8bit):	0.3372900666170139
Encrypted:	false
SSDEEP:	3:kl:s
MD5:	076933FF9904D1110D896E2C525E39E5
SHA1:	4188442577FA77F25820D9B2D01CC446E30684AC
SHA-256:	4CBBD8CA5215B8D161AEC181A74B694F4E24B001D5B081DC0030ED797A8973E0
SHA-512:	6FCEE9A7B7A7B821D241C03C82377928BC6882E7A08C78A4221199BFA220CDC55212273018EE613317C8293BB8D1CE08D1E017508E94E06AB85A734C99C7CC34
Malicious:	false
Reputation:	low
Preview:	................

/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/except-flash-digest256.sbstore Download File
Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	268
Entropy (8bit):	4.291717925117119
Encrypted:	false
SSDEEP:	3:VUystlnlftwLLLLLLLLLLLg2qaXlY0WsLhxrbxq4Y0g42Vv:eziqaXlYfaNbg42Vv
MD5:	C921D8E98FA01B4F303481E112202E92
SHA1:	9D23B452AD0D06C355477CF70E3AA5D0ADFE6278
SHA-256:	4EF1038730EC8BC7206713C29A936768831B922C5E6C83355FD62D7401D8C1DC
SHA-512:	D06422752562AFD1F8B94FF09FC9460BE58E07A84FC537FB6B56B1551C37DB7E56CB7932CC2D27D2FFE2CBAB6EC85BDDA6778F2E812E69E5193FCD6BC77066F2
Malicious:	false
Reputation:	low
Preview:	;.1.............................Q..Y....x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x.......C..8.r..M.'j....-...~.B........Q..Y_.P..........X+.s.........cWn..Q..Y........g.,.}t.!

/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/except-flashallow-digest256.pset Download File
Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	16
Entropy (8bit):	0.3372900666170139
Encrypted:	false
SSDEEP:	3:kl:s
MD5:	076933FF9904D1110D896E2C525E39E5
SHA1:	4188442577FA77F25820D9B2D01CC446E30684AC
SHA-256:	4CBBD8CA5215B8D161AEC181A74B694F4E24B001D5B081DC0030ED797A8973E0
SHA-512:	6FCEE9A7B7A7B821D241C03C82377928BC6882E7A08C78A4221199BFA220CDC55212273018EE613317C8293BB8D1CE08D1E017508E94E06AB85A734C99C7CC34
Malicious:	false
Reputation:	low
Preview:	................

/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/except-flashallow-digest256.sbstore Download File
Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	232
Entropy (8bit):	3.6124882616213143
Encrypted:	false
SSDEEP:	3:VUystlMl3YLLLLLLLLLLLpRy5Ae28XzWvhSSz17Sn:ekeU5AezzWvhSSZ7S
MD5:	6F85BC4B2ECB49E26B0BD83A821065D0
SHA1:	4DF430B4D63605E41855DBCB3837A189D4CC7604
SHA-256:	C0B3BC9B3DC507AB654CAF72D13C3AEFA58C9B13B1E4D14DD8816712D80A7E54
SHA-512:	AE7688D501A1F59D4C247ED57BA0547F6376748AF57F554BA1B6DE0EF358ED5868721886BAF94813979B3A9968EC330CE11C41767E4AF42DB413EFC9556C2E22
Malicious:	false
Reputation:	low
Preview:	;.1..............................C.X....x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x.......U...f.....aJ.-.....b..rE..{....C.X...U.K..yP.SQS.

/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/except-flashsubdoc-digest256.pset Download File
Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	16
Entropy (8bit):	0.3372900666170139
Encrypted:	false
SSDEEP:	3:kl:s
MD5:	076933FF9904D1110D896E2C525E39E5
SHA1:	4188442577FA77F25820D9B2D01CC446E30684AC
SHA-256:	4CBBD8CA5215B8D161AEC181A74B694F4E24B001D5B081DC0030ED797A8973E0
SHA-512:	6FCEE9A7B7A7B821D241C03C82377928BC6882E7A08C78A4221199BFA220CDC55212273018EE613317C8293BB8D1CE08D1E017508E94E06AB85A734C99C7CC34
Malicious:	false
Reputation:	low
Preview:	................

/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/except-flashsubdoc-digest256.sbstore Download File
Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	304
Entropy (8bit):	4.70325744277424
Encrypted:	false
SSDEEP:	3:VUystlCwLLLLLLLLLLLPaueiydb1Vf/cMLkBR53B2mZ6C6duKZ/PfuSv+/rI4:e9MHk5xaCQuWGjI4
MD5:	BA0009932844173BC8F9AF264229DF24
SHA1:	C8F6956FA86F4E9CF71599B735E28860245AE4B5
SHA-256:	66D1C00C04D86E313E9A02775CDF906B1BE8D4CD6BEF423A1B9E21CC4E9F50C1
SHA-512:	582D7F28F41E6A7A5F882D15EC1F48D0BE57DC63E1A0D6E6A8BBD442A3AC27E38E0C3FDB3E1C30F416C41649391AFDE61F8079844B61A4995E0AB34D6CC8E745
Malicious:	false
Reputation:	low
Preview:	;.1...............................yZ....x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x.......#...).=..HZE.E.........9N..u3.....yZ..?\.I.u...Mk..<.......Ly......yZ.J...t...{.6w..y.m......Xj..yZ.w....m .U-.mCL.

/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/mozplugin-block-digest256.pset Download File
Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	16
Entropy (8bit):	0.3372900666170139
Encrypted:	false
SSDEEP:	3:kl:s
MD5:	076933FF9904D1110D896E2C525E39E5
SHA1:	4188442577FA77F25820D9B2D01CC446E30684AC
SHA-256:	4CBBD8CA5215B8D161AEC181A74B694F4E24B001D5B081DC0030ED797A8973E0
SHA-512:	6FCEE9A7B7A7B821D241C03C82377928BC6882E7A08C78A4221199BFA220CDC55212273018EE613317C8293BB8D1CE08D1E017508E94E06AB85A734C99C7CC34
Malicious:	false
Reputation:	low
Preview:	................

/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/mozplugin-block-digest256.sbstore Download File
Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	3580
Entropy (8bit):	7.671891447828382
Encrypted:	false
SSDEEP:	96:kvmXn/rUKZuGD5fR3TNQCTBl0VyCt9wrEZRg5n:kunoKpD553BQ3t9OEzun
MD5:	D6ACF2573E12AFDD7939568804D3FCC1
SHA1:	5C54AD3FF47C6B925E7AC17D361FE0FA60B9181E
SHA-256:	5525CBF8F8DC41D19AC632ED324E55293A510AE0EEBA16D0E3F33C707AA58A0C
SHA-512:	1F72C01AA332A6E3FC5F966ED2B12534653BCACF2DC242850877961CC4C16AC3BD1846939D56EA6E230A71F336F4B37F67E0070DDDB66D57BB51526DE52819CA
Malicious:	false
Reputation:	low
Preview:	;.1.....................^..........W....x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x.............p.....a.....J.B..gZ.........W....+.O..!l$...K...aP....C.5......W..;..t7p.'..qR..,....x..lP..Z...W.1.[.8..^...x.T)..}.Uj2.t..._.B...W.......1.f\|....;.m..i...........W.Q....";...'N..o>....UD..........W.Um..Uz"K...H`."e..\|...'...L...v...W.B...`..r{@...J.^....@r...B....W.}..A.......@..A.G.q...@.5.....W Iod}..zVD../xY..p..h.Z.`i&......W$HWYI.;.~..m.~..5....`.$.J.....W)w.\...t.'[!....#...G~]..CS>.@{...W$.u..%.H4....p\\|..v..)...........W4.8....g.iQE...t.....z.X....N.....W5Feb).<@3Z._..f...e.y.....u.....W6;.')..K.0.b9G.2.n........eP.d.....W6]Y1_A]xZM.L./ozM1S^.a.s....P.H...W77......Oc......g.R....d9F.9.sY...W8.....[.-..............@.?.......W9.R,.j<.G..{.<.,.8..hW.V"../....W<...#5../......@ij...8%0.gX..6...W?.......V..Z\.)..P...w.f...-...W@....c.m.I...G.q.H.R.E.. .

/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/mozstd-trackwhite-digest256.pset Download File
Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	16
Entropy (8bit):	0.3372900666170139
Encrypted:	false
SSDEEP:	3:kl:s
MD5:	076933FF9904D1110D896E2C525E39E5
SHA1:	4188442577FA77F25820D9B2D01CC446E30684AC
SHA-256:	4CBBD8CA5215B8D161AEC181A74B694F4E24B001D5B081DC0030ED797A8973E0
SHA-512:	6FCEE9A7B7A7B821D241C03C82377928BC6882E7A08C78A4221199BFA220CDC55212273018EE613317C8293BB8D1CE08D1E017508E94E06AB85A734C99C7CC34
Malicious:	false
Reputation:	low
Preview:	................

/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/mozstd-trackwhite-digest256.sbstore Download File
Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	326032
Entropy (8bit):	7.773045611620996
Encrypted:	false
SSDEEP:	6144:/Ef7scHg5r+Ee+tPubosCYQLZ8M3tYKtW2uyVdnKKwbxcNukj5v:Mf5m+E3MQ3LZzy6W2ugdnUm0kj5v
MD5:	BDAA2A3B4259EBF8DD87E5769B1BF3F4
SHA1:	BDECB51FED41F111CFB19C30E377AA165C0DD7E3
SHA-256:	8408968DAE85E51EA6B0CA7123B0DDFD7425D3013BA311BB1CBE135FFF0E5BDA
SHA-512:	ACDA5C6344CC51E0921C116CB03395F8027F0E1077D5027CA4B6B33E2C1AB663C319EEAB22D7ECF968702324BEDC882F518BDE7711CB140A059D7997580054CF
Malicious:	false
Reputation:	low
Preview:	;.1.....................[#.........Z....x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x.............TV8.1..h@)..N.5.J..._.:BcT...Z..a...'&.k.$..#.Y... -..W..(...Z.".`....T..../[..A3..FI.rN<%N."...Z.#<.k.+^5Q..k..jMY>.tj+.e....J...Z.,.3b.E9ZC.j..N..l&3.XS.~b...B...Z.-.s.vf^..9)#x<{.Y...<....z......Z.?Yj...br4...........J.Z!........Z.M...+.UJ.)..r..{.t.....f..B...Z.R2."..'..k..9/z..`7d..#BmeN.j...Z.T.........}i.<............y...Z.U.6..."P'/.....J.....>j.E....O...Z.b.&.-1.....7..[.UOS.W....=..R...Z.m.#..,..D.&._^.jy.i...p.....hO...Z.p...RrKJR.U..c"bG7.y.5..YU........Z....a.):.;rk...U..P.....^..?.KV....Z....'..>.$.B...3}...T.....E+.......Z..H.K(.!.A.....(.....H...D....Z...&q......Y.m4.D.'..S~..w.........Z..(......7......h.5..P........4...Z..=#.u@.9.-21.*.x....Gs....^.Ep...Z..L..m.'..%.;..[.......z.DVn:...Z.....8?.....h....q....!.j........Z..oj.........X...}...F...

/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/test-block-simple-1.sbstore Download File
Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	232
Entropy (8bit):	3.367009024331335
Encrypted:	false
SSDEEP:	3:VUystlMlklllCLLLLLLLLLLLVtFKAuB079M3Xs/phm:eksMFKy9M3XIQ
MD5:	E2CF527CA7550B7E7BDF7311E483A2C3
SHA1:	C354190BB2B8A00A6051EF2FB86E189AB053FE93
SHA-256:	F1E07B1D717433F47073DC54A7D98E3E87B3D0FA88E53466F93EA544AF885D11
SHA-512:	7A585735ABFB1292B9FC4709B797F09C6BE4DC90A133FBEDB14428AAE79C6DE5FAAE0B151758A75BF90566C98E5BD2A8201E738F321688180BC5B5814A97BB69
Malicious:	false
Reputation:	low
Preview:	;.1.....................................x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x.........`E.eK.zQ.....H..`T1l..............`.j..G1I...r..

/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/test-block-simple.pset Download File
Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	28
Entropy (8bit):	0.37123232664087563
Encrypted:	false
SSDEEP:	3:klMl:sk
MD5:	E2CECF06A89B4A6D968486F17F30DA5D
SHA1:	46757A7F71DCFBEB5511665F123810148727324E
SHA-256:	E6B10FF8681FB7461557E6227D036617C7ECFC6E31A35412F8A5F72C217F318B
SHA-512:	5CFFECE9AF2B403AE150E8D2E755E7E3A71BDDED474293D846CD1A6231C1403261F4B5E6069A0A933738D5CC33F7EA8CC043C721594679E17FC5E8225F3F33C6
Malicious:	false
Reputation:	low
Preview:	............................

/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/test-block-simple.sbstore Download File
Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	232
Entropy (8bit):	3.367009024331335
Encrypted:	false
SSDEEP:	3:VUystlMlklllCLLLLLLLLLLLVtFKAuB079M3Xs/phm:eksMFKy9M3XIQ
MD5:	E2CF527CA7550B7E7BDF7311E483A2C3
SHA1:	C354190BB2B8A00A6051EF2FB86E189AB053FE93
SHA-256:	F1E07B1D717433F47073DC54A7D98E3E87B3D0FA88E53466F93EA544AF885D11
SHA-512:	7A585735ABFB1292B9FC4709B797F09C6BE4DC90A133FBEDB14428AAE79C6DE5FAAE0B151758A75BF90566C98E5BD2A8201E738F321688180BC5B5814A97BB69
Malicious:	false
Reputation:	low
Preview:	;.1.....................................x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x.........`E.eK.zQ.....H..`T1l..............`.j..G1I...r..

/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/test-harmful-simple-1.sbstore Download File
Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	232
Entropy (8bit):	3.3293711760593867
Encrypted:	false
SSDEEP:	3:VUystlMlklllCLLLLLLLLLLLaJPKcZrl3LcC5rY+HVl7sAVZwn:eksbQa3Lz5JPgAVen
MD5:	051FB32DECE757BA112AC36DC72E3A91
SHA1:	A30D26CEE0F69FA67BF9E60BA692F4831373CC07
SHA-256:	0806D98FB3DE55F75D7C0B17E26146567E08C483031526659A4A35D09B97EF19
SHA-512:	ADD2D3C503616070F056EA4E3A64FB54A2D8E75AF8FD5D9F1F8EE6B72A1D548FD4AB7D4A3256E4A6F4E1422631439DB62B251EE3F9D07B38A612AFF5E58936D5
Malicious:	false
Reputation:	low
Preview:	;.1.....................................x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........1.....}/9<...?.nyg....N}........<<.@....{..]{:p

/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/test-harmful-simple.pset Download File
Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	28
Entropy (8bit):	0.37123232664087563
Encrypted:	false
SSDEEP:	3:klMl:sk
MD5:	E2CECF06A89B4A6D968486F17F30DA5D
SHA1:	46757A7F71DCFBEB5511665F123810148727324E
SHA-256:	E6B10FF8681FB7461557E6227D036617C7ECFC6E31A35412F8A5F72C217F318B
SHA-512:	5CFFECE9AF2B403AE150E8D2E755E7E3A71BDDED474293D846CD1A6231C1403261F4B5E6069A0A933738D5CC33F7EA8CC043C721594679E17FC5E8225F3F33C6
Malicious:	false
Reputation:	low
Preview:	............................

/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/test-harmful-simple.sbstore Download File
Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	232
Entropy (8bit):	3.3293711760593867
Encrypted:	false
SSDEEP:	3:VUystlMlklllCLLLLLLLLLLLaJPKcZrl3LcC5rY+HVl7sAVZwn:eksbQa3Lz5JPgAVen
MD5:	051FB32DECE757BA112AC36DC72E3A91
SHA1:	A30D26CEE0F69FA67BF9E60BA692F4831373CC07
SHA-256:	0806D98FB3DE55F75D7C0B17E26146567E08C483031526659A4A35D09B97EF19
SHA-512:	ADD2D3C503616070F056EA4E3A64FB54A2D8E75AF8FD5D9F1F8EE6B72A1D548FD4AB7D4A3256E4A6F4E1422631439DB62B251EE3F9D07B38A612AFF5E58936D5
Malicious:	false
Reputation:	low
Preview:	;.1.....................................x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........1.....}/9<...?.nyg....N}........<<.@....{..]{:p

/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/test-malware-simple-1.sbstore Download File
Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	232
Entropy (8bit):	3.3683561037768297
Encrypted:	false
SSDEEP:	3:VUystlMlklllCLLLLLLLLLLLJnawdSW+vmhnki/0Bn:eksSajWQji0
MD5:	3675254E341DF799D4307C1F59109185
SHA1:	8711844A41A4ACE77BA0A01A4D3AF2B2E59E6A75
SHA-256:	23D108134BED6099793F7DD6B8B6E62081EC3B945EFDBC7C5E0E779FD9B82F98
SHA-512:	9344CA1456E1E74A4DAC833E0AF55DB9730F8AB2954A855B4A775A938B2055C86EFF367F25BAE80F2FFEA45ACEBADE10A8347ADD18222E715620DD864F2D8E4F
Malicious:	false
Reputation:	low
Preview:	;.1.....................................x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x........B.WG..a..E.+`D8.....a. ...D...q......w...X.Z.Z...~.

/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/test-malware-simple.pset Download File
Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	28
Entropy (8bit):	0.37123232664087563
Encrypted:	false
SSDEEP:	3:klMl:sk
MD5:	E2CECF06A89B4A6D968486F17F30DA5D
SHA1:	46757A7F71DCFBEB5511665F123810148727324E
SHA-256:	E6B10FF8681FB7461557E6227D036617C7ECFC6E31A35412F8A5F72C217F318B
SHA-512:	5CFFECE9AF2B403AE150E8D2E755E7E3A71BDDED474293D846CD1A6231C1403261F4B5E6069A0A933738D5CC33F7EA8CC043C721594679E17FC5E8225F3F33C6
Malicious:	false
Reputation:	low
Preview:	............................

/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/test-malware-simple.sbstore Download File
Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	232
Entropy (8bit):	3.3683561037768297
Encrypted:	false
SSDEEP:	3:VUystlMlklllCLLLLLLLLLLLJnawdSW+vmhnki/0Bn:eksSajWQji0
MD5:	3675254E341DF799D4307C1F59109185
SHA1:	8711844A41A4ACE77BA0A01A4D3AF2B2E59E6A75
SHA-256:	23D108134BED6099793F7DD6B8B6E62081EC3B945EFDBC7C5E0E779FD9B82F98
SHA-512:	9344CA1456E1E74A4DAC833E0AF55DB9730F8AB2954A855B4A775A938B2055C86EFF367F25BAE80F2FFEA45ACEBADE10A8347ADD18222E715620DD864F2D8E4F
Malicious:	false
Reputation:	low
Preview:	;.1.....................................x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x........B.WG..a..E.+`D8.....a. ...D...q......w...X.Z.Z...~.

/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/test-phish-simple-1.sbstore Download File
Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	232
Entropy (8bit):	3.302539208701039
Encrypted:	false
SSDEEP:	3:VUystlMlklllCLLLLLLLLLLLOW4xUO0f0iI8hE1R73sBKD:eks3pf+8RABy
MD5:	3D1CE5E50208F0CB3B979186043A548F
SHA1:	10C66032C5ACAC22D70670B9302437141E6371EF
SHA-256:	1E13D05D482C3D533DC6035AF2B2D6E84749412A5748D1435B70CEC8B312340B
SHA-512:	AE2F35C0549C26251053689C90CE831F0C5742D6F7C1DC13482560B02FB4A6029F107E472FCB26BF41B4E89E47559490F5DA049D5B51864A3C4C2C2AE3F588C2
Malicious:	false
Reputation:	low
Preview:	;.1.....................................x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x........Y.......j..}`A=F......c..5.......T...8\|..d.\|..{

/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/test-phish-simple.pset Download File
Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	28
Entropy (8bit):	0.37123232664087563
Encrypted:	false
SSDEEP:	3:klMl:sk
MD5:	E2CECF06A89B4A6D968486F17F30DA5D
SHA1:	46757A7F71DCFBEB5511665F123810148727324E
SHA-256:	E6B10FF8681FB7461557E6227D036617C7ECFC6E31A35412F8A5F72C217F318B
SHA-512:	5CFFECE9AF2B403AE150E8D2E755E7E3A71BDDED474293D846CD1A6231C1403261F4B5E6069A0A933738D5CC33F7EA8CC043C721594679E17FC5E8225F3F33C6
Malicious:	false
Reputation:	low
Preview:	............................

/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/test-phish-simple.sbstore Download File
Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	232
Entropy (8bit):	3.302539208701039
Encrypted:	false
SSDEEP:	3:VUystlMlklllCLLLLLLLLLLLOW4xUO0f0iI8hE1R73sBKD:eks3pf+8RABy
MD5:	3D1CE5E50208F0CB3B979186043A548F
SHA1:	10C66032C5ACAC22D70670B9302437141E6371EF
SHA-256:	1E13D05D482C3D533DC6035AF2B2D6E84749412A5748D1435B70CEC8B312340B
SHA-512:	AE2F35C0549C26251053689C90CE831F0C5742D6F7C1DC13482560B02FB4A6029F107E472FCB26BF41B4E89E47559490F5DA049D5B51864A3C4C2C2AE3F588C2
Malicious:	false
Reputation:	low
Preview:	;.1.....................................x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x........Y.......j..}`A=F......c..5.......T...8\|..d.\|..{

/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/test-track-simple-1.sbstore Download File
Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	272
Entropy (8bit):	3.9834161156862735
Encrypted:	false
SSDEEP:	3:VUylllvl2lll1lCLLLLLLLLLLLQ0ZIn39lAN6r3Zzk9uYs/wPMuiC:rUiU3gNAigr/wMC
MD5:	95F28EDE25C301301F25FBBD9A3C56EC
SHA1:	80F7D95AFC0DE8C608F672A6837C664EF847BCD5
SHA-256:	87763DF78772F7D750B0FA5A31EEC23E931FD3BD1CBB33BEDDFC61889DA36478
SHA-512:	C6E09C76840DDEA559E243E5C13881CFBCDCC7B0C2163461FDCCE1F3F5110E2B0BB553DE447A4E1E0D5EDF516EEEE2FAD5EFC15C398E101EF3C81501E55320AF
Malicious:	false
Reputation:	low
Preview:	;.1.........................................x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x.......Ik...Xf2.h.J.^..P>.A.:..I%8]........=(K_..W..{...L.w...:7.&.PH..26....U.]..)..{6....(.

/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/test-track-simple.pset Download File
Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	28
Entropy (8bit):	0.37123232664087563
Encrypted:	false
SSDEEP:	3:klMl:sk
MD5:	E2CECF06A89B4A6D968486F17F30DA5D
SHA1:	46757A7F71DCFBEB5511665F123810148727324E
SHA-256:	E6B10FF8681FB7461557E6227D036617C7ECFC6E31A35412F8A5F72C217F318B
SHA-512:	5CFFECE9AF2B403AE150E8D2E755E7E3A71BDDED474293D846CD1A6231C1403261F4B5E6069A0A933738D5CC33F7EA8CC043C721594679E17FC5E8225F3F33C6
Malicious:	false
Reputation:	low
Preview:	............................

/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/test-track-simple.sbstore Download File
Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	272
Entropy (8bit):	3.9834161156862735
Encrypted:	false
SSDEEP:	3:VUylllvl2lll1lCLLLLLLLLLLLQ0ZIn39lAN6r3Zzk9uYs/wPMuiC:rUiU3gNAigr/wMC
MD5:	95F28EDE25C301301F25FBBD9A3C56EC
SHA1:	80F7D95AFC0DE8C608F672A6837C664EF847BCD5
SHA-256:	87763DF78772F7D750B0FA5A31EEC23E931FD3BD1CBB33BEDDFC61889DA36478
SHA-512:	C6E09C76840DDEA559E243E5C13881CFBCDCC7B0C2163461FDCCE1F3F5110E2B0BB553DE447A4E1E0D5EDF516EEEE2FAD5EFC15C398E101EF3C81501E55320AF
Malicious:	false
Reputation:	low
Preview:	;.1.........................................x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x.......Ik...Xf2.h.J.^..P>.A.:..I%8]........=(K_..W..{...L.w...:7.&.PH..26....U.]..)..{6....(.

/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/test-trackwhite-simple-1.sbstore Download File
Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	232
Entropy (8bit):	3.4079994338327437
Encrypted:	false
SSDEEP:	3:VUystlMlklllCLLLLLLLLLLLYdIVDdSxcEtY4NL/n:eksdWdSxc3wn
MD5:	65E942614EEE70680464AC4BE75019FC
SHA1:	7CA1B5994684A7FE37A61BC350A1FA8A89BF91DA
SHA-256:	34395085DA32C8B4EFE9959E3B0D756B43FFED17694D66F39B966CD331BD9A94
SHA-512:	55B09573C235876D0CB4E6C20070CD1954CF1EB94F513A94985896237A350E48FCD47C88D5EC9632AB9D0AED4A59C250E69F59A59ED88F2A0AEB6734302744A9
Malicious:	false
Reputation:	low
Preview:	;.1.....................................x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x........=Q.IU`.G...>...u..X...7...k6.b....k:u.z*N._)8.EhnZ

/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/test-trackwhite-simple.pset Download File
Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	28
Entropy (8bit):	0.37123232664087563
Encrypted:	false
SSDEEP:	3:klMl:sk
MD5:	E2CECF06A89B4A6D968486F17F30DA5D
SHA1:	46757A7F71DCFBEB5511665F123810148727324E
SHA-256:	E6B10FF8681FB7461557E6227D036617C7ECFC6E31A35412F8A5F72C217F318B
SHA-512:	5CFFECE9AF2B403AE150E8D2E755E7E3A71BDDED474293D846CD1A6231C1403261F4B5E6069A0A933738D5CC33F7EA8CC043C721594679E17FC5E8225F3F33C6
Malicious:	false
Reputation:	low
Preview:	............................

/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/test-trackwhite-simple.sbstore Download File
Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	232
Entropy (8bit):	3.4079994338327437
Encrypted:	false
SSDEEP:	3:VUystlMlklllCLLLLLLLLLLLYdIVDdSxcEtY4NL/n:eksdWdSxc3wn
MD5:	65E942614EEE70680464AC4BE75019FC
SHA1:	7CA1B5994684A7FE37A61BC350A1FA8A89BF91DA
SHA-256:	34395085DA32C8B4EFE9959E3B0D756B43FFED17694D66F39B966CD331BD9A94
SHA-512:	55B09573C235876D0CB4E6C20070CD1954CF1EB94F513A94985896237A350E48FCD47C88D5EC9632AB9D0AED4A59C250E69F59A59ED88F2A0AEB6734302744A9
Malicious:	false
Reputation:	low
Preview:	;.1.....................................x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x........=Q.IU`.G...>...u..X...7...k6.b....k:u.z*N._)8.EhnZ

/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/test-unwanted-simple-1.sbstore Download File
Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	232
Entropy (8bit):	3.367107760120435
Encrypted:	false
SSDEEP:	3:VUystlMlklllCLLLLLLLLLLLge3nZsRusljWFgm:eks5EsRRQB
MD5:	A5695CC64D77967232B0C1344C6E72B3
SHA1:	B0F151A5292D4B796668B242BF896FDBB5A24B67
SHA-256:	042A22B8681D754671D2018BA109B31A53EE3728D48C6379043F8E3394E7FBAD
SHA-512:	C09F56E91B41D01375C458A6CCC3FC0CEDC18696AEC5D7A2520C51905F4D9BC660F3AD28E69D64B3814AEB3279AFC686794C986F0FA6212463F3AAC850D40019
Malicious:	false
Reputation:	low
Preview:	;.1.....................................x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x.......^......R..U:N......LgY.u.l..H.Z....N?^c.d...].1. b

/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/test-unwanted-simple.pset Download File
Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	28
Entropy (8bit):	0.37123232664087563
Encrypted:	false
SSDEEP:	3:klMl:sk
MD5:	E2CECF06A89B4A6D968486F17F30DA5D
SHA1:	46757A7F71DCFBEB5511665F123810148727324E
SHA-256:	E6B10FF8681FB7461557E6227D036617C7ECFC6E31A35412F8A5F72C217F318B
SHA-512:	5CFFECE9AF2B403AE150E8D2E755E7E3A71BDDED474293D846CD1A6231C1403261F4B5E6069A0A933738D5CC33F7EA8CC043C721594679E17FC5E8225F3F33C6
Malicious:	false
Reputation:	low
Preview:	............................

/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/test-unwanted-simple.sbstore Download File
Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	232
Entropy (8bit):	3.367107760120435
Encrypted:	false
SSDEEP:	3:VUystlMlklllCLLLLLLLLLLLge3nZsRusljWFgm:eks5EsRRQB
MD5:	A5695CC64D77967232B0C1344C6E72B3
SHA1:	B0F151A5292D4B796668B242BF896FDBB5A24B67
SHA-256:	042A22B8681D754671D2018BA109B31A53EE3728D48C6379043F8E3394E7FBAD
SHA-512:	C09F56E91B41D01375C458A6CCC3FC0CEDC18696AEC5D7A2520C51905F4D9BC660F3AD28E69D64B3814AEB3279AFC686794C986F0FA6212463F3AAC850D40019
Malicious:	false
Reputation:	low
Preview:	;.1.....................................x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x.......^......R..U:N......LgY.u.l..H.Z....N?^c.d...].1. b

/home/user/.cache/mozilla/firefox/v9nzj3nw.default/startupCache/scriptCache-child-new.bin Download File
Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	1232135
Entropy (8bit):	4.567485523263895
Encrypted:	false
SSDEEP:	12288:LdCsKnaOx1uNfs6j82bjUFNSz5iOSazRl2:Xg6j82bjUFNSzw
MD5:	E8EFA50FE4613F7D8D927C30E54201B3
SHA1:	52411C56272223F87E7DC1492F7550118FDE93BC
SHA-256:	73E394ECBF76C16D9312AC4A218305B63D190BA86B7DD4A18875EA3F61134EAF
SHA-512:	1EB8AE4B0CD0DE34CE07D4AAF56F2272E562E7D8E807D2CB430FEA6F44C69F8C6F2181D5685602CF8D1575AB018E5D8DF5DD6A5E1D685BD2334DF11D448D5434
Malicious:	false
Reputation:	low
Preview:	mozXDRcachev001......chrome://global/content/process-content.js.chrome://global/content/process-content.js.........,.resource://gre/modules/RemotePageManager.jsmA.jsloader/non-syntactic/resource/gre/modules/RemotePageManager.jsm.....u...'.resource:///modules/ContentObservers.js'.resource:///modules/ContentObservers.js........K.jar:file:///usr/lib/firefox/omni.ja!/components/extension-process-script.jsJ.jsloader/non-syntactic/resource/gre/components/extension-process-script.jsf....s...).resource://gre/modules/MessageChannel.jsm>.jsloader/non-syntactic/resource/gre/modules/MessageChannel.jsm."...~...).resource://gre/modules/ExtensionUtils.jsm>.jsloader/non-syntactic/resource/gre/modules/ExtensionUtils.jsm.....r.....chrome://satchel/content/formSubmitListener.js..chrome://satchel/content/formSubmitListener.jsl...W-.../.resource://gre/modules/PrivateBrowsingUtils.jsmD.jsloader/non-syntactic/resource/gre/modules/PrivateBrowsingUtils.jsm.A..n....".resource://gre/modules/Console.jsm7.jsloa

/home/user/.cache/mozilla/firefox/v9nzj3nw.default/startupCache/scriptCache-new.bin Download File
Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	4424341
Entropy (8bit):	5.080229209584551
Encrypted:	false
SSDEEP:	24576:KVYpa1mm1ENT/dUJgVd06tPx9s6dnJW00Zps/7ByPaEINi3/8dW:KVYpa1mCE1kgVd0oxmNZscP3
MD5:	3D1B0FF0A9C4E03E6F00206BAE073127
SHA1:	85CFE41F58F73CDC2A65292C7FEB62AE53B0612A
SHA-256:	ED0B5C79607DB1D8C9741C3F046843F9854E065401A928722E1BC1DDBD634C0E
SHA-512:	B4C723188750B0E1084652E337A16F482D2CA368A7411A989B440F9F18AE2C06A30A687C9986172ADB17A3A4E67718EB74E3BECEF5293C3DCAE46696464128E1
Malicious:	false
Reputation:	low
Preview:	mozXDRcachev001..M..G.jar:file:///usr/lib/firefox/omni.ja!/components/MainProcessSingleton.jsF.jsloader/non-syntactic/resource/gre/components/MainProcessSingleton.js.........#.resource://gre/modules/Services.jsm8.jsloader/non-syntactic/resource/gre/modules/Services.jsm.....#...'.resource://gre/modules/AppConstants.jsm<.jsloader/non-syntactic/resource/gre/modules/AppConstants.jsm.5..g....%.resource://gre/modules/XPCOMUtils.jsm:.jsloader/non-syntactic/resource/gre/modules/XPCOMUtils.jsm.J..lV...A.jar:file:///usr/lib/firefox/omni.ja!/components/PushComponents.js@.jsloader/non-syntactic/resource/gre/components/PushComponents.jsW..."m...N.jar:file:///usr/lib/firefox/browser/omni.ja!/components/WebContentConverter.jsE.jsloader/non-syntactic/resource/app/components/WebContentConverter.jsy........H.jar:file:///usr/lib/firefox/browser/omni.ja!/components/nsBrowserGlue.js?.jsloader/non-syntactic/resource/app/components/nsBrowserGlue.js/....(...K.jar:file:///usr/lib/firefox/browser/omni.ja!/compo

/home/user/.cache/mozilla/firefox/v9nzj3nw.default/startupCache/startupCache.8.little Download File
Process:	/usr/lib/firefox/firefox
File Type:	Zip archive data, at least v2.0 to extract
Category:	dropped
Size (bytes):	81718
Entropy (8bit):	7.191689621141118
Encrypted:	false
SSDEEP:	1536:2VnXsoulCkzH1T11SG2tWngxkZW776TSPD5ScDh:CncoZkzH1TeGVgxkZW7OTuS8h
MD5:	BF8BB687EFF5AA44E140DD9F2C33DCE0
SHA1:	5932C476994C0DB72B3616FEC6757A6DB7B04CDF
SHA-256:	A77E91EF1568E9CE573EF13E26F61B67D8D9FA9043894544B8DF3CD909523BD8
SHA-512:	8855CD4C97F80BE46217ECD8E32C208A4BEF3EAED5A257304E64B5F1753654B84A8A59221AE62E23971E7FC58B63E8F84392EBD770D4FB7F2820FA5988DA3061
Malicious:	false
Reputation:	low
Preview:	PK........gK.Q............<...jsloader/non-syntactic/resource/gre/modules/ResetProfile.jsmUT....g._.V.o.U....X...bHS....X...b...k..J;mm.B..............v..4 >..lH4>...b.F....F....S...ws.=...q...m.4.`O...C...<r..=.<O....hbl.. ..`.B...C.6.U..<7.E.N.r...3...8.?.....\|.....).....b....y....F.&..N.$.B...ZO3.#...R..,..T6...o..m...C.aTAJ.".....=L.A...,n........q..T}JS;.....~.@..j,..mS..U.Z.5l.;.v.r7j...4..7v..J....._............#.'....O....~....C.v.......dahz.............tKe.a...uE..<...r\|..E.._.o....../Y$....{B.'..`..D{..l....x.I..+.YO.#E.?..a...'.[f....x..-...L...../.$...'.K..\....#.$...._.}.T..`>z..>M{.G4.I.I.......\4]..R.t..wj..pw$0.....a...H.......y.i.U.h..1E...<.B..~}.....(YhM.p.d...E..6..F..D..j.y2..\|.w...`L..,.D\e.....+.d..k.j.d/0....B.%.F .z(...S.>UC.IN..w...X..,.....Dj.....Lq..[^..~....;....a..P...&.TV....v..&~.w.....}..qtU.J......{RW..Dnt...E.............e......w.K.,7}..2G.r9.H..W/...,.9.dB.lV.......{.nr.$.,...i+C4....2..*..8.:.b...

/home/user/.cache/mozilla/firefox/v9nzj3nw.default/startupCache/urlCache-new.bin Download File
Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	3075
Entropy (8bit):	4.68289272797251
Encrypted:	false
SSDEEP:	48:wrIyQXUPIbRtfenAzJr4WVV9TmGJ0W+Hh4BC7sBnvzAyO:ZyQXUoPXzJr4WVV4GJ0PHh4BC7sBnUyO
MD5:	6FA3F435A1C2A2A695526B4BD24A9D9C
SHA1:	59D0622EA27A4C614571C9B35BF60F513B2EDDA5
SHA-256:	C377ED1E0402CA29C42F0654E505B345029F789D467B6413801A48026F36E42E
SHA-512:	6F06CD1A80C23CDA30314B1174F26BFFC42EA3412AE940391DB82A7EF467F92BCDE59E89A82FEEB080097D7EB90C470F029039955B87316A42E03C23536F460A
Malicious:	false
Reputation:	low
Preview:	mozURLcachev002......-.chrome/en-US/locale/branding/brand.properties.5./home/user/.mozilla/firefox/v9nzj3nw.default/prefs.js.4./home/user/.mozilla/firefox/v9nzj3nw.default/user.js.B./home/user/.mozilla/firefox/v9nzj3nw.default/addonStartup.json.lz4.5.chrome/toolkit/pluginproblem/pluginProblemBinding.css.3.chrome/en-US/locale/en-US/global/plugins.properties.$.chrome/toolkit/res/counterstyles.css...chrome/toolkit/res/html.css./.chrome/en-US/locale/en-US/global/css.properties.-.chrome/toolkit/content/global/minimal-xul.css...chrome/toolkit/res/quirk.css...res/svg.css.%.chrome/toolkit/content/global/xul.css.1.chrome/toolkit/skin/classic/global/scrollbars.css.%.chrome/toolkit/res/number-control.css...chrome/toolkit/res/forms.css...chrome/toolkit/res/noscript.css...chrome/toolkit/res/ua.css.../usr/lib/firefox/distribution/distribution.ini...greprefs.js...defaults/pref/services-sync.js...defaults/pref/marionette.js.,./usr/lib/firefox/defaults/pref/vendor-gre.js././usr/lib/firefox/defaults/pre

/home/user/.mozilla/firefox/v9nzj3nw.default/cookies.sqlite-shm Download File
Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	16
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	4AE71336E44BF9BF79D2752E234818A5
SHA1:	E129F27C5103BC5CC44BCDF0A15E160D445066FF
SHA-256:	374708FFF7719DD5979EC875D56CD2286F6D3CF7EC317A3B25632AAB28EC37BB
SHA-512:	0B6CBAC838DFE7F47EA1BD0DF00EC282FDF45510C92161072CCFB84035390C4DA743D9C3B954EAA1B0F86FC9861B23CC6C8667AB232C11C686432EBB5C8C3F27
Malicious:	false
Reputation:	low
Preview:	................

/home/user/.mozilla/firefox/v9nzj3nw.default/crashes/store.json.mozlz4.tmp Download File
Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	66
Entropy (8bit):	4.837595020998689
Encrypted:	false
SSDEEP:	3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
MD5:	A6338865EB252D0EF8FCF11FA9AF3F0D
SHA1:	CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
SHA-256:	078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
SHA-512:	D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
Malicious:	false
Reputation:	low
Preview:	mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

/home/user/.mozilla/firefox/v9nzj3nw.default/datareporting/aborted-session-ping.tmp Download File
Process:	/usr/lib/firefox/firefox
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	20807
Entropy (8bit):	5.225667574308615
Encrypted:	false
SSDEEP:	384:muW0FZQnALe1qGr+QPjmvFFGnKb0w85jW:3qALe1lr+QPjm/T
MD5:	4D4D3F1F3FA952496F7B3CBB9203CF01
SHA1:	E8FBB66DB8884DE798B121E4286971EC3A81541F
SHA-256:	A6222EF0B1F86AF8C1A012EFB7B8CC75FB242B4FF7A9B6E405791289576544E0
SHA-512:	8219DFEFA1BFAB8ACF8E51A83F434A0B61E3EA90A6B5276BB11AC27898BD35E21FF8F27BFEDB24ACF96611E4F7A126B7C54C069ADDD6E2657906601355744F54
Malicious:	false
Reputation:	low
Preview:	{"type":"main","id":"c521ed74-31d9-454c-91de-7f67c005b0be","creationDate":"2020-12-18T08:26:53.942Z","version":4,"application":{"architecture":"x86-64","buildId":"20180313132747","name":"Firefox","version":"59.0","displayVersion":"59.0","vendor":"Mozilla","platformVersion":"59.0","xpcomAbi":"x86_64-gcc3","channel":"release"},"payload":{"ver":4,"simpleMeasurements":{"totalTime":61,"uptime":1,"start":7,"main":153,"selectProfile":302,"afterProfileLocked":306,"startupCrashDetectionBegin":725,"startupCrashDetectionEnd":33526,"firstPaint":3768,"sessionRestoreInit":1190,"sessionRestored":2600,"createTopLevelWindow":1226,"firstLoadURI":3244,"AMI_startup_begin":762,"XPI_startup_begin":784,"XPI_bootstrap_addons_begin":794,"XPI_bootstrap_addons_end":842,"XPI_startup_end":842,"AMI_startup_end":856,"XPI_finalUIStartup":1190,"sessionRestoreInitialized":1216,"delayedStartupStarted":1996,"delayedStartupFinished":2114,"startupInterrupted":0,"js":{},"maximalNumberOfConcurrentThreads":43,"debuggerAttache

/home/user/.mozilla/firefox/v9nzj3nw.default/datareporting/session-state.json.tmp Download File
Process:	/usr/lib/firefox/firefox
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	161
Entropy (8bit):	4.820397983357605
Encrypted:	false
SSDEEP:	3:YWAqKsWdiRIzImK63xMf/3R2PsPBBSQDxxZKQJA2aqnLJrja/H5C:YWAqfWd3xl3Kf/3R2Ps5BjlbKQOanLFF
MD5:	FA8EA7A52DB0EC4775EB1F72B296B29B
SHA1:	68E0ED4F5455B9A5114C62E1DA3EE852310F7B6E
SHA-256:	14350FB30A308B0FA3D304D6AA2CD1132B4188D2B42ED1413666680EF69D77F3
SHA-512:	32547343A6B6BB6EE4713975AF15829F1237FE723DE0F6811F0203D52B5E35D3366744F551883DCA612087D956CBC2CD8B984FF24516BE3850227916CF344BBD
Malicious:	false
Reputation:	low
Preview:	{"sessionId":"160d1af7-8f14-4929-9e03-7355e56a1fd5","subsessionId":"b388e24e-aee0-4b4f-9ddf-70a5fe19e03a","profileSubsessionCounter":3,"newProfilePingSent":true}

/home/user/.mozilla/firefox/v9nzj3nw.default/favicons.sqlite-shm Download File
Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	8
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	7DEA362B3FAC8E00956A4952A3D4F474
SHA1:	05FE405753166F125559E7C9AC558654F107C7E9
SHA-256:	AF5570F5A1810B7AF78CAF4BC70A660F0DF51E42BAF91D4DE5B2328DE0E83DFC
SHA-512:	1B7409CCF0D5A34D3A77EAABFA9FE27427655BE9297127EE9522AA1BF4046D4F945983678169CB1A7348EDCAC47EF0D9E2C924130E5BCC5F0D94937852C42F1B
Malicious:	false
Reputation:	low
Preview:	........

/home/user/.mozilla/firefox/v9nzj3nw.default/gmp-gmpopenh264/1.7.1/gmpopenh264.info.tmp Download File
Process:	/usr/lib/firefox/firefox
File Type:	ASCII text
Category:	dropped
Size (bytes):	116
Entropy (8bit):	4.968220104601006
Encrypted:	false
SSDEEP:	3:C3OuN9RAM7VDXcEzq+rEZv8s3vTMBv+FdBAIABv+FEn:0BDUmsv8s3vAWeWEn
MD5:	18DCAB996BC5FDE1B1699C4B5C115E29
SHA1:	5B6969A59C802024DC13FBFAED301B4E617C1520
SHA-256:	4E350386F5EEB397E2F0B663103EDD5321B4144F78A6DF15150888386E2256DA
SHA-512:	DBAEE7C16E3E54DA2B4EDCE03D23BC4A6B7CE95AE46160C2963D8631078C870F364133E6FD2EA2A632574CEEB0CBA92726C9C28033775C53B8C9A8C2ECF52830
Malicious:	false
Reputation:	low
Preview:	Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.7.1.APIs: encode-video[h264], decode-video[h264].

/home/user/.mozilla/firefox/v9nzj3nw.default/gmp-gmpopenh264/1.7.1/libgmpopenh264.so.tmp Download File
Process:	/usr/lib/firefox/firefox
File Type:	ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=a6f7711a0f3110c0daf8b925630d2ba49053bb97, not stripped
Category:	dropped
Size (bytes):	1407459
Entropy (8bit):	6.423199953068698
Encrypted:	false
SSDEEP:	24576:V5gD1YiQNu0/qV1QmN3Ze3gdVimD8wRAZG5++bYPBeQoPyjJd:VKYiKu0/IQcFbYPBe3PyjJd
MD5:	8AD0417E69B0421D6B8110D082FDA153
SHA1:	C1F346D3B3D1CC0CAAB32AA435C45E6790352276
SHA-256:	513277B94FD0B36C63E3ED0D29519D68C3AAA7358F191363AAD1E408CCCFD05D
SHA-512:	49CD61893EA41A8D76A8D68400E21E5D82B93631D4A192520BD91C26D124AE96A6E667938E8FC5002FDF268BE88E8CB9EB35AE6F4BA1B362F982969090F41E09
Malicious:	false
Reputation:	low
Preview:	.ELF..............>.....0.......@.......@...........@.8...@......................................Q.......Q........ ..............Q.......Q2......Q2.....DQ......0S........ .............`s......`s2.....`s2.............................................................$.......$...............P.td....`3......`3......`3.......,.......,..............Q.td................................................................GNU...q..1.....%c.+..S..........H............-.:......R..D...A.....#...... ..`u........a..J.A..@"@....@....H$.B.!..1.A.$.......P.-..@.C..I(4`.@.E0.p.B @..z..B..P..$b..4.H......H..$.:.0.... ...R......`...$..,.0.(2x.`..@.........d.....B..M..0..#.B....$....0..........@... .H$...... (].`A....@...B..@,.A...."..F.."..IR!..........1.C............H.....P@ ..$......&. .....B.....r...`...`H..2.....@ .@........ 0..6`.@U...@. &.).D...@.".. .n......!.........P.A..0F.......F! .....(....!....$P...B.......b............@.......R&.... ..1....D....AW............L(.................B...(.....

/home/user/.mozilla/firefox/v9nzj3nw.default/places.sqlite-shm Download File
Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	8
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	7DEA362B3FAC8E00956A4952A3D4F474
SHA1:	05FE405753166F125559E7C9AC558654F107C7E9
SHA-256:	AF5570F5A1810B7AF78CAF4BC70A660F0DF51E42BAF91D4DE5B2328DE0E83DFC
SHA-512:	1B7409CCF0D5A34D3A77EAABFA9FE27427655BE9297127EE9522AA1BF4046D4F945983678169CB1A7348EDCAC47EF0D9E2C924130E5BCC5F0D94937852C42F1B
Malicious:	false
Reputation:	low
Preview:	........

/home/user/.mozilla/firefox/v9nzj3nw.default/places.sqlite-wal Download File
Process:	/usr/lib/firefox/firefox
File Type:	SQLite Write-Ahead Log, version 3007000
Category:	dropped
Size (bytes):	426328
Entropy (8bit):	0.13591432508462928
Encrypted:	false
SSDEEP:	96:QQOALHcrHVb+PXC2KPW4Er9EqBLFff8VeTDhp:QQOAL8rHV92ILuHBLFMVeTDhp
MD5:	0FF0C5E1140CD1A23D42E8E796AB450C
SHA1:	D73F1A637EDAD0559B74415FA9022156A775FB55
SHA-256:	699D4324FC06888181B7794239687DED136364031668A2A32780461324F417C5
SHA-512:	37C547FCE5063EA030CE5E3CD5A3E38CC547D4CEAD17BF71BA141534A643D48C90C1DFE4CCF74B52DB80251C0C58FF19144C95C5C1A0B04BC4761AC696444A89
Malicious:	false
Reputation:	low
Preview:	7....-..............T.o.....m..............T.o...?.+.e.z...x..\|....=~.~.~N}.}.{.x.{.}X{Kz;z.\|^........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/home/user/.mozilla/firefox/v9nzj3nw.default/prefs-1.js Download File
Process:	/usr/lib/firefox/firefox
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	64748
Entropy (8bit):	5.118474570376734
Encrypted:	false
SSDEEP:	384:pFC2Mpz2A+iVj2Mpz2A+iVU2Mpz2A+iVUiMpz2A+iVUBMpz2A+iTUBMpz2A+iTUS:pE4ix4iW4iWMiWViAViAgi/gi/TBw
MD5:	BF6E6CBA3F77DA87D843F6DC80440544
SHA1:	EA87FBC071F7A035EC323C25CB1B0AD1DDF5E2DD
SHA-256:	0FCB7060CCC2627B84137DC865B3E8F2D6E3EA6175F2BC6E11EF2EF8182A1970
SHA-512:	A8E4BEC38A221B048535FBB0CA9577C13EC2C5720D20E6CF039F5E88EF27691AD630F0ACF82FE46A67329C24C5BCB6BEF8153373A6FEFADDF7DBDA8256A066CA
Malicious:	false
Reputation:	low
Preview:	# Mozilla User Preferences../* Do not edit this file.. . If you make changes to this file while the application is running,. * the changes will be overwritten when the application exits.. . To make a manual change to preferences, you can visit the URL about:config. */..user_pref("app.shield.optoutstudies.enabled", false);.user_pref("app.update.lastUpdateTime.addon-background-update-timer", 0);.user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 0);.user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1525682093);.user_pref("app.update.lastUpdateTime.experiments-update-timer", 0);.user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 0);.user_pref("app.update.lastUpdateTime.search-engine-update-timer", 1525682130);.user_pref("app.update.lastUpdateTime.xpi-signature-verification", 0);.user_pref("app.update.url", "");.user_pref("browser.bookmarks.restore_default_bookmarks", false);.user_pref("browser.cache.disk.capacity", 358400);.user_pref

/home/user/.mozilla/firefox/v9nzj3nw.default/search.json.mozlz4.tmp Download File
Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	11085
Entropy (8bit):	6.669320878985837
Encrypted:	false
SSDEEP:	192:H6RgF5MZkcuem3naN7smA0Wme6pUMZ+LHXRDqRvhf09:aAEuqampWXYpyhDuhM9
MD5:	64490B8FFDAA4762770E79BFA83CA2C7
SHA1:	98B78B4D220BEF126061D40CC4792E88148598D8
SHA-256:	8D3C55AC4BE88AFCBA0B20E12278E4ED11EC4BC28BC5428CD8838FEF9758F41B
SHA-512:	FDD12E449233A3A34766FB6BE0A269AC9DD3A60D2F37D12BFEE2208F81931AE318A353FF3A30669262A51F209A5346B9E89A86881A84B2894BE8A3700970EE2B
Malicious:	false
Reputation:	low
Preview:	mozLz40.]P....{"version":1,"buildID":"20180313132747","appV..t"59.0","locale":"en-US","visibleDefaultEngines":["amazondotcom","bing","ebay-ch","google","twitter","wikipedia","ddg"],"metaData":{k...j..,h..,f..,d..,b..,`.0,dd...Q...-Hash":"1vAuGhBxMZHaDKKvDQf2sRBOp64H1ZmZbt0MZctw/KU=","search....xpir":1608366357026},"e..`{"_namG..G..r_shortN......","_loadPat....[distribution]/r..plugins/.../.../?.@.xmlI.`escrip5..p.! S...a.._H...Form":null,"_iconURL":"data:image/x-....;base64,AAABAAIAEBAAAAEAIABo..pJgAAACA..`BACAAq..rI4EAAAo.. ..... .............P///zD9/f2W/f392P39/fn9/f35...1/39/ZT+/v4uT..`/v7+Cf0./n/....0.lX///8I`..P.!cHO...+v35/7TZp/92ul3/WKs6/1iqOv9yuFn/rNWd//j79v/.."f3...wC............7PXp/3G3WP9TqDT/U6g0/1OoN...+Or1j//vDoY../0. VA...@....@+vz5P."V/P...WKo6/6LQkf/U6cz/1urO/6rUm/+Zo0r/8IZB//adZ>. v7...///7+/i7`..Y....4nWzf9Lqkj/Vqo4/9Xqz.......ebY//SHRv/0hUL//NjD#..P..U...<...8sxPH/Ebzt/43Rs........4roL/9IVC//i1jf-.. .!fr...Cr37/wW8+/+16/......@.3SFQ.....03pn.........6..../wu++/8Fv

/home/user/.mozilla/firefox/v9nzj3nw.default/sessionCheckpoints.json.tmp Download File
Process:	/usr/lib/firefox/firefox
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	143
Entropy (8bit):	4.223691028533093
Encrypted:	false
SSDEEP:	3:YVXKQJAyiVLQwJtJDBA+ABaQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+kOy6Lb1BA+m2L69Yr
MD5:	C0E4C22C50DD21142F57714EF49B8713
SHA1:	06B77307DCA5C889EA279243E74730CBC10801BE
SHA-256:	6FE46B65B76B3DF32D8392853740B35ED75B6E23F4FBD6F45F3EFA1D496E6717
SHA-512:	A4516B4F15EDB429F7B8CE3EA709D3777BFCC590838B1E113147E6BFB4DF0F34F0F2B24F6185D4E4277A77F75711BB470461B86AA507921AF037A6D22DF9278E
Malicious:	false
Reputation:	low
Preview:	{"profile-after-change":true,"final-ui-startup":true}{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

/home/user/.mozilla/firefox/v9nzj3nw.default/sessionstore-backups/recovery.jsonlz4.tmp Download File
Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	1346
Entropy (8bit):	6.542578583015671
Encrypted:	false
SSDEEP:	24:vwSUGZhZ7ZbDJZHh/vg9WuodxKuZ92qK3KSTFizQIQvSncQ0rOliu:YpWZ7Z5Zhg9wUuZJS/IQW0rNu
MD5:	65DDC9EDE45840B146D4CBC565B4E9E0
SHA1:	9667F52110565B521230D3236FCCED48DC056B8A
SHA-256:	454AF9DE18243DF44F775A762E0211BC5C7D5F19C7AC553E72704069DAB983FC
SHA-512:	68BEAC9ABE6F0086DE2DA09851C5B549FBF639EF35ECA05B48E77A5AC07D70821820BD8B44947037E296FA1DAE50E123C886FA868B16A74B77F9394DD31497DA
Malicious:	false
Reputation:	low
Preview:	mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie...#url":"http://www.tm.a.prd.aadg.akadns.net/","title/....ID":0,"docshellUU...&"{c3a17129-eb1d-426b-90cb-87f85d642a46}","originalURIt...resultPrincip<...null,"triggering...._base64":"SmIS26zLEdO3ZQBgsLbOywA.....AEY="...Identifier...:persist":true}],"lastAccessed":1608279959106,"hidden":false,"mediaBlockedB..,"attribut....{},"userContextIds..index":1,"imag....favicon.ico","..HLoad....":"ZT4OTT7kRfqycpfCC8Aeu.......B3pRy0IA0EdOTmQAQS6D9QJIHOlRteE8wkTq4cYEyCMY;. C/...P.0FAB..."JGh0dHA6Ly93d3cudG0uYS5wcmQuYWFkZy5ha2FkbnMubmV0L<.....E...B.....0AH/..... Af.../ ..j..pAQAAACM......I0..K..k.....%CT@. AP...8...j.../0..C.../L....0=="..aselect...,"_closedT..u],"busy....width":"720","height":"517.5","screenX":"4...Y..`izemod...maximized...W...$..............2.1":{..iUpdate...14,"startTim..@4240m..centCrash...0},"globC....Bcookh.....S..!Stg....5.about:home..sNew Tab...2.......d3e5fbab-621b-4d0a-b2ac-26e7a93c1c87...Q.b.2Q..,.....

/home/user/.mozilla/firefox/v9nzj3nw.default/storage/permanent/chrome/idb/2918063365piupsah.sqlite-shm Download File
Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	16
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	4AE71336E44BF9BF79D2752E234818A5
SHA1:	E129F27C5103BC5CC44BCDF0A15E160D445066FF
SHA-256:	374708FFF7719DD5979EC875D56CD2286F6D3CF7EC317A3B25632AAB28EC37BB
SHA-512:	0B6CBAC838DFE7F47EA1BD0DF00EC282FDF45510C92161072CCFB84035390C4DA743D9C3B954EAA1B0F86FC9861B23CC6C8667AB232C11C686432EBB5C8C3F27
Malicious:	false
Reputation:	low
Preview:	................

/home/user/.mozilla/firefox/v9nzj3nw.default/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-shm Download File
Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	32
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	70BC8F4B72A86921468BF8E8441DCE51
SHA1:	DE8A847BFF8C343D69B853A215E6EE775EF2EF96
SHA-256:	66687AADF862BD776C8FC18B8E9F8E20089714856EE233B3902A591D0D5F2925
SHA-512:	5046ADC1DBA838867B2BBBFDD0C3423E58B57970B5267A90F57960924A87F1960A6A85EAA642DAC835424B5D7C8D637C00408C7A73DA672B7F498521420B6DD3
Malicious:	false
Reputation:	low
Preview:	................................

/home/user/.mozilla/firefox/v9nzj3nw.default/webappsstore.sqlite-shm Download File
Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	8
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	7DEA362B3FAC8E00956A4952A3D4F474
SHA1:	05FE405753166F125559E7C9AC558654F107C7E9
SHA-256:	AF5570F5A1810B7AF78CAF4BC70A660F0DF51E42BAF91D4DE5B2328DE0E83DFC
SHA-512:	1B7409CCF0D5A34D3A77EAABFA9FE27427655BE9297127EE9522AA1BF4046D4F945983678169CB1A7348EDCAC47EF0D9E2C924130E5BCC5F0D94937852C42F1B
Malicious:	false
Reputation:	low
Preview:	........

/home/user/.mozilla/firefox/v9nzj3nw.default/xulstore.json.tmp Download File
Process:	/usr/lib/firefox/firefox
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	81
Entropy (8bit):	4.401458263493336
Encrypted:	false
SSDEEP:	3:YGNDhK6c2us1pQJgIl8dJ8KgfHwFn:YGNKIJ8KgfQFn
MD5:	9FA17B5039BA9CB47B094F86FA6E5619
SHA1:	8618F797EA7972566321BEF3B539AF5F6E1406AE
SHA-256:	EB13A5A21EE5C2374BA74F5A8D98FDE6971BCA99D7B9EC27B5095C164A0410B8
SHA-512:	0C6809724306D92182A6E00242A1708A5B5C2558A28A56D09EBC202C7A681487F655B2AAC2697975FFB35E7206C42E23C0D5A291C5D33B0D8C0E1370C709D1F5
Malicious:	false
Reputation:	low
Preview:	{"chrome://browser/content/browser.xul":{"main-window":{"sizemode":"maximized"}}}

/tmp/tmpaddon Download File
Process:	/usr/lib/firefox/firefox
File Type:	Zip archive data, at least v2.0 to extract
Category:	dropped
Size (bytes):	525838
Entropy (8bit):	7.992011582045725
Encrypted:	true
SSDEEP:	6144:fH96w9G/EB7uVRo9yYvJbu6nCs0F1hLi5q+jJYbBVLbPscKsJvUb4XPwmyPNJ+yr:l6+6VRZYxANhLeIDA2e4XPICtcv834
MD5:	9A7506FE5AA45F16EEF764A98EF44042
SHA1:	E5D0957A0EA1984784AC55CC73AC2EA966B7F637
SHA-256:	3BC594EDEEC478DA9FC407897F7E0508B945E2339918D99CE1D2C45E083814D5
SHA-512:	26AFF72C3D546E2A759F01C6E7329F32D2EC3993D3B2DA937614D792CDC1A20E222E39CB8055BFAD1B958081E4EC5209071EE5BDEE855C876E32DDA56D7D0BEE
Malicious:	false
Reputation:	low
Preview:	PK........ ..K.a.a...t.......gmpopenh264.infoUT......Y...Yux..............K.M.RH.-./H..023.rI-N..,(...Rp..P..)M..SH./R.......K-..0.3.3.r..,.RH.K.OI.-.LI.............PK......../..K..V2U....y......libgmpopenh264.soUT...)..Y)..Yux..............].\S... "bDT......b.UP......^"E...b..=.]c=..w..5....7..z.'....w..ss/L6.........{.....q._..-..K.[...R.-...rn.)..M...lI...-yO.......).#.....{zu..%...w...<..N...{..+.i._....>.9...O...H.g.K.Z....=..:................-..jy'....mu".5\...c..\)R.W....<.4..36.....2.2...9n.$.....WQ.2...X.Sm=.2....L:..yR;..2"ci...........{...3.4.+!3n.JU..9...rNj.-1V.x....c"..j...}....._-i.../7.ZK+.g\|.T,.c^5(.t...\e].^e..I..;gpr.X.2.L."...<...X.I..j.<L8.<{....t(...7RYH...+..D&\...~....Ld.IE..3.:.....rv.8....4.....Frf.Db...=.U...yf3..2cSN&..r...&..u9.....Y..%.U\.g6Z^..../w.......IEF9&..3.9.X.o.p....:S\......Is.l ....q...m..\....c../.!m7.M.\|l.....4....T&.ff&..L$z.q`....X.\5..".iV.3.rNdy.2...\|...s........w.*.!..Le....716"....

Static File Info

No static file info

Network Behavior

Download Network PCAP: filtered – full

Network Port Distribution

Total Packets: 83
• 443 (HTTPS)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 18, 2020 08:25:56.825375080 CET	33908	443	192.168.2.20	44.237.173.75
Dec 18, 2020 08:25:56.993407965 CET	443	33908	44.237.173.75	192.168.2.20
Dec 18, 2020 08:25:56.993669987 CET	33908	443	192.168.2.20	44.237.173.75
Dec 18, 2020 08:25:56.993743896 CET	33908	443	192.168.2.20	44.237.173.75
Dec 18, 2020 08:25:57.162045002 CET	443	33908	44.237.173.75	192.168.2.20
Dec 18, 2020 08:25:57.162853003 CET	443	33908	44.237.173.75	192.168.2.20
Dec 18, 2020 08:25:57.162900925 CET	443	33908	44.237.173.75	192.168.2.20
Dec 18, 2020 08:25:57.162936926 CET	443	33908	44.237.173.75	192.168.2.20
Dec 18, 2020 08:25:57.163022995 CET	33908	443	192.168.2.20	44.237.173.75
Dec 18, 2020 08:25:57.163074970 CET	33908	443	192.168.2.20	44.237.173.75
Dec 18, 2020 08:25:57.163083076 CET	33908	443	192.168.2.20	44.237.173.75
Dec 18, 2020 08:25:57.174609900 CET	33908	443	192.168.2.20	44.237.173.75
Dec 18, 2020 08:25:57.181315899 CET	33908	443	192.168.2.20	44.237.173.75
Dec 18, 2020 08:25:57.342819929 CET	443	33908	44.237.173.75	192.168.2.20
Dec 18, 2020 08:25:57.352617979 CET	443	33908	44.237.173.75	192.168.2.20
Dec 18, 2020 08:25:57.352791071 CET	33908	443	192.168.2.20	44.237.173.75
Dec 18, 2020 08:25:57.387337923 CET	36414	443	192.168.2.20	34.213.158.239
Dec 18, 2020 08:25:57.555672884 CET	443	36414	34.213.158.239	192.168.2.20
Dec 18, 2020 08:25:57.555821896 CET	36414	443	192.168.2.20	34.213.158.239
Dec 18, 2020 08:25:57.556015015 CET	36414	443	192.168.2.20	34.213.158.239
Dec 18, 2020 08:25:57.724236965 CET	443	36414	34.213.158.239	192.168.2.20
Dec 18, 2020 08:25:57.726905107 CET	443	36414	34.213.158.239	192.168.2.20
Dec 18, 2020 08:25:57.726929903 CET	443	36414	34.213.158.239	192.168.2.20
Dec 18, 2020 08:25:57.726943970 CET	443	36414	34.213.158.239	192.168.2.20
Dec 18, 2020 08:25:57.727081060 CET	36414	443	192.168.2.20	34.213.158.239
Dec 18, 2020 08:25:57.727900982 CET	36414	443	192.168.2.20	34.213.158.239
Dec 18, 2020 08:25:57.727916956 CET	36414	443	192.168.2.20	34.213.158.239
Dec 18, 2020 08:25:57.736532927 CET	36414	443	192.168.2.20	34.213.158.239
Dec 18, 2020 08:25:57.736610889 CET	36414	443	192.168.2.20	34.213.158.239
Dec 18, 2020 08:25:57.904673100 CET	443	36414	34.213.158.239	192.168.2.20
Dec 18, 2020 08:25:57.904738903 CET	443	36414	34.213.158.239	192.168.2.20
Dec 18, 2020 08:25:57.907568932 CET	443	36414	34.213.158.239	192.168.2.20
Dec 18, 2020 08:25:57.907746077 CET	36414	443	192.168.2.20	34.213.158.239
Dec 18, 2020 08:26:07.351564884 CET	33908	443	192.168.2.20	44.237.173.75
Dec 18, 2020 08:26:07.519659042 CET	443	33908	44.237.173.75	192.168.2.20
Dec 18, 2020 08:26:07.907589912 CET	36414	443	192.168.2.20	34.213.158.239
Dec 18, 2020 08:26:08.075653076 CET	443	36414	34.213.158.239	192.168.2.20
Dec 18, 2020 08:26:16.525672913 CET	45524	443	192.168.2.20	35.244.181.201
Dec 18, 2020 08:26:16.537728071 CET	443	45524	35.244.181.201	192.168.2.20
Dec 18, 2020 08:26:16.537877083 CET	45524	443	192.168.2.20	35.244.181.201
Dec 18, 2020 08:26:16.538119078 CET	45524	443	192.168.2.20	35.244.181.201
Dec 18, 2020 08:26:16.550075054 CET	443	45524	35.244.181.201	192.168.2.20
Dec 18, 2020 08:26:16.551151991 CET	443	45524	35.244.181.201	192.168.2.20
Dec 18, 2020 08:26:16.551171064 CET	443	45524	35.244.181.201	192.168.2.20
Dec 18, 2020 08:26:16.551188946 CET	443	45524	35.244.181.201	192.168.2.20
Dec 18, 2020 08:26:16.551223993 CET	45524	443	192.168.2.20	35.244.181.201
Dec 18, 2020 08:26:16.552386999 CET	45524	443	192.168.2.20	35.244.181.201
Dec 18, 2020 08:26:16.552392006 CET	45524	443	192.168.2.20	35.244.181.201
Dec 18, 2020 08:26:16.556106091 CET	45524	443	192.168.2.20	35.244.181.201
Dec 18, 2020 08:26:16.556447029 CET	45524	443	192.168.2.20	35.244.181.201
Dec 18, 2020 08:26:16.556478024 CET	45524	443	192.168.2.20	35.244.181.201
Dec 18, 2020 08:26:16.568352938 CET	443	45524	35.244.181.201	192.168.2.20
Dec 18, 2020 08:26:16.568375111 CET	443	45524	35.244.181.201	192.168.2.20
Dec 18, 2020 08:26:16.568382978 CET	443	45524	35.244.181.201	192.168.2.20
Dec 18, 2020 08:26:16.568391085 CET	443	45524	35.244.181.201	192.168.2.20
Dec 18, 2020 08:26:16.569118023 CET	45524	443	192.168.2.20	35.244.181.201
Dec 18, 2020 08:26:16.585692883 CET	443	45524	35.244.181.201	192.168.2.20
Dec 18, 2020 08:26:16.722239971 CET	443	45524	35.244.181.201	192.168.2.20
Dec 18, 2020 08:26:16.722275972 CET	443	45524	35.244.181.201	192.168.2.20
Dec 18, 2020 08:26:16.722343922 CET	443	45524	35.244.181.201	192.168.2.20
Dec 18, 2020 08:26:16.723021984 CET	45524	443	192.168.2.20	35.244.181.201
Dec 18, 2020 08:26:16.723061085 CET	45524	443	192.168.2.20	35.244.181.201
Dec 18, 2020 08:26:16.735186100 CET	443	45524	35.244.181.201	192.168.2.20
Dec 18, 2020 08:26:17.540086031 CET	33908	443	192.168.2.20	44.237.173.75
Dec 18, 2020 08:26:17.707983971 CET	443	33908	44.237.173.75	192.168.2.20
Dec 18, 2020 08:26:18.084110975 CET	36414	443	192.168.2.20	34.213.158.239
Dec 18, 2020 08:26:18.252194881 CET	443	36414	34.213.158.239	192.168.2.20
Dec 18, 2020 08:26:27.716531038 CET	33908	443	192.168.2.20	44.237.173.75
Dec 18, 2020 08:26:27.884448051 CET	443	33908	44.237.173.75	192.168.2.20
Dec 18, 2020 08:26:28.260587931 CET	36414	443	192.168.2.20	34.213.158.239
Dec 18, 2020 08:26:28.428658009 CET	443	36414	34.213.158.239	192.168.2.20
Dec 18, 2020 08:26:37.893119097 CET	33908	443	192.168.2.20	44.237.173.75
Dec 18, 2020 08:26:38.061116934 CET	443	33908	44.237.173.75	192.168.2.20
Dec 18, 2020 08:26:38.437175989 CET	36414	443	192.168.2.20	34.213.158.239
Dec 18, 2020 08:26:38.605667114 CET	443	36414	34.213.158.239	192.168.2.20
Dec 18, 2020 08:26:48.069581985 CET	33908	443	192.168.2.20	44.237.173.75
Dec 18, 2020 08:26:48.237859011 CET	443	33908	44.237.173.75	192.168.2.20
Dec 18, 2020 08:26:48.613626003 CET	36414	443	192.168.2.20	34.213.158.239
Dec 18, 2020 08:26:48.782511950 CET	443	36414	34.213.158.239	192.168.2.20
Dec 18, 2020 08:26:54.835855961 CET	35936	443	192.168.2.20	54.201.107.8
Dec 18, 2020 08:26:55.001755953 CET	443	35936	54.201.107.8	192.168.2.20
Dec 18, 2020 08:26:55.002079010 CET	35936	443	192.168.2.20	54.201.107.8
Dec 18, 2020 08:26:55.002444983 CET	35936	443	192.168.2.20	54.201.107.8
Dec 18, 2020 08:26:55.168109894 CET	443	35936	54.201.107.8	192.168.2.20
Dec 18, 2020 08:26:55.169316053 CET	443	35936	54.201.107.8	192.168.2.20
Dec 18, 2020 08:26:55.169337988 CET	443	35936	54.201.107.8	192.168.2.20
Dec 18, 2020 08:26:55.169348955 CET	443	35936	54.201.107.8	192.168.2.20
Dec 18, 2020 08:26:55.169472933 CET	35936	443	192.168.2.20	54.201.107.8
Dec 18, 2020 08:26:55.172820091 CET	35936	443	192.168.2.20	54.201.107.8
Dec 18, 2020 08:26:55.172847986 CET	35936	443	192.168.2.20	54.201.107.8
Dec 18, 2020 08:26:55.192116022 CET	35936	443	192.168.2.20	54.201.107.8
Dec 18, 2020 08:26:55.194155931 CET	35936	443	192.168.2.20	54.201.107.8
Dec 18, 2020 08:26:55.358115911 CET	443	35936	54.201.107.8	192.168.2.20
Dec 18, 2020 08:26:55.397959948 CET	35936	443	192.168.2.20	54.201.107.8
Dec 18, 2020 08:26:55.403821945 CET	443	35936	54.201.107.8	192.168.2.20
Dec 18, 2020 08:26:55.448879957 CET	443	35936	54.201.107.8	192.168.2.20
Dec 18, 2020 08:26:55.449187994 CET	35936	443	192.168.2.20	54.201.107.8
Dec 18, 2020 08:26:57.494177103 CET	443	33908	44.237.173.75	192.168.2.20
Dec 18, 2020 08:26:57.494559050 CET	33908	443	192.168.2.20	44.237.173.75
Dec 18, 2020 08:26:57.662866116 CET	443	33908	44.237.173.75	192.168.2.20
Dec 18, 2020 08:26:57.663024902 CET	33908	443	192.168.2.20	44.237.173.75
Dec 18, 2020 08:26:58.790281057 CET	36414	443	192.168.2.20	34.213.158.239
Dec 18, 2020 08:26:58.958534956 CET	443	36414	34.213.158.239	192.168.2.20
Dec 18, 2020 08:27:05.455904961 CET	35936	443	192.168.2.20	54.201.107.8
Dec 18, 2020 08:27:05.651624918 CET	443	35936	54.201.107.8	192.168.2.20
Dec 18, 2020 08:27:08.966630936 CET	36414	443	192.168.2.20	34.213.158.239
Dec 18, 2020 08:27:09.134862900 CET	443	36414	34.213.158.239	192.168.2.20
Dec 18, 2020 08:27:14.826109886 CET	45524	443	192.168.2.20	35.244.181.201
Dec 18, 2020 08:27:14.838144064 CET	443	45524	35.244.181.201	192.168.2.20
Dec 18, 2020 08:27:14.838181973 CET	443	45524	35.244.181.201	192.168.2.20
Dec 18, 2020 08:27:14.874834061 CET	45524	443	192.168.2.20	35.244.181.201
Dec 18, 2020 08:27:15.654892921 CET	35936	443	192.168.2.20	54.201.107.8
Dec 18, 2020 08:27:15.820548058 CET	443	35936	54.201.107.8	192.168.2.20
Dec 18, 2020 08:27:19.143150091 CET	36414	443	192.168.2.20	34.213.158.239
Dec 18, 2020 08:27:19.311465979 CET	443	36414	34.213.158.239	192.168.2.20
Dec 18, 2020 08:27:25.831347942 CET	35936	443	192.168.2.20	54.201.107.8
Dec 18, 2020 08:27:25.996882915 CET	443	35936	54.201.107.8	192.168.2.20
Dec 18, 2020 08:27:29.319506884 CET	36414	443	192.168.2.20	34.213.158.239
Dec 18, 2020 08:27:29.487946987 CET	443	36414	34.213.158.239	192.168.2.20
Dec 18, 2020 08:27:36.007894039 CET	35936	443	192.168.2.20	54.201.107.8
Dec 18, 2020 08:27:36.174010992 CET	443	35936	54.201.107.8	192.168.2.20
Dec 18, 2020 08:27:39.496120930 CET	36414	443	192.168.2.20	34.213.158.239
Dec 18, 2020 08:27:39.664439917 CET	443	36414	34.213.158.239	192.168.2.20
Dec 18, 2020 08:27:46.184318066 CET	35936	443	192.168.2.20	54.201.107.8
Dec 18, 2020 08:27:46.350054026 CET	443	35936	54.201.107.8	192.168.2.20
Dec 18, 2020 08:27:49.672638893 CET	36414	443	192.168.2.20	34.213.158.239
Dec 18, 2020 08:27:49.840913057 CET	443	36414	34.213.158.239	192.168.2.20
Dec 18, 2020 08:27:53.006831884 CET	36414	443	192.168.2.20	34.213.158.239
Dec 18, 2020 08:27:53.007050037 CET	36414	443	192.168.2.20	34.213.158.239
Dec 18, 2020 08:27:53.175419092 CET	443	36414	34.213.158.239	192.168.2.20
Dec 18, 2020 08:27:53.175451040 CET	443	36414	34.213.158.239	192.168.2.20
Dec 18, 2020 08:27:53.175616026 CET	36414	443	192.168.2.20	34.213.158.239
Dec 18, 2020 08:27:53.175657988 CET	36414	443	192.168.2.20	34.213.158.239

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 18, 2020 08:25:56.181396961 CET	60529	53	192.168.2.20	8.8.8.8
Dec 18, 2020 08:25:56.181440115 CET	60529	53	192.168.2.20	8.8.8.8
Dec 18, 2020 08:25:56.214282990 CET	53	60529	8.8.8.8	192.168.2.20
Dec 18, 2020 08:25:56.216012955 CET	53	60529	8.8.8.8	192.168.2.20
Dec 18, 2020 08:25:56.808420897 CET	33701	53	192.168.2.20	8.8.8.8
Dec 18, 2020 08:25:56.808487892 CET	33701	53	192.168.2.20	8.8.8.8
Dec 18, 2020 08:25:56.821865082 CET	53	33701	8.8.8.8	192.168.2.20
Dec 18, 2020 08:25:56.824486971 CET	53	33701	8.8.8.8	192.168.2.20
Dec 18, 2020 08:25:57.250149965 CET	37170	53	192.168.2.20	8.8.8.8
Dec 18, 2020 08:25:57.250226021 CET	37170	53	192.168.2.20	8.8.8.8
Dec 18, 2020 08:25:57.263410091 CET	53	37170	8.8.8.8	192.168.2.20
Dec 18, 2020 08:25:57.274705887 CET	53	37170	8.8.8.8	192.168.2.20
Dec 18, 2020 08:25:57.373022079 CET	59776	53	192.168.2.20	8.8.8.8
Dec 18, 2020 08:25:57.373101950 CET	59776	53	192.168.2.20	8.8.8.8
Dec 18, 2020 08:25:57.386115074 CET	53	59776	8.8.8.8	192.168.2.20
Dec 18, 2020 08:25:57.386286974 CET	53	59776	8.8.8.8	192.168.2.20
Dec 18, 2020 08:26:16.511030912 CET	53921	53	192.168.2.20	8.8.8.8
Dec 18, 2020 08:26:16.511063099 CET	53921	53	192.168.2.20	8.8.8.8
Dec 18, 2020 08:26:16.523262978 CET	53	53921	8.8.8.8	192.168.2.20
Dec 18, 2020 08:26:16.524482965 CET	53	53921	8.8.8.8	192.168.2.20
Dec 18, 2020 08:26:16.750158072 CET	45399	53	192.168.2.20	8.8.8.8
Dec 18, 2020 08:26:16.753053904 CET	45399	53	192.168.2.20	8.8.8.8
Dec 18, 2020 08:26:16.790755033 CET	53	45399	8.8.8.8	192.168.2.20
Dec 18, 2020 08:26:16.792689085 CET	53	45399	8.8.8.8	192.168.2.20
Dec 18, 2020 08:26:54.822825909 CET	55559	53	192.168.2.20	8.8.8.8
Dec 18, 2020 08:26:54.822885990 CET	55559	53	192.168.2.20	8.8.8.8
Dec 18, 2020 08:26:54.835239887 CET	53	55559	8.8.8.8	192.168.2.20
Dec 18, 2020 08:26:54.835268974 CET	53	55559	8.8.8.8	192.168.2.20

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Dec 18, 2020 08:25:56.821865082 CET	8.8.8.8	192.168.2.20	0x6a9a	No error (0)	locprod2-elb-us-west-2.prod.mozaws.net		44.237.173.75	A (IP address)	IN (0x0001)
Dec 18, 2020 08:25:56.821865082 CET	8.8.8.8	192.168.2.20	0x6a9a	No error (0)	locprod2-elb-us-west-2.prod.mozaws.net		52.41.252.192	A (IP address)	IN (0x0001)
Dec 18, 2020 08:25:56.821865082 CET	8.8.8.8	192.168.2.20	0x6a9a	No error (0)	locprod2-elb-us-west-2.prod.mozaws.net		34.210.121.31	A (IP address)	IN (0x0001)
Dec 18, 2020 08:25:56.821865082 CET	8.8.8.8	192.168.2.20	0x6a9a	No error (0)	locprod2-elb-us-west-2.prod.mozaws.net		52.42.151.74	A (IP address)	IN (0x0001)
Dec 18, 2020 08:25:56.821865082 CET	8.8.8.8	192.168.2.20	0x6a9a	No error (0)	locprod2-elb-us-west-2.prod.mozaws.net		34.216.198.143	A (IP address)	IN (0x0001)
Dec 18, 2020 08:25:56.821865082 CET	8.8.8.8	192.168.2.20	0x6a9a	No error (0)	locprod2-elb-us-west-2.prod.mozaws.net		44.238.41.205	A (IP address)	IN (0x0001)
Dec 18, 2020 08:25:57.386115074 CET	8.8.8.8	192.168.2.20	0x64f2	No error (0)	search.r53-2.services.mozilla.com		34.213.158.239	A (IP address)	IN (0x0001)
Dec 18, 2020 08:25:57.386115074 CET	8.8.8.8	192.168.2.20	0x64f2	No error (0)	search.r53-2.services.mozilla.com		52.38.202.57	A (IP address)	IN (0x0001)
Dec 18, 2020 08:25:57.386115074 CET	8.8.8.8	192.168.2.20	0x64f2	No error (0)	search.r53-2.services.mozilla.com		35.167.169.250	A (IP address)	IN (0x0001)
Dec 18, 2020 08:26:16.523262978 CET	8.8.8.8	192.168.2.20	0xa4c3	No error (0)	balrog-aus5.r53-2.services.mozilla.com	prod.balrog.prod.cloudops.mozgcp.net		CNAME (Canonical name)	IN (0x0001)
Dec 18, 2020 08:26:16.523262978 CET	8.8.8.8	192.168.2.20	0xa4c3	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)
Dec 18, 2020 08:26:16.524482965 CET	8.8.8.8	192.168.2.20	0xefe5	No error (0)	balrog-aus5.r53-2.services.mozilla.com	prod.balrog.prod.cloudops.mozgcp.net		CNAME (Canonical name)	IN (0x0001)
Dec 18, 2020 08:26:16.790755033 CET	8.8.8.8	192.168.2.20	0x6aaf	No error (0)	a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com	a17.rackcdn.com		CNAME (Canonical name)	IN (0x0001)
Dec 18, 2020 08:26:16.790755033 CET	8.8.8.8	192.168.2.20	0x6aaf	No error (0)	a17.rackcdn.com	a17.rackcdn.com.mdc.edgesuite.net		CNAME (Canonical name)	IN (0x0001)
Dec 18, 2020 08:26:16.792689085 CET	8.8.8.8	192.168.2.20	0x1d92	No error (0)	a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com	a17.rackcdn.com		CNAME (Canonical name)	IN (0x0001)
Dec 18, 2020 08:26:16.792689085 CET	8.8.8.8	192.168.2.20	0x1d92	No error (0)	a17.rackcdn.com	a17.rackcdn.com.mdc.edgesuite.net		CNAME (Canonical name)	IN (0x0001)
Dec 18, 2020 08:26:54.835239887 CET	8.8.8.8	192.168.2.20	0x185e	No error (0)	telemetry-incoming.r53-2.services.mozilla.com	pipeline-incoming-prod-elb-149169523.us-west-2.elb.amazonaws.com		CNAME (Canonical name)	IN (0x0001)
Dec 18, 2020 08:26:54.835239887 CET	8.8.8.8	192.168.2.20	0x185e	No error (0)	pipeline-incoming-prod-elb-149169523.us-west-2.elb.amazonaws.com		54.201.107.8	A (IP address)	IN (0x0001)
Dec 18, 2020 08:26:54.835239887 CET	8.8.8.8	192.168.2.20	0x185e	No error (0)	pipeline-incoming-prod-elb-149169523.us-west-2.elb.amazonaws.com		52.89.14.226	A (IP address)	IN (0x0001)
Dec 18, 2020 08:26:54.835239887 CET	8.8.8.8	192.168.2.20	0x185e	No error (0)	pipeline-incoming-prod-elb-149169523.us-west-2.elb.amazonaws.com		34.210.178.76	A (IP address)	IN (0x0001)
Dec 18, 2020 08:26:54.835239887 CET	8.8.8.8	192.168.2.20	0x185e	No error (0)	pipeline-incoming-prod-elb-149169523.us-west-2.elb.amazonaws.com		52.39.2.52	A (IP address)	IN (0x0001)
Dec 18, 2020 08:26:54.835239887 CET	8.8.8.8	192.168.2.20	0x185e	No error (0)	pipeline-incoming-prod-elb-149169523.us-west-2.elb.amazonaws.com		52.34.254.140	A (IP address)	IN (0x0001)
Dec 18, 2020 08:26:54.835239887 CET	8.8.8.8	192.168.2.20	0x185e	No error (0)	pipeline-incoming-prod-elb-149169523.us-west-2.elb.amazonaws.com		52.10.162.146	A (IP address)	IN (0x0001)
Dec 18, 2020 08:26:54.835239887 CET	8.8.8.8	192.168.2.20	0x185e	No error (0)	pipeline-incoming-prod-elb-149169523.us-west-2.elb.amazonaws.com		44.227.11.155	A (IP address)	IN (0x0001)
Dec 18, 2020 08:26:54.835239887 CET	8.8.8.8	192.168.2.20	0x185e	No error (0)	pipeline-incoming-prod-elb-149169523.us-west-2.elb.amazonaws.com		54.148.237.155	A (IP address)	IN (0x0001)
Dec 18, 2020 08:26:54.835268974 CET	8.8.8.8	192.168.2.20	0xe542	No error (0)	telemetry-incoming.r53-2.services.mozilla.com	pipeline-incoming-prod-elb-149169523.us-west-2.elb.amazonaws.com		CNAME (Canonical name)	IN (0x0001)

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Dec 18, 2020 08:25:57.162936926 CET	44.237.173.75	443	192.168.2.20	33908	CN=location.services.mozilla.com, OU=Cloud Services, O=Mozilla Corporation, L=Mountain View, ST=California, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Tue May 21 02:00:00 CEST 2019 Fri Mar 08 13:00:00 CET 2013	Fri Aug 20 14:00:00 CEST 2021 Wed Mar 08 13:00:00 CET 2023	771,49195-49199-52393-52392-49196-49200-49162-49161-49171-49172-51-57-47-53-10,0-23-65281-10-11-35-16-5-13,29-23-24-25,0	0ffee3ba8e615ad22535e7f771690a28
Dec 18, 2020 08:25:57.162936926 CET	44.237.173.75	443	192.168.2.20	33908	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023		0ffee3ba8e615ad22535e7f771690a28
Dec 18, 2020 08:25:57.726943970 CET	34.213.158.239	443	192.168.2.20	36414	CN=*.services.mozilla.com, OU=Cloud Services, O=Mozilla Corporation, L=Mountain View, ST=California, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Tue Dec 10 01:00:00 CET 2019 Fri Mar 08 13:00:00 CET 2013	Thu Feb 10 13:00:00 CET 2022 Wed Mar 08 13:00:00 CET 2023	771,49195-49199-52393-52392-49196-49200-49162-49161-49171-49172-51-57-47-53-10,0-23-65281-10-11-35-16-5-13,29-23-24-25,0	0ffee3ba8e615ad22535e7f771690a28
Dec 18, 2020 08:25:57.726943970 CET	34.213.158.239	443	192.168.2.20	36414	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023		0ffee3ba8e615ad22535e7f771690a28
Dec 18, 2020 08:26:16.551188946 CET	35.244.181.201	443	192.168.2.20	45524	CN=aus5.mozilla.org, OU=Cloud Services, O=Mozilla Corporation, L=Mountain View, ST=California, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Jun 27 02:00:00 CEST 2019 Fri Mar 08 13:00:00 CET 2013	Wed Jun 16 14:00:00 CEST 2021 Wed Mar 08 13:00:00 CET 2023	771,49195-49199-52393-52392-49196-49200-49162-49161-49171-49172-51-57-47-53-10,0-23-65281-10-11-35-16-5-13,29-23-24-25,0	0ffee3ba8e615ad22535e7f771690a28
Dec 18, 2020 08:26:16.551188946 CET	35.244.181.201	443	192.168.2.20	45524	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023		0ffee3ba8e615ad22535e7f771690a28
Dec 18, 2020 08:26:55.169348955 CET	54.201.107.8	443	192.168.2.20	35936	CN=*.telemetry.mozilla.org, OU=Cloud Services, O=Mozilla Corporation, L=Mountain View, ST=California, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Mon Aug 24 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013	Fri Oct 28 14:00:00 CEST 2022 Wed Mar 08 13:00:00 CET 2023	771,49195-49199-52393-52392-49196-49200-49162-49161-49171-49172-51-57-47-53-10,0-23-65281-10-11-35-16-5-13,29-23-24-25,0	0ffee3ba8e615ad22535e7f771690a28
Dec 18, 2020 08:26:55.169348955 CET	54.201.107.8	443	192.168.2.20	35936	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023		0ffee3ba8e615ad22535e7f771690a28

System Behavior

Analysis Process: exo-open PID: 4624 Parent PID: 4549

General

Start time:	08:25:52
Start date:	18/12/2020
Path:	/usr/bin/exo-open
Arguments:	exo-open http://www.tm.a.prd.aadg.akadns.net
File size:	22856 bytes
MD5 hash:	39c5fa78f1cb3d950b9944f784018d3a

File Activities

File Opened

File Read

Directory Enumerated

Directory Created

Process Activities

Process Forked

System Activities

Query System Information (uname)

Chronological Activities

Analysis Process: exo-open PID: 4633 Parent PID: 4624

General

Start time:	08:25:52
Start date:	18/12/2020
Path:	/usr/bin/exo-open
Arguments:	n/a
File size:	22856 bytes
MD5 hash:	39c5fa78f1cb3d950b9944f784018d3a

Process Activities

Process Forked

Chronological Activities

Analysis Process: exo-open PID: 4634 Parent PID: 4633

General

Start time:	08:25:52
Start date:	18/12/2020
Path:	/usr/bin/exo-open
Arguments:	n/a
File size:	22856 bytes
MD5 hash:	39c5fa78f1cb3d950b9944f784018d3a

File Activities

File Opened

Directory Enumerated

Process Activities

Process Overlayed (Execve)

Chronological Activities

Analysis Process: exo-helper-1 PID: 4634 Parent PID: 3310

General

Start time:	08:25:52
Start date:	18/12/2020
Path:	/usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1
Arguments:	/usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1 --launch WebBrowser http://www.tm.a.prd.aadg.akadns.net
File size:	63560 bytes
MD5 hash:	c27a648e34ba5ce625d064af015be147

File Activities

File Opened

File Read

Directory Created

Process Activities

Process Forked

System Activities

Query System Information (uname)

Chronological Activities

Analysis Process: exo-helper-1 PID: 4643 Parent PID: 4634

General

Start time:	08:25:53
Start date:	18/12/2020
Path:	/usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1
Arguments:	n/a
File size:	63560 bytes
MD5 hash:	c27a648e34ba5ce625d064af015be147

File Activities

File Opened

Directory Enumerated

Process Activities

Process Overlayed (Execve)

Chronological Activities

Analysis Process: sensible-browser PID: 4643 Parent PID: 4634

General

Start time:	08:25:53
Start date:	18/12/2020
Path:	/usr/bin/sensible-browser
Arguments:	/bin/sh /usr/bin/sensible-browser http://www.tm.a.prd.aadg.akadns.net
File size:	1132 bytes
MD5 hash:	a5909f49ad9c97574d2b4c49cc24905d

File Activities

File Opened

File Read

Process Activities

Process Overlayed (Execve)

Chronological Activities

Analysis Process: x-www-browser PID: 4643 Parent PID: 4634

General

Start time:	08:25:53
Start date:	18/12/2020
Path:	/usr/bin/x-www-browser
Arguments:	/bin/sh /usr/bin/x-www-browser http://www.tm.a.prd.aadg.akadns.net
File size:	31 bytes
MD5 hash:	42b33a4578e4a51d8a5d1010c466a9d7

File Activities

File Opened

File Read

Process Activities

Process Forked

Process Overlayed (Execve)

Chronological Activities

Analysis Process: x-www-browser PID: 4644 Parent PID: 4643

General

Start time:	08:25:53
Start date:	18/12/2020
Path:	/usr/bin/x-www-browser
Arguments:	n/a
File size:	31 bytes
MD5 hash:	42b33a4578e4a51d8a5d1010c466a9d7

Process Activities

Process Overlayed (Execve)

Chronological Activities

Analysis Process: which PID: 4644 Parent PID: 4643

General

Start time:	08:25:53
Start date:	18/12/2020
Path:	/usr/bin/which
Arguments:	/bin/sh /usr/bin/which /usr/bin/x-www-browser
File size:	10 bytes
MD5 hash:	e942f154ef9d9974366551d2d231d936

File Activities

File Opened

File Read

Chronological Activities

Analysis Process: firefox PID: 4643 Parent PID: 4634

General

Start time:	08:25:53
Start date:	18/12/2020
Path:	/usr/lib/firefox/firefox
Arguments:	/usr/lib/firefox/firefox http://www.tm.a.prd.aadg.akadns.net
File size:	198896 bytes
MD5 hash:	a4440256f73e7450b27eeb48d0d5f804

File Activities

File Opened

File Deleted

File Read

File Written

File Moved

Directory Enumerated

Directory Created

Directory Deleted

Symbolic Link Created

Permission Modified

Process Activities

Process Forked

Prctl Requested

System Activities

Query System Information (uname)

Chronological Activities

Analysis Process: firefox PID: 4648 Parent PID: 4643

General

Start time:	08:25:53
Start date:	18/12/2020
Path:	/usr/lib/firefox/firefox
Arguments:	n/a
File size:	198896 bytes
MD5 hash:	a4440256f73e7450b27eeb48d0d5f804

Analysis Process: firefox PID: 4679 Parent PID: 4643

General

Start time:	08:25:53
Start date:	18/12/2020
Path:	/usr/lib/firefox/firefox
Arguments:	n/a
File size:	198896 bytes
MD5 hash:	a4440256f73e7450b27eeb48d0d5f804

File Activities

File Opened

File Read

System Activities

Query System Information (uname)

Chronological Activities

Analysis Process: firefox PID: 4692 Parent PID: 4643

General

Start time:	08:25:53
Start date:	18/12/2020
Path:	/usr/lib/firefox/firefox
Arguments:	n/a
File size:	198896 bytes
MD5 hash:	a4440256f73e7450b27eeb48d0d5f804

File Activities

File Opened

Directory Enumerated

Process Activities

Process Overlayed (Execve)

Chronological Activities

Analysis Process: dbus-launch PID: 4692 Parent PID: 4643

General

Start time:	08:25:53
Start date:	18/12/2020
Path:	/usr/bin/dbus-launch
Arguments:	dbus-launch --autolaunch f0b45546524a75b2e6e8e8a55aab94da --binary-syntax --close-stderr
File size:	26616 bytes
MD5 hash:	e4a469f27d130d783c21ce9c1c4456c3

File Activities

File Opened

File Read

System Activities

Query System Information (uname)

Chronological Activities

Analysis Process: firefox PID: 4702 Parent PID: 4643

General

Start time:	08:25:53
Start date:	18/12/2020
Path:	/usr/lib/firefox/firefox
Arguments:	n/a
File size:	198896 bytes
MD5 hash:	a4440256f73e7450b27eeb48d0d5f804

File Activities

File Opened

Directory Enumerated

Process Activities

Process Overlayed (Execve)

Chronological Activities

Analysis Process: lsb_release PID: 4702 Parent PID: 4643

General

Start time:	08:25:53
Start date:	18/12/2020
Path:	/usr/bin/lsb_release
Arguments:	/usr/bin/python3 -Es /usr/bin/lsb_release -idrc
File size:	3638 bytes
MD5 hash:	18cba7de7bfedd0d9f027bd1c54cc2b2

File Activities

File Opened

File Read

Directory Enumerated

Chronological Activities

Analysis Process: firefox PID: 4721 Parent PID: 4643

General

Start time:	08:25:54
Start date:	18/12/2020
Path:	/usr/lib/firefox/firefox
Arguments:	n/a
File size:	198896 bytes
MD5 hash:	a4440256f73e7450b27eeb48d0d5f804

File Activities

File Opened

Directory Enumerated

Process Activities

Process Overlayed (Execve)

Chronological Activities

Analysis Process: dbus-launch PID: 4721 Parent PID: 4643

General

Start time:	08:25:54
Start date:	18/12/2020
Path:	/usr/bin/dbus-launch
Arguments:	dbus-launch --autolaunch=f0b45546524a75b2e6e8e8a55aab94da --binary-syntax --close-stderr
File size:	26616 bytes
MD5 hash:	e4a469f27d130d783c21ce9c1c4456c3

File Activities

File Opened

File Read

System Activities

Query System Information (uname)

Chronological Activities

Analysis Process: firefox PID: 4749 Parent PID: 4643

General

Start time:	08:25:54
Start date:	18/12/2020
Path:	/usr/lib/firefox/firefox
Arguments:	n/a
File size:	198896 bytes
MD5 hash:	a4440256f73e7450b27eeb48d0d5f804

File Activities

File Opened

Directory Enumerated

Process Activities

Process Overlayed (Execve)

Chronological Activities

Analysis Process: firefox PID: 4749 Parent PID: 4643

General

Start time:	08:25:54
Start date:	18/12/2020
Path:	/usr/lib/firefox/firefox
Arguments:	/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -intPrefs 6:50\|7:-1\|19:0\|34:1000\|42:20\|43:5\|44:10\|51:0\|57:128\|58:10000\|63:0\|65:400\|66:1\|67:0\|68:0\|69:100\|74:0\|75:120\|76:120\|159:2\|160:1\|164:60\|165:30\|166:512000\|175:5000\|177:6\|191:8192\|192:524288\|193:5\|206:10000\|227:24\|228:32768\|230:0\|231:0\|240:5\|244:1048576\|246:100\|247:5000\|249:600\|250:4\|251:1\|260:2000\|277:3\|290:60000\|308:300\|309:30\| -boolPrefs 1:0\|2:0\|4:1\|5:0\|24:1\|27:0\|28:1\|29:1\|31:1\|32:1\|33:1\|36:0\|37:0\|38:1\|41:1\|45:1\|46:0\|47:0\|48:1\|49:1\|50:1\|52:0\|55:1\|56:1\|59:0\|60:0\|61:0\|62:0\|64:0\|70:1\|71:1\|72:0\|73:1\|77:1\|78:1\|79:0\|80:0\|81:1\|82:1\|83:0\|84:1\|87:0\|88:0\|91:1\|92:1\|96:1\|97:1\|98:0\|99:1\|100:0\|101:0\|103:0\|104:0\|105:1\|106:1\|107:1\|110:1\|111:1\|112:1\|113:1\|114:1\|115:0\|116:0\|117:0\|119:0\|120:1\|121:1\|122:0\|123:0\|124:0\|125:0\|127:1\|128:0\|129:1\|130:1\|131:1\|132:0\|133:0\|134:1\|135:1\|136:1\|137:1\|138:0\|139:1\|140:1\|141:1\|142:1\|143:1\|144:1\|145:0\|146:1\|147:1\|148:0\|1 50:0\|152:0\|153:0\|154:0\|155:1\|156:1\|157:1\|158:1\|161:1\|162:0\|172:0\|173:0\|174:1\|178:0\|180:1\|181:0\|182:1\|184:1\|186:0\|187:0\|190:0\|194:1\|195:0\|196:1\|197:1\|198:0\|201:1\|205:1\|207:1\|208:0\|210:1\|213:0\|225:0\|226:0\|229:0\|232:0\|234:1\|235:1\|237:1\|238:0\|245:1\|248:1\|253:0\|254:0\|255:0\|256:1\|257:1\|258:0\|259:1\|264:0\|267:1\|268:1\|269:1\|270:1\|271:1\|272:0\|273:0\|279:1\|282:0\|283:0\|284:1\|285:1\|286:0\|287:1\|288:1\|289:1\|291:0\|292:0\|294:0\|303:1\|304:1\|305:0\|306:0\|307:0\| -stringPrefs "3:7;release\|151:0;\|212:3;1.0\|223:332; \\u00A0\\u00BC\\u00BD\\u00BE\\u01C3\\u02D0\\u0337\\u0338\\u0589\\u058A\\u05C3\\u05F4\\u0609\\u060A\\u066A\\u06D4\\u0701\\u0702\\u0703\\u0704\\u115F\\u1160\\u1735\\u2000\\u2001\\u2002\\u2003\\u2004\\u2005\\u2006\\u2007\\u2008\\u2009\\u200A\\u200B\\u200E\\u200F\\u2010\\u2019\\u2024\\u2027\\u2028\\u2029\\u202A\\u202B\\u202C\\u202D\\u202E\\u202F\\u2039\\u203A\\u2041\\u2044\\u2052\\u205F\\u2153\\u2154\\u2155\\u2156\\u2157\\u2158\\u2159\\u215A\\u215B\\u215C\\u215D\\u215E\\u215F\\u2215\\u2236\\u23AE\\u2571\\u29F6\\u29F8\\u2AFB\\u2AFD\\u2FF0\\u2FF1" -schedulerPrefs 0001,2 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appdir /usr/lib/firefox/browser 4643 true tab
File size:	198896 bytes
MD5 hash:	a4440256f73e7450b27eeb48d0d5f804

File Activities

File Opened

File Deleted

File Read

Directory Enumerated

Process Activities

Prctl Requested

System Activities

Query System Information (uname)

Chronological Activities

Analysis Process: firefox PID: 4805 Parent PID: 4643

General

Start time:	08:25:56
Start date:	18/12/2020
Path:	/usr/lib/firefox/firefox
Arguments:	n/a
File size:	198896 bytes
MD5 hash:	a4440256f73e7450b27eeb48d0d5f804

File Activities

File Opened

Directory Enumerated

Process Activities

Process Overlayed (Execve)

Chronological Activities

Analysis Process: firefox PID: 4805 Parent PID: 4643

General

Start time:	08:25:56
Start date:	18/12/2020
Path:	/usr/lib/firefox/firefox
Arguments:	/usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -intPrefs 6:50\|7:-1\|19:0\|34:1000\|42:20\|43:5\|44:10\|51:0\|57:128\|58:10000\|63:0\|65:400\|66:1\|67:0\|68:0\|69:100\|74:0\|75:120\|76:120\|159:2\|160:1\|164:60\|165:30\|166:512000\|175:5000\|177:6\|191:8192\|192:524288\|193:5\|206:10000\|227:24\|228:32768\|230:0\|231:0\|240:5\|244:1048576\|246:100\|247:5000\|249:600\|250:4\|251:1\|260:2000\|277:3\|290:60000\|308:300\|309:30\| -boolPrefs 1:0\|2:0\|4:1\|5:0\|24:1\|27:0\|28:1\|29:1\|31:1\|32:1\|33:1\|36:0\|37:0\|38:1\|41:1\|45:1\|46:0\|47:0\|48:1\|49:1\|50:1\|52:0\|55:1\|56:1\|59:0\|60:0\|61:0\|62:0\|64:0\|70:1\|71:1\|72:0\|73:1\|77:1\|78:1\|79:0\|80:0\|81:1\|82:1\|83:0\|84:1\|87:0\|88:0\|91:1\|92:1\|96:1\|97:1\|98:0\|99:1\|100:0\|101:0\|103:0\|104:0\|105:1\|106:1\|107:1\|110:1\|111:1\|112:1\|113:1\|114:1\|115:0\|116:0\|117:0\|119:0\|120:1\|121:1\|122:0\|123:0\|124:0\|125:0\|127:1\|128:0\|129:1\|130:1\|131:1\|132:0\|133:0\|134:1\|135:1\|136:1\|137:1\|138:0\|139:1\|140:1\|141:1\|142:1\|143:1\|144:1\|145:0\|146:1\|147:1\|148:0\|1 50:0\|152:0\|153:0\|154:0\|155:1\|156:1\|157:1\|158:1\|161:1\|162:0\|172:0\|173:0\|174:1\|178:0\|180:1\|181:0\|182:1\|184:1\|186:0\|187:0\|190:0\|194:1\|195:0\|196:1\|197:1\|198:0\|201:1\|205:1\|207:1\|208:0\|210:1\|213:0\|225:0\|226:0\|229:0\|232:0\|234:1\|235:1\|237:1\|238:0\|245:1\|248:1\|253:0\|254:0\|255:0\|256:1\|257:1\|258:0\|259:1\|264:0\|267:1\|268:1\|269:1\|270:1\|271:1\|272:0\|273:0\|279:1\|282:0\|283:0\|284:1\|285:1\|286:0\|287:1\|288:1\|289:1\|291:0\|292:0\|294:0\|303:1\|304:1\|305:0\|306:0\|307:0\| -stringPrefs "3:7;release\|151:0;\|212:3;1.0\|223:332; \\u00A0\\u00BC\\u00BD\\u00BE\\u01C3\\u02D0\\u0337\\u0338\\u0589\\u058A\\u05C3\\u05F4\\u0609\\u060A\\u066A\\u06D4\\u0701\\u0702\\u0703\\u0704\\u115F\\u1160\\u1735\\u2000\\u2001\\u2002\\u2003\\u2004\\u2005\\u2006\\u2007\\u2008\\u2009\\u200A\\u200B\\u200E\\u200F\\u2010\\u2019\\u2024\\u2027\\u2028\\u2029\\u202A\\u202B\\u202C\\u202D\\u202E\\u202F\\u2039\\u203A\\u2041\\u2044\\u2052\\u205F\\u2153\\u2154\\u2155\\u2156\\u2157\\u2158\\u2159\\u215A\\u215B\\u215C\\u215D\\u215E\\u215F\\u2215\\u2236\\u23AE\\u2571\\u29F6\\u29F8\\u2AFB\\u2AFD\\u2FF0\\u2FF1" -schedulerPrefs 0001,2 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appdir /usr/lib/firefox/browser 4643 true tab
File size:	198896 bytes
MD5 hash:	a4440256f73e7450b27eeb48d0d5f804

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report http://www.tm.a.prd.aadg.akadns.net

Overview

General Information

Detection

Signatures

Classification

Startup

Yara Overview

Signature Overview

Networking:

System Summary:

Persistence and Installation Behavior:

Malware Analysis System Evasion:

Language, Device and Operating System Detection:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Answers

HTTPS Packets

System Behavior

Analysis Process: exo-open PID: 4624 Parent PID: 4549

General

File Activities

File Opened

File Read

Directory Enumerated

Directory Created

Process Activities

Process Forked

System Activities

Query System Information (uname)

Analysis Process: exo-open PID: 4633 Parent PID: 4624

General

Process Activities

Process Forked

Analysis Process: exo-open PID: 4634 Parent PID: 4633

General

File Activities

File Opened

Directory Enumerated

Process Activities

Process Overlayed (Execve)

Analysis Process: exo-helper-1 PID: 4634 Parent PID: 3310

General

File Activities

File Opened

File Read

Directory Created