Linux Analysis Report
https://airmarkcomponents.com/

Overview

General Information

Sample URL:	https://airmarkcomponents.com/
Analysis ID:	1501760
Infos:

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false

Signatures

Creates hidden files and/or directories

Creates hidden files without content (potentially used as a mutex)

Queries the installed Ubuntu/CentOS release

Reads the 'hosts' file potentially containing internal network hosts

Uses the "uname" system call to query kernel version information (possible evasion)

Classification

Signatures

Source: unknown

HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.20:58566 version: TLS 1.2

Reads the 'hosts' file potentially containing internal network hosts

Source: /usr/lib/firefox/firefox (PID: 4749)

Reads hosts file: /etc/hosts

Jump to behavior

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: airmarkcomponents.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-aliveUpgrade-Insecure-Requests: 1
Source: global traffic	HTTP traffic detected: GET /6/Firefox/66.0.3/20190410113011/Linux_x86_64-gcc3/en-US/release-cck-ubuntu/Linux%204.4.0-116-generic%20(GTK%203.18.9%2Clibpulse%208.0.0)/canonical/1.0/ HTTP/1.1Host: snippets.cdn.mozilla.netUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /?pl=CHiI7Gh3GUyTa8XGgNqDyQ&click_id=cr8q51ijvq38mvmg0730 HTTP/1.1Host: qltuh.algiedideneb.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-aliveUpgrade-Insecure-Requests: 1
Source: global traffic	HTTP traffic detected: GET /space-robot/?pl=CHiI7Gh3GUyTa8XGgNqDyQ&sm=space-robot&click_id=cr8q51ijvq38mvmg0730&nrid=de31d1cd52d74e28bde7668b9e540ce5&hash=s38RJoCM1jVSTvs8F6cz6w&exp=1725014963 HTTP/1.1Host: qltuh.check-tl-ver-108-a.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-aliveUpgrade-Insecure-Requests: 1
Source: global traffic	HTTP traffic detected: GET /us-west/bundles-pregen/Firefox/en-us/default.json HTTP/1.1Host: snippets.cdn.mozilla.netUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /space-robot/assets/trls.js HTTP/1.1Host: qltuh.check-tl-ver-108-a.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: https://qltuh.check-tl-ver-108-a.com/space-robot/?pl=CHiI7Gh3GUyTa8XGgNqDyQ&sm=space-robot&click_id=cr8q51ijvq38mvmg0730&nrid=de31d1cd52d74e28bde7668b9e540ce5&hash=s38RJoCM1jVSTvs8F6cz6w&exp=1725014963Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /space-robot/assets/style.css?v=5 HTTP/1.1Host: qltuh.check-tl-ver-108-a.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: text/css,/;q=0.1Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: https://qltuh.check-tl-ver-108-a.com/space-robot/?pl=CHiI7Gh3GUyTa8XGgNqDyQ&sm=space-robot&click_id=cr8q51ijvq38mvmg0730&nrid=de31d1cd52d74e28bde7668b9e540ce5&hash=s38RJoCM1jVSTvs8F6cz6w&exp=1725014963Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /space-robot/assets/main.js?v=3 HTTP/1.1Host: qltuh.check-tl-ver-108-a.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: https://qltuh.check-tl-ver-108-a.com/space-robot/?pl=CHiI7Gh3GUyTa8XGgNqDyQ&sm=space-robot&click_id=cr8q51ijvq38mvmg0730&nrid=de31d1cd52d74e28bde7668b9e540ce5&hash=s38RJoCM1jVSTvs8F6cz6w&exp=1725014963Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shared-js/assets/static-pl.js?v=4 HTTP/1.1Host: qltuh.check-tl-ver-108-a.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: https://qltuh.check-tl-ver-108-a.com/space-robot/?pl=CHiI7Gh3GUyTa8XGgNqDyQ&sm=space-robot&click_id=cr8q51ijvq38mvmg0730&nrid=de31d1cd52d74e28bde7668b9e540ce5&hash=s38RJoCM1jVSTvs8F6cz6w&exp=1725014963Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /space-robot/assets/corner.png HTTP/1.1Host: qltuh.check-tl-ver-108-a.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: image/webp,/Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: https://qltuh.check-tl-ver-108-a.com/space-robot/?pl=CHiI7Gh3GUyTa8XGgNqDyQ&sm=space-robot&click_id=cr8q51ijvq38mvmg0730&nrid=de31d1cd52d74e28bde7668b9e540ce5&hash=s38RJoCM1jVSTvs8F6cz6w&exp=1725014963Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /ps/ps.js?&edg=true&sw=&fullscreen=true&pl=true&pp=false&id=CHiI7Gh3GUyTa8XGgNqDyQ&sm=space-robot&click_id=cr8q51ijvq38mvmg0730&sub_id=&appspot=&d=https%3A%2F%2Fcdnstatic.check-tl-ver-108-a.com&timeout=180&tb=true&nrid=de31d1cd52d74e28bde7668b9e540ce5 HTTP/1.1Host: cdnstatic.check-tl-ver-108-a.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: https://qltuh.check-tl-ver-108-a.com/space-robot/?pl=CHiI7Gh3GUyTa8XGgNqDyQ&sm=space-robot&click_id=cr8q51ijvq38mvmg0730&nrid=de31d1cd52d74e28bde7668b9e540ce5&hash=s38RJoCM1jVSTvs8F6cz6w&exp=1725014963Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /space-robot/assets/apple-touch-icon.png HTTP/1.1Host: qltuh.check-tl-ver-108-a.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: image/webp,/Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /space-robot/assets/favicon-16x16.png HTTP/1.1Host: qltuh.check-tl-ver-108-a.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: image/webp,/Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /ps/config.js?id=CHiI7Gh3GUyTa8XGgNqDyQ HTTP/1.1Host: cdnstatic.check-tl-ver-108-a.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: https://qltuh.check-tl-ver-108-a.com/space-robot/?pl=CHiI7Gh3GUyTa8XGgNqDyQ&sm=space-robot&click_id=cr8q51ijvq38mvmg0730&nrid=de31d1cd52d74e28bde7668b9e540ce5&hash=s38RJoCM1jVSTvs8F6cz6w&exp=1725014963Connection: keep-aliveCookie: __psu=5bae6dc6-cff2-4d35-8c46-e4e147c7e338
Source: global traffic	HTTP traffic detected: GET /sw-707a7d0735647f53a9228ce50d13ab46.js HTTP/1.1Host: qltuh.check-tl-ver-108-a.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brService-Worker: scriptConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /update/3/GMP/66.0.3/20190410113011/Linux_x86_64-gcc3/null/release-cck-ubuntu/Linux%204.4.0-116-generic%20(GTK%203.18.9%2Clibpulse%208.0.0)/canonical/1.0/update.xml HTTP/1.1Host: aus5.mozilla.orgUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: push.services.mozilla.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brSec-WebSocket-Version: 13Origin: wss://push.services.mozilla.com/Sec-WebSocket-Protocol: push-notificationSec-WebSocket-Extensions: permessage-deflateSec-WebSocket-Key: c6kBy8Q962evQN09480c7A==Connection: keep-alive, UpgradePragma: no-cacheCache-Control: no-cacheUpgrade: websocket
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: push.services.mozilla.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brSec-WebSocket-Version: 13Origin: wss://push.services.mozilla.com/Sec-WebSocket-Protocol: push-notificationSec-WebSocket-Extensions: permessage-deflateSec-WebSocket-Key: m+gHMIH+bM+IXrbp144tUg==Connection: keep-alive, UpgradePragma: no-cacheCache-Control: no-cacheUpgrade: websocket
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: push.services.mozilla.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brSec-WebSocket-Version: 13Origin: wss://push.services.mozilla.com/Sec-WebSocket-Protocol: push-notificationSec-WebSocket-Extensions: permessage-deflateSec-WebSocket-Key: gzH4mgj0m04q25/HFLUzOQ==Connection: keep-alive, UpgradePragma: no-cacheCache-Control: no-cacheUpgrade: websocket
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: push.services.mozilla.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brSec-WebSocket-Version: 13Origin: wss://push.services.mozilla.com/Sec-WebSocket-Protocol: push-notificationSec-WebSocket-Extensions: permessage-deflateSec-WebSocket-Key: 2m+e3cL0QOajGC13MGedSQ==Connection: keep-alive, UpgradePragma: no-cacheCache-Control: no-cacheUpgrade: websocket
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: push.services.mozilla.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brSec-WebSocket-Version: 13Origin: wss://push.services.mozilla.com/Sec-WebSocket-Protocol: push-notificationSec-WebSocket-Extensions: permessage-deflateSec-WebSocket-Key: mG0Ahy8ERvDWimCnq72XWQ==Connection: keep-alive, UpgradePragma: no-cacheCache-Control: no-cacheUpgrade: websocket

Source: global traffic	DNS traffic detected: DNS query: airmarkcomponents.com
Source: global traffic	DNS traffic detected: DNS query: qltuh.algiedideneb.com
Source: global traffic	DNS traffic detected: DNS query: qltuh.check-tl-ver-108-a.com
Source: global traffic	DNS traffic detected: DNS query: cdnstatic.check-tl-ver-108-a.com
Source: global traffic	DNS traffic detected: DNS query: push.services.mozilla.com

Source: cert9.db-journal.34.dr, cert9.db.34.dr	String found in binary or memory: http://crl.pki.goog/gsr2/gsr2.crl0?
Source: cert9.db-journal.34.dr, cert9.db.34.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: cert9.db-journal.34.dr, cert9.db.34.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl0=
Source: cert9.db-journal.34.dr, cert9.db.34.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: cert9.db-journal.34.dr, cert9.db.34.dr	String found in binary or memory: http://ocsp.pki.goog/gsr202
Source: places.sqlite-wal.34.dr	String found in binary or memory: http://wiki.ubuntu.com
Source: places.sqlite-wal.34.dr	String found in binary or memory: http://wiki.ubuntu.com/moc.utnubu.ikiw.
Source: places.sqlite-wal.34.dr	String found in binary or memory: http://www.debian.org
Source: places.sqlite-wal.34.dr	String found in binary or memory: http://www.debian.org/gro.naibed.www.
Source: places.sqlite-wal.34.dr	String found in binary or memory: http://www.ubuntu.com
Source: places.sqlite-wal.34.dr	String found in binary or memory: http://www.ubuntu.com/moc.utnubu.www.
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://airmarkcomponents.com
Source: 3A2B697F1FDA5E8CED55FE586EBC2F5D11E0E55F.34.dr, F044322FA5BF290DD59313620194059BDC3D6C98.34.dr	String found in binary or memory: https://airmarkcomponents.com/
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://airmarkcomponents.com/moc.stnenopmockramria.
Source: F044322FA5BF290DD59313620194059BDC3D6C98.34.dr	String found in binary or memory: https://airmarkcomponents.com/predictor::seen1
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://answers.launchpad.net
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://answers.launchpad.net/ubuntu/
Source: 3D18B3B7E73CB9205101A761EB49BAE007D291B0.34.dr	String found in binary or memory: https://cdnstatic.check-tl-ver-108-a.com/ps/ps.js?&edg=true&sw=&fullscreen=true&pl=true&pp=false&id=
Source: 8F43299B2BBC180803AAE2295F17077D2C87FC5E.34.dr, 3FE38C9C3C92A20A0349E3495766F11D3CA2EC60.34.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Source: 3FE38C9C3C92A20A0349E3495766F11D3CA2EC60.34.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff21
Source: webext.sc.lz4.tmp.34.dr	String found in binary or memory: https://github.com/
Source: 3E1FE883C0FA3898B65C0D6FADBA039F7902FAF2.34.dr	String found in binary or memory: https://js.streampsh.top
Source: 3E1FE883C0FA3898B65C0D6FADBA039F7902FAF2.34.dr	String found in binary or memory: https://mbtrk1.com/click.php?key=7ef1qd1lvftdju4n985s&tracker=pushlink-placeholder-
Source: cert9.db-journal.34.dr, cert9.db.34.dr	String found in binary or memory: https://pki.goog/repository/0
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://qltuh.algiedideneb.com
Source: 3A2B697F1FDA5E8CED55FE586EBC2F5D11E0E55F.34.dr	String found in binary or memory: https://qltuh.algiedideneb.com/?pl=CHiI7Gh3GUyTa8XGgNqDyQ&click_id=cr8q51ijvq38mvmg0730
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://qltuh.algiedideneb.com/?pl=CHiI7Gh3GUyTa8XGgNqDyQ&click_id=cr8q51ijvq38mvmg0730moc.benedidei
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://qltuh.check-tl-ver-108-a.com
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://qltuh.check-tl-ver-108-a.com($
Source: 3FE38C9C3C92A20A0349E3495766F11D3CA2EC60.34.dr, 3E1FE883C0FA3898B65C0D6FADBA039F7902FAF2.34.dr	String found in binary or memory: https://qltuh.check-tl-ver-108-a.com/shared-js/assets/static-pl.js?v=4
Source: 3FE38C9C3C92A20A0349E3495766F11D3CA2EC60.34.dr	String found in binary or memory: https://qltuh.check-tl-ver-108-a.com/shared-js/assets/static-pl.js?v=41
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://qltuh.check-tl-ver-108-a.com/space-robot/?pl=CHiI7Gh3GUyTa8XGgNqDyQ&sm=space-robot&click_id=
Source: 3FE38C9C3C92A20A0349E3495766F11D3CA2EC60.34.dr, FECDC94F0E7BAF8E66A29D10078DC7C9E82E2A2B.34.dr	String found in binary or memory: https://qltuh.check-tl-ver-108-a.com/space-robot/assets/corner.png
Source: 3FE38C9C3C92A20A0349E3495766F11D3CA2EC60.34.dr	String found in binary or memory: https://qltuh.check-tl-ver-108-a.com/space-robot/assets/corner.png1
Source: 3FE38C9C3C92A20A0349E3495766F11D3CA2EC60.34.dr, A9DB122571F6E7BBF5B17F0B73306BED943AF492.34.dr	String found in binary or memory: https://qltuh.check-tl-ver-108-a.com/space-robot/assets/main.js?v=3
Source: 3FE38C9C3C92A20A0349E3495766F11D3CA2EC60.34.dr	String found in binary or memory: https://qltuh.check-tl-ver-108-a.com/space-robot/assets/main.js?v=31
Source: 3FE38C9C3C92A20A0349E3495766F11D3CA2EC60.34.dr, 3897E273C86B69E7EC90C667F04ACC4F68CD01F9.34.dr	String found in binary or memory: https://qltuh.check-tl-ver-108-a.com/space-robot/assets/style.css?v=5
Source: 3FE38C9C3C92A20A0349E3495766F11D3CA2EC60.34.dr	String found in binary or memory: https://qltuh.check-tl-ver-108-a.com/space-robot/assets/style.css?v=51
Source: 3FE38C9C3C92A20A0349E3495766F11D3CA2EC60.34.dr, A32D31641179C3E5616066431ABEF74C58BB525A.34.dr	String found in binary or memory: https://qltuh.check-tl-ver-108-a.com/space-robot/assets/trls.js
Source: 3FE38C9C3C92A20A0349E3495766F11D3CA2EC60.34.dr	String found in binary or memory: https://qltuh.check-tl-ver-108-a.com/space-robot/assets/trls.js1
Source: 4098689E1EA45FF0094F1C8088E49251FFFF7585.34.dr	String found in binary or memory: https://snippets.cdn.mozilla.net/6/Firefox/66.0.3/20190410113011/Linux_x86_64-gcc3/en-US/release-cck
Source: C389DE279BF5275924497D5B33D1F1900116E591.34.dr, 4098689E1EA45FF0094F1C8088E49251FFFF7585.34.dr	String found in binary or memory: https://snippets.cdn.mozilla.net/us-west/bundles-pregen/Firefox/en-us/default.json
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://support.mozilla.org
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://support.mozilla.org/en-US/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=fire
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://support.mozilla.org/en-US/products/firefoxgro.allizom.troppus.
Source: cert9.db-journal.34.dr, cert9.db.34.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://www.mozilla.org
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://www.mozilla.org/en-US/about/gro.allizom.www.
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://www.mozilla.org/en-US/contribute/gro.allizom.www.
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://www.mozilla.org/en-US/firefox/central/gro.allizom.www.
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.

Source: unknown	Network traffic detected: HTTP traffic on port 44884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 44886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 44870
Source: unknown	Network traffic detected: HTTP traffic on port 44878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 44876 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 44894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 35930
Source: unknown	Network traffic detected: HTTP traffic on port 44874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 35930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 37696 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 33986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 33980
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58566
Source: unknown	Network traffic detected: HTTP traffic on port 35928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 33984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 39214 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 44868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 44868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 44884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 44886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 43830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 35928
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 33986
Source: unknown	Network traffic detected: HTTP traffic on port 33980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 44870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 37696
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 33984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 39214
Source: unknown	Network traffic detected: HTTP traffic on port 44872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 39208 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 39208
Source: unknown	Network traffic detected: HTTP traffic on port 43828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 43828
Source: unknown	Network traffic detected: HTTP traffic on port 43826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 43830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 43824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 43826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 44876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 43820
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 44878
Source: unknown	Network traffic detected: HTTP traffic on port 43824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 44872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 44894
Source: unknown	Network traffic detected: HTTP traffic on port 43820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 44874
Source: unknown	Network traffic detected: HTTP traffic on port 58566 -> 443

Source: unknown

HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.20:58566 version: TLS 1.2

Source: classification engine

Classification label: clean2.lin@0/73@26/0

Creates hidden files and/or directories

Source: /usr/bin/exo-open (PID: 4734)	Directory: /home/james/.Xauthority	Jump to behavior
Source: /usr/bin/exo-open (PID: 4734)	Directory: /home/james/.cache	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1 (PID: 4742)	Directory: /home/james/.Xauthority	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1 (PID: 4742)	Directory: /home/james/.cache	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1 (PID: 4742)	Directory: /home/james/.local	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1 (PID: 4742)	Directory: /home/james/.config	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4749)	Directory: /home/james/.Xauthority	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4749)	File: /tmp/firefox_james/.parentlock	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4749)	Directory: /home/james/.Xauthority	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4749)	File: /home/james/.mozilla/firefox/5zxot757.default/.parentlock	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4749)	File: /home/james/.cache/mozilla/firefox/5zxot757.default/.startup-incomplete	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4749)	Directory: /home/james/.Xdefaults-ubuntu	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4749)	Directory: /home/james/.mime.types	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4749)	Directory: /home/james/.mozilla/firefox/5zxot757.default/storage/permanent/chrome/.metadata-v2	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4749)	Directory: /home/james/.mailcap	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4749)	File: /home/james/.mozilla/firefox/5zxot757.default/storage/default/https+++qltuh.check-tl-ver-108-a.com/.metadata-tmp	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4749)	File: /home/james/.mozilla/firefox/5zxot757.default/storage/default/https+++qltuh.check-tl-ver-108-a.com/.metadata-v2-tmp	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4749)	File: /home/james/.mozilla/firefox/5zxot757.default/storage/default/https+++qltuh.check-tl-ver-108-a.com/cache/.padding	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4749)	Directory: /home/james/.cache	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4777)	Directory: /home/james/.Xauthority	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4777)	Directory: /home/james/.drirc	Jump to behavior
Source: /usr/bin/dbus-launch (PID: 4811)	Directory: /home/james/.Xauthority	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4887)	Directory: /home/james/.Xauthority	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4963)	Directory: /home/james/.Xauthority	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 5001)	Directory: /home/james/.Xauthority	Jump to behavior

Creates hidden files without content (potentially used as a mutex)

Source: /usr/lib/firefox/firefox (PID: 4749)	Empty hidden file: /tmp/firefox_james/.parentlock	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4749)	Empty hidden file: /home/james/.cache/mozilla/firefox/5zxot757.default/.startup-incomplete	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4749)	Empty hidden file: /home/james/.mozilla/firefox/5zxot757.default/.parentlock	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4749)	Empty hidden file: /home/james/.mozilla/firefox/5zxot757.default/storage/default/https+++qltuh.check-tl-ver-108-a.com/cache/.padding	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4749)	Empty hidden file: /home/james/.mozilla/firefox/5zxot757.default/storage/default/https+++qltuh.check-tl-ver-108-a.com/.metadata-tmp	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4749)	Empty hidden file: /home/james/.mozilla/firefox/5zxot757.default/storage/default/https+++qltuh.check-tl-ver-108-a.com/.metadata-v2-tmp	Jump to behavior

Uses the "uname" system call to query kernel version information (possible evasion)

Source: /usr/bin/exo-open (PID: 4734)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1 (PID: 4742)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4749)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4777)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/dbus-launch (PID: 4811)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4887)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4963)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 5001)	Queries kernel information via 'uname':	Jump to behavior

Queries the installed Ubuntu/CentOS release

Source: /usr/lib/firefox/firefox (PID: 4791)

Arguments: /usr/bin/lsb_release -> /usr/bin/python3 -Es /usr/bin/lsb_release -idrc

Jump to behavior

Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
35.244.181.201	prod.balrog.prod.cloudops.mozgcp.net	United States	15169	GOOGLEUS	false
104.21.22.55	qltuh.algiedideneb.com	United States	13335	CLOUDFLARENETUS	false
188.114.97.3	qltuh.check-tl-ver-108-a.com	European Union	13335	CLOUDFLARENETUS	false
188.114.96.3	cdnstatic.check-tl-ver-108-a.com	European Union	13335	CLOUDFLARENETUS	false
18.165.183.111	d228z91au11ukj.cloudfront.net	United States	3	MIT-GATEWAYSUS	false
3.224.72.48	airmarkcomponents.com	United States	14618	AMAZON-AESUS	false
34.107.243.93	push.services.mozilla.com	United States	15169	GOOGLEUS	false

Contacted Domains

Name	IP	Active
airmarkcomponents.com	3.224.72.48	true
prod.balrog.prod.cloudops.mozgcp.net	35.244.181.201	true
cdnstatic.check-tl-ver-108-a.com	188.114.96.3	true
push.services.mozilla.com	34.107.243.93	true
d228z91au11ukj.cloudfront.net	18.165.183.111	true
qltuh.check-tl-ver-108-a.com	188.114.97.3	true
qltuh.algiedideneb.com	104.21.22.55	true

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://qltuh.algiedideneb.com/?pl=CHiI7Gh3GUyTa8XGgNqDyQ&click_id=cr8q51ijvq38mvmg0730	false	Avira URL Cloud: safe	unknown
https://qltuh.check-tl-ver-108-a.com/space-robot/assets/apple-touch-icon.png	false	Avira URL Cloud: safe	unknown
https://qltuh.check-tl-ver-108-a.com/sw-707a7d0735647f53a9228ce50d13ab46.js	false	Avira URL Cloud: safe	unknown
https://airmarkcomponents.com/	false		unknown
https://qltuh.check-tl-ver-108-a.com/space-robot/assets/favicon-16x16.png	false	Avira URL Cloud: safe	unknown
https://push.services.mozilla.com/	false	URL Reputation: safe	unknown
https://cdnstatic.check-tl-ver-108-a.com/ps/ps.js?&edg=true&sw=&fullscreen=true&pl=true&pp=false&id=CHiI7Gh3GUyTa8XGgNqDyQ&sm=space-robot&click_id=cr8q51ijvq38mvmg0730&sub_id=&appspot=&d=https%3A%2F%2Fcdnstatic.check-tl-ver-108-a.com&timeout=180&tb=true&nrid=de31d1cd52d74e28bde7668b9e540ce5	false	Avira URL Cloud: safe	unknown
https://qltuh.check-tl-ver-108-a.com/space-robot/assets/style.css?v=5	false	Avira URL Cloud: safe	unknown
https://qltuh.check-tl-ver-108-a.com/space-robot/assets/corner.png	false	Avira URL Cloud: safe	unknown
https://cdnstatic.check-tl-ver-108-a.com/ps/config.js?id=CHiI7Gh3GUyTa8XGgNqDyQ	false	Avira URL Cloud: safe	unknown
https://qltuh.check-tl-ver-108-a.com/space-robot/assets/trls.js	false	Avira URL Cloud: safe	unknown
https://qltuh.check-tl-ver-108-a.com/shared-js/assets/static-pl.js?v=4	false	Avira URL Cloud: safe	unknown
https://qltuh.check-tl-ver-108-a.com/space-robot/assets/main.js?v=3	false	Avira URL Cloud: safe	unknown

Name	Type	MD5	SHA1	SHA256
/home/james/.cache/dconf/user	very short file (no magic)	93B885ADFE0DA089CDF634904FD59F71	5BA93C9DB0CFF93F52B521D7420E43F6EDA2784F	6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/3897E273C86B69E7EC90C667F04ACC4F68CD01F9	data	B9B0DB00D75E0B811BB44A2DC97FD26C	4BD70B826024133CCA8EA2B8016F210B771AA0D3	558FF255740982A6D9A93869988C6CFE2EA2146CF020546CA2A3F6FBD4CBC274
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/3A2B697F1FDA5E8CED55FE586EBC2F5D11E0E55F	370 sysV executable not stripped	D7F9E2F35B369C4E8A69F67B29952D82	CE3B91920F72C3E7BC28DC99BDC635BD51CB907D	AA1FF1EA185A89E61C3107C1D1255544A966818A828EE0159EAB4E1A1FA3722C
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/3D18B3B7E73CB9205101A761EB49BAE007D291B0	data	187872097041218FC7A42615FD278D12	2413752F9547B398B555FE8942EE115BCB00EAA6	FA73479482F5DCB90A72AAEAF14D57ABC876DFC9D3962B64668B76B7F3035415
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/3E1FE883C0FA3898B65C0D6FADBA039F7902FAF2	data	157B425992087CD355D1385397EFF39C	F4C68FA2344B0AD3ECCA46D969588B96721E6AA5	03820804305D7C9C316ECE6D012F94744E0170A10FEAF79A922D6A4FF3559CDF
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/3FE38C9C3C92A20A0349E3495766F11D3CA2EC60	data	51CCEE90285A0142D7C5652883E5BE5F	D9011E1141816D0E1BE63613CEE401F2E39FB35E	858C79777DF7E52AF74F662D5D684C2371FC4D0150F451330D589244828AD1EC
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/4098689E1EA45FF0094F1C8088E49251FFFF7585	data	63239619581E93A9F3A27E456E426F97	AD5C1F6DE6A1321A0DE2D72D18B6B08B1D88F8C8	15B6AABC791AA5371EEDFF1B4462118C99BB2F45745C08A033FD465F766E5898
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/8F43299B2BBC180803AAE2295F17077D2C87FC5E	data	365358615582BF184CB1E7B2D8E27698	48531FAB1421536BEB59B96C686A20EBD2F1F2AB	AF79A24F6E97EE6FC88C9B7B8597B9A76B93817E42945B50A6069E27D5EF0B03
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/A32D31641179C3E5616066431ABEF74C58BB525A	data	88505949240CE98D3E7BC95D6795460D	C0A72470BACE1A0993F63C91050D8071803245DF	41D0AA05ECF442A4D23801C4800BACAB24E87F945CE2C984F0D6BE06D8FF24D6
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/A9DB122571F6E7BBF5B17F0B73306BED943AF492	data	FEE1EF12A0AA2B54E70D7D96453CA9D4	B79DB1EC7A9DADFBE23414A6D72072E52F2E5CCF	AD9C9AA488186CF88A164B1324617EB2B0C4B56CC3319AFFC436FDDF9378B6B5
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/C389DE279BF5275924497D5B33D1F1900116E591	JSON data	1B18BCD16F8DFDA7809758987F31F66D	790C284152FBFAAB82DC8F6A76716A72AE622ECB	88E1F873EB5E554F95EF7CA9A8E600442D1633FAE2BBC4758D08BF96746634FB
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/F044322FA5BF290DD59313620194059BDC3D6C98	data	D61674916D946AFE628A53D5355432D8	B9D1CC6CA12EFF1063B05B05F1985A7B868951D6	918E7FB4AAB11D9BBA63AD6D526E6729CE1FDA3E9193D8356DE3D23ED68F12EF
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/FECDC94F0E7BAF8E66A29D10078DC7C9E82E2A2B	PNG image data, 44 x 44, 8-bit colormap, non-interlaced	EF3244F4A3764CDFC3D0CB80EEBB2B83	412405C25D9709A491873E41906D161DBABC1F23	D872E0809082BD5DCF257F3E971F17E4473B212AE79565843BFE9663B95F5D71
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/allow-flashallow-digest256.pset	data	076933FF9904D1110D896E2C525E39E5	4188442577FA77F25820D9B2D01CC446E30684AC	4CBBD8CA5215B8D161AEC181A74B694F4E24B001D5B081DC0030ED797A8973E0
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/allow-flashallow-digest256.sbstore	data	D886A47C89D9C49C795DA345BC236990	59E863E0D2B4E428D8C738D48FA0F6F7BAC36849	A03C5E2656D2F292BF5794C8EEB8D223CD6BA4F4BFB2ED1F325460E879D0BCF7
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/base-track-digest256.pset	data	076933FF9904D1110D896E2C525E39E5	4188442577FA77F25820D9B2D01CC446E30684AC	4CBBD8CA5215B8D161AEC181A74B694F4E24B001D5B081DC0030ED797A8973E0
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/base-track-digest256.sbstore	data	60985C9439E7E254CA4EAD41AD1EFF32	184C8B3263D678D854F7B05FC41FDD3267A46FD6	5DA0A3FFC814575410D0F58D9647944AF4EB0809BE9E3475CD96B94DC2B14B56
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/block-flash-digest256.pset	data	076933FF9904D1110D896E2C525E39E5	4188442577FA77F25820D9B2D01CC446E30684AC	4CBBD8CA5215B8D161AEC181A74B694F4E24B001D5B081DC0030ED797A8973E0
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/block-flash-digest256.sbstore	data	0E8FE60CCD7E9B4C32589A5743A95302	190F3BC536C9489C707AE31DA32BF86947EA5D78	2B124D4026850A3CFFD28DBACB58AEC28F7DCD4D40BC14E52BBE96D60CE4E749
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/block-flashsubdoc-digest256.pset	data	076933FF9904D1110D896E2C525E39E5	4188442577FA77F25820D9B2D01CC446E30684AC	4CBBD8CA5215B8D161AEC181A74B694F4E24B001D5B081DC0030ED797A8973E0
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/block-flashsubdoc-digest256.sbstore	data	04824A1F92353F43EBB9E7F74B7476FD	C2636E8FFA8A5256D7D1F21E147101356E783114	B48E58EBAB82E4C376F16150A3FFF850C1111FF1F5985D68819CFD6F0DB159D2
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flash-digest256.pset	data	076933FF9904D1110D896E2C525E39E5	4188442577FA77F25820D9B2D01CC446E30684AC	4CBBD8CA5215B8D161AEC181A74B694F4E24B001D5B081DC0030ED797A8973E0
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flash-digest256.sbstore	data	C921D8E98FA01B4F303481E112202E92	9D23B452AD0D06C355477CF70E3AA5D0ADFE6278	4EF1038730EC8BC7206713C29A936768831B922C5E6C83355FD62D7401D8C1DC
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flashallow-digest256.pset	data	076933FF9904D1110D896E2C525E39E5	4188442577FA77F25820D9B2D01CC446E30684AC	4CBBD8CA5215B8D161AEC181A74B694F4E24B001D5B081DC0030ED797A8973E0
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flashallow-digest256.sbstore	data	6F85BC4B2ECB49E26B0BD83A821065D0	4DF430B4D63605E41855DBCB3837A189D4CC7604	C0B3BC9B3DC507AB654CAF72D13C3AEFA58C9B13B1E4D14DD8816712D80A7E54
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flashsubdoc-digest256.pset	data	076933FF9904D1110D896E2C525E39E5	4188442577FA77F25820D9B2D01CC446E30684AC	4CBBD8CA5215B8D161AEC181A74B694F4E24B001D5B081DC0030ED797A8973E0
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flashsubdoc-digest256.sbstore	data	BA0009932844173BC8F9AF264229DF24	C8F6956FA86F4E9CF71599B735E28860245AE4B5	66D1C00C04D86E313E9A02775CDF906B1BE8D4CD6BEF423A1B9E21CC4E9F50C1
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/mozplugin-block-digest256.pset	data	076933FF9904D1110D896E2C525E39E5	4188442577FA77F25820D9B2D01CC446E30684AC	4CBBD8CA5215B8D161AEC181A74B694F4E24B001D5B081DC0030ED797A8973E0
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/mozplugin-block-digest256.sbstore	data	D6ACF2573E12AFDD7939568804D3FCC1	5C54AD3FF47C6B925E7AC17D361FE0FA60B9181E	5525CBF8F8DC41D19AC632ED324E55293A510AE0EEBA16D0E3F33C707AA58A0C
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/mozstd-trackwhite-digest256.pset	data	076933FF9904D1110D896E2C525E39E5	4188442577FA77F25820D9B2D01CC446E30684AC	4CBBD8CA5215B8D161AEC181A74B694F4E24B001D5B081DC0030ED797A8973E0
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/mozstd-trackwhite-digest256.sbstore	data	845BEDB718B8941F643BB988F640E141	DB9BC33A9C9FF6E6D3651710DC1AC8D387759D24	5083D014CC7E8CFB15D4803429A9AB5FA397E1010CE66D0C8B8215C7FC3C6FDE
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-block-simple-1.sbstore	data	E2CF527CA7550B7E7BDF7311E483A2C3	C354190BB2B8A00A6051EF2FB86E189AB053FE93	F1E07B1D717433F47073DC54A7D98E3E87B3D0FA88E53466F93EA544AF885D11
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-block-simple.pset	data	E2CECF06A89B4A6D968486F17F30DA5D	46757A7F71DCFBEB5511665F123810148727324E	E6B10FF8681FB7461557E6227D036617C7ECFC6E31A35412F8A5F72C217F318B
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-block-simple.sbstore	data	E2CF527CA7550B7E7BDF7311E483A2C3	C354190BB2B8A00A6051EF2FB86E189AB053FE93	F1E07B1D717433F47073DC54A7D98E3E87B3D0FA88E53466F93EA544AF885D11
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-harmful-simple-1.sbstore	data	051FB32DECE757BA112AC36DC72E3A91	A30D26CEE0F69FA67BF9E60BA692F4831373CC07	0806D98FB3DE55F75D7C0B17E26146567E08C483031526659A4A35D09B97EF19
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-harmful-simple.pset	data	E2CECF06A89B4A6D968486F17F30DA5D	46757A7F71DCFBEB5511665F123810148727324E	E6B10FF8681FB7461557E6227D036617C7ECFC6E31A35412F8A5F72C217F318B
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-harmful-simple.sbstore	data	051FB32DECE757BA112AC36DC72E3A91	A30D26CEE0F69FA67BF9E60BA692F4831373CC07	0806D98FB3DE55F75D7C0B17E26146567E08C483031526659A4A35D09B97EF19
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-malware-simple-1.sbstore	data	3675254E341DF799D4307C1F59109185	8711844A41A4ACE77BA0A01A4D3AF2B2E59E6A75	23D108134BED6099793F7DD6B8B6E62081EC3B945EFDBC7C5E0E779FD9B82F98
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-malware-simple.pset	data	E2CECF06A89B4A6D968486F17F30DA5D	46757A7F71DCFBEB5511665F123810148727324E	E6B10FF8681FB7461557E6227D036617C7ECFC6E31A35412F8A5F72C217F318B
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-malware-simple.sbstore	data	3675254E341DF799D4307C1F59109185	8711844A41A4ACE77BA0A01A4D3AF2B2E59E6A75	23D108134BED6099793F7DD6B8B6E62081EC3B945EFDBC7C5E0E779FD9B82F98
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-phish-simple-1.sbstore	data	3D1CE5E50208F0CB3B979186043A548F	10C66032C5ACAC22D70670B9302437141E6371EF	1E13D05D482C3D533DC6035AF2B2D6E84749412A5748D1435B70CEC8B312340B
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-phish-simple.pset	data	E2CECF06A89B4A6D968486F17F30DA5D	46757A7F71DCFBEB5511665F123810148727324E	E6B10FF8681FB7461557E6227D036617C7ECFC6E31A35412F8A5F72C217F318B
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-phish-simple.sbstore	data	3D1CE5E50208F0CB3B979186043A548F	10C66032C5ACAC22D70670B9302437141E6371EF	1E13D05D482C3D533DC6035AF2B2D6E84749412A5748D1435B70CEC8B312340B
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-track-simple-1.sbstore	data	95F28EDE25C301301F25FBBD9A3C56EC	80F7D95AFC0DE8C608F672A6837C664EF847BCD5	87763DF78772F7D750B0FA5A31EEC23E931FD3BD1CBB33BEDDFC61889DA36478
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-track-simple.pset	data	E2CECF06A89B4A6D968486F17F30DA5D	46757A7F71DCFBEB5511665F123810148727324E	E6B10FF8681FB7461557E6227D036617C7ECFC6E31A35412F8A5F72C217F318B
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-track-simple.sbstore	data	95F28EDE25C301301F25FBBD9A3C56EC	80F7D95AFC0DE8C608F672A6837C664EF847BCD5	87763DF78772F7D750B0FA5A31EEC23E931FD3BD1CBB33BEDDFC61889DA36478
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-trackwhite-simple-1.sbstore	data	65E942614EEE70680464AC4BE75019FC	7CA1B5994684A7FE37A61BC350A1FA8A89BF91DA	34395085DA32C8B4EFE9959E3B0D756B43FFED17694D66F39B966CD331BD9A94
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-trackwhite-simple.pset	data	E2CECF06A89B4A6D968486F17F30DA5D	46757A7F71DCFBEB5511665F123810148727324E	E6B10FF8681FB7461557E6227D036617C7ECFC6E31A35412F8A5F72C217F318B
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-trackwhite-simple.sbstore	data	65E942614EEE70680464AC4BE75019FC	7CA1B5994684A7FE37A61BC350A1FA8A89BF91DA	34395085DA32C8B4EFE9959E3B0D756B43FFED17694D66F39B966CD331BD9A94
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-unwanted-simple-1.sbstore	data	A5695CC64D77967232B0C1344C6E72B3	B0F151A5292D4B796668B242BF896FDBB5A24B67	042A22B8681D754671D2018BA109B31A53EE3728D48C6379043F8E3394E7FBAD
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-unwanted-simple.pset	data	E2CECF06A89B4A6D968486F17F30DA5D	46757A7F71DCFBEB5511665F123810148727324E	E6B10FF8681FB7461557E6227D036617C7ECFC6E31A35412F8A5F72C217F318B
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-unwanted-simple.sbstore	data	A5695CC64D77967232B0C1344C6E72B3	B0F151A5292D4B796668B242BF896FDBB5A24B67	042A22B8681D754671D2018BA109B31A53EE3728D48C6379043F8E3394E7FBAD
/home/james/.cache/mozilla/firefox/5zxot757.default/startupCache/webext.sc.lz4.tmp	data	DF89BE985389E4CFF234BACF93EF65A6	FDAC3EC5074F8CA56F91D34E62029D8519C40DCA	DBC40950F843FDE9FC2CF0632224D8F3C6A6E0D647786891387998F0CDA94645
/home/james/.mozilla/firefox/5zxot757.default/addonStartup.json.lz4.tmp	Mozilla lz4 compressed data, originally 1426 bytes	C03070F8A39B68E1DF90C197530147B8	CA5D078F9FE04FA46AF10505F930F1F67DEA4314	FB1ABAC28102E4FD1F7CD97C8B4135681C9BD4BA0EF1517895B278DB52BF5256
/home/james/.mozilla/firefox/5zxot757.default/cert9.db	SQLite 3.x database, last written using SQLite version 3026000, page size 32768, file counter 4, database pages 7, cookie 0x5, schema 4, UTF-8, version-valid-for 4	900211D7DE30960C2A4E0D7A47F0CFEB	D7B2DBD51226CFAEF7C845749D777E3EDEF35234	0CB8745FED8EDD90B669E5DC5CDC25C70E6B290BB4ED47DDB53C92D71044CA8E
/home/james/.mozilla/firefox/5zxot757.default/cert9.db-journal	data	D4FCFA04AE403BABF28BA585B3A205C5	F7AB07907132FAFCBB427ECD881BB29D48947292	49CBA104C7E9B8CC2844CD1CE344A479F6E10A5A437CFE823A4F71B399D369C3
/home/james/.mozilla/firefox/5zxot757.default/cookies.sqlite-wal	SQLite Write-Ahead Log, version 3007000	0724DD4DEADBF04A535E2E2433BB64AD	919362B32803883ED946FA2BFC47E66860AAFDAD	7AAB7E182A0B9E1147CBFF17B4B67B0D43C9D93AC528EE7064AA57622384F44B
/home/james/.mozilla/firefox/5zxot757.default/key4.db	SQLite 3.x database, last written using SQLite version 3026000, page size 32768, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3	EC5B6A46DBCCE619CA3B776BE7A7F16B	14D5CEE4CA91C4A4818A20203BC779A443B6C735	D0680E842ACAC8BA47E02C4683999E3A047C9F74707080CF0391D74E5323F020
/home/james/.mozilla/firefox/5zxot757.default/key4.db-journal	data	1CF6A091976C55A8867D04C06A1552B7	5AC77CE073825BEDDD649BB55A1D567487048148	F444A4725C10D760769EC8463C93CCD637C705DD26BC405B73BB945D5A4B1A37
/home/james/.mozilla/firefox/5zxot757.default/permissions.sqlite	SQLite 3.x database, user version 9, last written using SQLite version 3026000, page size 32768, file counter 5, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 5	3EC564DFFB31A761D90CC78B79A12619	179B48158BB8B9FAB1422D40C9B0618307AC0C5B	18A9301EDE2C87FC24D9CE4EB1DC710DE2CD13C9DC57C46B0D88F08F8EC0CB91
/home/james/.mozilla/firefox/5zxot757.default/permissions.sqlite-journal	data	482174F38972805841B37A669EE721A2	880CD3F19847407EE6A3F17C25687775DA319C8E	DDF5F22A5AF27349B22042DE2B4AC0A15D33D56D027A9A180ACEBA0CB02821E2
/home/james/.mozilla/firefox/5zxot757.default/places.sqlite-wal	SQLite Write-Ahead Log, version 3007000	091531750E6E2383ACCE43E725FA104B	A600912A1B3946F48658CAC2B87CB4E2DF00813D	9B4BBC1D9D33C9D770DA79D2FABF90DE215CD285FB7BD40E1715F558B68C72B0
/home/james/.mozilla/firefox/5zxot757.default/prefs-1.js	ASCII text, with very long lines (663)	9CCFA8D6DA0310CC749E788358E8B2EF	F8270391E07A875D0F0A4567BBACACCE729E061A	C43888E993E3960DCF280DF5448A1977024AFAD115C25212ACE5FE0C5B8AAB24
/home/james/.mozilla/firefox/5zxot757.default/sessionCheckpoints.json.tmp	JSON data	C0E4C22C50DD21142F57714EF49B8713	06B77307DCA5C889EA279243E74730CBC10801BE	6FE46B65B76B3DF32D8392853740B35ED75B6E23F4FBD6F45F3EFA1D496E6717
/proc/4887/gid_map	ASCII text, with no line terminators	54258652109C33FE06188083A3EC23F4	013EC30A95D66C56642C193613A829B746982601	C459EBB6CF3917EFB05A2E72EF25E223BE9B78780B1CE0CAACCE49C773DF199E
/proc/4887/setgroups	ASCII text, with no line terminators	05AFB6CE69B9CEF1BD6ECE7E4745F96C	1D16DC2DCC6851208C1B981E2EC377250A4A0CC5	3026A0CA485E5831657BA0120FA8DD66B3425427BFB0A2BE0DB743E2305CC7C5
/proc/4887/uid_map	ASCII text, with no line terminators	54258652109C33FE06188083A3EC23F4	013EC30A95D66C56642C193613A829B746982601	C459EBB6CF3917EFB05A2E72EF25E223BE9B78780B1CE0CAACCE49C773DF199E
/proc/4963/gid_map	ASCII text, with no line terminators	54258652109C33FE06188083A3EC23F4	013EC30A95D66C56642C193613A829B746982601	C459EBB6CF3917EFB05A2E72EF25E223BE9B78780B1CE0CAACCE49C773DF199E
/proc/4963/setgroups	ASCII text, with no line terminators	05AFB6CE69B9CEF1BD6ECE7E4745F96C	1D16DC2DCC6851208C1B981E2EC377250A4A0CC5	3026A0CA485E5831657BA0120FA8DD66B3425427BFB0A2BE0DB743E2305CC7C5
/proc/4963/uid_map	ASCII text, with no line terminators	54258652109C33FE06188083A3EC23F4	013EC30A95D66C56642C193613A829B746982601	C459EBB6CF3917EFB05A2E72EF25E223BE9B78780B1CE0CAACCE49C773DF199E
/proc/5001/gid_map	ASCII text, with no line terminators	54258652109C33FE06188083A3EC23F4	013EC30A95D66C56642C193613A829B746982601	C459EBB6CF3917EFB05A2E72EF25E223BE9B78780B1CE0CAACCE49C773DF199E
/proc/5001/setgroups	ASCII text, with no line terminators	05AFB6CE69B9CEF1BD6ECE7E4745F96C	1D16DC2DCC6851208C1B981E2EC377250A4A0CC5	3026A0CA485E5831657BA0120FA8DD66B3425427BFB0A2BE0DB743E2305CC7C5
/proc/5001/uid_map	ASCII text, with no line terminators	54258652109C33FE06188083A3EC23F4	013EC30A95D66C56642C193613A829B746982601	C459EBB6CF3917EFB05A2E72EF25E223BE9B78780B1CE0CAACCE49C773DF199E

Source: unknown

HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.20:58566 version: TLS 1.2

Reads the 'hosts' file potentially containing internal network hosts

Source: /usr/lib/firefox/firefox (PID: 4749)

Reads hosts file: /etc/hosts

Jump to behavior

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: airmarkcomponents.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-aliveUpgrade-Insecure-Requests: 1
Source: global traffic	HTTP traffic detected: GET /6/Firefox/66.0.3/20190410113011/Linux_x86_64-gcc3/en-US/release-cck-ubuntu/Linux%204.4.0-116-generic%20(GTK%203.18.9%2Clibpulse%208.0.0)/canonical/1.0/ HTTP/1.1Host: snippets.cdn.mozilla.netUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /?pl=CHiI7Gh3GUyTa8XGgNqDyQ&click_id=cr8q51ijvq38mvmg0730 HTTP/1.1Host: qltuh.algiedideneb.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-aliveUpgrade-Insecure-Requests: 1
Source: global traffic	HTTP traffic detected: GET /space-robot/?pl=CHiI7Gh3GUyTa8XGgNqDyQ&sm=space-robot&click_id=cr8q51ijvq38mvmg0730&nrid=de31d1cd52d74e28bde7668b9e540ce5&hash=s38RJoCM1jVSTvs8F6cz6w&exp=1725014963 HTTP/1.1Host: qltuh.check-tl-ver-108-a.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-aliveUpgrade-Insecure-Requests: 1
Source: global traffic	HTTP traffic detected: GET /us-west/bundles-pregen/Firefox/en-us/default.json HTTP/1.1Host: snippets.cdn.mozilla.netUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /space-robot/assets/trls.js HTTP/1.1Host: qltuh.check-tl-ver-108-a.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: https://qltuh.check-tl-ver-108-a.com/space-robot/?pl=CHiI7Gh3GUyTa8XGgNqDyQ&sm=space-robot&click_id=cr8q51ijvq38mvmg0730&nrid=de31d1cd52d74e28bde7668b9e540ce5&hash=s38RJoCM1jVSTvs8F6cz6w&exp=1725014963Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /space-robot/assets/style.css?v=5 HTTP/1.1Host: qltuh.check-tl-ver-108-a.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: text/css,/;q=0.1Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: https://qltuh.check-tl-ver-108-a.com/space-robot/?pl=CHiI7Gh3GUyTa8XGgNqDyQ&sm=space-robot&click_id=cr8q51ijvq38mvmg0730&nrid=de31d1cd52d74e28bde7668b9e540ce5&hash=s38RJoCM1jVSTvs8F6cz6w&exp=1725014963Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /space-robot/assets/main.js?v=3 HTTP/1.1Host: qltuh.check-tl-ver-108-a.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: https://qltuh.check-tl-ver-108-a.com/space-robot/?pl=CHiI7Gh3GUyTa8XGgNqDyQ&sm=space-robot&click_id=cr8q51ijvq38mvmg0730&nrid=de31d1cd52d74e28bde7668b9e540ce5&hash=s38RJoCM1jVSTvs8F6cz6w&exp=1725014963Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shared-js/assets/static-pl.js?v=4 HTTP/1.1Host: qltuh.check-tl-ver-108-a.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: https://qltuh.check-tl-ver-108-a.com/space-robot/?pl=CHiI7Gh3GUyTa8XGgNqDyQ&sm=space-robot&click_id=cr8q51ijvq38mvmg0730&nrid=de31d1cd52d74e28bde7668b9e540ce5&hash=s38RJoCM1jVSTvs8F6cz6w&exp=1725014963Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /space-robot/assets/corner.png HTTP/1.1Host: qltuh.check-tl-ver-108-a.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: image/webp,/Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: https://qltuh.check-tl-ver-108-a.com/space-robot/?pl=CHiI7Gh3GUyTa8XGgNqDyQ&sm=space-robot&click_id=cr8q51ijvq38mvmg0730&nrid=de31d1cd52d74e28bde7668b9e540ce5&hash=s38RJoCM1jVSTvs8F6cz6w&exp=1725014963Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /ps/ps.js?&edg=true&sw=&fullscreen=true&pl=true&pp=false&id=CHiI7Gh3GUyTa8XGgNqDyQ&sm=space-robot&click_id=cr8q51ijvq38mvmg0730&sub_id=&appspot=&d=https%3A%2F%2Fcdnstatic.check-tl-ver-108-a.com&timeout=180&tb=true&nrid=de31d1cd52d74e28bde7668b9e540ce5 HTTP/1.1Host: cdnstatic.check-tl-ver-108-a.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: https://qltuh.check-tl-ver-108-a.com/space-robot/?pl=CHiI7Gh3GUyTa8XGgNqDyQ&sm=space-robot&click_id=cr8q51ijvq38mvmg0730&nrid=de31d1cd52d74e28bde7668b9e540ce5&hash=s38RJoCM1jVSTvs8F6cz6w&exp=1725014963Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /space-robot/assets/apple-touch-icon.png HTTP/1.1Host: qltuh.check-tl-ver-108-a.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: image/webp,/Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /space-robot/assets/favicon-16x16.png HTTP/1.1Host: qltuh.check-tl-ver-108-a.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: image/webp,/Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /ps/config.js?id=CHiI7Gh3GUyTa8XGgNqDyQ HTTP/1.1Host: cdnstatic.check-tl-ver-108-a.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: https://qltuh.check-tl-ver-108-a.com/space-robot/?pl=CHiI7Gh3GUyTa8XGgNqDyQ&sm=space-robot&click_id=cr8q51ijvq38mvmg0730&nrid=de31d1cd52d74e28bde7668b9e540ce5&hash=s38RJoCM1jVSTvs8F6cz6w&exp=1725014963Connection: keep-aliveCookie: __psu=5bae6dc6-cff2-4d35-8c46-e4e147c7e338
Source: global traffic	HTTP traffic detected: GET /sw-707a7d0735647f53a9228ce50d13ab46.js HTTP/1.1Host: qltuh.check-tl-ver-108-a.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brService-Worker: scriptConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /update/3/GMP/66.0.3/20190410113011/Linux_x86_64-gcc3/null/release-cck-ubuntu/Linux%204.4.0-116-generic%20(GTK%203.18.9%2Clibpulse%208.0.0)/canonical/1.0/update.xml HTTP/1.1Host: aus5.mozilla.orgUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: push.services.mozilla.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brSec-WebSocket-Version: 13Origin: wss://push.services.mozilla.com/Sec-WebSocket-Protocol: push-notificationSec-WebSocket-Extensions: permessage-deflateSec-WebSocket-Key: c6kBy8Q962evQN09480c7A==Connection: keep-alive, UpgradePragma: no-cacheCache-Control: no-cacheUpgrade: websocket
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: push.services.mozilla.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brSec-WebSocket-Version: 13Origin: wss://push.services.mozilla.com/Sec-WebSocket-Protocol: push-notificationSec-WebSocket-Extensions: permessage-deflateSec-WebSocket-Key: m+gHMIH+bM+IXrbp144tUg==Connection: keep-alive, UpgradePragma: no-cacheCache-Control: no-cacheUpgrade: websocket
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: push.services.mozilla.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brSec-WebSocket-Version: 13Origin: wss://push.services.mozilla.com/Sec-WebSocket-Protocol: push-notificationSec-WebSocket-Extensions: permessage-deflateSec-WebSocket-Key: gzH4mgj0m04q25/HFLUzOQ==Connection: keep-alive, UpgradePragma: no-cacheCache-Control: no-cacheUpgrade: websocket
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: push.services.mozilla.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brSec-WebSocket-Version: 13Origin: wss://push.services.mozilla.com/Sec-WebSocket-Protocol: push-notificationSec-WebSocket-Extensions: permessage-deflateSec-WebSocket-Key: 2m+e3cL0QOajGC13MGedSQ==Connection: keep-alive, UpgradePragma: no-cacheCache-Control: no-cacheUpgrade: websocket
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: push.services.mozilla.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brSec-WebSocket-Version: 13Origin: wss://push.services.mozilla.com/Sec-WebSocket-Protocol: push-notificationSec-WebSocket-Extensions: permessage-deflateSec-WebSocket-Key: mG0Ahy8ERvDWimCnq72XWQ==Connection: keep-alive, UpgradePragma: no-cacheCache-Control: no-cacheUpgrade: websocket

Source: global traffic	DNS traffic detected: DNS query: airmarkcomponents.com
Source: global traffic	DNS traffic detected: DNS query: qltuh.algiedideneb.com
Source: global traffic	DNS traffic detected: DNS query: qltuh.check-tl-ver-108-a.com
Source: global traffic	DNS traffic detected: DNS query: cdnstatic.check-tl-ver-108-a.com
Source: global traffic	DNS traffic detected: DNS query: push.services.mozilla.com

Source: cert9.db-journal.34.dr, cert9.db.34.dr	String found in binary or memory: http://crl.pki.goog/gsr2/gsr2.crl0?
Source: cert9.db-journal.34.dr, cert9.db.34.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: cert9.db-journal.34.dr, cert9.db.34.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl0=
Source: cert9.db-journal.34.dr, cert9.db.34.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: cert9.db-journal.34.dr, cert9.db.34.dr	String found in binary or memory: http://ocsp.pki.goog/gsr202
Source: places.sqlite-wal.34.dr	String found in binary or memory: http://wiki.ubuntu.com
Source: places.sqlite-wal.34.dr	String found in binary or memory: http://wiki.ubuntu.com/moc.utnubu.ikiw.
Source: places.sqlite-wal.34.dr	String found in binary or memory: http://www.debian.org
Source: places.sqlite-wal.34.dr	String found in binary or memory: http://www.debian.org/gro.naibed.www.
Source: places.sqlite-wal.34.dr	String found in binary or memory: http://www.ubuntu.com
Source: places.sqlite-wal.34.dr	String found in binary or memory: http://www.ubuntu.com/moc.utnubu.www.
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://airmarkcomponents.com
Source: 3A2B697F1FDA5E8CED55FE586EBC2F5D11E0E55F.34.dr, F044322FA5BF290DD59313620194059BDC3D6C98.34.dr	String found in binary or memory: https://airmarkcomponents.com/
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://airmarkcomponents.com/moc.stnenopmockramria.
Source: F044322FA5BF290DD59313620194059BDC3D6C98.34.dr	String found in binary or memory: https://airmarkcomponents.com/predictor::seen1
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://answers.launchpad.net
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://answers.launchpad.net/ubuntu/
Source: 3D18B3B7E73CB9205101A761EB49BAE007D291B0.34.dr	String found in binary or memory: https://cdnstatic.check-tl-ver-108-a.com/ps/ps.js?&edg=true&sw=&fullscreen=true&pl=true&pp=false&id=
Source: 8F43299B2BBC180803AAE2295F17077D2C87FC5E.34.dr, 3FE38C9C3C92A20A0349E3495766F11D3CA2EC60.34.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Source: 3FE38C9C3C92A20A0349E3495766F11D3CA2EC60.34.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff21
Source: webext.sc.lz4.tmp.34.dr	String found in binary or memory: https://github.com/
Source: 3E1FE883C0FA3898B65C0D6FADBA039F7902FAF2.34.dr	String found in binary or memory: https://js.streampsh.top
Source: 3E1FE883C0FA3898B65C0D6FADBA039F7902FAF2.34.dr	String found in binary or memory: https://mbtrk1.com/click.php?key=7ef1qd1lvftdju4n985s&tracker=pushlink-placeholder-
Source: cert9.db-journal.34.dr, cert9.db.34.dr	String found in binary or memory: https://pki.goog/repository/0
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://qltuh.algiedideneb.com
Source: 3A2B697F1FDA5E8CED55FE586EBC2F5D11E0E55F.34.dr	String found in binary or memory: https://qltuh.algiedideneb.com/?pl=CHiI7Gh3GUyTa8XGgNqDyQ&click_id=cr8q51ijvq38mvmg0730
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://qltuh.algiedideneb.com/?pl=CHiI7Gh3GUyTa8XGgNqDyQ&click_id=cr8q51ijvq38mvmg0730moc.benedidei
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://qltuh.check-tl-ver-108-a.com
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://qltuh.check-tl-ver-108-a.com($
Source: 3FE38C9C3C92A20A0349E3495766F11D3CA2EC60.34.dr, 3E1FE883C0FA3898B65C0D6FADBA039F7902FAF2.34.dr	String found in binary or memory: https://qltuh.check-tl-ver-108-a.com/shared-js/assets/static-pl.js?v=4
Source: 3FE38C9C3C92A20A0349E3495766F11D3CA2EC60.34.dr	String found in binary or memory: https://qltuh.check-tl-ver-108-a.com/shared-js/assets/static-pl.js?v=41
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://qltuh.check-tl-ver-108-a.com/space-robot/?pl=CHiI7Gh3GUyTa8XGgNqDyQ&sm=space-robot&click_id=
Source: 3FE38C9C3C92A20A0349E3495766F11D3CA2EC60.34.dr, FECDC94F0E7BAF8E66A29D10078DC7C9E82E2A2B.34.dr	String found in binary or memory: https://qltuh.check-tl-ver-108-a.com/space-robot/assets/corner.png
Source: 3FE38C9C3C92A20A0349E3495766F11D3CA2EC60.34.dr	String found in binary or memory: https://qltuh.check-tl-ver-108-a.com/space-robot/assets/corner.png1
Source: 3FE38C9C3C92A20A0349E3495766F11D3CA2EC60.34.dr, A9DB122571F6E7BBF5B17F0B73306BED943AF492.34.dr	String found in binary or memory: https://qltuh.check-tl-ver-108-a.com/space-robot/assets/main.js?v=3
Source: 3FE38C9C3C92A20A0349E3495766F11D3CA2EC60.34.dr	String found in binary or memory: https://qltuh.check-tl-ver-108-a.com/space-robot/assets/main.js?v=31
Source: 3FE38C9C3C92A20A0349E3495766F11D3CA2EC60.34.dr, 3897E273C86B69E7EC90C667F04ACC4F68CD01F9.34.dr	String found in binary or memory: https://qltuh.check-tl-ver-108-a.com/space-robot/assets/style.css?v=5
Source: 3FE38C9C3C92A20A0349E3495766F11D3CA2EC60.34.dr	String found in binary or memory: https://qltuh.check-tl-ver-108-a.com/space-robot/assets/style.css?v=51
Source: 3FE38C9C3C92A20A0349E3495766F11D3CA2EC60.34.dr, A32D31641179C3E5616066431ABEF74C58BB525A.34.dr	String found in binary or memory: https://qltuh.check-tl-ver-108-a.com/space-robot/assets/trls.js
Source: 3FE38C9C3C92A20A0349E3495766F11D3CA2EC60.34.dr	String found in binary or memory: https://qltuh.check-tl-ver-108-a.com/space-robot/assets/trls.js1
Source: 4098689E1EA45FF0094F1C8088E49251FFFF7585.34.dr	String found in binary or memory: https://snippets.cdn.mozilla.net/6/Firefox/66.0.3/20190410113011/Linux_x86_64-gcc3/en-US/release-cck
Source: C389DE279BF5275924497D5B33D1F1900116E591.34.dr, 4098689E1EA45FF0094F1C8088E49251FFFF7585.34.dr	String found in binary or memory: https://snippets.cdn.mozilla.net/us-west/bundles-pregen/Firefox/en-us/default.json
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://support.mozilla.org
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://support.mozilla.org/en-US/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=fire
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://support.mozilla.org/en-US/products/firefoxgro.allizom.troppus.
Source: cert9.db-journal.34.dr, cert9.db.34.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://www.mozilla.org
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://www.mozilla.org/en-US/about/gro.allizom.www.
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://www.mozilla.org/en-US/contribute/gro.allizom.www.
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://www.mozilla.org/en-US/firefox/central/gro.allizom.www.
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.

Source: unknown	Network traffic detected: HTTP traffic on port 44884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 44886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 44870
Source: unknown	Network traffic detected: HTTP traffic on port 44878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 44876 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 44894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 35930
Source: unknown	Network traffic detected: HTTP traffic on port 44874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 35930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 37696 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 33986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 33980
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58566
Source: unknown	Network traffic detected: HTTP traffic on port 35928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 33984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 39214 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 44868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 44868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 44884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 44886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 43830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 35928
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 33986
Source: unknown	Network traffic detected: HTTP traffic on port 33980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 44870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 37696
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 33984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 39214
Source: unknown	Network traffic detected: HTTP traffic on port 44872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 39208 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 39208
Source: unknown	Network traffic detected: HTTP traffic on port 43828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 43828
Source: unknown	Network traffic detected: HTTP traffic on port 43826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 43830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 43824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 43826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 44876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 43820
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 44878
Source: unknown	Network traffic detected: HTTP traffic on port 43824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 44872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 44894
Source: unknown	Network traffic detected: HTTP traffic on port 43820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 44874
Source: unknown	Network traffic detected: HTTP traffic on port 58566 -> 443

Source: unknown

HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.20:58566 version: TLS 1.2

Source: classification engine

Classification label: clean2.lin@0/73@26/0

Creates hidden files and/or directories

Source: /usr/bin/exo-open (PID: 4734)	Directory: /home/james/.Xauthority	Jump to behavior
Source: /usr/bin/exo-open (PID: 4734)	Directory: /home/james/.cache	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1 (PID: 4742)	Directory: /home/james/.Xauthority	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1 (PID: 4742)	Directory: /home/james/.cache	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1 (PID: 4742)	Directory: /home/james/.local	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1 (PID: 4742)	Directory: /home/james/.config	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4749)	Directory: /home/james/.Xauthority	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4749)	File: /tmp/firefox_james/.parentlock	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4749)	Directory: /home/james/.Xauthority	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4749)	File: /home/james/.mozilla/firefox/5zxot757.default/.parentlock	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4749)	File: /home/james/.cache/mozilla/firefox/5zxot757.default/.startup-incomplete	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4749)	Directory: /home/james/.Xdefaults-ubuntu	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4749)	Directory: /home/james/.mime.types	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4749)	Directory: /home/james/.mozilla/firefox/5zxot757.default/storage/permanent/chrome/.metadata-v2	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4749)	Directory: /home/james/.mailcap	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4749)	File: /home/james/.mozilla/firefox/5zxot757.default/storage/default/https+++qltuh.check-tl-ver-108-a.com/.metadata-tmp	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4749)	File: /home/james/.mozilla/firefox/5zxot757.default/storage/default/https+++qltuh.check-tl-ver-108-a.com/.metadata-v2-tmp	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4749)	File: /home/james/.mozilla/firefox/5zxot757.default/storage/default/https+++qltuh.check-tl-ver-108-a.com/cache/.padding	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4749)	Directory: /home/james/.cache	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4777)	Directory: /home/james/.Xauthority	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4777)	Directory: /home/james/.drirc	Jump to behavior
Source: /usr/bin/dbus-launch (PID: 4811)	Directory: /home/james/.Xauthority	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4887)	Directory: /home/james/.Xauthority	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4963)	Directory: /home/james/.Xauthority	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 5001)	Directory: /home/james/.Xauthority	Jump to behavior

Creates hidden files without content (potentially used as a mutex)

Source: /usr/lib/firefox/firefox (PID: 4749)	Empty hidden file: /tmp/firefox_james/.parentlock	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4749)	Empty hidden file: /home/james/.cache/mozilla/firefox/5zxot757.default/.startup-incomplete	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4749)	Empty hidden file: /home/james/.mozilla/firefox/5zxot757.default/.parentlock	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4749)	Empty hidden file: /home/james/.mozilla/firefox/5zxot757.default/storage/default/https+++qltuh.check-tl-ver-108-a.com/cache/.padding	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4749)	Empty hidden file: /home/james/.mozilla/firefox/5zxot757.default/storage/default/https+++qltuh.check-tl-ver-108-a.com/.metadata-tmp	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4749)	Empty hidden file: /home/james/.mozilla/firefox/5zxot757.default/storage/default/https+++qltuh.check-tl-ver-108-a.com/.metadata-v2-tmp	Jump to behavior

Uses the "uname" system call to query kernel version information (possible evasion)

Source: /usr/bin/exo-open (PID: 4734)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1 (PID: 4742)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4749)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4777)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/dbus-launch (PID: 4811)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4887)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4963)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 5001)	Queries kernel information via 'uname':	Jump to behavior

Queries the installed Ubuntu/CentOS release

Source: /usr/lib/firefox/firefox (PID: 4791)

Arguments: /usr/bin/lsb_release -> /usr/bin/python3 -Es /usr/bin/lsb_release -idrc

Jump to behavior

ID:	1501760
Product:	CloudBasic
Start time:	12:43:44
Start date:	30.08.2024
Cookbook:	browseurl.jbs
System description:	Ubuntu Linux 16.04 x64 (Kernel 4.4.0-116, Firefox 88.0, Document Viewer 3.18.2, LibreOffice 5.1.6.2, OpenJDK 1.8.0_171)
Architecture:	LINUX

Linux Analysis Report
https://airmarkcomponents.com/

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Networking

System Summary

Persistence and Installation Behavior

Malware Analysis System Evasion

Language, Device and Operating System Detection

Screenshots

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Linux Analysis Report https://airmarkcomponents.com/

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Networking

System Summary

Persistence and Installation Behavior

Malware Analysis System Evasion

Language, Device and Operating System Detection

Screenshots

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Linux Analysis Report
https://airmarkcomponents.com/