Linux Analysis Report
http://selfservicegeneraligroup.com

Overview

General Information

Sample URL:	http://selfservicegeneraligroup.com
Analysis ID:	1427195
Infos:

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false

Signatures

Creates hidden files and/or directories

Creates hidden files without content (potentially used as a mutex)

Queries the installed Ubuntu/CentOS release

Reads the 'hosts' file potentially containing internal network hosts

Uses the "uname" system call to query kernel version information (possible evasion)

Classification

Signatures

Source: unknown

HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.20:58570 version: TLS 1.2

Reads the 'hosts' file potentially containing internal network hosts

Source: /usr/lib/firefox/firefox (PID: 4800)

Reads hosts file: /etc/hosts

Jump to behavior

Source: global traffic	HTTP traffic detected: GET /6/Firefox/66.0.3/20190410113011/Linux_x86_64-gcc3/en-US/release-cck-ubuntu/Linux%204.4.0-116-generic%20(GTK%203.18.9%2Clibpulse%208.0.0)/canonical/1.0/ HTTP/1.1Host: snippets.cdn.mozilla.netUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /us-west/bundles-pregen/Firefox/en-us/default.json HTTP/1.1Host: snippets.cdn.mozilla.netUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /afs/ads?adtest=off&psid=1167268112&pcsa=false&channel=000002%2C000003%2C002843%2Cbucket003&client=dp-teaminternet04_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fselfservicegeneraligroup.com%2F%3Fts%3DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMDN8fHx8fHw2NjFmNmQ4NDliZTQ3fHx8MTcxMzMzNTY4NC43MjYxfGQzNmE5ZjgxODMwYTBiNmNhNDkwMWY4MjU0MzQzODUzNTIyYjUxN2J8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fFpIQXRkR1ZoYldsdWRHVnlibVYwTURSZk0zQm98ZDgyZjM2MWZiZjFhMmNkYjk1Y2Y3NmRjNjczMTAzZDYzZWVlNTdiZHwwfDB8fDB8fHwwfDB8VzEwPXx8MXxXMTA9fDEwMDIxZjAxZTdjYWU3ZTgxMmFhMzg3N2NhOGZhYzEyZmFjMGYxZDh8MHxkcC10ZWFtaW50ZXJuZXQwNF8zcGh8MHwwfHw%253D&terms=Self%20Service%20Software%2C%E2%80%AASAP%20Netweaver%2COnline%20Registration%20Software%2CHelp%20Desk%20Ticket%20System%2COnboarding%20Software&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2105895058331848&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17301437%2C17301439%2C17301442%2C17301447%2C17301481&client_gdprApplies=0&format=r3%7Cs&nocache=6991713335685068&num=0&output=afd_ads&domain_name=selfservicegeneraligroup.com&v=3&bsl=8&pac=2&u_his=1&u_tz=120&dt=1713335685071&u_w=1024&u_h=768&biw=1009&bih=616&psw=1009&psh=760&frm=0&uio=--&cont=tc&drt=0&jsid=caf&jsv=623135625&rurl=http%3A%2F%2Fselfservicegeneraligroup.com%2F HTTP/1.1Host: www.adsensecustomsearchads.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: http://selfservicegeneraligroup.com/Connection: keep-aliveUpgrade-Insecure-Requests: 1
Source: global traffic	HTTP traffic detected: GET /sorry/index?continue=https://www.adsensecustomsearchads.com/afs/ads%3Fadtest%3Doff%26psid%3D1167268112%26pcsa%3Dfalse%26channel%3D000002%252C000003%252C002843%252Cbucket003%26client%3Ddp-teaminternet04_3ph%26r%3Dm%26hl%3Den%26rpbu%3Dhttp%253A%252F%252Fselfservicegeneraligroup.com%252F%253Fts%253DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMDN8fHx8fHw2NjFmNmQ4NDliZTQ3fHx8MTcxMzMzNTY4NC43MjYxfGQzNmE5ZjgxODMwYTBiNmNhNDkwMWY4MjU0MzQzODUzNTIyYjUxN2J8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fFpIQXRkR1ZoYldsdWRHVnlibVYwTURSZk0zQm98ZDgyZjM2MWZiZjFhMmNkYjk1Y2Y3NmRjNjczMTAzZDYzZWVlNTdiZHwwfDB8fDB8fHwwfDB8VzEwPXx8MXxXMTA9fDEwMDIxZjAxZTdjYWU3ZTgxMmFhMzg3N2NhOGZhYzEyZmFjMGYxZDh8MHxkcC10ZWFtaW50ZXJuZXQwNF8zcGh8MHwwfHw%25253D%26terms%3DSelf%2520Service%2520Software%252C%25E2%2580%25AASAP%2520Netweaver%252COnline%2520Registration%2520Software%252CHelp%2520Desk%2520Ticket%2520System%252COnboarding%2520Software%26max_radlink_len%3D40%26type%3D3%26uiopt%3Dtrue%26swp%3Das-drid-2105895058331848%26oe%3DUTF-8%26ie%3DUTF-8%26fexp%3D21404%252C17300002%252C17301437%252C17301439%252C17301442%252C17301447%252C17301481%26client_gdprApplies%3D0%26format%3Dr3%257Cs%26nocache%3D6991713335685068%26num%3D0%26output%3Dafd_ads%26domain_name%3Dselfservicegeneraligroup.com%26v%3D3%26bsl%3D8%26pac%3D2%26u_his%3D1%26u_tz%3D120%26dt%3D1713335685071%26u_w%3D1024%26u_h%3D768%26biw%3D1009%26bih%3D616%26psw%3D1009%26psh%3D760%26frm%3D0%26uio%3D--%26cont%3Dtc%26drt%3D0%26jsid%3Dcaf%26jsv%3D623135625%26rurl%3Dhttp%253A%252F%252Fselfservicegeneraligroup.com%252F&hl=en&q=EgRRtTk0GIbb_bAGIjACT3pJr805dBCkFxpsUUbhs3ktDDg8TsCyOJ_pdYRyWxV3VGpU2xuczbiWeH2bz_IyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: http://selfservicegeneraligroup.com/Connection: keep-aliveUpgrade-Insecure-Requests: 1
Source: global traffic	HTTP traffic detected: GET /recaptcha/api.js HTTP/1.1Host: www.google.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: https://www.google.com/sorry/index?continue=https://www.adsensecustomsearchads.com/afs/ads%3Fadtest%3Doff%26psid%3D1167268112%26pcsa%3Dfalse%26channel%3D000002%252C000003%252C002843%252Cbucket003%26client%3Ddp-teaminternet04_3ph%26r%3Dm%26hl%3Den%26rpbu%3Dhttp%253A%252F%252Fselfservicegeneraligroup.com%252F%253Fts%253DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMDN8fHx8fHw2NjFmNmQ4NDliZTQ3fHx8MTcxMzMzNTY4NC43MjYxfGQzNmE5ZjgxODMwYTBiNmNhNDkwMWY4MjU0MzQzODUzNTIyYjUxN2J8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fFpIQXRkR1ZoYldsdWRHVnlibVYwTURSZk0zQm98ZDgyZjM2MWZiZjFhMmNkYjk1Y2Y3NmRjNjczMTAzZDYzZWVlNTdiZHwwfDB8fDB8fHwwfDB8VzEwPXx8MXxXMTA9fDEwMDIxZjAxZTdjYWU3ZTgxMmFhMzg3N2NhOGZhYzEyZmFjMGYxZDh8MHxkcC10ZWFtaW50ZXJuZXQwNF8zcGh8MHwwfHw%25253D%26terms%3DSelf%2520Service%2520Software%252C%25E2%2580%25AASAP%2520Netweaver%252COnline%2520Registration%2520Software%252CHelp%2520Desk%2520Ticket%2520System%252COnboarding%2520Software%26max_radlink_len%3D40%26type%3D3%26uiopt%3Dtrue%26swp%3Das-drid-2105895058331848%26oe%3DUTF-8%26ie%3DUTF-8%26fexp%3D21404%252C17300002%252C17301437%252C17301439%252C17301442%252C17301447%252C17301481%26client_gdprApplies%3D0%26format%3Dr3%257Cs%26nocache%3D6991713335685068%26num%3D0%26output%3Dafd_ads%26domain_name%3Dselfservicegeneraligroup.com%26v%3D3%26bsl%3D8%26pac%3D2%26u_his%3D1%26u_tz%3D120%26dt%3D1713335685071%26u_w%3D1024%26u_h%3D768%26biw%3D1009%26bih%3D616%26psw%3D1009%26psh%3D760%26frm%3D0%26uio%3D--%26cont%3Dtc%26drt%3D0%26jsid%3Dcaf%26jsv%3D623135625%26rurl%3Dhttp%253A%252F%252Fselfservicegeneraligroup.com%252F&hl=en&q=EgRRtTk0GIbb_bAGIjACT3pJr805dBCkFxpsUUbhs3ktDDg8TsCyOJ_pdYRyWxV3VGpU2xuczbiWeH2bz_IyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUMConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo0NDM.&hl=en&v=rz4DvU-cY2JYCwHSTck0_qm-&size=normal&s=jkYMcceTXa5O0Ql5TftRgDmCgYkPz5gGnrn2IIvbdOT5roe8FKflJH_PAW-QVZa5Jwb9eM13c_0L5Xi4NoFS5624IVNSJIkoPhiOXF6CApz132Cvk-SDE7By3vUrqTv1kZs2ozuzya1IxyTNJn5SQzaL5kDm2Pev9GvHZppY7Sm0XFSYrqIwuN1tSab_ilre7pcGth-Hes5VC3LxDbe7XIbvTKm1-36FKWTciH9JkpVGWXvckVfM5KxkkqBi4PrNUa4aVXYgvR7o70yzur7iGGautLlBMog&cb=yc2zn4iualcv HTTP/1.1Host: www.google.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: https://www.google.com/sorry/index?continue=https://www.adsensecustomsearchads.com/afs/ads%3Fadtest%3Doff%26psid%3D1167268112%26pcsa%3Dfalse%26channel%3D000002%252C000003%252C002843%252Cbucket003%26client%3Ddp-teaminternet04_3ph%26r%3Dm%26hl%3Den%26rpbu%3Dhttp%253A%252F%252Fselfservicegeneraligroup.com%252F%253Fts%253DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMDN8fHx8fHw2NjFmNmQ4NDliZTQ3fHx8MTcxMzMzNTY4NC43MjYxfGQzNmE5ZjgxODMwYTBiNmNhNDkwMWY4MjU0MzQzODUzNTIyYjUxN2J8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fFpIQXRkR1ZoYldsdWRHVnlibVYwTURSZk0zQm98ZDgyZjM2MWZiZjFhMmNkYjk1Y2Y3NmRjNjczMTAzZDYzZWVlNTdiZHwwfDB8fDB8fHwwfDB8VzEwPXx8MXxXMTA9fDEwMDIxZjAxZTdjYWU3ZTgxMmFhMzg3N2NhOGZhYzEyZmFjMGYxZDh8MHxkcC10ZWFtaW50ZXJuZXQwNF8zcGh8MHwwfHw%25253D%26terms%3DSelf%2520Service%2520Software%252C%25E2%2580%25AASAP%2520Netweaver%252COnline%2520Registration%2520Software%252CHelp%2520Desk%2520Ticket%2520System%252COnboarding%2520Software%26max_radlink_len%3D40%26type%3D3%26uiopt%3Dtrue%26swp%3Das-drid-2105895058331848%26oe%3DUTF-8%26ie%3DUTF-8%26fexp%3D21404%252C17300002%252C17301437%252C17301439%252C17301442%252C17301447%252C17301481%26client_gdprApplies%3D0%26format%3Dr3%257Cs%26nocache%3D6991713335685068%26num%3D0%26output%3Dafd_ads%26domain_name%3Dselfservicegeneraligroup.com%26v%3D3%26bsl%3D8%26pac%3D2%26u_his%3D1%26u_tz%3D120%26dt%3D1713335685071%26u_w%3D1024%26u_h%3D768%26biw%3D1009%26bih%3D616%26psw%3D1009%26psh%3D760%26frm%3D0%26uio%3D--%26cont%3Dtc%26drt%3D0%26jsid%3Dcaf%26jsv%3D623135625%26rurl%3Dhttp%253A%252F%252Fselfservicegeneraligroup.com%252F&hl=en&q=EgRRtTk0GIbb_bAGIjACT3pJr805dBCkFxpsUUbhs3ktDDg8TsCyOJ_pdYRyWxV3VGpU2xuczbiWeH2bz_IyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUMConnection: keep-aliveUpgrade-Insecure-Requests: 1
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/webworker.js?hl=en&v=rz4DvU-cY2JYCwHSTck0_qm- HTTP/1.1Host: www.google.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo0NDM.&hl=en&v=rz4DvU-cY2JYCwHSTck0_qm-&size=normal&s=jkYMcceTXa5O0Ql5TftRgDmCgYkPz5gGnrn2IIvbdOT5roe8FKflJH_PAW-QVZa5Jwb9eM13c_0L5Xi4NoFS5624IVNSJIkoPhiOXF6CApz132Cvk-SDE7By3vUrqTv1kZs2ozuzya1IxyTNJn5SQzaL5kDm2Pev9GvHZppY7Sm0XFSYrqIwuN1tSab_ilre7pcGth-Hes5VC3LxDbe7XIbvTKm1-36FKWTciH9JkpVGWXvckVfM5KxkkqBi4PrNUa4aVXYgvR7o70yzur7iGGautLlBMog&cb=yc2zn4iualcvConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /js/bg/KTA1qoE7ZDz05UuzGBms7CVmuC34sZ4nnXwNjg065Po.js HTTP/1.1Host: www.google.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo0NDM.&hl=en&v=rz4DvU-cY2JYCwHSTck0_qm-&size=normal&s=jkYMcceTXa5O0Ql5TftRgDmCgYkPz5gGnrn2IIvbdOT5roe8FKflJH_PAW-QVZa5Jwb9eM13c_0L5Xi4NoFS5624IVNSJIkoPhiOXF6CApz132Cvk-SDE7By3vUrqTv1kZs2ozuzya1IxyTNJn5SQzaL5kDm2Pev9GvHZppY7Sm0XFSYrqIwuN1tSab_ilre7pcGth-Hes5VC3LxDbe7XIbvTKm1-36FKWTciH9JkpVGWXvckVfM5KxkkqBi4PrNUa4aVXYgvR7o70yzur7iGGautLlBMog&cb=yc2zn4iualcvConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/bframe?hl=en&v=rz4DvU-cY2JYCwHSTck0_qm-&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b HTTP/1.1Host: www.google.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: https://www.google.com/sorry/index?continue=https://www.adsensecustomsearchads.com/afs/ads%3Fadtest%3Doff%26psid%3D1167268112%26pcsa%3Dfalse%26channel%3D000002%252C000003%252C002843%252Cbucket003%26client%3Ddp-teaminternet04_3ph%26r%3Dm%26hl%3Den%26rpbu%3Dhttp%253A%252F%252Fselfservicegeneraligroup.com%252F%253Fts%253DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMDN8fHx8fHw2NjFmNmQ4NDliZTQ3fHx8MTcxMzMzNTY4NC43MjYxfGQzNmE5ZjgxODMwYTBiNmNhNDkwMWY4MjU0MzQzODUzNTIyYjUxN2J8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fFpIQXRkR1ZoYldsdWRHVnlibVYwTURSZk0zQm98ZDgyZjM2MWZiZjFhMmNkYjk1Y2Y3NmRjNjczMTAzZDYzZWVlNTdiZHwwfDB8fDB8fHwwfDB8VzEwPXx8MXxXMTA9fDEwMDIxZjAxZTdjYWU3ZTgxMmFhMzg3N2NhOGZhYzEyZmFjMGYxZDh8MHxkcC10ZWFtaW50ZXJuZXQwNF8zcGh8MHwwfHw%25253D%26terms%3DSelf%2520Service%2520Software%252C%25E2%2580%25AASAP%2520Netweaver%252COnline%2520Registration%2520Software%252CHelp%2520Desk%2520Ticket%2520System%252COnboarding%2520Software%26max_radlink_len%3D40%26type%3D3%26uiopt%3Dtrue%26swp%3Das-drid-2105895058331848%26oe%3DUTF-8%26ie%3DUTF-8%26fexp%3D21404%252C17300002%252C17301437%252C17301439%252C17301442%252C17301447%252C17301481%26client_gdprApplies%3D0%26format%3Dr3%257Cs%26nocache%3D6991713335685068%26num%3D0%26output%3Dafd_ads%26domain_name%3Dselfservicegeneraligroup.com%26v%3D3%26bsl%3D8%26pac%3D2%26u_his%3D1%26u_tz%3D120%26dt%3D1713335685071%26u_w%3D1024%26u_h%3D768%26biw%3D1009%26bih%3D616%26psw%3D1009%26psh%3D760%26frm%3D0%26uio%3D--%26cont%3Dtc%26drt%3D0%26jsid%3Dcaf%26jsv%3D623135625%26rurl%3Dhttp%253A%252F%252Fselfservicegeneraligroup.com%252F&hl=en&q=EgRRtTk0GIbb_bAGIjACT3pJr805dBCkFxpsUUbhs3ktDDg8TsCyOJ_pdYRyWxV3VGpU2xuczbiWeH2bz_IyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUMConnection: keep-aliveUpgrade-Insecure-Requests: 1
Source: global traffic	HTTP traffic detected: GET /update/3/GMP/66.0.3/20190410113011/Linux_x86_64-gcc3/null/release-cck-ubuntu/Linux%204.4.0-116-generic%20(GTK%203.18.9%2Clibpulse%208.0.0)/canonical/1.0/update.xml HTTP/1.1Host: aus5.mozilla.orgUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: selfservicegeneraligroup.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-aliveUpgrade-Insecure-Requests: 1
Source: global traffic	HTTP traffic detected: GET /track.php?domain=selfservicegeneraligroup.com&toggle=browserjs&uid=MTcxMzMzNTY4NC42Mzg2OjVmMjExNDhkOTQ3ODAyM2UyODBlYzE0YWFmNmIyNDhlOTQ5YWEzMTNiYmM4MzYzM2IxMjg1OThkYzlmNTBmOTg6NjYxZjZkODQ5YmU5Yg%3D%3D HTTP/1.1Host: selfservicegeneraligroup.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateReferer: http://selfservicegeneraligroup.com/Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /themes/cleanPeppermintBlack_657d9013/img/arrows.png HTTP/1.1Host: d38psrni17bvxu.cloudfront.netUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: image/webp,/Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateReferer: http://selfservicegeneraligroup.com/Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /ls.php?t=661f6d84&token=10021f01e7cae7e812aa3877ca8fac12fac0f1d8 HTTP/1.1Host: selfservicegeneraligroup.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateReferer: http://selfservicegeneraligroup.com/Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /adsense/domains/caf.js?abp=1 HTTP/1.1Host: www.google.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateReferer: http://selfservicegeneraligroup.com/Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: selfservicegeneraligroup.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: image/webp,/Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alive

Source: unknown

DNS traffic detected: queries for: selfservicegeneraligroup.com

Source: cert9.db-journal.34.dr, cert9.db.34.dr	String found in binary or memory: http://crl.pki.goog/gsr2/gsr2.crl0?
Source: cert9.db-journal.34.dr, cert9.db.34.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: cert9.db-journal.34.dr, cert9.db.34.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl0=
Source: 8C0900F504EEA56B743B4031F3F815083E14491B.34.dr	String found in binary or memory: http://d38psrni17bvxu.cloudfront.net/
Source: 1DBCF2C5F4A9AAB308F13D41AB219EA85A810612.34.dr, 27384B62E4E2FBED7D3E85C6EAB6BF998474793D.34.dr	String found in binary or memory: http://d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png
Source: 27384B62E4E2FBED7D3E85C6EAB6BF998474793D.34.dr	String found in binary or memory: http://d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png1
Source: 1DBCF2C5F4A9AAB308F13D41AB219EA85A810612.34.dr	String found in binary or memory: http://d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.pngnecko:classi
Source: cert9.db-journal.34.dr, cert9.db.34.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: cert9.db-journal.34.dr, cert9.db.34.dr	String found in binary or memory: http://ocsp.pki.goog/gsr202
Source: places.sqlite-wal.34.dr	String found in binary or memory: http://selfservicegeneraligroup.com
Source: recovery.jsonlz4.tmp.34.dr, 27384B62E4E2FBED7D3E85C6EAB6BF998474793D.34.dr	String found in binary or memory: http://selfservicegeneraligroup.com/
Source: 8E6243BCB240F8914D10249076C524BAE347081E.34.dr	String found in binary or memory: http://selfservicegeneraligroup.com/favicon.ico
Source: 8E6243BCB240F8914D10249076C524BAE347081E.34.dr	String found in binary or memory: http://selfservicegeneraligroup.com/favicon.icostrongly-framed1request-methodGETresponse-headHTTP/1.
Source: 2F4087E4267A59C0FFA634FA9D0E00268729B4DC.34.dr	String found in binary or memory: http://selfservicegeneraligroup.com/ls.php?t=661f6d84&token=10021f01e7cae7e812aa3877ca8fac12fac0f1d8
Source: places.sqlite-wal.34.dr	String found in binary or memory: http://selfservicegeneraligroup.com/moc.puorgilarenegecivresfles.d
Source: 27384B62E4E2FBED7D3E85C6EAB6BF998474793D.34.dr	String found in binary or memory: http://selfservicegeneraligroup.com/necko:classified1strongly-framed1request-methodGETrequest-Accept
Source: 8C0900F504EEA56B743B4031F3F815083E14491B.34.dr	String found in binary or memory: http://selfservicegeneraligroup.com/predictor::seen1predictor::resource-count3predictor::http://d38p
Source: places.sqlite-wal.34.dr	String found in binary or memory: http://selfservicegeneraligroup.com/selfservicegeneraligroup.commoc.puorgilarenegecivresfles.d
Source: 37D23FAB5FB546A476E38CD3870F42D926504EC7.34.dr	String found in binary or memory: http://selfservicegeneraligroup.com/track.php?domain=selfservicegeneraligroup.com&toggle=browserjs&u
Source: places.sqlite-wal.34.dr	String found in binary or memory: http://selfservicegeneraligroup.comd
Source: places.sqlite-wal.34.dr	String found in binary or memory: http://wiki.ubuntu.com
Source: places.sqlite-wal.34.dr	String found in binary or memory: http://wiki.ubuntu.com/moc.utnubu.ikiw.
Source: places.sqlite-wal.34.dr	String found in binary or memory: http://www.debian.org
Source: places.sqlite-wal.34.dr	String found in binary or memory: http://www.debian.org/gro.naibed.www.
Source: 8C0900F504EEA56B743B4031F3F815083E14491B.34.dr	String found in binary or memory: http://www.google.com/
Source: 8C0900F504EEA56B743B4031F3F815083E14491B.34.dr	String found in binary or memory: http://www.google.com/1
Source: D2A64B5E2F392B99B4EBC1553A17EA010F0E8891.34.dr, 27384B62E4E2FBED7D3E85C6EAB6BF998474793D.34.dr	String found in binary or memory: http://www.google.com/adsense/domains/caf.js?abp=1
Source: 27384B62E4E2FBED7D3E85C6EAB6BF998474793D.34.dr	String found in binary or memory: http://www.google.com/adsense/domains/caf.js?abp=11
Source: D2A64B5E2F392B99B4EBC1553A17EA010F0E8891.34.dr	String found in binary or memory: http://www.google.com/adsense/domains/caf.js?abp=1necko:classified1strongly-framed1request-methodGET
Source: places.sqlite-wal.34.dr	String found in binary or memory: http://www.ubuntu.com
Source: places.sqlite-wal.34.dr	String found in binary or memory: http://www.ubuntu.com/moc.utnubu.www.
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://answers.launchpad.net
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://answers.launchpad.net/ubuntu/
Source: D2A64B5E2F392B99B4EBC1553A17EA010F0E8891.34.dr	String found in binary or memory: https://csp.withgoogle.com/csp/ads-afs-ui
Source: C296EE2E7F76140275BFE32DF9712B635E6BB55B.34.dr	String found in binary or memory: https://csp.withgoogle.com/csp/gws/other
Source: D2A64B5E2F392B99B4EBC1553A17EA010F0E8891.34.dr	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/ads-afs-ui
Source: C296EE2E7F76140275BFE32DF9712B635E6BB55B.34.dr	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/gws/other
Source: webext.sc.lz4.tmp.34.dr	String found in binary or memory: https://github.com/
Source: 8C0900F504EEA56B743B4031F3F815083E14491B.34.dr	String found in binary or memory: https://partner.googleadservices.com/
Source: 8C0900F504EEA56B743B4031F3F815083E14491B.34.dr	String found in binary or memory: https://partner.googleadservices.com/1
Source: 27384B62E4E2FBED7D3E85C6EAB6BF998474793D.34.dr	String found in binary or memory: https://partner.googleadservices.com/gampad/cookie.js?domain=selfservicegeneraligroup.com&client=dp-
Source: cert9.db-journal.34.dr, cert9.db.34.dr	String found in binary or memory: https://pki.goog/repository/0
Source: 4098689E1EA45FF0094F1C8088E49251FFFF7585.34.dr	String found in binary or memory: https://snippets.cdn.mozilla.net/6/Firefox/66.0.3/20190410113011/Linux_x86_64-gcc3/en-US/release-cck
Source: C389DE279BF5275924497D5B33D1F1900116E591.34.dr, 4098689E1EA45FF0094F1C8088E49251FFFF7585.34.dr	String found in binary or memory: https://snippets.cdn.mozilla.net/us-west/bundles-pregen/Firefox/en-us/default.json
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://support.mozilla.org
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://support.mozilla.org/en-US/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=fire
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://support.mozilla.org/en-US/products/firefoxgro.allizom.troppus.
Source: D2A64B5E2F392B99B4EBC1553A17EA010F0E8891.34.dr	String found in binary or memory: https://www.adsensecustomsearchads.com
Source: A63C11DE5F2C5CEF985CF75DF4EFB9ECC9BF06B8.34.dr	String found in binary or memory: https://www.adsensecustomsearchads.com/
Source: C296EE2E7F76140275BFE32DF9712B635E6BB55B.34.dr	String found in binary or memory: https://www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=1167268112&pcsa=false&channel=000002%
Source: A63C11DE5F2C5CEF985CF75DF4EFB9ECC9BF06B8.34.dr	String found in binary or memory: https://www.adsensecustomsearchads.com/predictor::seen1
Source: cert9.db-journal.34.dr, cert9.db.34.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: B13A714441C11853FE6BA40EFF6C7097378009F7.34.dr	String found in binary or memory: https://www.google.com/recaptcha/api.js
Source: B13A714441C11853FE6BA40EFF6C7097378009F7.34.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/
Source: C296EE2E7F76140275BFE32DF9712B635E6BB55B.34.dr	String found in binary or memory: https://www.google.com/sorry/index?continue=https://www.adsensecustomsearchads.com/afs/ads%3Fadtest%
Source: E6D3854E385D14EBC6F74CDE30437FFAD732EA8E.34.dr	String found in binary or memory: https://www.googleadservices.com/pagead/p3p.xml
Source: B13A714441C11853FE6BA40EFF6C7097378009F7.34.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/releases/rz4DvU-cY2JYCwHSTck0_qm-/recaptcha__en.js
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://www.mozilla.org
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://www.mozilla.org/en-US/about/gro.allizom.www.
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://www.mozilla.org/en-US/contribute/gro.allizom.www.
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://www.mozilla.org/en-US/firefox/central/gro.allizom.www.
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.

Source: unknown	Network traffic detected: HTTP traffic on port 58570 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 45366
Source: unknown	Network traffic detected: HTTP traffic on port 57386 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57384 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 35058 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 35068
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57378
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 35066
Source: unknown	Network traffic detected: HTTP traffic on port 35054 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 35052 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 35068 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 45366 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 35066 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 35074 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57386
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 35058
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 35078
Source: unknown	Network traffic detected: HTTP traffic on port 35078 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 35054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58570
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57384
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 35052
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 35074
Source: unknown	Network traffic detected: HTTP traffic on port 57378 -> 443

Source: unknown

HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.20:58570 version: TLS 1.2

Source: classification engine

Classification label: clean2.lin@0/75@24/0

Creates hidden files and/or directories

Source: /usr/bin/exo-open (PID: 4785)	Directory: /home/james/.Xauthority	Jump to behavior
Source: /usr/bin/exo-open (PID: 4785)	Directory: /home/james/.cache	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1 (PID: 4793)	Directory: /home/james/.Xauthority	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1 (PID: 4793)	Directory: /home/james/.cache	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1 (PID: 4793)	Directory: /home/james/.local	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1 (PID: 4793)	Directory: /home/james/.config	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4800)	Directory: /home/james/.Xauthority	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4800)	File: /tmp/firefox_james/.parentlock	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4800)	Directory: /home/james/.Xauthority	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4800)	File: /home/james/.mozilla/firefox/5zxot757.default/.parentlock	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4800)	File: /home/james/.cache/mozilla/firefox/5zxot757.default/.startup-incomplete	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4800)	Directory: /home/james/.Xdefaults-ubuntu	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4800)	Directory: /home/james/.mime.types	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4800)	Directory: /home/james/.mozilla/firefox/5zxot757.default/storage/permanent/chrome/.metadata-v2	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4800)	Directory: /home/james/.mailcap	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4800)	Directory: /home/james/.cache	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4828)	Directory: /home/james/.Xauthority	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4828)	Directory: /home/james/.drirc	Jump to behavior
Source: /usr/bin/dbus-launch (PID: 4862)	Directory: /home/james/.Xauthority	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4929)	Directory: /home/james/.Xauthority	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4977)	Directory: /home/james/.Xauthority	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 5019)	Directory: /home/james/.Xauthority	Jump to behavior

Creates hidden files without content (potentially used as a mutex)

Source: /usr/lib/firefox/firefox (PID: 4800)	Empty hidden file: /tmp/firefox_james/.parentlock	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4800)	Empty hidden file: /home/james/.cache/mozilla/firefox/5zxot757.default/.startup-incomplete	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4800)	Empty hidden file: /home/james/.mozilla/firefox/5zxot757.default/.parentlock	Jump to behavior

Uses the "uname" system call to query kernel version information (possible evasion)

Source: /usr/bin/exo-open (PID: 4785)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1 (PID: 4793)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4800)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4828)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/dbus-launch (PID: 4862)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4929)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4977)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 5019)	Queries kernel information via 'uname':	Jump to behavior

Queries the installed Ubuntu/CentOS release

Source: /usr/lib/firefox/firefox (PID: 4842)

Arguments: /usr/bin/lsb_release -> /usr/bin/python3 -Es /usr/bin/lsb_release -idrc

Jump to behavior

Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
35.244.181.201	prod.balrog.prod.cloudops.mozgcp.net	United States	15169	GOOGLEUS	false
142.250.217.164	www.google.com	United States	15169	GOOGLEUS	false
142.250.217.174	www3.l.google.com	United States	15169	GOOGLEUS	false
3.163.115.26	d228z91au11ukj.cloudfront.net	United States	16509	AMAZON-02US	false
104.247.82.170	selfservicegeneraligroup.com	Canada	206834	TEAMINTERNET-CA-ASCA	false
18.160.64.187	d38psrni17bvxu.cloudfront.net	United States	3	MIT-GATEWAYSUS	false

Contacted Domains

Name	IP	Active
prod.balrog.prod.cloudops.mozgcp.net	35.244.181.201	true
www3.l.google.com	142.250.217.174	true
selfservicegeneraligroup.com	104.247.82.170	true
www.google.com	142.250.217.164	true
d228z91au11ukj.cloudfront.net	3.163.115.26	true
d38psrni17bvxu.cloudfront.net	18.160.64.187	true
push.services.mozilla.com	unknown	unknown
www.adsensecustomsearchads.com	unknown	unknown

Contacted URLs

Name	Malicious	Reputation
http://www.google.com/adsense/domains/caf.js?abp=1	false	high
http://d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png	false	high
https://www.google.com/recaptcha/api.js	false	high
https://www.google.com/recaptcha/api2/bframe?hl=en&v=rz4DvU-cY2JYCwHSTck0_qm-&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b	false	high
http://selfservicegeneraligroup.com/ls.php?t=661f6d84&token=10021f01e7cae7e812aa3877ca8fac12fac0f1d8	false	unknown
http://selfservicegeneraligroup.com/favicon.ico	false	unknown
https://www.google.com/js/bg/KTA1qoE7ZDz05UuzGBms7CVmuC34sZ4nnXwNjg065Po.js	false	high
http://selfservicegeneraligroup.com/track.php?domain=selfservicegeneraligroup.com&toggle=browserjs&uid=MTcxMzMzNTY4NC42Mzg2OjVmMjExNDhkOTQ3ODAyM2UyODBlYzE0YWFmNmIyNDhlOTQ5YWEzMTNiYmM4MzYzM2IxMjg1OThkYzlmNTBmOTg6NjYxZjZkODQ5YmU5Yg%3D%3D	false	unknown
http://selfservicegeneraligroup.com/	false	unknown
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo0NDM.&hl=en&v=rz4DvU-cY2JYCwHSTck0_qm-&size=normal&s=jkYMcceTXa5O0Ql5TftRgDmCgYkPz5gGnrn2IIvbdOT5roe8FKflJH_PAW-QVZa5Jwb9eM13c_0L5Xi4NoFS5624IVNSJIkoPhiOXF6CApz132Cvk-SDE7By3vUrqTv1kZs2ozuzya1IxyTNJn5SQzaL5kDm2Pev9GvHZppY7Sm0XFSYrqIwuN1tSab_ilre7pcGth-Hes5VC3LxDbe7XIbvTKm1-36FKWTciH9JkpVGWXvckVfM5KxkkqBi4PrNUa4aVXYgvR7o70yzur7iGGautLlBMog&cb=yc2zn4iualcv	false	high
https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=rz4DvU-cY2JYCwHSTck0_qm-	false	high

Name	Type	MD5	SHA1	SHA256
/home/james/.cache/dconf/user	very short file (no magic)	93B885ADFE0DA089CDF634904FD59F71	5BA93C9DB0CFF93F52B521D7420E43F6EDA2784F	6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/1DBCF2C5F4A9AAB308F13D41AB219EA85A810612	PNG image data, 1500 x 600, 8-bit colormap, non-interlaced	9288E44D2C208B83C143D391BC9270B1	ED3305073B0CDAEF0A8A77DC5321BC170332D4D9	EF8FD0E1F5E07926C57519FD6A5634176093A7EDCDBA2244666681817DDFEC9B
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/27384B62E4E2FBED7D3E85C6EAB6BF998474793D	gzip compressed data, max speed, from Unix, original size modulo 2^32 1075314688	FFC467242281A89FF4E9FD8DABF731D6	0D21E3CD883C613242FC38CE804F707006DB4B4C	0037160FDF6AFC070215852C76EB357DC48D1067C9FA22682360BF96501166FB
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/2F4087E4267A59C0FFA634FA9D0E00268729B4DC	JSON data	E5111F89F00A5076A8CCD46CE5D91F8A	363DB8E71B4C99B516B105384CFEDE9263BD28A9	5F56B53967D68CA4045C86CE18ECCFE0E8D36400B6FE45BB3D76D07BF105F1CC
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/37D23FAB5FB546A476E38CD3870F42D926504EC7	gzip compressed data, max speed, from Unix, original size modulo 2^32 335544320	BF9FA412F483DB4A5EE298B6A8789D6B	B7465245F6DE987E37C076E217E8E5BD4B98BD6F	EAFB71197624BA49EEC7BCFC32CB255B94E57E6EB1DB94D44FB0D282AE985F9B
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/4098689E1EA45FF0094F1C8088E49251FFFF7585	data	060E07557593B14A8827AFCD01F85CA7	53FAB7D9B0BAFA441D396ECA53C62E92F1C2F49E	52E482F489046EDDC5F03DC52FE9A6E045D4024A45136F3FF795372A78DD7692
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/8C0900F504EEA56B743B4031F3F815083E14491B	data	1D1833CA919C57CD96A69111724FEE4E	89741647991F30B4FD3DA25B1D2117A31445EC26	D32CED22C42AD20F91BEEA76B40D794E90ECB387A025EFA30CC4700093CB91B7
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/8E6243BCB240F8914D10249076C524BAE347081E	data	7BBBB4EF0053CB906DC59DA0D9ECD497	EC0BE24B0738357C182305C7FF21FFF0FFA683F8	2D645A91E89954307D43A566B6A161F974E10EA11CADCD64AFC6919DBF1737BD
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/A63C11DE5F2C5CEF985CF75DF4EFB9ECC9BF06B8	data	921762960DA17570DAD1F0ECF86EB7A1	37E4C7E6C977FEF07FA90F09D6CE310EA693CF20	A849DCB185115B0B4EA8056BB8EE4E52EF410158E9626A3D6E8CC1B56E6156B6
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/B13A714441C11853FE6BA40EFF6C7097378009F7	data	1FA0D7EF81C7C88CF705A8F5E75058D9	D8ACD0D8D06628697D1297D93FB6BDF0774C5639	5947AD793044E10464DF0CB3F6487707B36C7EC0F8593E16F9EDCDDC1088B6D6
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/C296EE2E7F76140275BFE32DF9712B635E6BB55B	data	EA96C7DA47AFA22E1914647DCA57B513	A2A457373AAC88F3CD5798C398FE35319F659745	801701596A3F59381A5BDD2ECA7E997DD0374C3AF7D2190A42F5FEA38499EDB2
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/C389DE279BF5275924497D5B33D1F1900116E591	JSON data	7B83281C0F909F8511AAC71B3FAC3769	1D489290EEFCB5933AE11EF172EE5C39898EE01F	9CDF352097CDD000CD55554B6A0339CA07D33DBF9C1AEB2B9E84BE30FB083D2C
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/D2A64B5E2F392B99B4EBC1553A17EA010F0E8891	gzip compressed data, max compression, original size modulo 2^32 3508601088	7AB5542094FF5C5214EE7292D160514F	7234295B02D28E1B817FF14C84CDFC5401615EA8	C78ABADE4106CABCB2D855EBC7E2941F81F0498358C5DBF40B118826C796B2B4
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/E6D3854E385D14EBC6F74CDE30437FFAD732EA8E	data	913229C92AD721814E9944D04AB9A1D1	6D6199119FBD855E45B053F99DBC3F546DAF8F3D	297C38CB1606169F6EA848B246D2F300EE8AF468E7FC9699D87F7E442A98BCCA
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/allow-flashallow-digest256.pset	data	076933FF9904D1110D896E2C525E39E5	4188442577FA77F25820D9B2D01CC446E30684AC	4CBBD8CA5215B8D161AEC181A74B694F4E24B001D5B081DC0030ED797A8973E0
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/allow-flashallow-digest256.sbstore	data	D886A47C89D9C49C795DA345BC236990	59E863E0D2B4E428D8C738D48FA0F6F7BAC36849	A03C5E2656D2F292BF5794C8EEB8D223CD6BA4F4BFB2ED1F325460E879D0BCF7
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/base-track-digest256.pset	data	076933FF9904D1110D896E2C525E39E5	4188442577FA77F25820D9B2D01CC446E30684AC	4CBBD8CA5215B8D161AEC181A74B694F4E24B001D5B081DC0030ED797A8973E0
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/base-track-digest256.sbstore	data	60985C9439E7E254CA4EAD41AD1EFF32	184C8B3263D678D854F7B05FC41FDD3267A46FD6	5DA0A3FFC814575410D0F58D9647944AF4EB0809BE9E3475CD96B94DC2B14B56
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/block-flash-digest256.pset	data	076933FF9904D1110D896E2C525E39E5	4188442577FA77F25820D9B2D01CC446E30684AC	4CBBD8CA5215B8D161AEC181A74B694F4E24B001D5B081DC0030ED797A8973E0
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/block-flash-digest256.sbstore	data	0E8FE60CCD7E9B4C32589A5743A95302	190F3BC536C9489C707AE31DA32BF86947EA5D78	2B124D4026850A3CFFD28DBACB58AEC28F7DCD4D40BC14E52BBE96D60CE4E749
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/block-flashsubdoc-digest256.pset	data	076933FF9904D1110D896E2C525E39E5	4188442577FA77F25820D9B2D01CC446E30684AC	4CBBD8CA5215B8D161AEC181A74B694F4E24B001D5B081DC0030ED797A8973E0
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/block-flashsubdoc-digest256.sbstore	data	04824A1F92353F43EBB9E7F74B7476FD	C2636E8FFA8A5256D7D1F21E147101356E783114	B48E58EBAB82E4C376F16150A3FFF850C1111FF1F5985D68819CFD6F0DB159D2
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flash-digest256.pset	data	076933FF9904D1110D896E2C525E39E5	4188442577FA77F25820D9B2D01CC446E30684AC	4CBBD8CA5215B8D161AEC181A74B694F4E24B001D5B081DC0030ED797A8973E0
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flash-digest256.sbstore	data	C921D8E98FA01B4F303481E112202E92	9D23B452AD0D06C355477CF70E3AA5D0ADFE6278	4EF1038730EC8BC7206713C29A936768831B922C5E6C83355FD62D7401D8C1DC
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flashallow-digest256.pset	data	076933FF9904D1110D896E2C525E39E5	4188442577FA77F25820D9B2D01CC446E30684AC	4CBBD8CA5215B8D161AEC181A74B694F4E24B001D5B081DC0030ED797A8973E0
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flashallow-digest256.sbstore	data	6F85BC4B2ECB49E26B0BD83A821065D0	4DF430B4D63605E41855DBCB3837A189D4CC7604	C0B3BC9B3DC507AB654CAF72D13C3AEFA58C9B13B1E4D14DD8816712D80A7E54
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flashsubdoc-digest256.pset	data	076933FF9904D1110D896E2C525E39E5	4188442577FA77F25820D9B2D01CC446E30684AC	4CBBD8CA5215B8D161AEC181A74B694F4E24B001D5B081DC0030ED797A8973E0
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flashsubdoc-digest256.sbstore	data	BA0009932844173BC8F9AF264229DF24	C8F6956FA86F4E9CF71599B735E28860245AE4B5	66D1C00C04D86E313E9A02775CDF906B1BE8D4CD6BEF423A1B9E21CC4E9F50C1
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/mozplugin-block-digest256.pset	data	076933FF9904D1110D896E2C525E39E5	4188442577FA77F25820D9B2D01CC446E30684AC	4CBBD8CA5215B8D161AEC181A74B694F4E24B001D5B081DC0030ED797A8973E0
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/mozplugin-block-digest256.sbstore	data	D6ACF2573E12AFDD7939568804D3FCC1	5C54AD3FF47C6B925E7AC17D361FE0FA60B9181E	5525CBF8F8DC41D19AC632ED324E55293A510AE0EEBA16D0E3F33C707AA58A0C
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/mozstd-trackwhite-digest256.pset	data	076933FF9904D1110D896E2C525E39E5	4188442577FA77F25820D9B2D01CC446E30684AC	4CBBD8CA5215B8D161AEC181A74B694F4E24B001D5B081DC0030ED797A8973E0
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/mozstd-trackwhite-digest256.sbstore	data	845BEDB718B8941F643BB988F640E141	DB9BC33A9C9FF6E6D3651710DC1AC8D387759D24	5083D014CC7E8CFB15D4803429A9AB5FA397E1010CE66D0C8B8215C7FC3C6FDE
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-block-simple-1.sbstore	data	E2CF527CA7550B7E7BDF7311E483A2C3	C354190BB2B8A00A6051EF2FB86E189AB053FE93	F1E07B1D717433F47073DC54A7D98E3E87B3D0FA88E53466F93EA544AF885D11
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-block-simple.pset	data	E2CECF06A89B4A6D968486F17F30DA5D	46757A7F71DCFBEB5511665F123810148727324E	E6B10FF8681FB7461557E6227D036617C7ECFC6E31A35412F8A5F72C217F318B
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-block-simple.sbstore	data	E2CF527CA7550B7E7BDF7311E483A2C3	C354190BB2B8A00A6051EF2FB86E189AB053FE93	F1E07B1D717433F47073DC54A7D98E3E87B3D0FA88E53466F93EA544AF885D11
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-harmful-simple-1.sbstore	data	051FB32DECE757BA112AC36DC72E3A91	A30D26CEE0F69FA67BF9E60BA692F4831373CC07	0806D98FB3DE55F75D7C0B17E26146567E08C483031526659A4A35D09B97EF19
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-harmful-simple.pset	data	E2CECF06A89B4A6D968486F17F30DA5D	46757A7F71DCFBEB5511665F123810148727324E	E6B10FF8681FB7461557E6227D036617C7ECFC6E31A35412F8A5F72C217F318B
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-harmful-simple.sbstore	data	051FB32DECE757BA112AC36DC72E3A91	A30D26CEE0F69FA67BF9E60BA692F4831373CC07	0806D98FB3DE55F75D7C0B17E26146567E08C483031526659A4A35D09B97EF19
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-malware-simple-1.sbstore	data	3675254E341DF799D4307C1F59109185	8711844A41A4ACE77BA0A01A4D3AF2B2E59E6A75	23D108134BED6099793F7DD6B8B6E62081EC3B945EFDBC7C5E0E779FD9B82F98
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-malware-simple.pset	data	E2CECF06A89B4A6D968486F17F30DA5D	46757A7F71DCFBEB5511665F123810148727324E	E6B10FF8681FB7461557E6227D036617C7ECFC6E31A35412F8A5F72C217F318B
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-malware-simple.sbstore	data	3675254E341DF799D4307C1F59109185	8711844A41A4ACE77BA0A01A4D3AF2B2E59E6A75	23D108134BED6099793F7DD6B8B6E62081EC3B945EFDBC7C5E0E779FD9B82F98
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-phish-simple-1.sbstore	data	3D1CE5E50208F0CB3B979186043A548F	10C66032C5ACAC22D70670B9302437141E6371EF	1E13D05D482C3D533DC6035AF2B2D6E84749412A5748D1435B70CEC8B312340B
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-phish-simple.pset	data	E2CECF06A89B4A6D968486F17F30DA5D	46757A7F71DCFBEB5511665F123810148727324E	E6B10FF8681FB7461557E6227D036617C7ECFC6E31A35412F8A5F72C217F318B
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-phish-simple.sbstore	data	3D1CE5E50208F0CB3B979186043A548F	10C66032C5ACAC22D70670B9302437141E6371EF	1E13D05D482C3D533DC6035AF2B2D6E84749412A5748D1435B70CEC8B312340B
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-track-simple-1.sbstore	data	95F28EDE25C301301F25FBBD9A3C56EC	80F7D95AFC0DE8C608F672A6837C664EF847BCD5	87763DF78772F7D750B0FA5A31EEC23E931FD3BD1CBB33BEDDFC61889DA36478
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-track-simple.pset	data	E2CECF06A89B4A6D968486F17F30DA5D	46757A7F71DCFBEB5511665F123810148727324E	E6B10FF8681FB7461557E6227D036617C7ECFC6E31A35412F8A5F72C217F318B
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-track-simple.sbstore	data	95F28EDE25C301301F25FBBD9A3C56EC	80F7D95AFC0DE8C608F672A6837C664EF847BCD5	87763DF78772F7D750B0FA5A31EEC23E931FD3BD1CBB33BEDDFC61889DA36478
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-trackwhite-simple-1.sbstore	data	65E942614EEE70680464AC4BE75019FC	7CA1B5994684A7FE37A61BC350A1FA8A89BF91DA	34395085DA32C8B4EFE9959E3B0D756B43FFED17694D66F39B966CD331BD9A94
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-trackwhite-simple.pset	data	E2CECF06A89B4A6D968486F17F30DA5D	46757A7F71DCFBEB5511665F123810148727324E	E6B10FF8681FB7461557E6227D036617C7ECFC6E31A35412F8A5F72C217F318B
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-trackwhite-simple.sbstore	data	65E942614EEE70680464AC4BE75019FC	7CA1B5994684A7FE37A61BC350A1FA8A89BF91DA	34395085DA32C8B4EFE9959E3B0D756B43FFED17694D66F39B966CD331BD9A94
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-unwanted-simple-1.sbstore	data	A5695CC64D77967232B0C1344C6E72B3	B0F151A5292D4B796668B242BF896FDBB5A24B67	042A22B8681D754671D2018BA109B31A53EE3728D48C6379043F8E3394E7FBAD
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-unwanted-simple.pset	data	E2CECF06A89B4A6D968486F17F30DA5D	46757A7F71DCFBEB5511665F123810148727324E	E6B10FF8681FB7461557E6227D036617C7ECFC6E31A35412F8A5F72C217F318B
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-unwanted-simple.sbstore	data	A5695CC64D77967232B0C1344C6E72B3	B0F151A5292D4B796668B242BF896FDBB5A24B67	042A22B8681D754671D2018BA109B31A53EE3728D48C6379043F8E3394E7FBAD
/home/james/.cache/mozilla/firefox/5zxot757.default/startupCache/webext.sc.lz4.tmp	data	E5A0B8F8FB6F2467FC9F268C3D87DDD0	573E9A4E23EEDD9010F093AF6BDFB3F8638B65F1	5E8E8603749CB19F14790E36E4FF8465EFB23BC87040F0007E02B6AB865E1C74
/home/james/.mozilla/firefox/5zxot757.default/addonStartup.json.lz4.tmp	Mozilla lz4 compressed data, originally 1426 bytes	C03070F8A39B68E1DF90C197530147B8	CA5D078F9FE04FA46AF10505F930F1F67DEA4314	FB1ABAC28102E4FD1F7CD97C8B4135681C9BD4BA0EF1517895B278DB52BF5256
/home/james/.mozilla/firefox/5zxot757.default/cert9.db	SQLite 3.x database, last written using SQLite version 3026000, page size 32768, file counter 4, database pages 7, cookie 0x5, schema 4, UTF-8, version-valid-for 4	0E48E3B97F702324F7D42A2096323DF4	4878CD169663191A59F1D9E239620F5B7235EA29	ED0D5D7C474071E173CC5232E17390AEF95B1059FE28E1AC06682CB0FA8AB89D
/home/james/.mozilla/firefox/5zxot757.default/cert9.db-journal	data	CCEDAAF4C75F7B37F71B69F6ED5B9F03	42D317514430446A623A06FAB594FDA473CD4661	EA2EB316D310A9B9A4D018F2BBA0A078EEDE3248E97C983D866498157BF608AF
/home/james/.mozilla/firefox/5zxot757.default/cookies.sqlite-wal	SQLite Write-Ahead Log, version 3007000	28369489437D1EC934FF60499D887D13	20A9AEC0776F2A7B1F45CEA90E73DAC510F2DDA5	60658F4C89407C38B586894E86963039DC527369EE93FC06AD20CF5976872DDE
/home/james/.mozilla/firefox/5zxot757.default/key4.db	SQLite 3.x database, last written using SQLite version 3026000, page size 32768, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3	E4518FDC3DC74C8F8484075A4215BE93	FD852F909DD9098D4E128CAFC26563C4EC3DE498	B89EF8725B7FBADD126D795D36DE94D08D58E68AAFC4C22DC88A3EE8A884B922
/home/james/.mozilla/firefox/5zxot757.default/key4.db-journal	data	C4BD1E34566C48949C43EFCB61A93906	2749E60B1334E8CFF60F69BF8BC8234861376F16	9F4580FF22CFB00A3142E61118002C3B1C3937DD3AB05C99E66D6171FE9F0CED
/home/james/.mozilla/firefox/5zxot757.default/permissions.sqlite	SQLite 3.x database, user version 9, last written using SQLite version 3026000, page size 32768, file counter 5, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 5	3EC564DFFB31A761D90CC78B79A12619	179B48158BB8B9FAB1422D40C9B0618307AC0C5B	18A9301EDE2C87FC24D9CE4EB1DC710DE2CD13C9DC57C46B0D88F08F8EC0CB91
/home/james/.mozilla/firefox/5zxot757.default/permissions.sqlite-journal	data	E7F56060214553C6F40E9F320AF7024B	750EC621ECC78FED73CE815FE0EF2C482247B66B	52A03A3417A25DB9F2DB9043A383870E3C757E8E4FD2D5D495CC67C501CCE1E7
/home/james/.mozilla/firefox/5zxot757.default/places.sqlite-wal	SQLite Write-Ahead Log, version 3007000	89D785477AD23DCA2C28DACCE4D38C8B	C53273C1AD28BB3BE7F637D4C60C4BA935F1A2BA	0D73AB3E74EA37C2618E5331A1A0BE52EE02A2E2CF5D27AE81C5B784BCEF5A73
/home/james/.mozilla/firefox/5zxot757.default/prefs-1.js	ASCII text, with very long lines (663)	10CE42949C1659E50DE240E4A15AD92D	A647CB82B53EBA46212F0EA750744203D3B3B196	E12A31682080B441723028A6DE5770285E3C2B26A0392FF902D7F1AA08AD7466
/home/james/.mozilla/firefox/5zxot757.default/sessionCheckpoints.json.tmp	JSON data	C0E4C22C50DD21142F57714EF49B8713	06B77307DCA5C889EA279243E74730CBC10801BE	6FE46B65B76B3DF32D8392853740B35ED75B6E23F4FBD6F45F3EFA1D496E6717
/home/james/.mozilla/firefox/5zxot757.default/sessionstore-backups/recovery.jsonlz4.tmp	Mozilla lz4 compressed data, originally 26969 bytes	64CFCD032A4BCBE5F31DA7F0D249A3D6	353EF75C228C7151ED62D9F3CA261883CA1096DD	BD4B4D1790B548E310DB99A34C0B276632CB101D0291F3A275073E595906C3AE
/proc/4929/gid_map	ASCII text, with no line terminators	54258652109C33FE06188083A3EC23F4	013EC30A95D66C56642C193613A829B746982601	C459EBB6CF3917EFB05A2E72EF25E223BE9B78780B1CE0CAACCE49C773DF199E
/proc/4929/setgroups	ASCII text, with no line terminators	05AFB6CE69B9CEF1BD6ECE7E4745F96C	1D16DC2DCC6851208C1B981E2EC377250A4A0CC5	3026A0CA485E5831657BA0120FA8DD66B3425427BFB0A2BE0DB743E2305CC7C5
/proc/4929/uid_map	ASCII text, with no line terminators	54258652109C33FE06188083A3EC23F4	013EC30A95D66C56642C193613A829B746982601	C459EBB6CF3917EFB05A2E72EF25E223BE9B78780B1CE0CAACCE49C773DF199E
/proc/4977/gid_map	ASCII text, with no line terminators	54258652109C33FE06188083A3EC23F4	013EC30A95D66C56642C193613A829B746982601	C459EBB6CF3917EFB05A2E72EF25E223BE9B78780B1CE0CAACCE49C773DF199E
/proc/4977/setgroups	ASCII text, with no line terminators	05AFB6CE69B9CEF1BD6ECE7E4745F96C	1D16DC2DCC6851208C1B981E2EC377250A4A0CC5	3026A0CA485E5831657BA0120FA8DD66B3425427BFB0A2BE0DB743E2305CC7C5
/proc/4977/uid_map	ASCII text, with no line terminators	54258652109C33FE06188083A3EC23F4	013EC30A95D66C56642C193613A829B746982601	C459EBB6CF3917EFB05A2E72EF25E223BE9B78780B1CE0CAACCE49C773DF199E
/proc/5019/gid_map	ASCII text, with no line terminators	54258652109C33FE06188083A3EC23F4	013EC30A95D66C56642C193613A829B746982601	C459EBB6CF3917EFB05A2E72EF25E223BE9B78780B1CE0CAACCE49C773DF199E
/proc/5019/setgroups	ASCII text, with no line terminators	05AFB6CE69B9CEF1BD6ECE7E4745F96C	1D16DC2DCC6851208C1B981E2EC377250A4A0CC5	3026A0CA485E5831657BA0120FA8DD66B3425427BFB0A2BE0DB743E2305CC7C5
/proc/5019/uid_map	ASCII text, with no line terminators	54258652109C33FE06188083A3EC23F4	013EC30A95D66C56642C193613A829B746982601	C459EBB6CF3917EFB05A2E72EF25E223BE9B78780B1CE0CAACCE49C773DF199E

Source: unknown

HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.20:58570 version: TLS 1.2

Reads the 'hosts' file potentially containing internal network hosts

Source: /usr/lib/firefox/firefox (PID: 4800)

Reads hosts file: /etc/hosts

Jump to behavior

Source: global traffic	HTTP traffic detected: GET /6/Firefox/66.0.3/20190410113011/Linux_x86_64-gcc3/en-US/release-cck-ubuntu/Linux%204.4.0-116-generic%20(GTK%203.18.9%2Clibpulse%208.0.0)/canonical/1.0/ HTTP/1.1Host: snippets.cdn.mozilla.netUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /us-west/bundles-pregen/Firefox/en-us/default.json HTTP/1.1Host: snippets.cdn.mozilla.netUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /afs/ads?adtest=off&psid=1167268112&pcsa=false&channel=000002%2C000003%2C002843%2Cbucket003&client=dp-teaminternet04_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fselfservicegeneraligroup.com%2F%3Fts%3DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMDN8fHx8fHw2NjFmNmQ4NDliZTQ3fHx8MTcxMzMzNTY4NC43MjYxfGQzNmE5ZjgxODMwYTBiNmNhNDkwMWY4MjU0MzQzODUzNTIyYjUxN2J8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fFpIQXRkR1ZoYldsdWRHVnlibVYwTURSZk0zQm98ZDgyZjM2MWZiZjFhMmNkYjk1Y2Y3NmRjNjczMTAzZDYzZWVlNTdiZHwwfDB8fDB8fHwwfDB8VzEwPXx8MXxXMTA9fDEwMDIxZjAxZTdjYWU3ZTgxMmFhMzg3N2NhOGZhYzEyZmFjMGYxZDh8MHxkcC10ZWFtaW50ZXJuZXQwNF8zcGh8MHwwfHw%253D&terms=Self%20Service%20Software%2C%E2%80%AASAP%20Netweaver%2COnline%20Registration%20Software%2CHelp%20Desk%20Ticket%20System%2COnboarding%20Software&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2105895058331848&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17301437%2C17301439%2C17301442%2C17301447%2C17301481&client_gdprApplies=0&format=r3%7Cs&nocache=6991713335685068&num=0&output=afd_ads&domain_name=selfservicegeneraligroup.com&v=3&bsl=8&pac=2&u_his=1&u_tz=120&dt=1713335685071&u_w=1024&u_h=768&biw=1009&bih=616&psw=1009&psh=760&frm=0&uio=--&cont=tc&drt=0&jsid=caf&jsv=623135625&rurl=http%3A%2F%2Fselfservicegeneraligroup.com%2F HTTP/1.1Host: www.adsensecustomsearchads.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: http://selfservicegeneraligroup.com/Connection: keep-aliveUpgrade-Insecure-Requests: 1
Source: global traffic	HTTP traffic detected: GET /sorry/index?continue=https://www.adsensecustomsearchads.com/afs/ads%3Fadtest%3Doff%26psid%3D1167268112%26pcsa%3Dfalse%26channel%3D000002%252C000003%252C002843%252Cbucket003%26client%3Ddp-teaminternet04_3ph%26r%3Dm%26hl%3Den%26rpbu%3Dhttp%253A%252F%252Fselfservicegeneraligroup.com%252F%253Fts%253DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMDN8fHx8fHw2NjFmNmQ4NDliZTQ3fHx8MTcxMzMzNTY4NC43MjYxfGQzNmE5ZjgxODMwYTBiNmNhNDkwMWY4MjU0MzQzODUzNTIyYjUxN2J8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fFpIQXRkR1ZoYldsdWRHVnlibVYwTURSZk0zQm98ZDgyZjM2MWZiZjFhMmNkYjk1Y2Y3NmRjNjczMTAzZDYzZWVlNTdiZHwwfDB8fDB8fHwwfDB8VzEwPXx8MXxXMTA9fDEwMDIxZjAxZTdjYWU3ZTgxMmFhMzg3N2NhOGZhYzEyZmFjMGYxZDh8MHxkcC10ZWFtaW50ZXJuZXQwNF8zcGh8MHwwfHw%25253D%26terms%3DSelf%2520Service%2520Software%252C%25E2%2580%25AASAP%2520Netweaver%252COnline%2520Registration%2520Software%252CHelp%2520Desk%2520Ticket%2520System%252COnboarding%2520Software%26max_radlink_len%3D40%26type%3D3%26uiopt%3Dtrue%26swp%3Das-drid-2105895058331848%26oe%3DUTF-8%26ie%3DUTF-8%26fexp%3D21404%252C17300002%252C17301437%252C17301439%252C17301442%252C17301447%252C17301481%26client_gdprApplies%3D0%26format%3Dr3%257Cs%26nocache%3D6991713335685068%26num%3D0%26output%3Dafd_ads%26domain_name%3Dselfservicegeneraligroup.com%26v%3D3%26bsl%3D8%26pac%3D2%26u_his%3D1%26u_tz%3D120%26dt%3D1713335685071%26u_w%3D1024%26u_h%3D768%26biw%3D1009%26bih%3D616%26psw%3D1009%26psh%3D760%26frm%3D0%26uio%3D--%26cont%3Dtc%26drt%3D0%26jsid%3Dcaf%26jsv%3D623135625%26rurl%3Dhttp%253A%252F%252Fselfservicegeneraligroup.com%252F&hl=en&q=EgRRtTk0GIbb_bAGIjACT3pJr805dBCkFxpsUUbhs3ktDDg8TsCyOJ_pdYRyWxV3VGpU2xuczbiWeH2bz_IyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: http://selfservicegeneraligroup.com/Connection: keep-aliveUpgrade-Insecure-Requests: 1
Source: global traffic	HTTP traffic detected: GET /recaptcha/api.js HTTP/1.1Host: www.google.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: https://www.google.com/sorry/index?continue=https://www.adsensecustomsearchads.com/afs/ads%3Fadtest%3Doff%26psid%3D1167268112%26pcsa%3Dfalse%26channel%3D000002%252C000003%252C002843%252Cbucket003%26client%3Ddp-teaminternet04_3ph%26r%3Dm%26hl%3Den%26rpbu%3Dhttp%253A%252F%252Fselfservicegeneraligroup.com%252F%253Fts%253DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMDN8fHx8fHw2NjFmNmQ4NDliZTQ3fHx8MTcxMzMzNTY4NC43MjYxfGQzNmE5ZjgxODMwYTBiNmNhNDkwMWY4MjU0MzQzODUzNTIyYjUxN2J8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fFpIQXRkR1ZoYldsdWRHVnlibVYwTURSZk0zQm98ZDgyZjM2MWZiZjFhMmNkYjk1Y2Y3NmRjNjczMTAzZDYzZWVlNTdiZHwwfDB8fDB8fHwwfDB8VzEwPXx8MXxXMTA9fDEwMDIxZjAxZTdjYWU3ZTgxMmFhMzg3N2NhOGZhYzEyZmFjMGYxZDh8MHxkcC10ZWFtaW50ZXJuZXQwNF8zcGh8MHwwfHw%25253D%26terms%3DSelf%2520Service%2520Software%252C%25E2%2580%25AASAP%2520Netweaver%252COnline%2520Registration%2520Software%252CHelp%2520Desk%2520Ticket%2520System%252COnboarding%2520Software%26max_radlink_len%3D40%26type%3D3%26uiopt%3Dtrue%26swp%3Das-drid-2105895058331848%26oe%3DUTF-8%26ie%3DUTF-8%26fexp%3D21404%252C17300002%252C17301437%252C17301439%252C17301442%252C17301447%252C17301481%26client_gdprApplies%3D0%26format%3Dr3%257Cs%26nocache%3D6991713335685068%26num%3D0%26output%3Dafd_ads%26domain_name%3Dselfservicegeneraligroup.com%26v%3D3%26bsl%3D8%26pac%3D2%26u_his%3D1%26u_tz%3D120%26dt%3D1713335685071%26u_w%3D1024%26u_h%3D768%26biw%3D1009%26bih%3D616%26psw%3D1009%26psh%3D760%26frm%3D0%26uio%3D--%26cont%3Dtc%26drt%3D0%26jsid%3Dcaf%26jsv%3D623135625%26rurl%3Dhttp%253A%252F%252Fselfservicegeneraligroup.com%252F&hl=en&q=EgRRtTk0GIbb_bAGIjACT3pJr805dBCkFxpsUUbhs3ktDDg8TsCyOJ_pdYRyWxV3VGpU2xuczbiWeH2bz_IyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUMConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo0NDM.&hl=en&v=rz4DvU-cY2JYCwHSTck0_qm-&size=normal&s=jkYMcceTXa5O0Ql5TftRgDmCgYkPz5gGnrn2IIvbdOT5roe8FKflJH_PAW-QVZa5Jwb9eM13c_0L5Xi4NoFS5624IVNSJIkoPhiOXF6CApz132Cvk-SDE7By3vUrqTv1kZs2ozuzya1IxyTNJn5SQzaL5kDm2Pev9GvHZppY7Sm0XFSYrqIwuN1tSab_ilre7pcGth-Hes5VC3LxDbe7XIbvTKm1-36FKWTciH9JkpVGWXvckVfM5KxkkqBi4PrNUa4aVXYgvR7o70yzur7iGGautLlBMog&cb=yc2zn4iualcv HTTP/1.1Host: www.google.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: https://www.google.com/sorry/index?continue=https://www.adsensecustomsearchads.com/afs/ads%3Fadtest%3Doff%26psid%3D1167268112%26pcsa%3Dfalse%26channel%3D000002%252C000003%252C002843%252Cbucket003%26client%3Ddp-teaminternet04_3ph%26r%3Dm%26hl%3Den%26rpbu%3Dhttp%253A%252F%252Fselfservicegeneraligroup.com%252F%253Fts%253DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMDN8fHx8fHw2NjFmNmQ4NDliZTQ3fHx8MTcxMzMzNTY4NC43MjYxfGQzNmE5ZjgxODMwYTBiNmNhNDkwMWY4MjU0MzQzODUzNTIyYjUxN2J8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fFpIQXRkR1ZoYldsdWRHVnlibVYwTURSZk0zQm98ZDgyZjM2MWZiZjFhMmNkYjk1Y2Y3NmRjNjczMTAzZDYzZWVlNTdiZHwwfDB8fDB8fHwwfDB8VzEwPXx8MXxXMTA9fDEwMDIxZjAxZTdjYWU3ZTgxMmFhMzg3N2NhOGZhYzEyZmFjMGYxZDh8MHxkcC10ZWFtaW50ZXJuZXQwNF8zcGh8MHwwfHw%25253D%26terms%3DSelf%2520Service%2520Software%252C%25E2%2580%25AASAP%2520Netweaver%252COnline%2520Registration%2520Software%252CHelp%2520Desk%2520Ticket%2520System%252COnboarding%2520Software%26max_radlink_len%3D40%26type%3D3%26uiopt%3Dtrue%26swp%3Das-drid-2105895058331848%26oe%3DUTF-8%26ie%3DUTF-8%26fexp%3D21404%252C17300002%252C17301437%252C17301439%252C17301442%252C17301447%252C17301481%26client_gdprApplies%3D0%26format%3Dr3%257Cs%26nocache%3D6991713335685068%26num%3D0%26output%3Dafd_ads%26domain_name%3Dselfservicegeneraligroup.com%26v%3D3%26bsl%3D8%26pac%3D2%26u_his%3D1%26u_tz%3D120%26dt%3D1713335685071%26u_w%3D1024%26u_h%3D768%26biw%3D1009%26bih%3D616%26psw%3D1009%26psh%3D760%26frm%3D0%26uio%3D--%26cont%3Dtc%26drt%3D0%26jsid%3Dcaf%26jsv%3D623135625%26rurl%3Dhttp%253A%252F%252Fselfservicegeneraligroup.com%252F&hl=en&q=EgRRtTk0GIbb_bAGIjACT3pJr805dBCkFxpsUUbhs3ktDDg8TsCyOJ_pdYRyWxV3VGpU2xuczbiWeH2bz_IyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUMConnection: keep-aliveUpgrade-Insecure-Requests: 1
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/webworker.js?hl=en&v=rz4DvU-cY2JYCwHSTck0_qm- HTTP/1.1Host: www.google.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo0NDM.&hl=en&v=rz4DvU-cY2JYCwHSTck0_qm-&size=normal&s=jkYMcceTXa5O0Ql5TftRgDmCgYkPz5gGnrn2IIvbdOT5roe8FKflJH_PAW-QVZa5Jwb9eM13c_0L5Xi4NoFS5624IVNSJIkoPhiOXF6CApz132Cvk-SDE7By3vUrqTv1kZs2ozuzya1IxyTNJn5SQzaL5kDm2Pev9GvHZppY7Sm0XFSYrqIwuN1tSab_ilre7pcGth-Hes5VC3LxDbe7XIbvTKm1-36FKWTciH9JkpVGWXvckVfM5KxkkqBi4PrNUa4aVXYgvR7o70yzur7iGGautLlBMog&cb=yc2zn4iualcvConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /js/bg/KTA1qoE7ZDz05UuzGBms7CVmuC34sZ4nnXwNjg065Po.js HTTP/1.1Host: www.google.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo0NDM.&hl=en&v=rz4DvU-cY2JYCwHSTck0_qm-&size=normal&s=jkYMcceTXa5O0Ql5TftRgDmCgYkPz5gGnrn2IIvbdOT5roe8FKflJH_PAW-QVZa5Jwb9eM13c_0L5Xi4NoFS5624IVNSJIkoPhiOXF6CApz132Cvk-SDE7By3vUrqTv1kZs2ozuzya1IxyTNJn5SQzaL5kDm2Pev9GvHZppY7Sm0XFSYrqIwuN1tSab_ilre7pcGth-Hes5VC3LxDbe7XIbvTKm1-36FKWTciH9JkpVGWXvckVfM5KxkkqBi4PrNUa4aVXYgvR7o70yzur7iGGautLlBMog&cb=yc2zn4iualcvConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/bframe?hl=en&v=rz4DvU-cY2JYCwHSTck0_qm-&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b HTTP/1.1Host: www.google.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: https://www.google.com/sorry/index?continue=https://www.adsensecustomsearchads.com/afs/ads%3Fadtest%3Doff%26psid%3D1167268112%26pcsa%3Dfalse%26channel%3D000002%252C000003%252C002843%252Cbucket003%26client%3Ddp-teaminternet04_3ph%26r%3Dm%26hl%3Den%26rpbu%3Dhttp%253A%252F%252Fselfservicegeneraligroup.com%252F%253Fts%253DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMDN8fHx8fHw2NjFmNmQ4NDliZTQ3fHx8MTcxMzMzNTY4NC43MjYxfGQzNmE5ZjgxODMwYTBiNmNhNDkwMWY4MjU0MzQzODUzNTIyYjUxN2J8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fFpIQXRkR1ZoYldsdWRHVnlibVYwTURSZk0zQm98ZDgyZjM2MWZiZjFhMmNkYjk1Y2Y3NmRjNjczMTAzZDYzZWVlNTdiZHwwfDB8fDB8fHwwfDB8VzEwPXx8MXxXMTA9fDEwMDIxZjAxZTdjYWU3ZTgxMmFhMzg3N2NhOGZhYzEyZmFjMGYxZDh8MHxkcC10ZWFtaW50ZXJuZXQwNF8zcGh8MHwwfHw%25253D%26terms%3DSelf%2520Service%2520Software%252C%25E2%2580%25AASAP%2520Netweaver%252COnline%2520Registration%2520Software%252CHelp%2520Desk%2520Ticket%2520System%252COnboarding%2520Software%26max_radlink_len%3D40%26type%3D3%26uiopt%3Dtrue%26swp%3Das-drid-2105895058331848%26oe%3DUTF-8%26ie%3DUTF-8%26fexp%3D21404%252C17300002%252C17301437%252C17301439%252C17301442%252C17301447%252C17301481%26client_gdprApplies%3D0%26format%3Dr3%257Cs%26nocache%3D6991713335685068%26num%3D0%26output%3Dafd_ads%26domain_name%3Dselfservicegeneraligroup.com%26v%3D3%26bsl%3D8%26pac%3D2%26u_his%3D1%26u_tz%3D120%26dt%3D1713335685071%26u_w%3D1024%26u_h%3D768%26biw%3D1009%26bih%3D616%26psw%3D1009%26psh%3D760%26frm%3D0%26uio%3D--%26cont%3Dtc%26drt%3D0%26jsid%3Dcaf%26jsv%3D623135625%26rurl%3Dhttp%253A%252F%252Fselfservicegeneraligroup.com%252F&hl=en&q=EgRRtTk0GIbb_bAGIjACT3pJr805dBCkFxpsUUbhs3ktDDg8TsCyOJ_pdYRyWxV3VGpU2xuczbiWeH2bz_IyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUMConnection: keep-aliveUpgrade-Insecure-Requests: 1
Source: global traffic	HTTP traffic detected: GET /update/3/GMP/66.0.3/20190410113011/Linux_x86_64-gcc3/null/release-cck-ubuntu/Linux%204.4.0-116-generic%20(GTK%203.18.9%2Clibpulse%208.0.0)/canonical/1.0/update.xml HTTP/1.1Host: aus5.mozilla.orgUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: selfservicegeneraligroup.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-aliveUpgrade-Insecure-Requests: 1
Source: global traffic	HTTP traffic detected: GET /track.php?domain=selfservicegeneraligroup.com&toggle=browserjs&uid=MTcxMzMzNTY4NC42Mzg2OjVmMjExNDhkOTQ3ODAyM2UyODBlYzE0YWFmNmIyNDhlOTQ5YWEzMTNiYmM4MzYzM2IxMjg1OThkYzlmNTBmOTg6NjYxZjZkODQ5YmU5Yg%3D%3D HTTP/1.1Host: selfservicegeneraligroup.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateReferer: http://selfservicegeneraligroup.com/Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /themes/cleanPeppermintBlack_657d9013/img/arrows.png HTTP/1.1Host: d38psrni17bvxu.cloudfront.netUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: image/webp,/Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateReferer: http://selfservicegeneraligroup.com/Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /ls.php?t=661f6d84&token=10021f01e7cae7e812aa3877ca8fac12fac0f1d8 HTTP/1.1Host: selfservicegeneraligroup.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateReferer: http://selfservicegeneraligroup.com/Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /adsense/domains/caf.js?abp=1 HTTP/1.1Host: www.google.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateReferer: http://selfservicegeneraligroup.com/Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: selfservicegeneraligroup.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: image/webp,/Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alive

Source: unknown

DNS traffic detected: queries for: selfservicegeneraligroup.com

Source: cert9.db-journal.34.dr, cert9.db.34.dr	String found in binary or memory: http://crl.pki.goog/gsr2/gsr2.crl0?
Source: cert9.db-journal.34.dr, cert9.db.34.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: cert9.db-journal.34.dr, cert9.db.34.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl0=
Source: 8C0900F504EEA56B743B4031F3F815083E14491B.34.dr	String found in binary or memory: http://d38psrni17bvxu.cloudfront.net/
Source: 1DBCF2C5F4A9AAB308F13D41AB219EA85A810612.34.dr, 27384B62E4E2FBED7D3E85C6EAB6BF998474793D.34.dr	String found in binary or memory: http://d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png
Source: 27384B62E4E2FBED7D3E85C6EAB6BF998474793D.34.dr	String found in binary or memory: http://d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png1
Source: 1DBCF2C5F4A9AAB308F13D41AB219EA85A810612.34.dr	String found in binary or memory: http://d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.pngnecko:classi
Source: cert9.db-journal.34.dr, cert9.db.34.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: cert9.db-journal.34.dr, cert9.db.34.dr	String found in binary or memory: http://ocsp.pki.goog/gsr202
Source: places.sqlite-wal.34.dr	String found in binary or memory: http://selfservicegeneraligroup.com
Source: recovery.jsonlz4.tmp.34.dr, 27384B62E4E2FBED7D3E85C6EAB6BF998474793D.34.dr	String found in binary or memory: http://selfservicegeneraligroup.com/
Source: 8E6243BCB240F8914D10249076C524BAE347081E.34.dr	String found in binary or memory: http://selfservicegeneraligroup.com/favicon.ico
Source: 8E6243BCB240F8914D10249076C524BAE347081E.34.dr	String found in binary or memory: http://selfservicegeneraligroup.com/favicon.icostrongly-framed1request-methodGETresponse-headHTTP/1.
Source: 2F4087E4267A59C0FFA634FA9D0E00268729B4DC.34.dr	String found in binary or memory: http://selfservicegeneraligroup.com/ls.php?t=661f6d84&token=10021f01e7cae7e812aa3877ca8fac12fac0f1d8
Source: places.sqlite-wal.34.dr	String found in binary or memory: http://selfservicegeneraligroup.com/moc.puorgilarenegecivresfles.d
Source: 27384B62E4E2FBED7D3E85C6EAB6BF998474793D.34.dr	String found in binary or memory: http://selfservicegeneraligroup.com/necko:classified1strongly-framed1request-methodGETrequest-Accept
Source: 8C0900F504EEA56B743B4031F3F815083E14491B.34.dr	String found in binary or memory: http://selfservicegeneraligroup.com/predictor::seen1predictor::resource-count3predictor::http://d38p
Source: places.sqlite-wal.34.dr	String found in binary or memory: http://selfservicegeneraligroup.com/selfservicegeneraligroup.commoc.puorgilarenegecivresfles.d
Source: 37D23FAB5FB546A476E38CD3870F42D926504EC7.34.dr	String found in binary or memory: http://selfservicegeneraligroup.com/track.php?domain=selfservicegeneraligroup.com&toggle=browserjs&u
Source: places.sqlite-wal.34.dr	String found in binary or memory: http://selfservicegeneraligroup.comd
Source: places.sqlite-wal.34.dr	String found in binary or memory: http://wiki.ubuntu.com
Source: places.sqlite-wal.34.dr	String found in binary or memory: http://wiki.ubuntu.com/moc.utnubu.ikiw.
Source: places.sqlite-wal.34.dr	String found in binary or memory: http://www.debian.org
Source: places.sqlite-wal.34.dr	String found in binary or memory: http://www.debian.org/gro.naibed.www.
Source: 8C0900F504EEA56B743B4031F3F815083E14491B.34.dr	String found in binary or memory: http://www.google.com/
Source: 8C0900F504EEA56B743B4031F3F815083E14491B.34.dr	String found in binary or memory: http://www.google.com/1
Source: D2A64B5E2F392B99B4EBC1553A17EA010F0E8891.34.dr, 27384B62E4E2FBED7D3E85C6EAB6BF998474793D.34.dr	String found in binary or memory: http://www.google.com/adsense/domains/caf.js?abp=1
Source: 27384B62E4E2FBED7D3E85C6EAB6BF998474793D.34.dr	String found in binary or memory: http://www.google.com/adsense/domains/caf.js?abp=11
Source: D2A64B5E2F392B99B4EBC1553A17EA010F0E8891.34.dr	String found in binary or memory: http://www.google.com/adsense/domains/caf.js?abp=1necko:classified1strongly-framed1request-methodGET
Source: places.sqlite-wal.34.dr	String found in binary or memory: http://www.ubuntu.com
Source: places.sqlite-wal.34.dr	String found in binary or memory: http://www.ubuntu.com/moc.utnubu.www.
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://answers.launchpad.net
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://answers.launchpad.net/ubuntu/
Source: D2A64B5E2F392B99B4EBC1553A17EA010F0E8891.34.dr	String found in binary or memory: https://csp.withgoogle.com/csp/ads-afs-ui
Source: C296EE2E7F76140275BFE32DF9712B635E6BB55B.34.dr	String found in binary or memory: https://csp.withgoogle.com/csp/gws/other
Source: D2A64B5E2F392B99B4EBC1553A17EA010F0E8891.34.dr	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/ads-afs-ui
Source: C296EE2E7F76140275BFE32DF9712B635E6BB55B.34.dr	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/gws/other
Source: webext.sc.lz4.tmp.34.dr	String found in binary or memory: https://github.com/
Source: 8C0900F504EEA56B743B4031F3F815083E14491B.34.dr	String found in binary or memory: https://partner.googleadservices.com/
Source: 8C0900F504EEA56B743B4031F3F815083E14491B.34.dr	String found in binary or memory: https://partner.googleadservices.com/1
Source: 27384B62E4E2FBED7D3E85C6EAB6BF998474793D.34.dr	String found in binary or memory: https://partner.googleadservices.com/gampad/cookie.js?domain=selfservicegeneraligroup.com&client=dp-
Source: cert9.db-journal.34.dr, cert9.db.34.dr	String found in binary or memory: https://pki.goog/repository/0
Source: 4098689E1EA45FF0094F1C8088E49251FFFF7585.34.dr	String found in binary or memory: https://snippets.cdn.mozilla.net/6/Firefox/66.0.3/20190410113011/Linux_x86_64-gcc3/en-US/release-cck
Source: C389DE279BF5275924497D5B33D1F1900116E591.34.dr, 4098689E1EA45FF0094F1C8088E49251FFFF7585.34.dr	String found in binary or memory: https://snippets.cdn.mozilla.net/us-west/bundles-pregen/Firefox/en-us/default.json
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://support.mozilla.org
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://support.mozilla.org/en-US/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=fire
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://support.mozilla.org/en-US/products/firefoxgro.allizom.troppus.
Source: D2A64B5E2F392B99B4EBC1553A17EA010F0E8891.34.dr	String found in binary or memory: https://www.adsensecustomsearchads.com
Source: A63C11DE5F2C5CEF985CF75DF4EFB9ECC9BF06B8.34.dr	String found in binary or memory: https://www.adsensecustomsearchads.com/
Source: C296EE2E7F76140275BFE32DF9712B635E6BB55B.34.dr	String found in binary or memory: https://www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=1167268112&pcsa=false&channel=000002%
Source: A63C11DE5F2C5CEF985CF75DF4EFB9ECC9BF06B8.34.dr	String found in binary or memory: https://www.adsensecustomsearchads.com/predictor::seen1
Source: cert9.db-journal.34.dr, cert9.db.34.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: B13A714441C11853FE6BA40EFF6C7097378009F7.34.dr	String found in binary or memory: https://www.google.com/recaptcha/api.js
Source: B13A714441C11853FE6BA40EFF6C7097378009F7.34.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/
Source: C296EE2E7F76140275BFE32DF9712B635E6BB55B.34.dr	String found in binary or memory: https://www.google.com/sorry/index?continue=https://www.adsensecustomsearchads.com/afs/ads%3Fadtest%
Source: E6D3854E385D14EBC6F74CDE30437FFAD732EA8E.34.dr	String found in binary or memory: https://www.googleadservices.com/pagead/p3p.xml
Source: B13A714441C11853FE6BA40EFF6C7097378009F7.34.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/releases/rz4DvU-cY2JYCwHSTck0_qm-/recaptcha__en.js
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://www.mozilla.org
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://www.mozilla.org/en-US/about/gro.allizom.www.
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://www.mozilla.org/en-US/contribute/gro.allizom.www.
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://www.mozilla.org/en-US/firefox/central/gro.allizom.www.
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.

Source: unknown	Network traffic detected: HTTP traffic on port 58570 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 45366
Source: unknown	Network traffic detected: HTTP traffic on port 57386 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57384 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 35058 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 35068
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57378
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 35066
Source: unknown	Network traffic detected: HTTP traffic on port 35054 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 35052 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 35068 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 45366 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 35066 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 35074 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57386
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 35058
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 35078
Source: unknown	Network traffic detected: HTTP traffic on port 35078 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 35054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58570
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57384
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 35052
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 35074
Source: unknown	Network traffic detected: HTTP traffic on port 57378 -> 443

Source: unknown

HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.20:58570 version: TLS 1.2

Source: classification engine

Classification label: clean2.lin@0/75@24/0

Creates hidden files and/or directories

Source: /usr/bin/exo-open (PID: 4785)	Directory: /home/james/.Xauthority	Jump to behavior
Source: /usr/bin/exo-open (PID: 4785)	Directory: /home/james/.cache	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1 (PID: 4793)	Directory: /home/james/.Xauthority	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1 (PID: 4793)	Directory: /home/james/.cache	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1 (PID: 4793)	Directory: /home/james/.local	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1 (PID: 4793)	Directory: /home/james/.config	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4800)	Directory: /home/james/.Xauthority	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4800)	File: /tmp/firefox_james/.parentlock	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4800)	Directory: /home/james/.Xauthority	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4800)	File: /home/james/.mozilla/firefox/5zxot757.default/.parentlock	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4800)	File: /home/james/.cache/mozilla/firefox/5zxot757.default/.startup-incomplete	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4800)	Directory: /home/james/.Xdefaults-ubuntu	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4800)	Directory: /home/james/.mime.types	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4800)	Directory: /home/james/.mozilla/firefox/5zxot757.default/storage/permanent/chrome/.metadata-v2	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4800)	Directory: /home/james/.mailcap	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4800)	Directory: /home/james/.cache	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4828)	Directory: /home/james/.Xauthority	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4828)	Directory: /home/james/.drirc	Jump to behavior
Source: /usr/bin/dbus-launch (PID: 4862)	Directory: /home/james/.Xauthority	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4929)	Directory: /home/james/.Xauthority	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4977)	Directory: /home/james/.Xauthority	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 5019)	Directory: /home/james/.Xauthority	Jump to behavior

Creates hidden files without content (potentially used as a mutex)

Source: /usr/lib/firefox/firefox (PID: 4800)	Empty hidden file: /tmp/firefox_james/.parentlock	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4800)	Empty hidden file: /home/james/.cache/mozilla/firefox/5zxot757.default/.startup-incomplete	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4800)	Empty hidden file: /home/james/.mozilla/firefox/5zxot757.default/.parentlock	Jump to behavior

Uses the "uname" system call to query kernel version information (possible evasion)

Source: /usr/bin/exo-open (PID: 4785)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1 (PID: 4793)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4800)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4828)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/dbus-launch (PID: 4862)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4929)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4977)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 5019)	Queries kernel information via 'uname':	Jump to behavior

Queries the installed Ubuntu/CentOS release

Source: /usr/lib/firefox/firefox (PID: 4842)

Arguments: /usr/bin/lsb_release -> /usr/bin/python3 -Es /usr/bin/lsb_release -idrc

Jump to behavior

ID:	1427195
Product:	CloudBasic
Start time:	08:34:03
Start date:	17.04.2024
Cookbook:	browseurl.jbs
System description:	Ubuntu Linux 16.04 x64 (Kernel 4.4.0-116, Firefox 88.0, Document Viewer 3.18.2, LibreOffice 5.1.6.2, OpenJDK 1.8.0_171)
Architecture:	LINUX

Linux Analysis Report
http://selfservicegeneraligroup.com

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Networking

System Summary

Persistence and Installation Behavior

Malware Analysis System Evasion

Language, Device and Operating System Detection

Screenshots

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Linux Analysis Report http://selfservicegeneraligroup.com

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Networking

System Summary

Persistence and Installation Behavior

Malware Analysis System Evasion

Language, Device and Operating System Detection

Screenshots

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Linux Analysis Report
http://selfservicegeneraligroup.com