Loading ...

Play interactive tourEdit tour

Analysis Report http://80.82.67.184/richard

Overview

General Information

Joe Sandbox Version:28.0.0 Lapis Lazuli
Analysis ID:201041
Start date:14.01.2020
Start time:23:58:33
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 4m 25s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:browseurl.jbs
Sample URL:http://80.82.67.184/richard
Analysis system description:Ubuntu Linux 16.04 x64 (Kernel 4.4.0-116, Firefox 59.0, Document Viewer 3.18.2, LibreOffice 5.1.6.2, OpenJDK 1.8.0_171)
Detection:CLEAN
Classification:clean1.lin@0/56@0/0
Warnings:
Show All
  • Excluded IPs from analysis (whitelisted): 91.189.92.41, 91.189.92.20, 91.189.92.38, 91.189.92.19, 143.204.15.2, 143.204.15.43, 143.204.15.72, 143.204.15.47, 2.20.142.253, 2.20.142.202
  • Excluded domains from analysis (whitelisted): a19.dscg10.akamai.net, api.snapcraft.io, ciscobinary.openh264.org, incoming.telemetry.mozilla.org, a17.rackcdn.com.mdc.edgesuite.net, aus5.mozilla.org, search.services.mozilla.com, location.services.mozilla.com, activity-stream-icons.services.mozilla.com

Detection

StrategyScoreRangeReportingWhitelistedDetection
Threshold10 - 100falseclean

Classification

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Remote ManagementHidden Files and Directories1Port MonitorsHidden Files and Directories1Credential DumpingSecurity Software Discovery1Application Deployment SoftwareData from Local SystemData CompressedStandard Cryptographic Protocol1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Replication Through Removable MediaService ExecutionPort MonitorsAccessibility FeaturesBinary PaddingNetwork SniffingApplication Window DiscoveryRemote ServicesData from Removable MediaExfiltration Over Other Network MediumStandard Application Layer Protocol1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout

Signature Overview

Click to jump to signature section


Networking:

barindex
Connects to IPs without corresponding DNS lookupsShow sources
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.67.184
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.67.184
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.67.184
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.67.184
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.67.184
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.67.184
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.67.184
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.67.184
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.67.184
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.67.184
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.67.184
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.67.184
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.67.184
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.67.184
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.67.184
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.67.184
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.67.184
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.67.184
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.67.184
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.67.184
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.67.184
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.67.184
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.67.184
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.67.184
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.67.184
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.67.184
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.67.184
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.67.184
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.67.184
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.67.184
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.67.184
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.67.184
Urls found in memory or binary dataShow sources
Source: 84994CF72DFE1657F1651E673865EA34C0410336.32.drString found in binary or memory: http://80.82.67.184/
Source: 84994CF72DFE1657F1651E673865EA34C0410336.32.drString found in binary or memory: http://80.82.67.184/predictor::seen1
Source: DB86BBDC253E97828558379CCB123BA87C4EF54F.32.drString found in binary or memory: http://80.82.67.184/richard
Source: DB86BBDC253E97828558379CCB123BA87C4EF54F.32.drString found in binary or memory: http://80.82.67.184/richardnecko:classified1
Source: scriptCache-child-new.bin.32.drString found in binary or memory: http://lists.w3.org/Archives/Public/www-xml-linking-comments/2001AprJun/att-0074/01-NOTE-FIXptr-2001
Source: scriptCache-child-new.bin.32.drString found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: scriptCache-child-new.bin.32.drString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: scriptCache-new.bin.32.drString found in binary or memory: http://www.mozilla.org/2006/addons-blocklist
Source: scriptCache-new.bin.32.drString found in binary or memory: http://www.mozilla.org/2006/addons-blocklisti
Source: scriptCache-new.bin.32.drString found in binary or memory: http://www.mozilla.org/2006/addons-blocklistihttp://www.mozilla.org/newlayout/xml/parsererror.xmlcch
Source: scriptCache-new.bin.32.drString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: scriptCache-new.bin.32.drString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul/
Source: scriptCache-new.bin.32.drString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul/customizableui-special-;browser.uiCust
Source: scriptCache-new.bin.32.drString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul;
Source: scriptCache-new.bin.32.drString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul;browser.uiCustomization.debug
Source: scriptCache-new.bin.32.drString found in binary or memory: http://www.mozilla.org/newlayout/xml/parsererror.xmlc
Source: scriptCache-new.bin.32.drString found in binary or memory: http://www.openh264.org/
Source: scriptCache-new.bin.32.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1100294
Source: scriptCache-new.bin.32.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1238180
Source: scriptCache-new.bin.32.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1243643
Source: scriptCache-new.bin.32.drString found in binary or memory: https://developer.mozilla.org/docs/JavaScript_OS.File
Source: scriptCache-new.bin.32.drString found in binary or memory: https://developer.mozilla.org/en-US/docs/JavaScript_OS.File/OS.File.Info#Cross-platform_Attributes/
Source: scriptCache-new.bin.32.drString found in binary or memory: https://developer.mozilla.org/en-US/docs/JavaScript_OS.File/OS.File.Info#Cross-platform_Attributes/_
Source: scriptCache-new.bin.32.drString found in binary or memory: https://discovery.addons-dev.allizom.org
Source: scriptCache-new.bin.32.drString found in binary or memory: https://discovery.addons.allizom.orgQ
Source: scriptCache-new.bin.32.drString found in binary or memory: https://discovery.addons.allizom.orgQhttps://discovery.addons-dev.allizom.org
Source: scriptCache-new.bin.32.drString found in binary or memory: https://discovery.addons.mozilla.org
Source: scriptCache-new.bin.32.drString found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/c61f5f5ead48c78a80c80db5c489bdc7cfaf8175
Source: scriptCache-new.bin.32.drString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1O
Source: scriptCache-new.bin.32.drString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1Oextensions.shield-recipe-client.api_urlQextensions.shield-re
Source: scriptCache-new.bin.32.drString found in binary or memory: https://screenshots.firefox.com/
Source: 7D0DF88A5F52C22C222EA72EA1AC18B62CF57B56.32.drString found in binary or memory: https://search.services.mozilla.com/1/firefox/59.0/release-cck-ubuntu/en-US/CH/canonical/1.0
Source: scriptCache-new.bin.32.drString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shielde
Source: scriptCache-new.bin.32.drString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shieldeextensions.shield-recipe-client
Source: scriptCache-new.bin.32.drString found in binary or memory: https://support.mozilla.org/kb/flash-protected-mode-autodisabled
Source: scriptCache-new.bin.32.drString found in binary or memory: https://support.mozilla.org/kb/reset-firefox-easily-fix-most-problems
Source: scriptCache-new.bin.32.drString found in binary or memory: https://support.mozilla.org/kb/warning-unresponsive-script#w_other-causes
Source: scriptCache-new.bin.32.drString found in binary or memory: https://www.google.com/policies/privacy/3
Source: scriptCache-new.bin.32.drString found in binary or memory: https://www.google.com/policies/privacy/3https://www.widevine.com/
Source: scriptCache-new.bin.32.drString found in binary or memory: https://www.widevine.com/
Uses HTTPSShow sources
Source: unknownNetwork traffic detected: HTTP traffic on port 46420 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 46420
Source: unknownNetwork traffic detected: HTTP traffic on port 58626 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 34848
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58626
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58048
Source: unknownNetwork traffic detected: HTTP traffic on port 58048 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 34848 -> 443

System Summary:

barindex
Classification labelShow sources
Source: classification engineClassification label: clean1.lin@0/56@0/0

Persistence and Installation Behavior:

barindex
Creates hidden files and/or directoriesShow sources
Source: /usr/bin/exo-open (PID: 20833)Directory: /home/user/.cache
Source: /usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1 (PID: 20848)Directory: /home/user/.cache
Source: /usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1 (PID: 20848)Directory: /home/user/.local
Source: /usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1 (PID: 20848)Directory: /home/user/.config
Source: /usr/lib/firefox/firefox (PID: 20857)Directory: /home/user/.cache

Malware Analysis System Evasion:

barindex
Uses the "uname" system call to query kernel version information (possible evasion)Show sources
Source: /usr/bin/exo-open (PID: 20833)Queries kernel information via 'uname':
Source: /usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1 (PID: 20848)Queries kernel information via 'uname':
Source: /usr/lib/firefox/firefox (PID: 20857)Queries kernel information via 'uname':
Source: /usr/lib/firefox/firefox (PID: 20893)Queries kernel information via 'uname':
Source: /usr/bin/dbus-launch (PID: 20906)Queries kernel information via 'uname':
Source: /usr/bin/dbus-launch (PID: 20935)Queries kernel information via 'uname':
Source: /usr/lib/firefox/firefox (PID: 20963)Queries kernel information via 'uname':
Source: /usr/lib/firefox/firefox (PID: 21022)Queries kernel information via 'uname':

Language, Device and Operating System Detection:

barindex
Queries the installed Ubuntu/CentOS releaseShow sources
Source: /usr/lib/firefox/firefox (PID: 20916)Arguments: /usr/bin/lsb_release -> /usr/bin/python3 -Es /usr/bin/lsb_release -idrc

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 201041 URL: http://80.82.67.184/richard Startdate: 14/01/2020 Architecture: LINUX Score: 1 25 locprod1-elb-eu-west-1.prod.mozaws.net 3.248.137.36, 34848, 443 unknown United States 2->25 27 pipeline-incoming-prod-elb-149169523.us-west-2.elb.amazonaws.com 35.161.170.1, 443, 46420 unknown United States 2->27 29 3 other IPs or domains 2->29 9 exo-open 2->9         started        process3 process4 11 exo-open 9->11         started        process5 13 exo-open exo-helper-1 11->13         started        process6 15 exo-helper-1 sensible-browser x-www-browser firefox 13->15         started        process7 17 firefox dbus-launch 15->17         started        19 firefox dbus-launch 15->19         started        21 firefox lsb_release 15->21         started        23 5 other processes 15->23

Yara Overview

Initial Sample

No yara matches

PCAP (Network Traffic)

No yara matches

Dropped Files

No yara matches

Sigma Overview

No Sigma rule has matched

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://discovery.addons.allizom.orgQ0%Avira URL Cloudsafe
http://80.82.67.184/richardnecko:classified10%Avira URL Cloudsafe
http://80.82.67.184/predictor::seen10%Avira URL Cloudsafe
https://discovery.addons-dev.allizom.org0%Avira URL Cloudsafe
http://80.82.67.184/10%VirustotalBrowse
http://80.82.67.184/0%Avira URL Cloudsafe
https://discovery.addons.allizom.orgQhttps://discovery.addons-dev.allizom.org0%Avira URL Cloudsafe
http://80.82.67.184/richard14%VirustotalBrowse
http://80.82.67.184/richard0%Avira URL Cloudsafe

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Startup

  • system is lnxubuntu1
  • exo-open (PID: 20833, Parent: 20763, MD5: 39c5fa78f1cb3d950b9944f784018d3a) Arguments: exo-open http://80.82.67.184/richard
    • exo-open New Fork (PID: 20847, Parent: 20833)
      • exo-open New Fork (PID: 20848, Parent: 20847)
      • exo-helper-1 (PID: 20848, Parent: 20139, MD5: c27a648e34ba5ce625d064af015be147) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1 --launch WebBrowser http://80.82.67.184/richard
        • sensible-browser (PID: 20857, Parent: 20848, MD5: a5909f49ad9c97574d2b4c49cc24905d) Arguments: /bin/sh /usr/bin/sensible-browser http://80.82.67.184/richard
        • x-www-browser (PID: 20857, Parent: 20848, MD5: 42b33a4578e4a51d8a5d1010c466a9d7) Arguments: /bin/sh /usr/bin/x-www-browser http://80.82.67.184/richard
          • which (PID: 20858, Parent: 20857, MD5: e942f154ef9d9974366551d2d231d936) Arguments: /bin/sh /usr/bin/which /usr/bin/x-www-browser
        • firefox (PID: 20857, Parent: 20848, MD5: a4440256f73e7450b27eeb48d0d5f804) Arguments: /usr/lib/firefox/firefox http://80.82.67.184/richard
          • firefox New Fork (PID: 20859, Parent: 20857)
          • firefox New Fork (PID: 20893, Parent: 20857)
          • firefox New Fork (PID: 20906, Parent: 20857)
          • dbus-launch (PID: 20906, Parent: 20857, MD5: e4a469f27d130d783c21ce9c1c4456c3) Arguments: dbus-launch --autolaunch f0b45546524a75b2e6e8e8a55aab94da --binary-syntax --close-stderr
          • firefox New Fork (PID: 20916, Parent: 20857)
          • lsb_release (PID: 20916, Parent: 20857, MD5: 18cba7de7bfedd0d9f027bd1c54cc2b2) Arguments: /usr/bin/python3 -Es /usr/bin/lsb_release -idrc
          • firefox New Fork (PID: 20935, Parent: 20857)
          • dbus-launch (PID: 20935, Parent: 20857, MD5: e4a469f27d130d783c21ce9c1c4456c3) Arguments: dbus-launch --autolaunch=f0b45546524a75b2e6e8e8a55aab94da --binary-syntax --close-stderr
          • firefox New Fork (PID: 20963, Parent: 20857)
          • firefox (PID: 20963, Parent: 20857, MD5: a4440256f73e7450b27eeb48d0d5f804) Arguments: /usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -intPrefs 6:50|7:-1|19:0|34:1000|42:20|43:5|44:10|51:0|57:128|58:10000|63:0|65:400|66:1|67:0|68:0|69:100|74:0|75:120|76:120|159:2|160:1|164:60|165:30|166:512000|175:5000|177:6|191:8192|192:524288|193:5|206:10000|227:24|228:32768|230:0|231:0|240:5|244:1048576|246:100|247:5000|249:600|250:4|251:1|260:2000|277:3|290:60000|308:300|309:30| -boolPrefs 1:0|2:0|4:1|5:0|24:1|27:0|28:1|29:1|31:1|32:1|33:1|36:0|37:0|38:1|41:1|45:1|46:0|47:0|48:1|49:1|50:1|52:0|55:1|56:1|59:0|60:0|61:0|62:0|64:0|70:1|71:1|72:0|73:1|77:1|78:1|79:0|80:0|81:1|82:1|83:0|84:1|87:0|88:0|91:1|92:1|96:1|97:1|98:0|99:1|100:0|101:0|103:0|104:0|105:1|106:1|107:1|110:1|111:1|112:1|113:1|114:1|115:0|116:0|117:0|119:0|120:1|121:1|122:0|123:0|124:0|125:0|127:1|128:0|129:1|130:1|131:1|132:0|133:0|134:1|135:1|136:1|137:1|138:0|139:1|140:1|141:1|142:1|143:1|144:1|145:0|146:1|147:1|148:0|1 50:0|152:0|153:0|154:0|155:1|156:1|157:1|158:1|161:1|162:0|172:0|173:0|174:1|178:0|180:1|181:0|182:1|184:1|186:0|187:0|190:0|194:1|195:0|196:1|197:1|198:0|201:1|205:1|207:1|208:0|210:1|213:0|225:0|226:0|229:0|232:0|234:1|235:1|237:1|238:0|245:1|248:1|253:0|254:0|255:0|256:1|257:1|258:0|259:1|264:0|267:1|268:1|269:1|270:1|271:1|272:0|273:0|279:1|282:0|283:0|284:1|285:1|286:0|287:1|288:1|289:1|291:0|292:0|294:0|303:1|304:1|305:0|306:0|307:0| -stringPrefs "3:7;release|151:0;|212:3;1.0|223:332; \\u00A0\\u00BC\\u00BD\\u00BE\\u01C3\\u02D0\\u0337\\u0338\\u0589\\u058A\\u05C3\\u05F4\\u0609\\u060A\\u066A\\u06D4\\u0701\\u0702\\u0703\\u0704\\u115F\\u1160\\u1735\\u2000\\u2001\\u2002\\u2003\\u2004\\u2005\\u2006\\u2007\\u2008\\u2009\\u200A\\u200B\\u200E\\u200F\\u2010\\u2019\\u2024\\u2027\\u2028\\u2029\\u202A\\u202B\\u202C\\u202D\\u202E\\u202F\\u2039\\u203A\\u2041\\u2044\\u2052\\u205F\\u2153\\u2154\\u2155\\u2156\\u2157\\u2158\\u2159\\u215A\\u215B\\u215C\\u215D\\u215E\\u215F\\u2215\\u2236\\u23AE\\u2571\\u29F6\\u29F8\\u2AFB\\u2AFD\\u2FF0\\u2FF1" -schedulerPrefs 0001,2 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appdir /usr/lib/firefox/browser 20857 true tab
          • firefox New Fork (PID: 21022, Parent: 20857)
          • firefox (PID: 21022, Parent: 20857, MD5: a4440256f73e7450b27eeb48d0d5f804) Arguments: /usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -intPrefs 6:50|7:-1|19:0|34:1000|42:20|43:5|44:10|51:0|57:128|58:10000|63:0|65:400|66:1|67:0|68:0|69:100|74:0|75:120|76:120|159:2|160:1|164:60|165:30|166:512000|175:5000|177:6|191:8192|192:524288|193:5|206:10000|227:24|228:32768|230:0|231:0|240:5|244:1048576|246:100|247:5000|249:600|250:4|251:1|260:2000|277:3|290:60000|308:300|309:30| -boolPrefs 1:0|2:0|4:1|5:0|24:1|27:0|28:1|29:1|31:1|32:1|33:1|36:0|37:0|38:1|41:1|45:1|46:0|47:0|48:1|49:1|50:1|52:0|55:1|56:1|59:0|60:0|61:0|62:0|64:0|70:1|71:1|72:0|73:1|77:1|78:1|79:0|80:0|81:1|82:1|83:0|84:1|87:0|88:0|91:1|92:1|96:1|97:1|98:0|99:1|100:0|101:0|103:0|104:0|105:1|106:1|107:1|110:1|111:1|112:1|113:1|114:1|115:0|116:0|117:0|119:0|120:1|121:1|122:0|123:0|124:0|125:0|127:1|128:0|129:1|130:1|131:1|132:0|133:0|134:1|135:1|136:1|137:1|138:0|139:1|140:1|141:1|142:1|143:1|144:1|145:0|146:1|147:1|148:0|1 50:0|152:0|153:0|154:0|155:1|156:1|157:1|158:1|161:1|162:0|172:0|173:0|174:1|178:0|180:1|181:0|182:1|184:1|186:0|187:0|190:0|194:1|195:0|196:1|197:1|198:0|201:1|205:1|207:1|208:0|210:1|213:0|225:0|226:0|229:0|232:0|234:1|235:1|237:1|238:0|245:1|248:1|253:0|254:0|255:0|256:1|257:1|258:0|259:1|264:0|267:1|268:1|269:1|270:1|271:1|272:0|273:0|279:1|282:0|283:0|284:1|285:1|286:0|287:1|288:1|289:1|291:0|292:0|294:0|303:1|304:1|305:0|306:0|307:0| -stringPrefs "3:7;release|151:0;|212:3;1.0|223:332; \\u00A0\\u00BC\\u00BD\\u00BE\\u01C3\\u02D0\\u0337\\u0338\\u0589\\u058A\\u05C3\\u05F4\\u0609\\u060A\\u066A\\u06D4\\u0701\\u0702\\u0703\\u0704\\u115F\\u1160\\u1735\\u2000\\u2001\\u2002\\u2003\\u2004\\u2005\\u2006\\u2007\\u2008\\u2009\\u200A\\u200B\\u200E\\u200F\\u2010\\u2019\\u2024\\u2027\\u2028\\u2029\\u202A\\u202B\\u202C\\u202D\\u202E\\u202F\\u2039\\u203A\\u2041\\u2044\\u2052\\u205F\\u2153\\u2154\\u2155\\u2156\\u2157\\u2158\\u2159\\u215A\\u215B\\u215C\\u215D\\u215E\\u215F\\u2215\\u2236\\u23AE\\u2571\\u29F6\\u29F8\\u2AFB\\u2AFD\\u2FF0\\u2FF1" -schedulerPrefs 0001,2 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appdir /usr/lib/firefox/browser 20857 true tab
  • cleanup

Created / dropped Files

/home/user/.cache/dconf/user
Process:/usr/lib/firefox/firefox
File Type:very short file (no magic)
Size (bytes):1
Entropy (8bit):0.0
Encrypted:false
MD5:93B885ADFE0DA089CDF634904FD59F71
SHA1:5BA93C9DB0CFF93F52B521D7420E43F6EDA2784F
SHA-256:6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D
SHA-512:B8244D028981D693AF7B456AF8EFA4CAD63D282E19FF14942C246E50D9351D22704A802A71C3580B6370DE4CEB293C324A8423342557D4E5C38438F0E36910EE
Malicious:false
Reputation:low
Preview: .
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/activity-stream.tippytop.json.tmp
Process:/usr/lib/firefox/firefox
File Type:ASCII text, with very long lines, with no line terminators
Size (bytes):96113
Entropy (8bit):5.07565301648662
Encrypted:false
MD5:E78DA7333B199D8FA92A6B62423AC5F4
SHA1:95698838AA0E5A5C7CB782E1416684AAE38F2797
SHA-256:43CE733A5AE6739ECD948B81EF92FB1F722E5831EBA37463EB6FA69770979A04
SHA-512:26E9BBA2B3A907EA5E21F0712A4BC284BCA0910DD81B5B1969D3C9814E1723293297BF510445D0EA30951E9458A43D1FAEE2CA2926F3773221CD0E970DB40443
Malicious:false
Reputation:low
Preview: {"sites":{"01net.com":{"image_url":"https://static.bfmtv.com/ressources/favicon/site01net/apple-touch-icon-144x144.png"},"104.com.tw":{"image_url":"https://static.104.com.tw/logo/104logo_o_152x152_appletouchicon.png"},"1111.com.tw":{"image_url":"https://www.1111.com.tw/1111app/images/1111-job-1.png"},"123rf.com":{"image_url":"https://static-cdn.123rf.com/images/faviconBig.png"},"1688.com":{"image_url":"http://m.1688.com/144px.png"},"17173.com":{"image_url":"http://ue1.17173cdn.com/a/www/index/2015/m/img/touch-icon-120x120.png"},"17track.net":{"image_url":"http://res.17track.net/global-v2/imgs/oauth_image/apple_touch_152x152.png"},"1and1.com":{"image_url":"https://www.1and1.com/modules/frontend-elements/img/components/header/apple-touch-icon-114x114px.png"},"1tv.ru":{"image_url":"https://static.1tv.ru/assets/web/favicon/android-chrome-192x192-2414f320deff0830ead81c2d9e7da72f.png"},"20minutes.fr":{"image_url":"https://assets-v.20mn.fr/favicons/favicon-194x194.png"},"20minutos.es":{"image
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/cache2/entries/7D0DF88A5F52C22C222EA72EA1AC18B62CF57B56
Process:/usr/lib/firefox/firefox
File Type:data
Size (bytes):17261
Entropy (8bit):5.975748168197408
Encrypted:false
MD5:F0235978CB0625964A42C3E5EA2DB334
SHA1:4C1C93A80B471C91B40697D9B859AFD1805BD69E
SHA-256:5A6AE030603D8AA5CD7DE3B4F3ED00DF135E36280452C095CB37CE7089094631
SHA-512:7CE1B3D030A26BEA4324F4881292C58C54A541DF380833AE6CC2A813FBCDFAF9F4ECEDBA490D050B9EC34A96D58FC88DC46B0439CAE3BE6B2ECC9DD55EFEE1DC
Malicious:false
Reputation:low
Preview: {"cohort": "nov17-1", "interval": 86400, "settings": {"visibleDefaultEngines": ["amazondotcom", "bing", "ebay-ch", "google", "twitter", "wikipedia", "ddg"]}}1.}&..........^.U.^.U.A<........]....:https://search.services.mozilla.com/1/firefox/59.0/release-cck-ubuntu/en-US/CH/canonical/1.0.necko:classified.1.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAQAAgAAAAAAAAAAAAAAAAAAAAAB4vFIJp5wRkeyPxAQ9RJGKPqbqVvKO0mKuIl8ec8o/uhmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAbkMIIG4DCCBcigAwIBAgIQAt4CMcFuYGMCNcufow2/wTANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5EaWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTkxMjEwMDAwMDAwWhcNMjIwMjEwMTIwMDAwWjCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxHDAaBgNVBAoTE01vemlsbGEgQ29ycG9yYXRpb24xFzAVBgNVBAsTDkNsb3VkIFNlcnZpY2VzMR8wHQYDVQQDDBYqLnNlcnZpY2VzLm1vemlsbGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApJfZS3Xc++qIYqh70MSR
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/cache2/entries/84994CF72DFE1657F1651E673865EA34C0410336
Process:/usr/lib/firefox/firefox
File Type:data
Size (bytes):98
Entropy (8bit):4.741008376119208
Encrypted:false
MD5:060D8AC4A4656731E5BCDDD0372B8F89
SHA1:3BF0FAF7D3F8F2E7FCCA61D5B1CF2A63B9CF6593
SHA-256:2CF02669F91B224190419304CBE9D4C987B92FFB473C76EE78ACFB1FC62BCD0C
SHA-512:538A3F82CFB1BF6465683B4629E239B012E8B3A7334DDEF9B03ED66D8178C91A62572E41A265E0AE62CEA465DDD6777F3317AA711C1E8839809B12C34F8A2070
Malicious:false
Reputation:low
Preview: ............^.U.^.U.A<........'....~predictor-origin,:http://80.82.67.184/.predictor::seen.1.....
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/cache2/entries/DB86BBDC253E97828558379CCB123BA87C4EF54F
Process:/usr/lib/firefox/firefox
File Type:data
Size (bytes):88
Entropy (8bit):4.752465716267246
Encrypted:false
MD5:3323B65A897FB140E2B4B36CEBF3E78E
SHA1:5017B6E762FA45FF0B2B3DDE4CEAF2CD49B5BFC2
SHA-256:1C46AF479BF9AAF599FE9478B2F04D7098CA816750D7B5FAE4D92B67D74BB2AC
SHA-512:8B1B5CF9C2F0E15D05974EDC1A6984A3DFF47E8FD8163D562EFA2C9F20CFCA5B6D24F7F735EE2F3FAC18C2FCEF51323829EA5AF5D593E516B3BD62EFE260DE99
Malicious:false
Reputation:low
Preview: ..c.........^.U.^.U.A<.............:http://80.82.67.184/richard.necko:classified.1.....
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/allow-flashallow-digest256.pset
Process:/usr/lib/firefox/firefox
File Type:data
Size (bytes):16
Entropy (8bit):0.3372900666170139
Encrypted:false
MD5:076933FF9904D1110D896E2C525E39E5
SHA1:4188442577FA77F25820D9B2D01CC446E30684AC
SHA-256:4CBBD8CA5215B8D161AEC181A74B694F4E24B001D5B081DC0030ED797A8973E0
SHA-512:6FCEE9A7B7A7B821D241C03C82377928BC6882E7A08C78A4221199BFA220CDC55212273018EE613317C8293BB8D1CE08D1E017508E94E06AB85A734C99C7CC34
Malicious:false
Reputation:low
Preview: ................
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/allow-flashallow-digest256.sbstore
Process:/usr/lib/firefox/firefox
File Type:data
Size (bytes):232
Entropy (8bit):3.59524688231097
Encrypted:false
MD5:D886A47C89D9C49C795DA345BC236990
SHA1:59E863E0D2B4E428D8C738D48FA0F6F7BAC36849
SHA-256:A03C5E2656D2F292BF5794C8EEB8D223CD6BA4F4BFB2ED1F325460E879D0BCF7
SHA-512:8B5A117BC33463F181458F0A99C14657B365CE2A7695DB346D2D086109176AD019DBD5A5F34F09DC3438E6C89CA93D83875DAA6D463EB06D995A2523FE51A5ED
Malicious:false
Reputation:low
Preview: ;.1..............................C.X....x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x.......5...8........G...r.E...&Y...Z.;O.C.X....Y9.H...]..
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/base-track-digest256.pset
Process:/usr/lib/firefox/firefox
File Type:data
Size (bytes):16
Entropy (8bit):0.3372900666170139
Encrypted:false
MD5:076933FF9904D1110D896E2C525E39E5
SHA1:4188442577FA77F25820D9B2D01CC446E30684AC
SHA-256:4CBBD8CA5215B8D161AEC181A74B694F4E24B001D5B081DC0030ED797A8973E0
SHA-512:6FCEE9A7B7A7B821D241C03C82377928BC6882E7A08C78A4221199BFA220CDC55212273018EE613317C8293BB8D1CE08D1E017508E94E06AB85A734C99C7CC34
Malicious:false
Reputation:low
Preview: ................
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/base-track-digest256.sbstore
Process:/usr/lib/firefox/firefox
File Type:data
Size (bytes):64888
Entropy (8bit):7.7710650452659005
Encrypted:false
MD5:CD82F4495EAFE523B9B6B938C828611B
SHA1:F81F7EDE77BAEB51D397DF96E337677E4957DB7B
SHA-256:576A0D2C3AD8D66BB202439B18F9FD563F92D9DDD9582A3C4CCE0ECAFD4F0908
SHA-512:2AE3B849C601B9614FA26C77FD63B9C022A5871E0A4322929DD3589F14F5AA4E4A368C41FC2BF732CD861B1DB9542D889172812C2CD2242006562FC24E78F7E7
Malicious:false
Reputation:low
Preview: ;.1..............................$(Z....x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x.........0...6....#....O......Rg.m../.$(Z...z+...m....S..5..6..H.e..B...$(Z.Yo..V..}B1.1k.........oS...y%..$(Z.q#..QD.:..",=(.....l.......7.O..$(Z...*.q.......A-@..R.,.m.....4.$(Z......AS..F...b.. .V....o.Rs.3.$(Z...ua...`...-.#,..{....D..RI....$(Z..'.Y.....<~..H.(.).}...7...#w..$(Z.N...P......o.}4.<......'.@py....$(Z.U.......V.yb...n......E.>.....$(Z.Y..(.xZ..}...aFfuj.x.......@..$(Z.h}...W@hC..6.B|xoU/VY.p.....4..$(Z...#...g.T..<BwH.t...4..#.jN:...$(Z..Z7.15.J@h...Q..x....k.?.{..B.$(Z..p..i...W.H..JQ.y\|3vD.~.).f..$(Z...U....X..3.}..*,.>..c."9o.<.$(Z...C.....8u..H.....a..j..Xb..n..$(Z..mR......D..qD#...w....f.O.?...$(Z.Sx..W......v.>7v...>..g.{......$(Z.S.~,(.F."o.d.L.-P..h...v...\..$(Z...5X.....=....z'c..^..R.{..<..$(Z..l...-...>..X.^..8..`...%.Y#...$(Z...s...R!C>.W.$.........
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/block-flash-digest256.pset
Process:/usr/lib/firefox/firefox
File Type:data
Size (bytes):16
Entropy (8bit):0.3372900666170139
Encrypted:false
MD5:076933FF9904D1110D896E2C525E39E5
SHA1:4188442577FA77F25820D9B2D01CC446E30684AC
SHA-256:4CBBD8CA5215B8D161AEC181A74B694F4E24B001D5B081DC0030ED797A8973E0
SHA-512:6FCEE9A7B7A7B821D241C03C82377928BC6882E7A08C78A4221199BFA220CDC55212273018EE613317C8293BB8D1CE08D1E017508E94E06AB85A734C99C7CC34
Malicious:false
Reputation:low
Preview: ................
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/block-flash-digest256.sbstore
Process:/usr/lib/firefox/firefox
File Type:data
Size (bytes):7648
Entropy (8bit):7.734433994790214
Encrypted:false
MD5:0E8FE60CCD7E9B4C32589A5743A95302
SHA1:190F3BC536C9489C707AE31DA32BF86947EA5D78
SHA-256:2B124D4026850A3CFFD28DBACB58AEC28F7DCD4D40BC14E52BBE96D60CE4E749
SHA-512:0AF17BD91464F26072F42BACFBB6BA72E68FA07B9D5801A92B14624CC51EBD00AB127272CECD8DF6FE650FE07BF170FD6422D70C2E8CD8F9AD94BC11548446BD
Malicious:false
Reputation:low
Preview: ;.1.............................f*/Y....x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x........T..]..h...........t.V..@..'.f*/Y.hy..../..s:....@R$.Q...w..V...f*/Y..Y..1...c./!>O.3!..2...f L.x.6f*/Y..&F.}......ez.N.R..j....3.;.if*/Y....t.J....b.n...5aL...../...f*/Y.dm....5.S.k...y+.....T.....Q>f*/Y..-..nj.p..z....g...^*T......f*/Y...`.t9..(...@..'..u.8v%.d..^.f*/Y...Z>Z_.b.[).B!/..U.W.y!.G.u..f*/Y..@..WG...PAG.I=tsO.......`.N.f*/Y.f?..G....;.c.`X....z....j...K|f*/Y.j....A-'v...].]-.....Q..L.4.Jf*/Y.{a...!.-#...7.b..\h*.4.~..=.ff*/Y..{B.7...Bx.K..@.v...76."..hf*/Y..;..Q.......!.<...Bd9I.....Mf*/Y.B.*.mFYTJ..5..yj".T.........f*/Y. ..'.',1...D......".L/......e.Yf*/Y.!W..C..W$........8h.A..Nr;}mf*/Y.[..6n.ZkJ.....2........xn.*.f*/Y..,..8n..*-E.....s.|.N..2..Z..f*/Y....C.EI....21w.l...Q.p ....f..f*/Y.K....J..+.C:...v1...jo.7......f*/Y.C."..c.].,@.....u.}.....~
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/block-flashsubdoc-digest256.pset
Process:/usr/lib/firefox/firefox
File Type:data
Size (bytes):16
Entropy (8bit):0.3372900666170139
Encrypted:false
MD5:076933FF9904D1110D896E2C525E39E5
SHA1:4188442577FA77F25820D9B2D01CC446E30684AC
SHA-256:4CBBD8CA5215B8D161AEC181A74B694F4E24B001D5B081DC0030ED797A8973E0
SHA-512:6FCEE9A7B7A7B821D241C03C82377928BC6882E7A08C78A4221199BFA220CDC55212273018EE613317C8293BB8D1CE08D1E017508E94E06AB85A734C99C7CC34
Malicious:false
Reputation:low
Preview: ................
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/block-flashsubdoc-digest256.sbstore
Process:/usr/lib/firefox/firefox
File Type:data
Size (bytes):82744
Entropy (8bit):7.772258239877141
Encrypted:false
MD5:04824A1F92353F43EBB9E7F74B7476FD
SHA1:C2636E8FFA8A5256D7D1F21E147101356E783114
SHA-256:B48E58EBAB82E4C376F16150A3FFF850C1111FF1F5985D68819CFD6F0DB159D2
SHA-512:92914B56FB2BDCDDCC1BEE2BF4DC98420CF0B923D380BB889C8A6EBC333D74EA4DDCA915218BEA0E729782C4904983424F1DE15BE7087C5A5338AED7319A03E5
Malicious:false
Reputation:low
Preview: ;.1.............................a.!Z....x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x.........0...6....#....O......Rg.m../a.!Z....Nt.*HO5..*... ..UM..7<....a.!Z...R..Cl.&/ZM....L...n..9.k.7<.a.!Z...z+...m....S..5..6..H.e..B..a.!Z.Yo..V..}B1.1k.........oS...y%.a.!Z.a{.{..>...M.3....[.THR..>...a.!Z.b.K#.... ..!D.n...}...#k..N..a.!Z.q#..QD.:..",=(.....l.......7.O.a.!Z...*.q.......A-@..R.,.m.....4a.!Z...Z....]..v..M.&.t...C.D.PA.h..a.!Z......AS..F...b.. .V....o.Rs.3a.!Z...ua...`...-.#,..{....D..RI...a.!Z..'.Y.....<~..H.(.).}...7...#w.a.!Z.N...P......o.}4.<......'.@py...a.!Z.U.......V.yb...n......E.>....a.!Z.V..<.>>....r..In+....v. :L.~..a.!Z.Y..(.xZ..}...aFfuj.x.......@.a.!Z.h}...W@hC..6.B|xoU/VY.p.....4.a.!Z...#...g.T..<BwH.t...4..#.jN:..a.!Z..Z7.15.J@h...Q..x....k.?.{..Ba.!Z..p..i...W.H..JQ.y\|3vD.~.).f..a.!Z..)Z.ns.@......O..F...c.9[x.pa.!Z...U....X..3.}..*,.>..c."
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/except-flash-digest256.pset
Process:/usr/lib/firefox/firefox
File Type:data
Size (bytes):16
Entropy (8bit):0.3372900666170139
Encrypted:false
MD5:076933FF9904D1110D896E2C525E39E5
SHA1:4188442577FA77F25820D9B2D01CC446E30684AC
SHA-256:4CBBD8CA5215B8D161AEC181A74B694F4E24B001D5B081DC0030ED797A8973E0
SHA-512:6FCEE9A7B7A7B821D241C03C82377928BC6882E7A08C78A4221199BFA220CDC55212273018EE613317C8293BB8D1CE08D1E017508E94E06AB85A734C99C7CC34
Malicious:false
Reputation:low
Preview: ................
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/except-flash-digest256.sbstore
Process:/usr/lib/firefox/firefox
File Type:data
Size (bytes):268
Entropy (8bit):4.291717925117119
Encrypted:false
MD5:C921D8E98FA01B4F303481E112202E92
SHA1:9D23B452AD0D06C355477CF70E3AA5D0ADFE6278
SHA-256:4EF1038730EC8BC7206713C29A936768831B922C5E6C83355FD62D7401D8C1DC
SHA-512:D06422752562AFD1F8B94FF09FC9460BE58E07A84FC537FB6B56B1551C37DB7E56CB7932CC2D27D2FFE2CBAB6EC85BDDA6778F2E812E69E5193FCD6BC77066F2
Malicious:false
Reputation:low
Preview: ;.1.............................Q..Y....x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x.......C..8.r..M.'j....-...~.B........Q..Y_.P..........X+.s.........cWn..Q..Y........g.,.}t.!
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/except-flashallow-digest256.pset
Process:/usr/lib/firefox/firefox
File Type:data
Size (bytes):16
Entropy (8bit):0.3372900666170139
Encrypted:false
MD5:076933FF9904D1110D896E2C525E39E5
SHA1:4188442577FA77F25820D9B2D01CC446E30684AC
SHA-256:4CBBD8CA5215B8D161AEC181A74B694F4E24B001D5B081DC0030ED797A8973E0
SHA-512:6FCEE9A7B7A7B821D241C03C82377928BC6882E7A08C78A4221199BFA220CDC55212273018EE613317C8293BB8D1CE08D1E017508E94E06AB85A734C99C7CC34
Malicious:false
Reputation:low
Preview: ................
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/except-flashallow-digest256.sbstore
Process:/usr/lib/firefox/firefox
File Type:data
Size (bytes):232
Entropy (8bit):3.6124882616213143
Encrypted:false
MD5:6F85BC4B2ECB49E26B0BD83A821065D0
SHA1:4DF430B4D63605E41855DBCB3837A189D4CC7604
SHA-256:C0B3BC9B3DC507AB654CAF72D13C3AEFA58C9B13B1E4D14DD8816712D80A7E54
SHA-512:AE7688D501A1F59D4C247ED57BA0547F6376748AF57F554BA1B6DE0EF358ED5868721886BAF94813979B3A9968EC330CE11C41767E4AF42DB413EFC9556C2E22
Malicious:false
Reputation:low
Preview: ;.1..............................C.X....x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x.......U...f.....aJ.-.....b..rE..{....C.X...U.K..yP.SQS.
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/except-flashsubdoc-digest256.pset
Process:/usr/lib/firefox/firefox
File Type:data
Size (bytes):16
Entropy (8bit):0.3372900666170139
Encrypted:false
MD5:076933FF9904D1110D896E2C525E39E5
SHA1:4188442577FA77F25820D9B2D01CC446E30684AC
SHA-256:4CBBD8CA5215B8D161AEC181A74B694F4E24B001D5B081DC0030ED797A8973E0
SHA-512:6FCEE9A7B7A7B821D241C03C82377928BC6882E7A08C78A4221199BFA220CDC55212273018EE613317C8293BB8D1CE08D1E017508E94E06AB85A734C99C7CC34
Malicious:false
Reputation:low
Preview: ................
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/except-flashsubdoc-digest256.sbstore
Process:/usr/lib/firefox/firefox
File Type:data
Size (bytes):304
Entropy (8bit):4.70325744277424
Encrypted:false
MD5:BA0009932844173BC8F9AF264229DF24
SHA1:C8F6956FA86F4E9CF71599B735E28860245AE4B5
SHA-256:66D1C00C04D86E313E9A02775CDF906B1BE8D4CD6BEF423A1B9E21CC4E9F50C1
SHA-512:582D7F28F41E6A7A5F882D15EC1F48D0BE57DC63E1A0D6E6A8BBD442A3AC27E38E0C3FDB3E1C30F416C41649391AFDE61F8079844B61A4995E0AB34D6CC8E745
Malicious:false
Reputation:low
Preview: ;.1...............................yZ....x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x.......#...).=..HZE.E.........9N..u3.....yZ..?\.I.u...Mk..<.......Ly......yZ.J...t...{.6w..y.m......Xj..yZ.w....m .U-.mCL.
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/mozplugin-block-digest256.pset
Process:/usr/lib/firefox/firefox
File Type:data
Size (bytes):16
Entropy (8bit):0.3372900666170139
Encrypted:false
MD5:076933FF9904D1110D896E2C525E39E5
SHA1:4188442577FA77F25820D9B2D01CC446E30684AC
SHA-256:4CBBD8CA5215B8D161AEC181A74B694F4E24B001D5B081DC0030ED797A8973E0
SHA-512:6FCEE9A7B7A7B821D241C03C82377928BC6882E7A08C78A4221199BFA220CDC55212273018EE613317C8293BB8D1CE08D1E017508E94E06AB85A734C99C7CC34
Malicious:false
Reputation:low
Preview: ................
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/mozplugin-block-digest256.sbstore
Process:/usr/lib/firefox/firefox
File Type:data
Size (bytes):3580
Entropy (8bit):7.671891447828382
Encrypted:false
MD5:D6ACF2573E12AFDD7939568804D3FCC1
SHA1:5C54AD3FF47C6B925E7AC17D361FE0FA60B9181E
SHA-256:5525CBF8F8DC41D19AC632ED324E55293A510AE0EEBA16D0E3F33C707AA58A0C
SHA-512:1F72C01AA332A6E3FC5F966ED2B12534653BCACF2DC242850877961CC4C16AC3BD1846939D56EA6E230A71F336F4B37F67E0070DDDB66D57BB51526DE52819CA
Malicious:false
Reputation:low
Preview: ;.1.....................^..........W....x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x.............p.....a.....J.B..gZ.........W....+.O..!l$...K...aP....C.5......W..;..t7p.'..qR..,....x..lP..Z...W.1.[.8..^...x.T)..}.Uj2.t..._.B...W.......1.f|....;.m..i...........W.Q....";...'N..o>....UD..........W.Um..Uz"K...H`."e..|...'...L...v...W.B...`..r{@...J.*^....@r...B....W.}..A.......@..A.G.q...@.5.....W Iod}..zV*D../xY..p..h.Z.`i&......W$HWYI.;.~..m.~..5....`.$.J.....W)w.\...t.'[!....#...G~]..CS>.@{...W*$.u..%.H4....p\|..v..)...........W4.8....g.iQE...t.....z.X....N.....W5Feb).<@3Z._..f...e.y.....u.....W6;.')..K.0.b9G.2.n........eP.d.....W6]Y1_A]xZM.L./ozM1S^.a.s....P.H...W77......Oc......g.R....d9F.9.sY...W8.....[.-..............@.?.......W9.R,.j<.G..{.<.,.8..hW.V"../....W<...#5../......@ij...8%0.gX..6...W?.......V..Z\.)..P...w.f...-...W@....c.m.I...G.q.H.R.E.. .*
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/mozstd-trackwhite-digest256.pset
Process:/usr/lib/firefox/firefox
File Type:data
Size (bytes):16
Entropy (8bit):0.3372900666170139
Encrypted:false
MD5:076933FF9904D1110D896E2C525E39E5
SHA1:4188442577FA77F25820D9B2D01CC446E30684AC
SHA-256:4CBBD8CA5215B8D161AEC181A74B694F4E24B001D5B081DC0030ED797A8973E0
SHA-512:6FCEE9A7B7A7B821D241C03C82377928BC6882E7A08C78A4221199BFA220CDC55212273018EE613317C8293BB8D1CE08D1E017508E94E06AB85A734C99C7CC34
Malicious:false
Reputation:low
Preview: ................
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/mozstd-trackwhite-digest256.sbstore
Process:/usr/lib/firefox/firefox
File Type:data
Size (bytes):326032
Entropy (8bit):7.773045611620996
Encrypted:false
MD5:BDAA2A3B4259EBF8DD87E5769B1BF3F4
SHA1:BDECB51FED41F111CFB19C30E377AA165C0DD7E3
SHA-256:8408968DAE85E51EA6B0CA7123B0DDFD7425D3013BA311BB1CBE135FFF0E5BDA
SHA-512:ACDA5C6344CC51E0921C116CB03395F8027F0E1077D5027CA4B6B33E2C1AB663C319EEAB22D7ECF968702324BEDC882F518BDE7711CB140A059D7997580054CF
Malicious:false
Reputation:low
Preview: ;.1.....................[#.........Z....x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x.............TV8.1..h@)..N.5.J..._.:BcT...Z..a...'&.k.$..#.Y... -..W..(...Z.".`....T..../[..A3..FI.rN<%N."...Z.#<.k.+^5Q..k..jMY>.tj+.e....J...Z.,.3b.E9ZC.j..N..l&3.XS.~b...B...Z.-.s.vf^..9)#x<{.Y...<....z......Z.?Yj...br4...........J.Z!........Z.M...+.UJ.)..r..{.t.....f..B...Z.R2."..'..k..9/z..`7d..#BmeN.j...Z.T.........}i.<............y...Z.U.6..."P'/.....J.....>j.E....O...Z.b.&.-1.....7..[.UOS.W....=..R...Z.m.#..,..D.&._^.jy.i...p.....hO...Z.p...RrKJR.U..c"bG7.y.5..YU........Z....a.):.;rk...U..P.....^..?.KV....Z....'..>.$.B...3}...T.....E+.......Z..H.K(.!.A.....(.....H...D....Z...&q......Y.m4.D.'..S~..w.........Z..(......7......h.5..P........4...Z..=#.u@.9.-21.*.x....Gs....^.Ep...Z..L..m.'..%.;..[.......z.DVn:...Z.....8?.....h....q....!.j........Z..oj.........X...}...F...
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/test-block-simple-1.sbstore
Process:/usr/lib/firefox/firefox
File Type:data
Size (bytes):232
Entropy (8bit):3.367009024331335
Encrypted:false
MD5:E2CF527CA7550B7E7BDF7311E483A2C3
SHA1:C354190BB2B8A00A6051EF2FB86E189AB053FE93
SHA-256:F1E07B1D717433F47073DC54A7D98E3E87B3D0FA88E53466F93EA544AF885D11
SHA-512:7A585735ABFB1292B9FC4709B797F09C6BE4DC90A133FBEDB14428AAE79C6DE5FAAE0B151758A75BF90566C98E5BD2A8201E738F321688180BC5B5814A97BB69
Malicious:false
Reputation:low
Preview: ;.1.....................................x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x.........`E.eK.zQ.....H..`T1l..............`.j..G1I...r..
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/test-block-simple.pset
Process:/usr/lib/firefox/firefox
File Type:data
Size (bytes):28
Entropy (8bit):0.37123232664087563
Encrypted:false
MD5:E2CECF06A89B4A6D968486F17F30DA5D
SHA1:46757A7F71DCFBEB5511665F123810148727324E
SHA-256:E6B10FF8681FB7461557E6227D036617C7ECFC6E31A35412F8A5F72C217F318B
SHA-512:5CFFECE9AF2B403AE150E8D2E755E7E3A71BDDED474293D846CD1A6231C1403261F4B5E6069A0A933738D5CC33F7EA8CC043C721594679E17FC5E8225F3F33C6
Malicious:false
Reputation:low
Preview: ............................
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/test-block-simple.sbstore
Process:/usr/lib/firefox/firefox
File Type:data
Size (bytes):232
Entropy (8bit):3.367009024331335
Encrypted:false
MD5:E2CF527CA7550B7E7BDF7311E483A2C3
SHA1:C354190BB2B8A00A6051EF2FB86E189AB053FE93
SHA-256:F1E07B1D717433F47073DC54A7D98E3E87B3D0FA88E53466F93EA544AF885D11
SHA-512:7A585735ABFB1292B9FC4709B797F09C6BE4DC90A133FBEDB14428AAE79C6DE5FAAE0B151758A75BF90566C98E5BD2A8201E738F321688180BC5B5814A97BB69
Malicious:false
Reputation:low
Preview: ;.1.....................................x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x.........`E.eK.zQ.....H..`T1l..............`.j..G1I...r..
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/test-harmful-simple-1.sbstore
Process:/usr/lib/firefox/firefox
File Type:data
Size (bytes):232
Entropy (8bit):3.3293711760593867
Encrypted:false
MD5:051FB32DECE757BA112AC36DC72E3A91
SHA1:A30D26CEE0F69FA67BF9E60BA692F4831373CC07
SHA-256:0806D98FB3DE55F75D7C0B17E26146567E08C483031526659A4A35D09B97EF19
SHA-512:ADD2D3C503616070F056EA4E3A64FB54A2D8E75AF8FD5D9F1F8EE6B72A1D548FD4AB7D4A3256E4A6F4E1422631439DB62B251EE3F9D07B38A612AFF5E58936D5
Malicious:false
Reputation:low
Preview: ;.1.....................................x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........1.....}/9<...?.nyg....N}........<<.@....{..]{:p
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/test-harmful-simple.pset
Process:/usr/lib/firefox/firefox
File Type:data
Size (bytes):28
Entropy (8bit):0.37123232664087563
Encrypted:false
MD5:E2CECF06A89B4A6D968486F17F30DA5D
SHA1:46757A7F71DCFBEB5511665F123810148727324E
SHA-256:E6B10FF8681FB7461557E6227D036617C7ECFC6E31A35412F8A5F72C217F318B
SHA-512:5CFFECE9AF2B403AE150E8D2E755E7E3A71BDDED474293D846CD1A6231C1403261F4B5E6069A0A933738D5CC33F7EA8CC043C721594679E17FC5E8225F3F33C6
Malicious:false
Reputation:low
Preview: ............................
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/test-harmful-simple.sbstore
Process:/usr/lib/firefox/firefox
File Type:data
Size (bytes):232
Entropy (8bit):3.3293711760593867
Encrypted:false
MD5:051FB32DECE757BA112AC36DC72E3A91
SHA1:A30D26CEE0F69FA67BF9E60BA692F4831373CC07
SHA-256:0806D98FB3DE55F75D7C0B17E26146567E08C483031526659A4A35D09B97EF19
SHA-512:ADD2D3C503616070F056EA4E3A64FB54A2D8E75AF8FD5D9F1F8EE6B72A1D548FD4AB7D4A3256E4A6F4E1422631439DB62B251EE3F9D07B38A612AFF5E58936D5
Malicious:false
Reputation:low
Preview: ;.1.....................................x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........1.....}/9<...?.nyg....N}........<<.@....{..]{:p
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/test-malware-simple-1.sbstore
Process:/usr/lib/firefox/firefox
File Type:data
Size (bytes):232
Entropy (8bit):3.3683561037768297
Encrypted:false
MD5:3675254E341DF799D4307C1F59109185
SHA1:8711844A41A4ACE77BA0A01A4D3AF2B2E59E6A75
SHA-256:23D108134BED6099793F7DD6B8B6E62081EC3B945EFDBC7C5E0E779FD9B82F98
SHA-512:9344CA1456E1E74A4DAC833E0AF55DB9730F8AB2954A855B4A775A938B2055C86EFF367F25BAE80F2FFEA45ACEBADE10A8347ADD18222E715620DD864F2D8E4F
Malicious:false
Reputation:low
Preview: ;.1.....................................x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x........B.WG..a..E.+`D8.....a. ...D...q......w...X.Z.Z...~.
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/test-malware-simple.pset
Process:/usr/lib/firefox/firefox
File Type:data
Size (bytes):28
Entropy (8bit):0.37123232664087563
Encrypted:false
MD5:E2CECF06A89B4A6D968486F17F30DA5D
SHA1:46757A7F71DCFBEB5511665F123810148727324E
SHA-256:E6B10FF8681FB7461557E6227D036617C7ECFC6E31A35412F8A5F72C217F318B
SHA-512:5CFFECE9AF2B403AE150E8D2E755E7E3A71BDDED474293D846CD1A6231C1403261F4B5E6069A0A933738D5CC33F7EA8CC043C721594679E17FC5E8225F3F33C6
Malicious:false
Reputation:low
Preview: ............................
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/test-malware-simple.sbstore
Process:/usr/lib/firefox/firefox
File Type:data
Size (bytes):232
Entropy (8bit):3.3683561037768297
Encrypted:false
MD5:3675254E341DF799D4307C1F59109185
SHA1:8711844A41A4ACE77BA0A01A4D3AF2B2E59E6A75
SHA-256:23D108134BED6099793F7DD6B8B6E62081EC3B945EFDBC7C5E0E779FD9B82F98
SHA-512:9344CA1456E1E74A4DAC833E0AF55DB9730F8AB2954A855B4A775A938B2055C86EFF367F25BAE80F2FFEA45ACEBADE10A8347ADD18222E715620DD864F2D8E4F
Malicious:false
Reputation:low
Preview: ;.1.....................................x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x........B.WG..a..E.+`D8.....a. ...D...q......w...X.Z.Z...~.
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/test-phish-simple-1.sbstore
Process:/usr/lib/firefox/firefox
File Type:data
Size (bytes):232
Entropy (8bit):3.302539208701039
Encrypted:false
MD5:3D1CE5E50208F0CB3B979186043A548F
SHA1:10C66032C5ACAC22D70670B9302437141E6371EF
SHA-256:1E13D05D482C3D533DC6035AF2B2D6E84749412A5748D1435B70CEC8B312340B
SHA-512:AE2F35C0549C26251053689C90CE831F0C5742D6F7C1DC13482560B02FB4A6029F107E472FCB26BF41B4E89E47559490F5DA049D5B51864A3C4C2C2AE3F588C2
Malicious:false
Reputation:low
Preview: ;.1.....................................x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x........Y.......j..}`A=F......c..5.......T...8|..d.|..{
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/test-phish-simple.pset
Process:/usr/lib/firefox/firefox
File Type:data
Size (bytes):28
Entropy (8bit):0.37123232664087563
Encrypted:false
MD5:E2CECF06A89B4A6D968486F17F30DA5D
SHA1:46757A7F71DCFBEB5511665F123810148727324E
SHA-256:E6B10FF8681FB7461557E6227D036617C7ECFC6E31A35412F8A5F72C217F318B
SHA-512:5CFFECE9AF2B403AE150E8D2E755E7E3A71BDDED474293D846CD1A6231C1403261F4B5E6069A0A933738D5CC33F7EA8CC043C721594679E17FC5E8225F3F33C6
Malicious:false
Reputation:low
Preview: ............................
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/test-phish-simple.sbstore
Process:/usr/lib/firefox/firefox
File Type:data
Size (bytes):232
Entropy (8bit):3.302539208701039
Encrypted:false
MD5:3D1CE5E50208F0CB3B979186043A548F
SHA1:10C66032C5ACAC22D70670B9302437141E6371EF
SHA-256:1E13D05D482C3D533DC6035AF2B2D6E84749412A5748D1435B70CEC8B312340B
SHA-512:AE2F35C0549C26251053689C90CE831F0C5742D6F7C1DC13482560B02FB4A6029F107E472FCB26BF41B4E89E47559490F5DA049D5B51864A3C4C2C2AE3F588C2
Malicious:false
Reputation:low
Preview: ;.1.....................................x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x........Y.......j..}`A=F......c..5.......T...8|..d.|..{
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/test-track-simple-1.sbstore
Process:/usr/lib/firefox/firefox
File Type:data
Size (bytes):272
Entropy (8bit):3.9834161156862735
Encrypted:false
MD5:95F28EDE25C301301F25FBBD9A3C56EC
SHA1:80F7D95AFC0DE8C608F672A6837C664EF847BCD5
SHA-256:87763DF78772F7D750B0FA5A31EEC23E931FD3BD1CBB33BEDDFC61889DA36478
SHA-512:C6E09C76840DDEA559E243E5C13881CFBCDCC7B0C2163461FDCCE1F3F5110E2B0BB553DE447A4E1E0D5EDF516EEEE2FAD5EFC15C398E101EF3C81501E55320AF
Malicious:false
Reputation:low
Preview: ;.1.........................................x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x.......Ik...Xf2.h.J.^..P>.A.:..I%8]........=(K_..W..{...L.w...:7.&.PH..26....U.]..)..{6....(.
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/test-track-simple.pset
Process:/usr/lib/firefox/firefox
File Type:data
Size (bytes):28
Entropy (8bit):0.37123232664087563
Encrypted:false
MD5:E2CECF06A89B4A6D968486F17F30DA5D
SHA1:46757A7F71DCFBEB5511665F123810148727324E
SHA-256:E6B10FF8681FB7461557E6227D036617C7ECFC6E31A35412F8A5F72C217F318B
SHA-512:5CFFECE9AF2B403AE150E8D2E755E7E3A71BDDED474293D846CD1A6231C1403261F4B5E6069A0A933738D5CC33F7EA8CC043C721594679E17FC5E8225F3F33C6
Malicious:false
Reputation:low
Preview: ............................
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/test-track-simple.sbstore
Process:/usr/lib/firefox/firefox
File Type:data
Size (bytes):272
Entropy (8bit):3.9834161156862735
Encrypted:false
MD5:95F28EDE25C301301F25FBBD9A3C56EC
SHA1:80F7D95AFC0DE8C608F672A6837C664EF847BCD5
SHA-256:87763DF78772F7D750B0FA5A31EEC23E931FD3BD1CBB33BEDDFC61889DA36478
SHA-512:C6E09C76840DDEA559E243E5C13881CFBCDCC7B0C2163461FDCCE1F3F5110E2B0BB553DE447A4E1E0D5EDF516EEEE2FAD5EFC15C398E101EF3C81501E55320AF
Malicious:false
Reputation:low
Preview: ;.1.........................................x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x.......Ik...Xf2.h.J.^..P>.A.:..I%8]........=(K_..W..{...L.w...:7.&.PH..26....U.]..)..{6....(.
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/test-trackwhite-simple-1.sbstore
Process:/usr/lib/firefox/firefox
File Type:data
Size (bytes):232
Entropy (8bit):3.4079994338327437
Encrypted:false
MD5:65E942614EEE70680464AC4BE75019FC
SHA1:7CA1B5994684A7FE37A61BC350A1FA8A89BF91DA
SHA-256:34395085DA32C8B4EFE9959E3B0D756B43FFED17694D66F39B966CD331BD9A94
SHA-512:55B09573C235876D0CB4E6C20070CD1954CF1EB94F513A94985896237A350E48FCD47C88D5EC9632AB9D0AED4A59C250E69F59A59ED88F2A0AEB6734302744A9
Malicious:false
Reputation:low
Preview: ;.1.....................................x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x........=Q.IU`.G...>...u..X...7...k6.b....k:u.z*N._)8.EhnZ
/home/user/.cache/mozilla/firefox/v9nzj3nw.default/safebrowsing-updating/test-trackwhite-simple.pset
Process:/usr/lib/firefox/firefox
File Type:data
Size (bytes):28
Entropy (8bit):0.37123232664087563
Encrypted:false
MD5:E2CECF06A89B4A6D968486F17F30DA5D
SHA1:46757A7F71DCFBEB5511665F123810148727324E
SHA-256:E6B10FF8681FB7461557E6227D036617C7ECFC6E31A35412F8A5F72C217F318B
SHA-512:5CFFECE9AF2B403AE150E8D2E755E7E3A71BDDED474293D846CD1A6231C1403261F4B5E6069A0A933738D5CC33F7EA8CC043C721594679E17FC5E8225F3F33C6
Malicious:false
Reputation:low
Preview: ............................