Edit tour
Linux
Analysis Report
http://31.214.243.29/Demon.mips
Overview
Detection
Gafgyt, Mirai
Score: | 72 |
Range: | 0 - 100 |
Whitelisted: | false |
Signatures
Malicious sample detected (through community Yara rule)
Antivirus / Scanner detection for submitted sample
Yara detected Mirai
Yara detected Gafgyt
Writes ELF files to disk
Yara signature match
Creates hidden files and/or directories
Uses the "uname" system call to query kernel version information (possible evasion)
Queries the installed Ubuntu/CentOS release
Classification
Joe Sandbox Version: | 37.0.0 Beryl |
Analysis ID: | 831144 |
Start date and time: | 2023-03-21 06:16:03 +01:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 5m 20s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Cookbook file name: | browseurl.jbs |
Sample URL: | http://31.214.243.29/Demon.mips |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Detection: | MAL |
Classification: | mal72.troj.lin@0/45@31/0 |
- Excluded domains from analysis (whitelisted): incoming.telemetry.mozilla.org, aus5.mozilla.org
- TCP Packets have been reduced to 100
- VT rate limit hit for: /home/saturnino/.cache/mozilla/firefox/a3xevaya.default-release/cache2/entries/730FA68718E69A9EC1DE4154BF49B2A37241C7B1
- VT rate limit hit for: http://31.214.243.29/Demon.mipsstrongly-framed1request-methodGETresponse-headHTTP/1.1
- system is lnxubuntu20
- exo-open New Fork (PID: 6243, Parent: 6242)
- exo-open New Fork (PID: 6244, Parent: 6243)
- exo-helper-2 New Fork (PID: 6247, Parent: 6244)
- sensible-browser New Fork (PID: 6248, Parent: 6247)
- x-www-browser New Fork (PID: 6249, Parent: 6247)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Bashlite, Gafgyt | Bashlite is a malware family which infects Linux systems in order to launch distributed denial-of-service attacks (DDoS). Originally it was also known under the name Bashdoor, but this term now refers to the exploit method used by the malware. It has been used to launch attacks of up to 400 Gbps. | No Attribution |
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Mirai | Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world. | No Attribution |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Linux_Trojan_Gafgyt_28a2fe0c | unknown | unknown |
| |
Linux_Trojan_Gafgyt_ea92cca8 | unknown | unknown |
|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | ||
JoeSecurity_Gafgyt | Yara detected Gafgyt | Joe Security | ||
Linux_Trojan_Gafgyt_28a2fe0c | unknown | unknown |
| |
Linux_Trojan_Gafgyt_ea92cca8 | unknown | unknown |
| |
JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | ||
Click to see the 3 entries |
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Avira URL Cloud: |
Source: | HTTPS traffic detected: |
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Classification label: |
Source: | ELF static info symbol of dropped file: | ||
Source: | ELF static info symbol of dropped file: | ||
Source: | ELF static info symbol of dropped file: | ||
Source: | ELF static info symbol of dropped file: | ||
Source: | ELF static info symbol of dropped file: | ||
Source: | ELF static info symbol of dropped file: | ||
Source: | ELF static info symbol of dropped file: | ||
Source: | ELF static info symbol of dropped file: | ||
Source: | ELF static info symbol of dropped file: | ||
Source: | ELF static info symbol of dropped file: |
Source: | File written: | Jump to dropped file | ||
Source: | File written: | Jump to dropped file |
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior |
Source: | Queries kernel information via 'uname': | ||
Source: | Queries kernel information via 'uname': | ||
Source: | Queries kernel information via 'uname': | ||
Source: | Queries kernel information via 'uname': | ||
Source: | Queries kernel information via 'uname': | ||
Source: | Queries kernel information via 'uname': | ||
Source: | Queries kernel information via 'uname': | ||
Source: | Queries kernel information via 'uname': |
Source: | Arguments: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | 1 Hidden Files and Directories | OS Credential Dumping | 1 Security Software Discovery | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | 1 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 3 Non-Application Layer Protocol | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 4 Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 1 Ingress Tool Transfer | SIM Card Swap | Carrier Billing Fraud |
⊘No configs have been found
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira URL Cloud | malware |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
62% | ReversingLabs | Linux.Trojan.Mirai |
⊘No Antivirus matches
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
10% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
star-mini.c10r.facebook.com | 157.240.20.35 | true | false | high | |
fennec-catalog-cdn.prod.mozaws.net | 34.111.73.144 | true | false | high | |
prod.balrog.prod.cloudops.mozgcp.net | 35.244.181.201 | true | false | unknown | |
twitter.com | 104.244.42.129 | true | false | high | |
youtube-ui.l.google.com | 142.250.185.142 | true | false | high | |
autopush.prod.mozaws.net | 52.10.254.200 | true | false | high | |
reddit.map.fastly.net | 151.101.65.140 | true | false | unknown | |
firefox.settings.services.mozilla.com | 35.241.9.150 | true | false | high | |
prod.ingestion-edge.prod.dataops.mozgcp.net | 34.120.208.123 | true | false | unknown | |
dyna.wikimedia.org | 91.198.174.192 | true | false | high | |
www.example.com | 93.184.216.34 | true | false | high | |
prod.content-signature-chains.prod.webservices.mozgcp.net | 34.160.144.191 | true | false | unknown | |
www.facebook.com | unknown | unknown | false | high | |
www.reddit.com | unknown | unknown | false | high | |
content-signature-2.cdn.mozilla.net | unknown | unknown | false | high | |
push.services.mozilla.com | unknown | unknown | false | high | |
www.youtube.com | unknown | unknown | false | high | |
www.wikipedia.org | unknown | unknown | false | high | |
firefox-settings-attachments.cdn.mozilla.net | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
true | unknown | ||
false | high | ||
false | high | ||
false | high | ||
false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
true |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
35.244.181.201 | prod.balrog.prod.cloudops.mozgcp.net | United States | 15169 | GOOGLEUS | false | |
44.231.103.117 | unknown | United States | 16509 | AMAZON-02US | false | |
52.25.208.227 | unknown | United States | 16509 | AMAZON-02US | false | |
31.214.243.29 | unknown | Germany | 197071 | ACTIVE-SERVERSactive-serverscomDE | false | |
34.160.144.191 | prod.content-signature-chains.prod.webservices.mozgcp.net | United States | 2686 | ATGS-MMD-ASUS | false | |
109.202.202.202 | unknown | Switzerland | 13030 | INIT7CH | false | |
91.189.91.43 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false | |
34.120.208.123 | prod.ingestion-edge.prod.dataops.mozgcp.net | United States | 15169 | GOOGLEUS | false | |
34.111.73.144 | fennec-catalog-cdn.prod.mozaws.net | United States | 15169 | GOOGLEUS | false | |
91.189.91.42 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false | |
35.241.9.150 | firefox.settings.services.mozilla.com | United States | 15169 | GOOGLEUS | false |
Process: | /usr/lib/firefox/firefox |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:: |
MD5: | 93B885ADFE0DA089CDF634904FD59F71 |
SHA1: | 5BA93C9DB0CFF93F52B521D7420E43F6EDA2784F |
SHA-256: | 6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D |
SHA-512: | B8244D028981D693AF7B456AF8EFA4CAD63D282E19FF14942C246E50D9351D22704A802A71C3580B6370DE4CEB293C324A8423342557D4E5C38438F0E36910EE |
Malicious: | false |
Reputation: | low |
Preview: |
/home/saturnino/.cache/mozilla/firefox/a3xevaya.default-release/cache2/entries/134714F2DF01B21FA934AB16898B0583114E19B0
Download File
Process: | /usr/lib/firefox/firefox |
File Type: | |
Category: | dropped |
Size (bytes): | 99 |
Entropy (8bit): | 4.655293182125689 |
Encrypted: | false |
SSDEEP: | 3:c/mlg8ZKuWCuaD/3tb9vX3XDkAGKX8PXABHsX3u+llln:c/mrG0rLXDFGKXsX8sHHl/n |
MD5: | A59361068F4770E9E7B5D8223DCA0468 |
SHA1: | 9EF16ED85BEE0294B2D7276CD3D1C3C4BFD5FE74 |
SHA-256: | 151C2FD771646D28B9466A4CE7C4033E714F168A67062C5363F0ED9B2F8FCE1F |
SHA-512: | 20854C0751E17625CAC8CB1F3ADA0411313D534DB69E44FF2B1E50BCFFC1D30E1C1D111A3DC528311B0731323217692C97E9DC05F7FEC3C1E42E3E94D7A7591F |
Malicious: | false |
Reputation: | low |
Preview: |
/home/saturnino/.cache/mozilla/firefox/a3xevaya.default-release/cache2/entries/254256B27E0C48CF9B80B695F0B3B8CA84610495
Download File
Process: | /usr/lib/firefox/firefox |
File Type: | |
Category: | dropped |
Size (bytes): | 15831 |
Entropy (8bit): | 6.081896431247561 |
Encrypted: | false |
SSDEEP: | 384:vZWrhhqE7WrhhqE9AkWrhhqE7WrhhqE9Ak:vZSTnSTxAkSTnSTxAk |
MD5: | CAB1654790CBEE68C2E6CC75F78DD5CA |
SHA1: | C8E7369C6CE62A8047944CA827C0104161E085BA |
SHA-256: | 57B4245FD3C96925CB53590AEADF8F7FD28B942AC1C5A88CD6CC859B3A54FFC3 |
SHA-512: | 9C11BE76AE5FCE3C6E4112C62E5C85303CBCE248EADE49D51C551306DAD440952D6CD54281C6AA526262EC53B3A5AA82C35820693844667449D91BC7C1219E90 |
Malicious: | false |
Reputation: | low |
Preview: |
/home/saturnino/.cache/mozilla/firefox/a3xevaya.default-release/cache2/entries/5FFD69415953BE9CE9C07B2E9C26DA959ADEA6CB
Download File
Process: | /usr/lib/firefox/firefox |
File Type: | |
Category: | dropped |
Size (bytes): | 7590 |
Entropy (8bit): | 6.068942243339565 |
Encrypted: | false |
SSDEEP: | 192:8XG4FVou3lVd0rb+yBaiH6CgfbaI8j3qRFZLE:J4F69rbhciHOTaIdRbQ |
MD5: | 3884F9454A8EC208584C74D7FDEC1EBD |
SHA1: | 979CF16596DE5B923428F3D120D682C7BAC4FA30 |
SHA-256: | 59890682DC2F14D0A9546CBAFACA5756AAE90573F000CB0F83EEC34052AC5BF1 |
SHA-512: | 0215BB84E5785AF311EFA72BAEF8330D526C682A7955008D3627323553788EEE9D95E48F54979470C10B868947D482B27730D65031047D0D780A00EAAAF44FA4 |
Malicious: | false |
Reputation: | low |
Preview: |
/home/saturnino/.cache/mozilla/firefox/a3xevaya.default-release/cache2/entries/68B780A709FB903C666EF08F51EF5985A89FE446
Download File
Process: | /usr/lib/firefox/firefox |
File Type: | |
Category: | dropped |
Size (bytes): | 15936 |
Entropy (8bit): | 6.031156465271864 |
Encrypted: | false |
SSDEEP: | 192:FgZ8Zd0re+eBFbzHZ8Zd0re+eBFbztNbZovrAgZ8Zd0re+eBFbzHZ8Zd0re+eBFF:areZ7vreZ7tAzZreZ7vreZ7tAz2 |
MD5: | 90BF69B3115D2008171C1E4659F305E0 |
SHA1: | C725AA2CC3D8BB0C470914DE09FC363ED6370605 |
SHA-256: | 0E257BBE22CA1E987072E15286FD03E0C8008DE722698F23C62DE64942A79634 |
SHA-512: | 680F5482104CB6214A4482D1C19C4C9BD20EA3034E02E0B6E9CBA15D1E6297A2ACE3C43F250BE9DC6C343D14D487975C3F2C6154D0DF1B168FE8DDCE39C78702 |
Malicious: | false |
Reputation: | low |
Preview: |
/home/saturnino/.cache/mozilla/firefox/a3xevaya.default-release/cache2/entries/730FA68718E69A9EC1DE4154BF49B2A37241C7B1
Download File
Process: | /usr/lib/firefox/firefox |
File Type: | |
Category: | dropped |
Size (bytes): | 117219 |
Entropy (8bit): | 5.482600888040374 |
Encrypted: | false |
SSDEEP: | 3072:C/4g3Kd1rO5hZmxgA9OKdwwjF9GhsR1A4:O9anO5hZLHKdwwjF9GhsR1A4 |
MD5: | 64D9FADD5391F35D70890A44DD894D2A |
SHA1: | A0F8F04013C394734C333B47A2E32554CCF88076 |
SHA-256: | 4F93F2A9207AB395F985917ED21A16414E01EA301AC566DC2483A8D20788CC0F |
SHA-512: | 0199993426118055656C465252D1756415FCE66E875479446DA5C598B921291C1FA5EC3CC9158FF1ED741609852773D65B23579EEC4F2DA9481B88B5F03D454D |
Malicious: | true |
Yara Hits: |
|
Reputation: | low |
Preview: |
/home/saturnino/.cache/mozilla/firefox/a3xevaya.default-release/cache2/entries/DED23BB33EA3C88FAD1C0A1CD53916E0D8C424D3
Download File
Process: | /usr/lib/firefox/firefox |
File Type: | |
Category: | dropped |
Size (bytes): | 15469 |
Entropy (8bit): | 5.844886112139318 |
Encrypted: | false |
SSDEEP: | 192:63/CCBm4CsBJumwOGmnOqiwpJibAKGb9CqwGBLJnpl31imw8d0rU+yVTa6wIfbab:OHPnIwyqwGBln0pXrUhYiTaIdkoooa |
MD5: | C62F072D083283EDE9BF610BA279F5EB |
SHA1: | C1D56663ED550384EC0205F83CBF4B73250B9C65 |
SHA-256: | 197A95F2B3C069E79576CEE941758B287526564DC520FED36BE3D04428913038 |
SHA-512: | 03BC6B4C95E6E0CE3C7C2F67E72DAAFF399CC5C5CACED9203726B237261CC17391B3EEC4D05509B2705D6AC1B8415F4F0AD15AB1117E721E73E3A19AD69CA112 |
Malicious: | false |
Reputation: | low |
Preview: |
/home/saturnino/.cache/mozilla/firefox/a3xevaya.default-release/cache2/entries/F8CBD54DDA10F4286A41EC6A537240712D6C2308
Download File
Process: | /usr/lib/firefox/firefox |
File Type: | |
Category: | dropped |
Size (bytes): | 8444 |
Entropy (8bit): | 6.089173477440559 |
Encrypted: | false |
SSDEEP: | 192:PrzPDfd0rh+yzbKlHE7fd0rh+yzbKlHE9NbZovz:PrzbWrhhqE7WrhhqE9AL |
MD5: | B4DE831269D262E38A8AD7E559C87F66 |
SHA1: | 8D499CB9D9A6AB695B9A8CAA6A1C15ED6765D2BB |
SHA-256: | A14FAFB4BC96AF986C4DEFB4518DF07CCBB67D4A02126BDE60D2E379FD79C551 |
SHA-512: | 4012C2BA984FE9D230BEF391AB56B1970E2C6648699770C1B28032ABD3B493E694F6953257D778E32E0E1F79783672C8B30DB1A1A7DA4E162D1884499BBEF772 |
Malicious: | false |
Reputation: | low |
Preview: |
/home/saturnino/.cache/mozilla/firefox/a3xevaya.default-release/settings/main/ms-language-packs/asrouter.ftl.tmp
Download File
Process: | /usr/lib/firefox/firefox |
File Type: | |
Category: | dropped |
Size (bytes): | 7581 |
Entropy (8bit): | 4.764879972898958 |
Encrypted: | false |
SSDEEP: | 192:63/CCBm4CsBJumwOGmnOqiwpJibAKGb9CqwGV:OHPnIwyqwGV |
MD5: | C460716B62456449360B23CF5663F275 |
SHA1: | 06573A83D88286153066BAE7062CC9300E567D92 |
SHA-256: | 0EC0F16F92D876A9C1140D4C11E2B346A9292984D9A854360E54E99FDCD99CC0 |
SHA-512: | 476BC3A333AACE4C75D9A971EF202D5889561E10D237792CA89F8D379280262CE98CF3D4728460696F8D7FF429A508237764BF4A9CCB59FD615AEE07BDCADF30 |
Malicious: | false |
Reputation: | low |
Preview: |
/home/saturnino/.cache/mozilla/firefox/a3xevaya.default-release/startupCache/scriptCache-child-new.bin
Download File
Process: | /usr/lib/firefox/firefox |
File Type: | |
Category: | dropped |
Size (bytes): | 536915 |
Entropy (8bit): | 5.066505078408843 |
Encrypted: | false |
SSDEEP: | 6144:fykPreu5AMr56pLwC4tbkd2+aPZLucfYJoRalo3sx+P6tmS3t:6GGW8LwC4tpS9JC/IV3t |
MD5: | 55630106B5662A447042CF0D00F121BA |
SHA1: | 474647BD351C4EBB5436319565FB88D85BC78976 |
SHA-256: | 80886F16AC3A2CC5E5D5E1CFDDA49247CE76BCDDD5E173BE73F48AABFF3BAF51 |
SHA-512: | 634FC500F6D3C70EA4915BA375D0797021F760F5CB62F7A0688BFF8927E9E07FB2E9B7C0E3554D85AD034C1F0AE1287AC265BF4EC4A68216F180B7243D512D40 |
Malicious: | false |
Reputation: | low |
Preview: |
/home/saturnino/.cache/mozilla/firefox/a3xevaya.default-release/startupCache/scriptCache-new.bin
Download File
Process: | /usr/lib/firefox/firefox |
File Type: | |
Category: | dropped |
Size (bytes): | 8065861 |
Entropy (8bit): | 5.203405206838544 |
Encrypted: | false |
SSDEEP: | 49152:kZLE60+X3aplFYgW0+NI2tidKxgNbcuApK9llF3zyQFWjbVPU1Hd63p3sem7x:LT/p2tidKxgNbcuApKf3rabz3S |
MD5: | 00CC034B00F8B54901A3D72BD7FF8C3E |
SHA1: | 11103380E799ED834C6F87C106F13B69AA88707C |
SHA-256: | AFBBB2F9CA5F8FF91ACB96FB21863F7827A4BCC277D3A832EE851B178693B1A5 |
SHA-512: | 5FF782F90AD676A72F1CFC19C1030E0F4F46EFBF404A659B69B19B116A70C069E0C3E58F93F0488FC9C47DB4DA5C922301F697593D8038CB490BA5FC89DFD70E |
Malicious: | false |
Reputation: | low |
Preview: |
/home/saturnino/.cache/mozilla/firefox/a3xevaya.default-release/startupCache/urlCache-new.bin
Download File
Process: | /usr/lib/firefox/firefox |
File Type: | |
Category: | dropped |
Size (bytes): | 2359 |
Entropy (8bit): | 4.723197587308875 |
Encrypted: | false |
SSDEEP: | 48:0oixAl2dXUGttISt3bqJtgtkt0IbFr9cHSWpVcaXBsneJrQc:76Al2dXUIIq3bAcwfWseJr3 |
MD5: | BBAFA4904B8EC4404105FD232E2D6BF3 |
SHA1: | 764DC7BFD554F82C05EF43E9A8765B9CC2764A34 |
SHA-256: | 08A0ADC928EB4C2B45C17203EA50A866128E2ACF4060A84CD6E7D301B3BBFFBD |
SHA-512: | 98EBCE5C1FBF9A25E1B5EED4284D2BE8948A02C4708995F81D3EC4C19E0974A1E83F4BDFF2A53C5F4129170D2C8A1327A3B62725D3449E55A6EE893A40202960 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | /usr/lib/firefox/firefox |
File Type: | |
Category: | dropped |
Size (bytes): | 8599 |
Entropy (8bit): | 6.567495269840381 |
Encrypted: | false |
SSDEEP: | 192:oftuM9K/DTZ97Xjq7XN+ftuM9K/DrZd7q/qBXoa:ofsM9eH7Tq74fsM9enZd7uqBJ |
MD5: | A1D3DFDE4342A057ABB725F7326C08E9 |
SHA1: | A0AC57260753854C4F43CFF75497507B9570BEC7 |
SHA-256: | 90B7DE98A0E12A8736D2D2B6A26516420A532165DE18349F16267BEBD2700AE9 |
SHA-512: | 723DC8DA47CCD8959828C71DEE300E70B5F58AA36193497FCFFAC05AEC03CCE6E45BCD2CCAE8AF8C1F0742EF28B04311971FCE4F043D47951197CCC569E8B61B |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | /usr/lib/firefox/firefox |
File Type: | |
Category: | dropped |
Size (bytes): | 216 |
Entropy (8bit): | 4.755039128811985 |
Encrypted: | false |
SSDEEP: | 6:YWLSf85jcM2MAfeKSyikXMDuQ6s/WoMmgjwHbSRmnPE2cb:YWLSf6gMAfzSy7MDNFMmqmpncBb |
MD5: | 3F4783C4A6E2C30C125D1A3E464B8381 |
SHA1: | E0341861A8E1E7A780AD941DBF2887C5C1DF734A |
SHA-256: | DE1D02EC9612920EF8E6FC72D437259756D96CFB2FC6973EF69B29E3EA04C769 |
SHA-512: | 9C580A197186EBBDB1DB70DE2945D93C68F07840BC0A207BCDEF7ECEDAC747F4B524279AD1CFE5EF32D309C0E548583AFCA912EC871F1FBC092415755EB93EBD |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | /usr/lib/firefox/firefox |
File Type: | |
Category: | dropped |
Size (bytes): | 458752 |
Entropy (8bit): | 0.8648498389553788 |
Encrypted: | false |
SSDEEP: | 384:Ss1zkVmvQhyn+Zoz67uwJt2dZ60ubZI3C18+PNliMM0UDZ8BX9W1zkVmvQhyn+Z+:SsRwJtZNuMg3cwJtZNuMiq |
MD5: | 07809AC372EE02563E7F464075040D1C |
SHA1: | 1CEECCDE5C06073648353A03650353E79D56B3B1 |
SHA-256: | 106F71FF709CE3998606E60FDBDBCCE6FD3F2DBC010B70B6EFCC84D650BD2E44 |
SHA-512: | 71172E93979221AE38C734201EAF278B379C7A0DD0BBFD09879FD4CA638AB8BBAA759295DAE1653363D79A6F335415E108C538C78F20C4027F882C36331D2DA2 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | /usr/lib/firefox/firefox |
File Type: | |
Category: | dropped |
Size (bytes): | 459912 |
Entropy (8bit): | 0.7971411050330949 |
Encrypted: | false |
SSDEEP: | 384:qDshGSZSdZ60ubZI3C18+PNliMM0f41zkVmvQhyn+Zoz67T+XUQZqwJt2dZ60ub4:OQNuMcQwJtZNuMKss |
MD5: | 9CAE07D08A4B1180D6CA2579B505BD56 |
SHA1: | B841414F36CB2882E5C578ECEF4C6C48D7D64061 |
SHA-256: | 7A9F83DF4D1AD2D1F23619A3210F509D43C61716781DF69FA261953D51B4D9A6 |
SHA-512: | 29704C4D024649ADBEB6CA076E50F941B13EE2E87B600F54DB8BCB3D630E53EC1DC8A988A4CD19BC36D4265D188C388CCE5144795A44D8FA0C1D20A665DD8376 |
Malicious: | false |
Reputation: | low |
Preview: |
/home/saturnino/.mozilla/firefox/a3xevaya.default-release/crashes/store.json.mozlz4.tmp
Download File
Process: | /usr/lib/firefox/firefox |
File Type: | |
Category: | dropped |
Size (bytes): | 66 |
Entropy (8bit): | 4.837595020998689 |
Encrypted: | false |
SSDEEP: | 3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt |
MD5: | A6338865EB252D0EF8FCF11FA9AF3F0D |
SHA1: | CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3 |
SHA-256: | 078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965 |
SHA-512: | D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C |
Malicious: | false |
Reputation: | low |
Preview: |
/home/saturnino/.mozilla/firefox/a3xevaya.default-release/datareporting/aborted-session-ping.tmp
Download File
Process: | /usr/lib/firefox/firefox |
File Type: | |
Category: | dropped |
Size (bytes): | 34247 |
Entropy (8bit): | 5.24628184173366 |
Encrypted: | false |
SSDEEP: | 768:YGPWwZ/znUe1n2/myB8F+hoaPQUXdmvwjQ4WUV6d6pxVs8:dbnUe1IwEPQUXS4WUV6d6dR |
MD5: | 7BB3B120C1DA9908EC2338520CF6C64B |
SHA1: | A48F26904C4569C5572D3B43AD1715C5AE4F6C14 |
SHA-256: | 686D6D51DEFFF62073AB28173189AF7354129974158CECC7907B437925D950DA |
SHA-512: | AC2CC8885D01CBA7FFD8C358E03F5B6315C16A1CF8503FA6CF57B3E1A40F29C197C9AEA2DA31944D5413F16817E447E9CE57969B1C8F73F76C66A21F527DDFA3 |
Malicious: | false |
Reputation: | low |
Preview: |
/home/saturnino/.mozilla/firefox/a3xevaya.default-release/datareporting/glean/db/data.safe.bin
Download File
Process: | /usr/lib/firefox/firefox |
File Type: | |
Category: | dropped |
Size (bytes): | 22034 |
Entropy (8bit): | 4.167741435380332 |
Encrypted: | false |
SSDEEP: | 192:0FvQVb0FvQVbBFvQVbWFvQVbxFvQVbFFvQVbwFvQVbJFvQVb:JVbJVbEVbzVbUVbwVb9VbsVb |
MD5: | 23781F0E2B8785F1763060FE26F0F14E |
SHA1: | 899058D67D3AF17905C8CD6EA377AFF1624DEF49 |
SHA-256: | 69518F55151C3443B58464F489B3F4433230B37F51176BB89F1742B96DC3CB95 |
SHA-512: | 5CC9A580205D5E39DC66DB0E20C2558719ABCE35E65C772FD50E55E117BDB6E93F1DF03BABCD8D0FD2284B78642F1C7F1950D6E24208813D16A61A3335546219 |
Malicious: | false |
Reputation: | low |
Preview: |
/home/saturnino/.mozilla/firefox/a3xevaya.default-release/datareporting/glean/tmp/7c4c3d68-b8c8-44e6-a714-345a0583faf2
Download File
Process: | /usr/lib/firefox/firefox |
File Type: | |
Category: | dropped |
Size (bytes): | 527 |
Entropy (8bit): | 5.029868752462172 |
Encrypted: | false |
SSDEEP: | 12:BG2asuzkh+ckmeiAU7nVp3mHjFHC4x8+44GkD4tATdNBHV:BGzsGkh+NU5p3AjFiI44GkD4ts1 |
MD5: | 6B15C070788478408BA28503257BF81D |
SHA1: | 9F3C66994CA467BF84BEA582A07FB412E4EE04B9 |
SHA-256: | A8831DB7095681CBC38C205E7F3A908DF453FD76DD9AB5E6DA8806837CA53664 |
SHA-512: | 997DF6E6252EF911D5C4A3FEF3E9C035328F6CC0523D2903DFCE6BCCEAC272AD5D0F74A0287022BCD8BA37F2D439CC8C1C02B2E5EB218C3FF71628BCE2179794 |
Malicious: | false |
Reputation: | low |
Preview: |
/home/saturnino/.mozilla/firefox/a3xevaya.default-release/datareporting/session-state.json.tmp
Download File
Process: | /usr/lib/firefox/firefox |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 4.858365186165159 |
Encrypted: | false |
SSDEEP: | 3:YWAqKs58fKzHFU3cmwUuTMf6phCKuGQHJ1XhJA2aqnLPJUoa/H5C:YWAqf58CzHFycmw+fAhuG61XhOanLc/Q |
MD5: | 81939E2A566C5C05E3490296D175FE9C |
SHA1: | BBB479F94B31BBBFE0F499AE172D27BB28486E55 |
SHA-256: | C4EB5F5B88C77C2C00F1606FB61D01DDF3AFA9242EC8BAAC31844EDC78EE88AE |
SHA-512: | 4F3B94602553D2BBE5B315D36F1B83F16B7238297F03E79BE020FC65B9D04B206EB877186423CE9D241261ADC9A1D8E87C3CE6CA0DC3C06A06B5FEB77A6F467C |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | /usr/lib/firefox/firefox |
File Type: | |
Category: | dropped |
Size (bytes): | 51 |
Entropy (8bit): | 3.2717530240771033 |
Encrypted: | false |
SSDEEP: | 3:YGJBQvAcgVgcVIDwf:YG8PgfiDE |
MD5: | 3E32E2CC1ED028DD8FF9B06F50A4707B |
SHA1: | B3910351BD8E13AD1479DB699CF6FAC6544A5BEF |
SHA-256: | 4A3A666D98E61B5FE06FECAC56807137A0FFFB4BB71D4C3B16BAA8702DDE738C |
SHA-512: | 4585EE9EC04ADF138727CD039A9CBE78DB6CF2926F6CE92524312A42EFD1250100848A919EC4B833F9A013181CE93734575B86EED37F1BF32EFFA3237EBA84DB |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | /usr/lib/firefox/firefox |
File Type: | |
Category: | dropped |
Size (bytes): | 48713 |
Entropy (8bit): | 5.174045011351523 |
Encrypted: | false |
SSDEEP: | 768:9On4M4wfVXy4nWXOxJO9/pN4sG4G4J4k4wh5hvM4r4y4l4G4O4gC6v4j:6ORpphfvG4co |
MD5: | CAAE9DFD85622A51E40BC81E527E6A7D |
SHA1: | 8E1559A6C7E831446C791D827E4788EEF3FCFD59 |
SHA-256: | 836339FA04A74196FAB90D3128B1C4AFEB52876322A0DB38001BD87AAD660488 |
SHA-512: | 69053EBEBB03D84AF4FA8B1656B99F543F33414B039FEA55CB0F93BAA23AA169527DE10F9A45F6724A708BA8F638F4E4486D614FEC43EF85031C7572A95C9EE6 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | /usr/lib/firefox/firefox |
File Type: | |
Category: | dropped |
Size (bytes): | 98304 |
Entropy (8bit): | 0.4036145626617334 |
Encrypted: | false |
SSDEEP: | 192:mva0zkVmvQhyn+Zoz679fqlQbGhMHPaVAL23vgrMfzZ:m1zkVmvQhyn+Zoz67FazZ |
MD5: | B17E199AC22C99688CEACAE342FDE8D7 |
SHA1: | 41F41E23CFD8F6110C7924BF6FB974D7A12328C9 |
SHA-256: | 34C8F483575FD7AF331FBC6933F41D13A43A5FD1E556920C6E0EC71AE1C8F1DD |
SHA-512: | D1DD5ACEE56BC358A37AA770C8794912E040261F2374B32BD2EECDBF1275FCC8870651BDE97FA5A4251E68886757F5B2EDDA256AFF2FD44306B574A5B3E35AE8 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | /usr/lib/firefox/firefox |
File Type: | |
Category: | dropped |
Size (bytes): | 98852 |
Entropy (8bit): | 0.22662102288292932 |
Encrypted: | false |
SSDEEP: | 192:5zRVva0zkVmvQhyn+Zoz679fqlQbGhMHPaVAL23vI:jV1zkVmvQhyn+Zoz67J |
MD5: | 315E7B41F813586544D78840CB9559FB |
SHA1: | D7E88B0FC5419B6857272480E4F46B0C60F49400 |
SHA-256: | DBAC272DC8669B1DBDF28833DAE4CD406F02B23118A7DC1783EACCB5FA6FAA07 |
SHA-512: | 494202858E21DF9076F0C5AA1E827DCA58288D783CAF40144B33A298FF024810D924A20D7F69029DB36E4E10B483826980A2AF4CFA515F4EC64E676E25124D2E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | /usr/lib/firefox/firefox |
File Type: | |
Category: | dropped |
Size (bytes): | 109769 |
Entropy (8bit): | 5.218549712597015 |
Encrypted: | false |
SSDEEP: | 768:MoyhNJoyhNQoyhVQoyhjfoyhj9oyhj9oy4j9oy479oy4X/:5yKyByxyayAyAy5yRyw |
MD5: | EA2B51E5F426E440E694DAC7D6C8FF7F |
SHA1: | 794AF31E121E7EE3E379D08FBD97194B102DB81F |
SHA-256: | B7C63D896F321B442597FD2606D753A020703738A337C0590441B2D7D8D715CC |
SHA-512: | 1B9FECE42591E7FD580AFAF67BE84C1C2AD5B4D730EF051A457305AFB3021D6F49D7C2F0499ABB0FDF5F45B5C71BA7B5289C4E619A81E0C54EBF0BD0E24FC469 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | /usr/lib/firefox/firefox |
File Type: | |
Category: | dropped |
Size (bytes): | 196 |
Entropy (8bit): | 5.4478819013219715 |
Encrypted: | false |
SSDEEP: | 6:vXvz2SNtSapaBlP7521T06xz3Jg75I2k7TEv2X8W6:vvz2SNtjpOPWgsz3JYk7vq |
MD5: | DE18406D63DF1F173806E777DABDADFB |
SHA1: | 076F314F75C8555C0220BB0EF7129750D9B1B9C8 |
SHA-256: | 89F9037A361F2A097E61121697426233D8D8AF5B6E18E92D6612E8D65D0A562C |
SHA-512: | 0E94A9D0D5DAC99BC07C1C9C191EDE376041D8C43D3B9DAC99A47ABE451C518B8F65EF6513A0956B9FC72AF96A05A7A81040257C40A26215F91841C7488C93B2 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | /usr/lib/firefox/firefox |
File Type: | |
Category: | dropped |
Size (bytes): | 143 |
Entropy (8bit): | 4.223691028533093 |
Encrypted: | false |
SSDEEP: | 3:YVXKQJAyiVLQwJtJDBA+ABaQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+kOy6Lb1BA+m2L69Yr |
MD5: | C0E4C22C50DD21142F57714EF49B8713 |
SHA1: | 06B77307DCA5C889EA279243E74730CBC10801BE |
SHA-256: | 6FE46B65B76B3DF32D8392853740B35ED75B6E23F4FBD6F45F3EFA1D496E6717 |
SHA-512: | A4516B4F15EDB429F7B8CE3EA709D3777BFCC590838B1E113147E6BFB4DF0F34F0F2B24F6185D4E4277A77F75711BB470461B86AA507921AF037A6D22DF9278E |
Malicious: | false |
Reputation: | low |
Preview: |
/home/saturnino/.mozilla/firefox/a3xevaya.default-release/sessionstore-backups/recovery.jsonlz4.tmp
Download File
Process: | /usr/lib/firefox/firefox |
File Type: | |
Category: | dropped |
Size (bytes): | 5126 |
Entropy (8bit): | 6.269939167982209 |
Encrypted: | false |
SSDEEP: | 48:iZ5tpVoDft16Hhh7y4+Z0tpVoDq16vthh7ys+ZotpVoDft16vthwys+ZDutpVoDM:wuTz6rVue6vVpuTz6vIfuTz6vVB |
MD5: | 77B2E7BF4A6A503593121ABB422846B1 |
SHA1: | 6DA47537BD4A3B288894278AC7EE9FD5C64EF0BA |
SHA-256: | 6B763F8AAC1487333EDC6786B141753F6EFF7EAC3AAA6E1BDD34F2B242751778 |
SHA-512: | 4D134948646138C108DA6BD84E7333DB65DA642B28B874995A9CDAFD66060CDA77133E0849EA451E0178D2C36A2CAA81A44769ECD0A62D7CBCCA1726EB142847 |
Malicious: | false |
Reputation: | low |
Preview: |
/home/saturnino/.mozilla/firefox/a3xevaya.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
Download File
Process: | /usr/lib/firefox/firefox |
File Type: | |
Category: | dropped |
Size (bytes): | 28672 |
Entropy (8bit): | 6.117080021933792 |
Encrypted: | false |
SSDEEP: | 768:K3sCJm3z3a3M3jWHjF2NNrnsrx4Nab6MSBHhap6Ul22y1HaqeHhcHm91Hp:K3o3z3a3M3Ojf1kBHhap6Ul2n1HaqeH3 |
MD5: | 2672D6B57621B74D060C6FC399DFCADD |
SHA1: | 7500A1E08D82966806E231D3DA34B211151B5457 |
SHA-256: | DA329DDB72B5E05874BA4E78B0D524F19BC200A0A539F6CDB273BDFAD304A65D |
SHA-512: | 643877BCEB2B0A74AF8B559B6060D30121FBC82B7AFBAF29BD62EC0985E3069F3434A1D6C0C29028188D98037DCABB1ADE1ABBBBDBAA895849D5DF620CD53151 |
Malicious: | false |
Reputation: | low |
Preview: |
/home/saturnino/.mozilla/firefox/a3xevaya.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite-wal
Download File
Process: | /usr/lib/firefox/firefox |
File Type: | |
Category: | dropped |
Size (bytes): | 41232 |
Entropy (8bit): | 6.16355630920134 |
Encrypted: | false |
SSDEEP: | 768:63sCJ23z3a3M3jW2q68BNNrnsrx4Nab6M7BHhap6Ul2R6jads1HDjeHhcHm91HQk:63I3z3a3M3vqE1pBHhap6Ul2R6jay1H6 |
MD5: | 60EEB4D39634658C8016958069B8B39D |
SHA1: | BE999F581849E9104EEC686D56E3C2A0772E3F03 |
SHA-256: | 4BE536DE599525F53D315B4247A70B84F813D12D742B6F1B909607A3FD6A0A83 |
SHA-512: | 370EC3E8B825EBAC97F8F26FFC0B5548003241D7A4A07B1071C05DA4BAF394A9ED94C484AAA63861B7A59187A0E0006B92E55ECA4E6660FEBFBB0026D1115475 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | /usr/lib/firefox/firefox |
File Type: | |
Category: | dropped |
Size (bytes): | 284 |
Entropy (8bit): | 4.707807484588857 |
Encrypted: | false |
SSDEEP: | 6:YGNTG/SJ8KgfQYV2fVH8qLvrdpUhj2xJWl42xJEAUvEJBY1Y:YGNd5gfV2tH8avrnQ2fZ2feUY1Y |
MD5: | 4F2F57A0FACAF113FDEC5456EDF974C5 |
SHA1: | 51BB98FBB11D07BD0343137B144B0A32DC1952D6 |
SHA-256: | F57089C81D75E95583D17E67496FB02DEE203DEBA36DD176BE35F0841654E9EA |
SHA-512: | 07291312066CD6C9B3BD70DBC20D1BBE8A0DD60648558812F888413CCF3628AFED82F7FC365F687036973FA3E106F08C27E891AAADB54FB9591F01D00CA753C0 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | /usr/lib/firefox/firefox |
File Type: | |
Category: | dropped |
Size (bytes): | 11 |
Entropy (8bit): | 1.4353713907745331 |
Encrypted: | false |
SSDEEP: | 3:MVUGn:MCG |
MD5: | 54258652109C33FE06188083A3EC23F4 |
SHA1: | 013EC30A95D66C56642C193613A829B746982601 |
SHA-256: | C459EBB6CF3917EFB05A2E72EF25E223BE9B78780B1CE0CAACCE49C773DF199E |
SHA-512: | AAE8A67B91BDEC9C21ACD88711C262EA3ACD3EE086AEB27645531C47DD618708C7FF284759A68000414579B77C0D8A3449F95480D039A9901F7352121B7D78F0 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | /usr/lib/firefox/firefox |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 2.0 |
Encrypted: | false |
SSDEEP: | 3:9n:9n |
MD5: | 05AFB6CE69B9CEF1BD6ECE7E4745F96C |
SHA1: | 1D16DC2DCC6851208C1B981E2EC377250A4A0CC5 |
SHA-256: | 3026A0CA485E5831657BA0120FA8DD66B3425427BFB0A2BE0DB743E2305CC7C5 |
SHA-512: | A37A7790CCB2FA5A3C3F2740480CF4035F2870502060F398A1882A44B675DE736E33D8ECD9B834BB3D19D807B46875E30AA835EDD847C5FE8F1F2942A870BAD5 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | /usr/lib/firefox/firefox |
File Type: | |
Category: | dropped |
Size (bytes): | 11 |
Entropy (8bit): | 1.4353713907745331 |
Encrypted: | false |
SSDEEP: | 3:MVUGn:MCG |
MD5: | 54258652109C33FE06188083A3EC23F4 |
SHA1: | 013EC30A95D66C56642C193613A829B746982601 |
SHA-256: | C459EBB6CF3917EFB05A2E72EF25E223BE9B78780B1CE0CAACCE49C773DF199E |
SHA-512: | AAE8A67B91BDEC9C21ACD88711C262EA3ACD3EE086AEB27645531C47DD618708C7FF284759A68000414579B77C0D8A3449F95480D039A9901F7352121B7D78F0 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | /usr/lib/firefox/firefox |
File Type: | |
Category: | dropped |
Size (bytes): | 11 |
Entropy (8bit): | 1.4353713907745331 |
Encrypted: | false |
SSDEEP: | 3:MVUGn:MCG |
MD5: | 54258652109C33FE06188083A3EC23F4 |
SHA1: | 013EC30A95D66C56642C193613A829B746982601 |
SHA-256: | C459EBB6CF3917EFB05A2E72EF25E223BE9B78780B1CE0CAACCE49C773DF199E |
SHA-512: | AAE8A67B91BDEC9C21ACD88711C262EA3ACD3EE086AEB27645531C47DD618708C7FF284759A68000414579B77C0D8A3449F95480D039A9901F7352121B7D78F0 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | /usr/lib/firefox/firefox |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 2.0 |
Encrypted: | false |
SSDEEP: | 3:9n:9n |
MD5: | 05AFB6CE69B9CEF1BD6ECE7E4745F96C |
SHA1: | 1D16DC2DCC6851208C1B981E2EC377250A4A0CC5 |
SHA-256: | 3026A0CA485E5831657BA0120FA8DD66B3425427BFB0A2BE0DB743E2305CC7C5 |
SHA-512: | A37A7790CCB2FA5A3C3F2740480CF4035F2870502060F398A1882A44B675DE736E33D8ECD9B834BB3D19D807B46875E30AA835EDD847C5FE8F1F2942A870BAD5 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | /usr/lib/firefox/firefox |
File Type: | |
Category: | dropped |
Size (bytes): | 11 |
Entropy (8bit): | 1.4353713907745331 |
Encrypted: | false |
SSDEEP: | 3:MVUGn:MCG |
MD5: | 54258652109C33FE06188083A3EC23F4 |
SHA1: | 013EC30A95D66C56642C193613A829B746982601 |
SHA-256: | C459EBB6CF3917EFB05A2E72EF25E223BE9B78780B1CE0CAACCE49C773DF199E |
SHA-512: | AAE8A67B91BDEC9C21ACD88711C262EA3ACD3EE086AEB27645531C47DD618708C7FF284759A68000414579B77C0D8A3449F95480D039A9901F7352121B7D78F0 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | /usr/lib/firefox/firefox |
File Type: | |
Category: | dropped |
Size (bytes): | 11 |
Entropy (8bit): | 1.4353713907745331 |
Encrypted: | false |
SSDEEP: | 3:MVUGn:MCG |
MD5: | 54258652109C33FE06188083A3EC23F4 |
SHA1: | 013EC30A95D66C56642C193613A829B746982601 |
SHA-256: | C459EBB6CF3917EFB05A2E72EF25E223BE9B78780B1CE0CAACCE49C773DF199E |
SHA-512: | AAE8A67B91BDEC9C21ACD88711C262EA3ACD3EE086AEB27645531C47DD618708C7FF284759A68000414579B77C0D8A3449F95480D039A9901F7352121B7D78F0 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | /usr/lib/firefox/firefox |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 2.0 |
Encrypted: | false |
SSDEEP: | 3:9n:9n |
MD5: | 05AFB6CE69B9CEF1BD6ECE7E4745F96C |
SHA1: | 1D16DC2DCC6851208C1B981E2EC377250A4A0CC5 |
SHA-256: | 3026A0CA485E5831657BA0120FA8DD66B3425427BFB0A2BE0DB743E2305CC7C5 |
SHA-512: | A37A7790CCB2FA5A3C3F2740480CF4035F2870502060F398A1882A44B675DE736E33D8ECD9B834BB3D19D807B46875E30AA835EDD847C5FE8F1F2942A870BAD5 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | /usr/lib/firefox/firefox |
File Type: | |
Category: | dropped |
Size (bytes): | 11 |
Entropy (8bit): | 1.4353713907745331 |
Encrypted: | false |
SSDEEP: | 3:MVUGn:MCG |
MD5: | 54258652109C33FE06188083A3EC23F4 |
SHA1: | 013EC30A95D66C56642C193613A829B746982601 |
SHA-256: | C459EBB6CF3917EFB05A2E72EF25E223BE9B78780B1CE0CAACCE49C773DF199E |
SHA-512: | AAE8A67B91BDEC9C21ACD88711C262EA3ACD3EE086AEB27645531C47DD618708C7FF284759A68000414579B77C0D8A3449F95480D039A9901F7352121B7D78F0 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | /usr/lib/firefox/firefox |
File Type: | |
Category: | dropped |
Size (bytes): | 11 |
Entropy (8bit): | 1.4353713907745331 |
Encrypted: | false |
SSDEEP: | 3:MVUGn:MCG |
MD5: | 54258652109C33FE06188083A3EC23F4 |
SHA1: | 013EC30A95D66C56642C193613A829B746982601 |
SHA-256: | C459EBB6CF3917EFB05A2E72EF25E223BE9B78780B1CE0CAACCE49C773DF199E |
SHA-512: | AAE8A67B91BDEC9C21ACD88711C262EA3ACD3EE086AEB27645531C47DD618708C7FF284759A68000414579B77C0D8A3449F95480D039A9901F7352121B7D78F0 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | /usr/lib/firefox/firefox |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 2.0 |
Encrypted: | false |
SSDEEP: | 3:9n:9n |
MD5: | 05AFB6CE69B9CEF1BD6ECE7E4745F96C |
SHA1: | 1D16DC2DCC6851208C1B981E2EC377250A4A0CC5 |
SHA-256: | 3026A0CA485E5831657BA0120FA8DD66B3425427BFB0A2BE0DB743E2305CC7C5 |
SHA-512: | A37A7790CCB2FA5A3C3F2740480CF4035F2870502060F398A1882A44B675DE736E33D8ECD9B834BB3D19D807B46875E30AA835EDD847C5FE8F1F2942A870BAD5 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | /usr/lib/firefox/firefox |
File Type: | |
Category: | dropped |
Size (bytes): | 11 |
Entropy (8bit): | 1.4353713907745331 |
Encrypted: | false |
SSDEEP: | 3:MVUGn:MCG |
MD5: | 54258652109C33FE06188083A3EC23F4 |
SHA1: | 013EC30A95D66C56642C193613A829B746982601 |
SHA-256: | C459EBB6CF3917EFB05A2E72EF25E223BE9B78780B1CE0CAACCE49C773DF199E |
SHA-512: | AAE8A67B91BDEC9C21ACD88711C262EA3ACD3EE086AEB27645531C47DD618708C7FF284759A68000414579B77C0D8A3449F95480D039A9901F7352121B7D78F0 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | /usr/lib/firefox/firefox |
File Type: | |
Category: | dropped |
Size (bytes): | 116503 |
Entropy (8bit): | 5.468343542813616 |
Encrypted: | false |
SSDEEP: | 3072:C/4g3Kd1rO5hZmxgA9OKdwwjF9GhsR1Ae:O9anO5hZLHKdwwjF9GhsR1Ae |
MD5: | FB339CF69C95DC0CFC2E39212B653781 |
SHA1: | C3DFC45C904BF581CDC2CD4BB4AE3CD04AE5072C |
SHA-256: | F01DD98CB5003B692B097C3E9E2493DDD041511D4E1B2874D85FB6E1BBFD3A9B |
SHA-512: | 2EE376B32955973FB2212C05CC6AE20B18A2A2CA1F3B3FD1F1956AA25EC9427C9E494A642B177B9BF9030466AE390A06E228B24921C7A848F212028CE451DB55 |
Malicious: | true |
Yara Hits: |
|
Antivirus: |
|
Reputation: | low |
Preview: |
⊘No static file info
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 21, 2023 06:16:50.033205032 CET | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
Mar 21, 2023 06:16:50.801146030 CET | 42516 | 80 | 192.168.2.23 | 109.202.202.202 |
Mar 21, 2023 06:17:04.880424023 CET | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
Mar 21, 2023 06:17:11.193598986 CET | 46334 | 80 | 192.168.2.23 | 31.214.243.29 |
Mar 21, 2023 06:17:12.208030939 CET | 46334 | 80 | 192.168.2.23 | 31.214.243.29 |
Mar 21, 2023 06:17:14.223931074 CET | 46334 | 80 | 192.168.2.23 | 31.214.243.29 |
Mar 21, 2023 06:17:14.241144896 CET | 80 | 46334 | 31.214.243.29 | 192.168.2.23 |
Mar 21, 2023 06:17:14.241272926 CET | 46334 | 80 | 192.168.2.23 | 31.214.243.29 |
Mar 21, 2023 06:17:17.167768955 CET | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
Mar 21, 2023 06:17:19.254798889 CET | 46334 | 80 | 192.168.2.23 | 31.214.243.29 |
Mar 21, 2023 06:17:19.272135973 CET | 80 | 46334 | 31.214.243.29 | 192.168.2.23 |
Mar 21, 2023 06:17:19.272253036 CET | 46334 | 80 | 192.168.2.23 | 31.214.243.29 |
Mar 21, 2023 06:17:19.434719086 CET | 46336 | 80 | 192.168.2.23 | 31.214.243.29 |
Mar 21, 2023 06:17:19.451980114 CET | 80 | 46336 | 31.214.243.29 | 192.168.2.23 |
Mar 21, 2023 06:17:19.452092886 CET | 46336 | 80 | 192.168.2.23 | 31.214.243.29 |
Mar 21, 2023 06:17:19.452233076 CET | 46336 | 80 | 192.168.2.23 | 31.214.243.29 |
Mar 21, 2023 06:17:19.469245911 CET | 80 | 46336 | 31.214.243.29 | 192.168.2.23 |
Mar 21, 2023 06:17:19.469438076 CET | 80 | 46336 | 31.214.243.29 | 192.168.2.23 |
Mar 21, 2023 06:17:19.469520092 CET | 80 | 46336 | 31.214.243.29 | 192.168.2.23 |
Mar 21, 2023 06:17:19.469521046 CET | 46336 | 80 | 192.168.2.23 | 31.214.243.29 |
Mar 21, 2023 06:17:19.469598055 CET | 80 | 46336 | 31.214.243.29 | 192.168.2.23 |
Mar 21, 2023 06:17:19.469604015 CET | 46336 | 80 | 192.168.2.23 | 31.214.243.29 |
Mar 21, 2023 06:17:19.469659090 CET | 80 | 46336 | 31.214.243.29 | 192.168.2.23 |
Mar 21, 2023 06:17:19.469716072 CET | 80 | 46336 | 31.214.243.29 | 192.168.2.23 |
Mar 21, 2023 06:17:19.469716072 CET | 46336 | 80 | 192.168.2.23 | 31.214.243.29 |
Mar 21, 2023 06:17:19.469762087 CET | 46336 | 80 | 192.168.2.23 | 31.214.243.29 |
Mar 21, 2023 06:17:19.469774008 CET | 46336 | 80 | 192.168.2.23 | 31.214.243.29 |
Mar 21, 2023 06:17:19.469846010 CET | 80 | 46336 | 31.214.243.29 | 192.168.2.23 |
Mar 21, 2023 06:17:19.469903946 CET | 80 | 46336 | 31.214.243.29 | 192.168.2.23 |
Mar 21, 2023 06:17:19.469940901 CET | 46336 | 80 | 192.168.2.23 | 31.214.243.29 |
Mar 21, 2023 06:17:19.469958067 CET | 80 | 46336 | 31.214.243.29 | 192.168.2.23 |
Mar 21, 2023 06:17:19.469959974 CET | 46336 | 80 | 192.168.2.23 | 31.214.243.29 |
Mar 21, 2023 06:17:19.470011950 CET | 46336 | 80 | 192.168.2.23 | 31.214.243.29 |
Mar 21, 2023 06:17:19.470032930 CET | 80 | 46336 | 31.214.243.29 | 192.168.2.23 |
Mar 21, 2023 06:17:19.470098019 CET | 80 | 46336 | 31.214.243.29 | 192.168.2.23 |
Mar 21, 2023 06:17:19.470135927 CET | 46336 | 80 | 192.168.2.23 | 31.214.243.29 |
Mar 21, 2023 06:17:19.470153093 CET | 46336 | 80 | 192.168.2.23 | 31.214.243.29 |
Mar 21, 2023 06:17:19.487231970 CET | 80 | 46336 | 31.214.243.29 | 192.168.2.23 |
Mar 21, 2023 06:17:19.487298012 CET | 80 | 46336 | 31.214.243.29 | 192.168.2.23 |
Mar 21, 2023 06:17:19.487313986 CET | 46336 | 80 | 192.168.2.23 | 31.214.243.29 |
Mar 21, 2023 06:17:19.487364054 CET | 46336 | 80 | 192.168.2.23 | 31.214.243.29 |
Mar 21, 2023 06:17:19.487371922 CET | 80 | 46336 | 31.214.243.29 | 192.168.2.23 |
Mar 21, 2023 06:17:19.487458944 CET | 46336 | 80 | 192.168.2.23 | 31.214.243.29 |
Mar 21, 2023 06:17:19.487519979 CET | 80 | 46336 | 31.214.243.29 | 192.168.2.23 |
Mar 21, 2023 06:17:19.487613916 CET | 80 | 46336 | 31.214.243.29 | 192.168.2.23 |
Mar 21, 2023 06:17:19.487683058 CET | 46336 | 80 | 192.168.2.23 | 31.214.243.29 |
Mar 21, 2023 06:17:19.487689018 CET | 80 | 46336 | 31.214.243.29 | 192.168.2.23 |
Mar 21, 2023 06:17:19.487701893 CET | 46336 | 80 | 192.168.2.23 | 31.214.243.29 |
Mar 21, 2023 06:17:19.487741947 CET | 80 | 46336 | 31.214.243.29 | 192.168.2.23 |
Mar 21, 2023 06:17:19.487777948 CET | 46336 | 80 | 192.168.2.23 | 31.214.243.29 |
Mar 21, 2023 06:17:19.487797976 CET | 80 | 46336 | 31.214.243.29 | 192.168.2.23 |
Mar 21, 2023 06:17:19.487857103 CET | 80 | 46336 | 31.214.243.29 | 192.168.2.23 |
Mar 21, 2023 06:17:19.487893105 CET | 46336 | 80 | 192.168.2.23 | 31.214.243.29 |
Mar 21, 2023 06:17:19.487915039 CET | 80 | 46336 | 31.214.243.29 | 192.168.2.23 |
Mar 21, 2023 06:17:19.487966061 CET | 80 | 46336 | 31.214.243.29 | 192.168.2.23 |
Mar 21, 2023 06:17:19.487970114 CET | 46336 | 80 | 192.168.2.23 | 31.214.243.29 |
Mar 21, 2023 06:17:19.488018990 CET | 80 | 46336 | 31.214.243.29 | 192.168.2.23 |
Mar 21, 2023 06:17:19.488079071 CET | 46336 | 80 | 192.168.2.23 | 31.214.243.29 |
Mar 21, 2023 06:17:19.488080978 CET | 80 | 46336 | 31.214.243.29 | 192.168.2.23 |
Mar 21, 2023 06:17:19.488132000 CET | 80 | 46336 | 31.214.243.29 | 192.168.2.23 |
Mar 21, 2023 06:17:19.488183022 CET | 80 | 46336 | 31.214.243.29 | 192.168.2.23 |
Mar 21, 2023 06:17:19.488219023 CET | 46336 | 80 | 192.168.2.23 | 31.214.243.29 |
Mar 21, 2023 06:17:19.488285065 CET | 80 | 46336 | 31.214.243.29 | 192.168.2.23 |
Mar 21, 2023 06:17:19.488347054 CET | 80 | 46336 | 31.214.243.29 | 192.168.2.23 |
Mar 21, 2023 06:17:19.488353968 CET | 46336 | 80 | 192.168.2.23 | 31.214.243.29 |
Mar 21, 2023 06:17:19.488406897 CET | 80 | 46336 | 31.214.243.29 | 192.168.2.23 |
Mar 21, 2023 06:17:19.488461971 CET | 80 | 46336 | 31.214.243.29 | 192.168.2.23 |
Mar 21, 2023 06:17:19.488461971 CET | 46336 | 80 | 192.168.2.23 | 31.214.243.29 |
Mar 21, 2023 06:17:19.488513947 CET | 80 | 46336 | 31.214.243.29 | 192.168.2.23 |
Mar 21, 2023 06:17:19.488580942 CET | 46336 | 80 | 192.168.2.23 | 31.214.243.29 |
Mar 21, 2023 06:17:19.505590916 CET | 80 | 46336 | 31.214.243.29 | 192.168.2.23 |
Mar 21, 2023 06:17:19.505676031 CET | 80 | 46336 | 31.214.243.29 | 192.168.2.23 |
Mar 21, 2023 06:17:19.505733967 CET | 80 | 46336 | 31.214.243.29 | 192.168.2.23 |
Mar 21, 2023 06:17:19.505789995 CET | 46336 | 80 | 192.168.2.23 | 31.214.243.29 |
Mar 21, 2023 06:17:19.505796909 CET | 80 | 46336 | 31.214.243.29 | 192.168.2.23 |
Mar 21, 2023 06:17:19.505810976 CET | 46336 | 80 | 192.168.2.23 | 31.214.243.29 |
Mar 21, 2023 06:17:19.505856037 CET | 80 | 46336 | 31.214.243.29 | 192.168.2.23 |
Mar 21, 2023 06:17:19.505856991 CET | 46336 | 80 | 192.168.2.23 | 31.214.243.29 |
Mar 21, 2023 06:17:19.505916119 CET | 80 | 46336 | 31.214.243.29 | 192.168.2.23 |
Mar 21, 2023 06:17:19.505934954 CET | 46336 | 80 | 192.168.2.23 | 31.214.243.29 |
Mar 21, 2023 06:17:19.505990028 CET | 80 | 46336 | 31.214.243.29 | 192.168.2.23 |
Mar 21, 2023 06:17:19.506027937 CET | 46336 | 80 | 192.168.2.23 | 31.214.243.29 |
Mar 21, 2023 06:17:19.506051064 CET | 46336 | 80 | 192.168.2.23 | 31.214.243.29 |
Mar 21, 2023 06:17:19.506057024 CET | 80 | 46336 | 31.214.243.29 | 192.168.2.23 |
Mar 21, 2023 06:17:19.506112099 CET | 46336 | 80 | 192.168.2.23 | 31.214.243.29 |
Mar 21, 2023 06:17:19.506114006 CET | 80 | 46336 | 31.214.243.29 | 192.168.2.23 |
Mar 21, 2023 06:17:19.506171942 CET | 80 | 46336 | 31.214.243.29 | 192.168.2.23 |
Mar 21, 2023 06:17:19.506227970 CET | 80 | 46336 | 31.214.243.29 | 192.168.2.23 |
Mar 21, 2023 06:17:19.506234884 CET | 46336 | 80 | 192.168.2.23 | 31.214.243.29 |
Mar 21, 2023 06:17:19.506252050 CET | 46336 | 80 | 192.168.2.23 | 31.214.243.29 |
Mar 21, 2023 06:17:19.506278038 CET | 46336 | 80 | 192.168.2.23 | 31.214.243.29 |
Mar 21, 2023 06:17:19.506283045 CET | 80 | 46336 | 31.214.243.29 | 192.168.2.23 |
Mar 21, 2023 06:17:19.506341934 CET | 46336 | 80 | 192.168.2.23 | 31.214.243.29 |
Mar 21, 2023 06:17:19.506344080 CET | 80 | 46336 | 31.214.243.29 | 192.168.2.23 |
Mar 21, 2023 06:17:19.506400108 CET | 80 | 46336 | 31.214.243.29 | 192.168.2.23 |
Mar 21, 2023 06:17:19.506455898 CET | 46336 | 80 | 192.168.2.23 | 31.214.243.29 |
Mar 21, 2023 06:17:19.506463051 CET | 80 | 46336 | 31.214.243.29 | 192.168.2.23 |
Mar 21, 2023 06:17:19.506486893 CET | 46336 | 80 | 192.168.2.23 | 31.214.243.29 |
Mar 21, 2023 06:17:19.506551027 CET | 80 | 46336 | 31.214.243.29 | 192.168.2.23 |
Mar 21, 2023 06:17:19.506556988 CET | 46336 | 80 | 192.168.2.23 | 31.214.243.29 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 21, 2023 06:17:23.237967014 CET | 58862 | 53 | 192.168.2.23 | 1.1.1.1 |
Mar 21, 2023 06:17:23.238112926 CET | 53016 | 53 | 192.168.2.23 | 1.1.1.1 |
Mar 21, 2023 06:17:23.255949974 CET | 53 | 53016 | 1.1.1.1 | 192.168.2.23 |
Mar 21, 2023 06:17:23.256042957 CET | 53 | 58862 | 1.1.1.1 | 192.168.2.23 |
Mar 21, 2023 06:17:35.165245056 CET | 56496 | 53 | 192.168.2.23 | 1.1.1.1 |
Mar 21, 2023 06:17:35.165478945 CET | 44930 | 53 | 192.168.2.23 | 1.1.1.1 |
Mar 21, 2023 06:17:35.183171034 CET | 53 | 44930 | 1.1.1.1 | 192.168.2.23 |
Mar 21, 2023 06:17:35.183228016 CET | 53 | 56496 | 1.1.1.1 | 192.168.2.23 |
Mar 21, 2023 06:17:35.183821917 CET | 39634 | 53 | 192.168.2.23 | 1.1.1.1 |
Mar 21, 2023 06:17:35.201853037 CET | 53 | 39634 | 1.1.1.1 | 192.168.2.23 |
Mar 21, 2023 06:17:35.679447889 CET | 57021 | 53 | 192.168.2.23 | 1.1.1.1 |
Mar 21, 2023 06:17:35.697139025 CET | 53 | 57021 | 1.1.1.1 | 192.168.2.23 |
Mar 21, 2023 06:17:35.824021101 CET | 40333 | 53 | 192.168.2.23 | 1.1.1.1 |
Mar 21, 2023 06:17:35.842788935 CET | 53 | 40333 | 1.1.1.1 | 192.168.2.23 |
Mar 21, 2023 06:17:38.104825974 CET | 52600 | 53 | 192.168.2.23 | 1.1.1.1 |
Mar 21, 2023 06:17:38.122525930 CET | 53 | 52600 | 1.1.1.1 | 192.168.2.23 |
Mar 21, 2023 06:17:39.018667936 CET | 52200 | 53 | 192.168.2.23 | 1.1.1.1 |
Mar 21, 2023 06:17:39.018774986 CET | 48673 | 53 | 192.168.2.23 | 1.1.1.1 |
Mar 21, 2023 06:17:39.036520958 CET | 53 | 52200 | 1.1.1.1 | 192.168.2.23 |
Mar 21, 2023 06:17:39.036636114 CET | 53 | 48673 | 1.1.1.1 | 192.168.2.23 |
Mar 21, 2023 06:17:41.042417049 CET | 43120 | 53 | 192.168.2.23 | 1.1.1.1 |
Mar 21, 2023 06:17:41.042736053 CET | 58507 | 53 | 192.168.2.23 | 1.1.1.1 |
Mar 21, 2023 06:17:41.060601950 CET | 53 | 43120 | 1.1.1.1 | 192.168.2.23 |
Mar 21, 2023 06:17:41.061301947 CET | 53 | 58507 | 1.1.1.1 | 192.168.2.23 |
Mar 21, 2023 06:17:41.061706066 CET | 37885 | 53 | 192.168.2.23 | 1.1.1.1 |
Mar 21, 2023 06:17:41.079900980 CET | 53 | 37885 | 1.1.1.1 | 192.168.2.23 |
Mar 21, 2023 06:17:41.278846979 CET | 59646 | 53 | 192.168.2.23 | 1.1.1.1 |
Mar 21, 2023 06:17:41.297071934 CET | 53 | 59646 | 1.1.1.1 | 192.168.2.23 |
Mar 21, 2023 06:17:44.986042023 CET | 39990 | 53 | 192.168.2.23 | 1.1.1.1 |
Mar 21, 2023 06:17:45.003951073 CET | 53 | 39990 | 1.1.1.1 | 192.168.2.23 |
Mar 21, 2023 06:17:56.937290907 CET | 40597 | 53 | 192.168.2.23 | 1.1.1.1 |
Mar 21, 2023 06:17:56.937804937 CET | 58383 | 53 | 192.168.2.23 | 1.1.1.1 |
Mar 21, 2023 06:17:56.955193996 CET | 53 | 40597 | 1.1.1.1 | 192.168.2.23 |
Mar 21, 2023 06:17:56.955722094 CET | 53 | 58383 | 1.1.1.1 | 192.168.2.23 |
Mar 21, 2023 06:18:10.062733889 CET | 36717 | 53 | 192.168.2.23 | 1.1.1.1 |
Mar 21, 2023 06:18:10.062994957 CET | 42877 | 53 | 192.168.2.23 | 1.1.1.1 |
Mar 21, 2023 06:18:10.080677032 CET | 53 | 42877 | 1.1.1.1 | 192.168.2.23 |
Mar 21, 2023 06:18:10.080779076 CET | 53 | 36717 | 1.1.1.1 | 192.168.2.23 |
Mar 21, 2023 06:18:10.130449057 CET | 46658 | 53 | 192.168.2.23 | 1.1.1.1 |
Mar 21, 2023 06:18:10.130737066 CET | 36520 | 53 | 192.168.2.23 | 1.1.1.1 |
Mar 21, 2023 06:18:10.148289919 CET | 53 | 46658 | 1.1.1.1 | 192.168.2.23 |
Mar 21, 2023 06:18:10.148864985 CET | 53 | 36520 | 1.1.1.1 | 192.168.2.23 |
Mar 21, 2023 06:18:10.213614941 CET | 36878 | 53 | 192.168.2.23 | 1.1.1.1 |
Mar 21, 2023 06:18:10.213829041 CET | 43737 | 53 | 192.168.2.23 | 1.1.1.1 |
Mar 21, 2023 06:18:10.231379032 CET | 53 | 43737 | 1.1.1.1 | 192.168.2.23 |
Mar 21, 2023 06:18:10.231416941 CET | 53 | 36878 | 1.1.1.1 | 192.168.2.23 |
Mar 21, 2023 06:18:10.263957024 CET | 40262 | 53 | 192.168.2.23 | 1.1.1.1 |
Mar 21, 2023 06:18:10.264198065 CET | 60654 | 53 | 192.168.2.23 | 1.1.1.1 |
Mar 21, 2023 06:18:10.281903028 CET | 53 | 40262 | 1.1.1.1 | 192.168.2.23 |
Mar 21, 2023 06:18:10.281965017 CET | 53 | 60654 | 1.1.1.1 | 192.168.2.23 |
Mar 21, 2023 06:18:10.325733900 CET | 48111 | 53 | 192.168.2.23 | 1.1.1.1 |
Mar 21, 2023 06:18:10.325872898 CET | 35342 | 53 | 192.168.2.23 | 1.1.1.1 |
Mar 21, 2023 06:18:10.343791962 CET | 53 | 48111 | 1.1.1.1 | 192.168.2.23 |
Mar 21, 2023 06:18:10.344152927 CET | 53 | 35342 | 1.1.1.1 | 192.168.2.23 |
Mar 21, 2023 06:18:10.344654083 CET | 48925 | 53 | 192.168.2.23 | 1.1.1.1 |
Mar 21, 2023 06:18:10.350140095 CET | 44835 | 53 | 192.168.2.23 | 1.1.1.1 |
Mar 21, 2023 06:18:10.350322008 CET | 53348 | 53 | 192.168.2.23 | 1.1.1.1 |
Mar 21, 2023 06:18:10.362646103 CET | 53 | 48925 | 1.1.1.1 | 192.168.2.23 |
Mar 21, 2023 06:18:10.367979050 CET | 53 | 44835 | 1.1.1.1 | 192.168.2.23 |
Mar 21, 2023 06:18:10.368037939 CET | 53 | 53348 | 1.1.1.1 | 192.168.2.23 |
Mar 21, 2023 06:18:17.931102037 CET | 49611 | 53 | 192.168.2.23 | 1.1.1.1 |
Mar 21, 2023 06:18:17.949184895 CET | 53 | 49611 | 1.1.1.1 | 192.168.2.23 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Mar 21, 2023 06:17:23.237967014 CET | 192.168.2.23 | 1.1.1.1 | 0x421b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 21, 2023 06:17:23.238112926 CET | 192.168.2.23 | 1.1.1.1 | 0x1038 | Standard query (0) | 28 | IN (0x0001) | false | |
Mar 21, 2023 06:17:35.165245056 CET | 192.168.2.23 | 1.1.1.1 | 0x8a45 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 21, 2023 06:17:35.165478945 CET | 192.168.2.23 | 1.1.1.1 | 0xa879 | Standard query (0) | 28 | IN (0x0001) | false | |
Mar 21, 2023 06:17:35.183821917 CET | 192.168.2.23 | 1.1.1.1 | 0x21c4 | Standard query (0) | 28 | IN (0x0001) | false | |
Mar 21, 2023 06:17:35.679447889 CET | 192.168.2.23 | 1.1.1.1 | 0x1992 | Standard query (0) | 28 | IN (0x0001) | false | |
Mar 21, 2023 06:17:35.824021101 CET | 192.168.2.23 | 1.1.1.1 | 0x3fa3 | Standard query (0) | 28 | IN (0x0001) | false | |
Mar 21, 2023 06:17:38.104825974 CET | 192.168.2.23 | 1.1.1.1 | 0x5462 | Standard query (0) | 28 | IN (0x0001) | false | |
Mar 21, 2023 06:17:39.018667936 CET | 192.168.2.23 | 1.1.1.1 | 0x1ce4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 21, 2023 06:17:39.018774986 CET | 192.168.2.23 | 1.1.1.1 | 0xa38c | Standard query (0) | 28 | IN (0x0001) | false | |
Mar 21, 2023 06:17:41.042417049 CET | 192.168.2.23 | 1.1.1.1 | 0xcbd4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 21, 2023 06:17:41.042736053 CET | 192.168.2.23 | 1.1.1.1 | 0xf97e | Standard query (0) | 28 | IN (0x0001) | false | |
Mar 21, 2023 06:17:41.061706066 CET | 192.168.2.23 | 1.1.1.1 | 0x482d | Standard query (0) | 28 | IN (0x0001) | false | |
Mar 21, 2023 06:17:41.278846979 CET | 192.168.2.23 | 1.1.1.1 | 0x1e71 | Standard query (0) | 28 | IN (0x0001) | false | |
Mar 21, 2023 06:17:44.986042023 CET | 192.168.2.23 | 1.1.1.1 | 0xd15f | Standard query (0) | 28 | IN (0x0001) | false | |
Mar 21, 2023 06:17:56.937290907 CET | 192.168.2.23 | 1.1.1.1 | 0x1598 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 21, 2023 06:17:56.937804937 CET | 192.168.2.23 | 1.1.1.1 | 0xa7fe | Standard query (0) | 28 | IN (0x0001) | false | |
Mar 21, 2023 06:18:10.062733889 CET | 192.168.2.23 | 1.1.1.1 | 0x9635 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 21, 2023 06:18:10.062994957 CET | 192.168.2.23 | 1.1.1.1 | 0xd573 | Standard query (0) | 28 | IN (0x0001) | false | |
Mar 21, 2023 06:18:10.130449057 CET | 192.168.2.23 | 1.1.1.1 | 0x78b6 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 21, 2023 06:18:10.130737066 CET | 192.168.2.23 | 1.1.1.1 | 0xad48 | Standard query (0) | 28 | IN (0x0001) | false | |
Mar 21, 2023 06:18:10.213614941 CET | 192.168.2.23 | 1.1.1.1 | 0x64c7 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 21, 2023 06:18:10.213829041 CET | 192.168.2.23 | 1.1.1.1 | 0x528b | Standard query (0) | 28 | IN (0x0001) | false | |
Mar 21, 2023 06:18:10.263957024 CET | 192.168.2.23 | 1.1.1.1 | 0xa647 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 21, 2023 06:18:10.264198065 CET | 192.168.2.23 | 1.1.1.1 | 0x4033 | Standard query (0) | 28 | IN (0x0001) | false | |
Mar 21, 2023 06:18:10.325733900 CET | 192.168.2.23 | 1.1.1.1 | 0x29c3 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 21, 2023 06:18:10.325872898 CET | 192.168.2.23 | 1.1.1.1 | 0xfcd | Standard query (0) | 28 | IN (0x0001) | false | |
Mar 21, 2023 06:18:10.344654083 CET | 192.168.2.23 | 1.1.1.1 | 0x67d | Standard query (0) | 28 | IN (0x0001) | false | |
Mar 21, 2023 06:18:10.350140095 CET | 192.168.2.23 | 1.1.1.1 | 0xe085 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 21, 2023 06:18:10.350322008 CET | 192.168.2.23 | 1.1.1.1 | 0xf7d4 | Standard query (0) | 28 | IN (0x0001) | false | |
Mar 21, 2023 06:18:17.931102037 CET | 192.168.2.23 | 1.1.1.1 | 0xfde5 | Standard query (0) | 28 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Mar 21, 2023 06:17:23.255949974 CET | 1.1.1.1 | 192.168.2.23 | 0x1038 | No error (0) | content-signature-chains.prod.autograph.services.mozaws.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 21, 2023 06:17:23.255949974 CET | 1.1.1.1 | 192.168.2.23 | 0x1038 | No error (0) | prod.content-signature-chains.prod.webservices.mozgcp.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 21, 2023 06:17:23.255949974 CET | 1.1.1.1 | 192.168.2.23 | 0x1038 | No error (0) | 28 | IN (0x0001) | false | |||
Mar 21, 2023 06:17:23.256042957 CET | 1.1.1.1 | 192.168.2.23 | 0x421b | No error (0) | content-signature-chains.prod.autograph.services.mozaws.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 21, 2023 06:17:23.256042957 CET | 1.1.1.1 | 192.168.2.23 | 0x421b | No error (0) | prod.content-signature-chains.prod.webservices.mozgcp.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 21, 2023 06:17:23.256042957 CET | 1.1.1.1 | 192.168.2.23 | 0x421b | No error (0) | 34.160.144.191 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 06:17:35.183171034 CET | 1.1.1.1 | 192.168.2.23 | 0xa879 | No error (0) | autopush.prod.mozaws.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 21, 2023 06:17:35.183228016 CET | 1.1.1.1 | 192.168.2.23 | 0x8a45 | No error (0) | autopush.prod.mozaws.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 21, 2023 06:17:35.183228016 CET | 1.1.1.1 | 192.168.2.23 | 0x8a45 | No error (0) | 52.10.254.200 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 06:17:35.183228016 CET | 1.1.1.1 | 192.168.2.23 | 0x8a45 | No error (0) | 52.39.176.227 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 06:17:35.183228016 CET | 1.1.1.1 | 192.168.2.23 | 0x8a45 | No error (0) | 35.84.57.165 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 06:17:35.183228016 CET | 1.1.1.1 | 192.168.2.23 | 0x8a45 | No error (0) | 35.80.120.72 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 06:17:35.183228016 CET | 1.1.1.1 | 192.168.2.23 | 0x8a45 | No error (0) | 52.89.64.64 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 06:17:35.183228016 CET | 1.1.1.1 | 192.168.2.23 | 0x8a45 | No error (0) | 44.227.71.100 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 06:17:35.183228016 CET | 1.1.1.1 | 192.168.2.23 | 0x8a45 | No error (0) | 35.166.158.207 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 06:17:35.183228016 CET | 1.1.1.1 | 192.168.2.23 | 0x8a45 | No error (0) | 52.25.208.227 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 06:17:38.104091883 CET | 1.1.1.1 | 192.168.2.23 | 0xa01f | No error (0) | prod.ingestion-edge.prod.dataops.mozgcp.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 21, 2023 06:17:38.104146957 CET | 1.1.1.1 | 192.168.2.23 | 0x2bf9 | No error (0) | prod.ingestion-edge.prod.dataops.mozgcp.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 21, 2023 06:17:38.104146957 CET | 1.1.1.1 | 192.168.2.23 | 0x2bf9 | No error (0) | 34.120.208.123 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 06:17:39.036520958 CET | 1.1.1.1 | 192.168.2.23 | 0x1ce4 | No error (0) | 35.241.9.150 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 06:17:41.060601950 CET | 1.1.1.1 | 192.168.2.23 | 0xcbd4 | No error (0) | fennec-catalog-cdn.prod.mozaws.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 21, 2023 06:17:41.060601950 CET | 1.1.1.1 | 192.168.2.23 | 0xcbd4 | No error (0) | 34.111.73.144 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 06:17:41.061301947 CET | 1.1.1.1 | 192.168.2.23 | 0xf97e | No error (0) | fennec-catalog-cdn.prod.mozaws.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 21, 2023 06:17:41.277940989 CET | 1.1.1.1 | 192.168.2.23 | 0x5b3e | No error (0) | prod.balrog.prod.cloudops.mozgcp.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 21, 2023 06:17:41.277940989 CET | 1.1.1.1 | 192.168.2.23 | 0x5b3e | No error (0) | 35.244.181.201 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 06:17:41.278381109 CET | 1.1.1.1 | 192.168.2.23 | 0x5555 | No error (0) | prod.balrog.prod.cloudops.mozgcp.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 21, 2023 06:17:56.955193996 CET | 1.1.1.1 | 192.168.2.23 | 0x1598 | No error (0) | 52.43.157.124 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 06:17:56.955193996 CET | 1.1.1.1 | 192.168.2.23 | 0x1598 | No error (0) | 35.84.57.165 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 06:17:56.955193996 CET | 1.1.1.1 | 192.168.2.23 | 0x1598 | No error (0) | 35.81.250.50 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 06:17:56.955193996 CET | 1.1.1.1 | 192.168.2.23 | 0x1598 | No error (0) | 54.149.93.186 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 06:17:56.955193996 CET | 1.1.1.1 | 192.168.2.23 | 0x1598 | No error (0) | 35.164.171.70 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 06:17:56.955193996 CET | 1.1.1.1 | 192.168.2.23 | 0x1598 | No error (0) | 34.216.140.79 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 06:17:56.955193996 CET | 1.1.1.1 | 192.168.2.23 | 0x1598 | No error (0) | 52.88.176.26 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 06:17:56.955193996 CET | 1.1.1.1 | 192.168.2.23 | 0x1598 | No error (0) | 44.231.103.117 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 06:18:10.080677032 CET | 1.1.1.1 | 192.168.2.23 | 0xd573 | No error (0) | dyna.wikimedia.org | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 21, 2023 06:18:10.080677032 CET | 1.1.1.1 | 192.168.2.23 | 0xd573 | No error (0) | 28 | IN (0x0001) | false | |||
Mar 21, 2023 06:18:10.080779076 CET | 1.1.1.1 | 192.168.2.23 | 0x9635 | No error (0) | dyna.wikimedia.org | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 21, 2023 06:18:10.080779076 CET | 1.1.1.1 | 192.168.2.23 | 0x9635 | No error (0) | 91.198.174.192 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 06:18:10.148289919 CET | 1.1.1.1 | 192.168.2.23 | 0x78b6 | No error (0) | 93.184.216.34 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 06:18:10.148864985 CET | 1.1.1.1 | 192.168.2.23 | 0xad48 | No error (0) | 28 | IN (0x0001) | false | |||
Mar 21, 2023 06:18:10.231379032 CET | 1.1.1.1 | 192.168.2.23 | 0x528b | No error (0) | youtube-ui.l.google.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 21, 2023 06:18:10.231379032 CET | 1.1.1.1 | 192.168.2.23 | 0x528b | No error (0) | 28 | IN (0x0001) | false | |||
Mar 21, 2023 06:18:10.231379032 CET | 1.1.1.1 | 192.168.2.23 | 0x528b | No error (0) | 28 | IN (0x0001) | false | |||
Mar 21, 2023 06:18:10.231379032 CET | 1.1.1.1 | 192.168.2.23 | 0x528b | No error (0) | 28 | IN (0x0001) | false | |||
Mar 21, 2023 06:18:10.231379032 CET | 1.1.1.1 | 192.168.2.23 | 0x528b | No error (0) | 28 | IN (0x0001) | false | |||
Mar 21, 2023 06:18:10.231416941 CET | 1.1.1.1 | 192.168.2.23 | 0x64c7 | No error (0) | youtube-ui.l.google.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 21, 2023 06:18:10.231416941 CET | 1.1.1.1 | 192.168.2.23 | 0x64c7 | No error (0) | 142.250.185.142 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 06:18:10.231416941 CET | 1.1.1.1 | 192.168.2.23 | 0x64c7 | No error (0) | 142.250.185.110 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 06:18:10.231416941 CET | 1.1.1.1 | 192.168.2.23 | 0x64c7 | No error (0) | 142.250.181.238 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 06:18:10.231416941 CET | 1.1.1.1 | 192.168.2.23 | 0x64c7 | No error (0) | 172.217.23.110 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 06:18:10.231416941 CET | 1.1.1.1 | 192.168.2.23 | 0x64c7 | No error (0) | 172.217.16.142 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 06:18:10.231416941 CET | 1.1.1.1 | 192.168.2.23 | 0x64c7 | No error (0) | 172.217.18.14 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 06:18:10.231416941 CET | 1.1.1.1 | 192.168.2.23 | 0x64c7 | No error (0) | 172.217.18.110 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 06:18:10.231416941 CET | 1.1.1.1 | 192.168.2.23 | 0x64c7 | No error (0) | 142.250.186.174 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 06:18:10.231416941 CET | 1.1.1.1 | 192.168.2.23 | 0x64c7 | No error (0) | 142.250.185.78 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 06:18:10.231416941 CET | 1.1.1.1 | 192.168.2.23 | 0x64c7 | No error (0) | 216.58.212.174 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 06:18:10.231416941 CET | 1.1.1.1 | 192.168.2.23 | 0x64c7 | No error (0) | 142.250.184.238 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 06:18:10.231416941 CET | 1.1.1.1 | 192.168.2.23 | 0x64c7 | No error (0) | 142.250.74.206 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 06:18:10.231416941 CET | 1.1.1.1 | 192.168.2.23 | 0x64c7 | No error (0) | 172.217.16.206 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 06:18:10.231416941 CET | 1.1.1.1 | 192.168.2.23 | 0x64c7 | No error (0) | 142.250.184.206 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 06:18:10.231416941 CET | 1.1.1.1 | 192.168.2.23 | 0x64c7 | No error (0) | 142.250.186.110 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 06:18:10.231416941 CET | 1.1.1.1 | 192.168.2.23 | 0x64c7 | No error (0) | 142.250.186.78 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 06:18:10.281903028 CET | 1.1.1.1 | 192.168.2.23 | 0xa647 | No error (0) | star-mini.c10r.facebook.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 21, 2023 06:18:10.281903028 CET | 1.1.1.1 | 192.168.2.23 | 0xa647 | No error (0) | 157.240.20.35 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 06:18:10.281965017 CET | 1.1.1.1 | 192.168.2.23 | 0x4033 | No error (0) | star-mini.c10r.facebook.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 21, 2023 06:18:10.281965017 CET | 1.1.1.1 | 192.168.2.23 | 0x4033 | No error (0) | 28 | IN (0x0001) | false | |||
Mar 21, 2023 06:18:10.343791962 CET | 1.1.1.1 | 192.168.2.23 | 0x29c3 | No error (0) | reddit.map.fastly.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 21, 2023 06:18:10.343791962 CET | 1.1.1.1 | 192.168.2.23 | 0x29c3 | No error (0) | 151.101.65.140 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 06:18:10.343791962 CET | 1.1.1.1 | 192.168.2.23 | 0x29c3 | No error (0) | 151.101.1.140 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 06:18:10.343791962 CET | 1.1.1.1 | 192.168.2.23 | 0x29c3 | No error (0) | 151.101.129.140 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 06:18:10.343791962 CET | 1.1.1.1 | 192.168.2.23 | 0x29c3 | No error (0) | 151.101.193.140 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 06:18:10.344152927 CET | 1.1.1.1 | 192.168.2.23 | 0xfcd | No error (0) | reddit.map.fastly.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 21, 2023 06:18:10.367979050 CET | 1.1.1.1 | 192.168.2.23 | 0xe085 | No error (0) | 104.244.42.129 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 06:18:10.367979050 CET | 1.1.1.1 | 192.168.2.23 | 0xe085 | No error (0) | 104.244.42.65 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 06:18:10.367979050 CET | 1.1.1.1 | 192.168.2.23 | 0xe085 | No error (0) | 104.244.42.1 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 06:18:10.367979050 CET | 1.1.1.1 | 192.168.2.23 | 0xe085 | No error (0) | 104.244.42.193 | A (IP address) | IN (0x0001) | false |
|
System Behavior
Start time: | 06:16:50 |
Start date: | 21/03/2023 |
Path: | /usr/bin/exo-open |
Arguments: | exo-open http://31.214.243.29/Demon.mips |
File size: | 27264 bytes |
MD5 hash: | 60a307a6a6325e2034eb5cc56bff1abd |
Start time: | 06:16:51 |
Start date: | 21/03/2023 |
Path: | /usr/bin/exo-open |
Arguments: | n/a |
File size: | 27264 bytes |
MD5 hash: | 60a307a6a6325e2034eb5cc56bff1abd |
Start time: | 06:16:51 |
Start date: | 21/03/2023 |
Path: | /usr/bin/exo-open |
Arguments: | n/a |
File size: | 27264 bytes |
MD5 hash: | 60a307a6a6325e2034eb5cc56bff1abd |
Start time: | 06:16:51 |
Start date: | 21/03/2023 |
Path: | /usr/lib/x86_64-linux-gnu/xfce4/exo-2/exo-helper-2 |
Arguments: | /usr/lib/x86_64-linux-gnu/xfce4/exo-2/exo-helper-2 --launch WebBrowser http://31.214.243.29/Demon.mips |
File size: | 80256 bytes |
MD5 hash: | ab59c8990baa7254463cdf800a83b9e3 |
Start time: | 06:16:52 |
Start date: | 21/03/2023 |
Path: | /usr/lib/x86_64-linux-gnu/xfce4/exo-2/exo-helper-2 |
Arguments: | n/a |
File size: | 80256 bytes |
MD5 hash: | ab59c8990baa7254463cdf800a83b9e3 |
Start time: | 06:16:52 |
Start date: | 21/03/2023 |
Path: | /usr/bin/sensible-browser |
Arguments: | /usr/bin/sensible-browser http://31.214.243.29/Demon.mips |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time: | 06:16:52 |
Start date: | 21/03/2023 |
Path: | /usr/bin/sensible-browser |
Arguments: | n/a |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time: | 06:16:52 |
Start date: | 21/03/2023 |
Path: | /usr/bin/which |
Arguments: | which sensible-browser |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time: | 06:16:52 |
Start date: | 21/03/2023 |
Path: | /usr/bin/x-www-browser |
Arguments: | /usr/bin/x-www-browser http://31.214.243.29/Demon.mips |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time: | 06:16:52 |
Start date: | 21/03/2023 |
Path: | /usr/bin/x-www-browser |
Arguments: | n/a |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time: | 06:16:52 |
Start date: | 21/03/2023 |
Path: | /usr/bin/which |
Arguments: | which /usr/bin/x-www-browser |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time: | 06:16:52 |
Start date: | 21/03/2023 |
Path: | /usr/lib/firefox/firefox |
Arguments: | /usr/lib/firefox/firefox http://31.214.243.29/Demon.mips |
File size: | 736648 bytes |
MD5 hash: | bf9680bcd223dba6b6e38b63bc4f73d7 |
Start time: | 06:16:52 |
Start date: | 21/03/2023 |
Path: | /usr/lib/firefox/firefox |
Arguments: | n/a |
File size: | 736648 bytes |
MD5 hash: | bf9680bcd223dba6b6e38b63bc4f73d7 |
Start time: | 06:16:53 |
Start date: | 21/03/2023 |
Path: | /usr/lib/firefox/firefox |
Arguments: | n/a |
File size: | 736648 bytes |
MD5 hash: | bf9680bcd223dba6b6e38b63bc4f73d7 |
Start time: | 06:16:57 |
Start date: | 21/03/2023 |
Path: | /usr/lib/firefox/firefox |
Arguments: | n/a |
File size: | 736648 bytes |
MD5 hash: | bf9680bcd223dba6b6e38b63bc4f73d7 |
Start time: | 06:16:57 |
Start date: | 21/03/2023 |
Path: | /usr/bin/lsb_release |
Arguments: | /usr/bin/lsb_release -idrc |
File size: | 5490352 bytes |
MD5 hash: | 69f442c3e33b5f9a66b722c29ad89435 |
Start time: | 06:17:02 |
Start date: | 21/03/2023 |
Path: | /usr/lib/firefox/firefox |
Arguments: | n/a |
File size: | 736648 bytes |
MD5 hash: | bf9680bcd223dba6b6e38b63bc4f73d7 |
Start time: | 06:17:02 |
Start date: | 21/03/2023 |
Path: | /usr/bin/dbus-launch |
Arguments: | dbus-launch --autolaunch=ee49dfd4fa47433baee88884e2d7de7c --binary-syntax --close-stderr |
File size: | 34960 bytes |
MD5 hash: | 0b22a45154a51c6121bb1d208d8ab203 |
Start time: | 06:17:03 |
Start date: | 21/03/2023 |
Path: | /usr/lib/firefox/firefox |
Arguments: | n/a |
File size: | 736648 bytes |
MD5 hash: | bf9680bcd223dba6b6e38b63bc4f73d7 |
Start time: | 06:17:03 |
Start date: | 21/03/2023 |
Path: | /usr/lib/firefox/firefox |
Arguments: | n/a |
File size: | 736648 bytes |
MD5 hash: | bf9680bcd223dba6b6e38b63bc4f73d7 |
Start time: | 06:17:03 |
Start date: | 21/03/2023 |
Path: | /usr/lib/firefox/firefox |
Arguments: | /usr/lib/firefox/firefox -contentproc -parentBuildID 20210816143654 -prefsLen 1 -prefMapSize 238647 -appdir /usr/lib/firefox/browser 6247 true socket |
File size: | 736648 bytes |
MD5 hash: | bf9680bcd223dba6b6e38b63bc4f73d7 |
Start time: | 06:17:07 |
Start date: | 21/03/2023 |
Path: | /usr/lib/firefox/firefox |
Arguments: | n/a |
File size: | 736648 bytes |
MD5 hash: | bf9680bcd223dba6b6e38b63bc4f73d7 |
Start time: | 06:17:07 |
Start date: | 21/03/2023 |
Path: | /usr/lib/firefox/firefox |
Arguments: | n/a |
File size: | 736648 bytes |
MD5 hash: | bf9680bcd223dba6b6e38b63bc4f73d7 |
Start time: | 06:17:07 |
Start date: | 21/03/2023 |
Path: | /usr/lib/firefox/firefox |
Arguments: | /usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 188 -prefMapSize 238647 -jsInit 285716 -parentBuildID 20210816143654 -appdir /usr/lib/firefox/browser 6247 true tab |
File size: | 736648 bytes |
MD5 hash: | bf9680bcd223dba6b6e38b63bc4f73d7 |
Start time: | 06:17:24 |
Start date: | 21/03/2023 |
Path: | /usr/lib/firefox/firefox |
Arguments: | n/a |
File size: | 736648 bytes |
MD5 hash: | bf9680bcd223dba6b6e38b63bc4f73d7 |
Start time: | 06:17:24 |
Start date: | 21/03/2023 |
Path: | /usr/lib/firefox/firefox |
Arguments: | n/a |
File size: | 736648 bytes |
MD5 hash: | bf9680bcd223dba6b6e38b63bc4f73d7 |
Start time: | 06:17:24 |
Start date: | 21/03/2023 |
Path: | /usr/lib/firefox/firefox |
Arguments: | /usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 5911 -prefMapSize 238647 -jsInit 285716 -parentBuildID 20210816143654 -appdir /usr/lib/firefox/browser 6247 true tab |
File size: | 736648 bytes |
MD5 hash: | bf9680bcd223dba6b6e38b63bc4f73d7 |
Start time: | 06:17:46 |
Start date: | 21/03/2023 |
Path: | /usr/lib/firefox/firefox |
Arguments: | n/a |
File size: | 736648 bytes |
MD5 hash: | bf9680bcd223dba6b6e38b63bc4f73d7 |
Start time: | 06:17:46 |
Start date: | 21/03/2023 |
Path: | /usr/lib/firefox/firefox |
Arguments: | n/a |
File size: | 736648 bytes |
MD5 hash: | bf9680bcd223dba6b6e38b63bc4f73d7 |
Start time: | 06:17:46 |
Start date: | 21/03/2023 |
Path: | /usr/lib/firefox/firefox |
Arguments: | /usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 6099 -prefMapSize 238647 -jsInit 285716 -parentBuildID 20210816143654 -appdir /usr/lib/firefox/browser 6247 true tab |
File size: | 736648 bytes |
MD5 hash: | bf9680bcd223dba6b6e38b63bc4f73d7 |