Analysis Overview
Threat Level: Shows suspicious behavior
The file https://www.google.com was found to be: Shows suspicious behavior.
Malicious Activity Summary
Changes its process name
Reads user data of web browsers
Checks CPU configuration
Reads CPU attributes
Enumerates kernel/hardware configuration
Reads runtime system information
Writes file to tmp directory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-16 09:59
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-16 09:59
Reported
2024-04-16 10:02
Platform
ubuntu1804-amd64-20240226-en
Max time kernel
9s
Max time network
149s
Command Line
Signatures
Changes its process name
| Description | Indicator | Process | Target |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Parent | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Parent | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Parent | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | glean.dispatche | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | HTML5 Parser | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | HTML5 Parser | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Backgro~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Backgro~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPDL Background | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPDL Background | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Thread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Thread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Netlink Monitor | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Netlink Monitor | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Timer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Timer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | JS Watchdog | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | JS Watchdog | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BGReadURLs | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BGReadURLs | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Cache2 I/O | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Cookie | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Cookie | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | TaskCon~ller #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | TaskCon~ller #0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BgIOThr~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BgIOThr~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | QuotaManager IO | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | QuotaManager IO | N/A | N/A |
Reads user data of web browsers
| Description | Indicator | Process | Target |
| File opened for reading | /root/.mozilla/firefox/ann6wzwk.default-release | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/ann6wzwk.default-release/cookies.sqlite-journal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/ann6wzwk.default-release/addonStartup.json.lz4 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/ann6wzwk.default-release/extensions | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/ann6wzwk.default-release/extensions.json | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/ann6wzwk.default-release/storage.sqlite-journal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/ann6wzwk.default-release/user.js | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/ann6wzwk.default-release/cookies.sqlite | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/ann6wzwk.default-release/system-extensions | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/ann6wzwk.default-release/compatibility.ini | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/ann6wzwk.default-release/prefs.js | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/ann6wzwk.default-release/extension-preferences.json | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/ann6wzwk.default-release/storage.sqlite | N/A | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | N/A | N/A |
Reads CPU attributes
| Description | Indicator | Process | Target |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/online | N/A | N/A |
Enumerates kernel/hardware configuration
| Description | Indicator | Process | Target |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/class | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/device | N/A | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/subsystem_device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/irq | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/vendor | N/A | N/A |
| File opened for reading | /sys/kernel/security/apparmor/features/dbus/mask | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/class | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/irq | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/resource | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/irq | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/class | N/A | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/subsystem_vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/class | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/resource | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/irq | N/A | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/uevent | N/A | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/resource | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/class | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/irq | N/A | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/device | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/irq | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/resource | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/irq | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/resource | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/irq | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/class | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/resource | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/class | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/class | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/irq | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/resource | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/class | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/resource | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/resource | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/device | N/A | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/mountinfo | N/A | N/A |
| File opened for reading | /proc/self/fd/34 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/42 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/44 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/49 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/stat | N/A | N/A |
| File opened for reading | /proc/mounts | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/fd/29 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/39 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/40 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/45 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/46 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/48 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/task/1570/stat | N/A | N/A |
| File opened for reading | /proc/self/fd | N/A | N/A |
| File opened for reading | /proc/sys/kernel/cap_last_cap | N/A | N/A |
| File opened for reading | /proc/self/fd/31 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/47 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/50 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/1581/status | N/A | N/A |
| File opened for reading | /proc/1581/attr/current | N/A | N/A |
| File opened for reading | /proc/self/fd/41 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/43 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1568/cmdline | N/A | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/firefox/.parentlock | /usr/lib/firefox/firefox | N/A |
Processes
/usr/bin/firefox
[firefox -new-tab https://www.google.com]
/usr/bin/which
[which /usr/bin/firefox]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -new-tab https://www.google.com]
/usr/bin/dbus-launch
[dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]
/usr/bin/dbus-daemon
[/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session]
/usr/bin/lsb_release
[/usr/bin/lsb_release -idrc]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 151.101.130.49:443 | tcp | |
| US | 151.101.65.91:443 | tcp | |
| GB | 195.181.164.14:443 | tcp | |
| US | 1.1.1.1:53 | cdn.fwupd.org | udp |
| US | 1.1.1.1:53 | cdn.fwupd.org | udp |
| GB | 185.125.188.61:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| US | 1.1.1.1:53 | dualstack.p2.shared.global.fastly.net | udp |
| US | 151.101.2.49:443 | dualstack.p2.shared.global.fastly.net | tcp |
| US | 1.1.1.1:53 | location.services.mozilla.com | udp |
| US | 1.1.1.1:53 | location.services.mozilla.com | udp |
| US | 1.1.1.1:53 | detectportal.firefox.com | udp |
| US | 1.1.1.1:53 | detectportal.firefox.com | udp |
| US | 1.1.1.1:53 | locprod2-elb-us-west-2.prod.mozaws.net | udp |
| US | 52.34.56.182:443 | location.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | www.mozilla.org | udp |
| US | 1.1.1.1:53 | www.mozilla.org | udp |
| US | 1.1.1.1:53 | www.mozorg.moz.works | udp |
| US | 52.34.56.182:443 | location.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | contile.services.mozilla.com | udp |
| US | 1.1.1.1:53 | contile.services.mozilla.com | udp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | firefox.settings.services.mozilla.com | udp |
| US | 1.1.1.1:53 | firefox.settings.services.mozilla.com | udp |
| US | 1.1.1.1:53 | shavar.services.mozilla.com | udp |
| US | 1.1.1.1:53 | shavar.services.mozilla.com | udp |
| US | 1.1.1.1:53 | shavar.prod.mozaws.net | udp |
| US | 1.1.1.1:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 1.1.1.1:53 | incoming.telemetry.mozilla.org | udp |
| US | 1.1.1.1:53 | incoming.telemetry.mozilla.org | udp |
| US | 1.1.1.1:53 | www.mozorg.moz.works | udp |
| US | 1.1.1.1:53 | telemetry-incoming.r53-2.services.mozilla.com | udp |
| US | 151.101.65.91:443 | tcp | |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| US | 44.239.14.124:443 | shavar.services.mozilla.com | tcp |
| US | 34.120.208.123:443 | incoming.telemetry.mozilla.org | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 44.239.14.124:443 | shavar.services.mozilla.com | tcp |
| US | 34.120.208.123:443 | incoming.telemetry.mozilla.org | tcp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| US | 1.1.1.1:53 | example.org | udp |
| US | 1.1.1.1:53 | example.org | udp |
| US | 1.1.1.1:53 | ipv4only.arpa | udp |
| US | 1.1.1.1:53 | ipv4only.arpa | udp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| US | 1.1.1.1:53 | fp2e7a.wpc.phicdn.net | udp |
| US | 1.1.1.1:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 1.1.1.1:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | content-signature-2.cdn.mozilla.net | udp |
| GB | 89.187.167.6:443 | 1527653184.rsc.cdn77.org | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | a1887.dscq.akamai.net | udp |
| US | 1.1.1.1:53 | a1887.dscq.akamai.net | udp |
| US | 1.1.1.1:53 | incoming.telemetry.mozilla.org | udp |
| US | 1.1.1.1:53 | incoming.telemetry.mozilla.org | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | services.addons.mozilla.org | udp |
| US | 1.1.1.1:53 | services.addons.mozilla.org | udp |
| DE | 52.222.236.120:443 | services.addons.mozilla.org | tcp |
| US | 52.34.56.182:443 | location.services.mozilla.com | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| DE | 52.222.236.120:443 | services.addons.mozilla.org | tcp |
| US | 52.34.56.182:443 | location.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | a1887.dscq.akamai.net | udp |
| US | 1.1.1.1:53 | aus5.mozilla.org | udp |
| US | 1.1.1.1:53 | aus5.mozilla.org | udp |
| US | 1.1.1.1:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 1.1.1.1:53 | push.services.mozilla.com | udp |
| US | 1.1.1.1:53 | push.services.mozilla.com | udp |
| US | 1.1.1.1:53 | autopush.prod.mozaws.net | udp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | a1887.dscq.akamai.net | udp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | archive.mozilla.org | udp |
| US | 1.1.1.1:53 | archive.mozilla.org | udp |
| US | 34.117.35.28:443 | archive.mozilla.org | tcp |
| US | 1.1.1.1:53 | ciscobinary.openh264.org | udp |
| US | 1.1.1.1:53 | ciscobinary.openh264.org | udp |
| NL | 2.18.121.72:80 | ciscobinary.openh264.org | tcp |
| US | 1.1.1.1:53 | support.mozilla.org | udp |
| US | 1.1.1.1:53 | support.mozilla.org | udp |
| US | 1.1.1.1:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 34.107.243.93:443 | push.services.mozilla.com | udp |
| US | 34.120.208.123:443 | incoming.telemetry.mozilla.org | tcp |
| US | 34.120.208.123:443 | incoming.telemetry.mozilla.org | tcp |
| US | 34.120.208.123:443 | incoming.telemetry.mozilla.org | tcp |
| US | 34.117.35.28:443 | archive.mozilla.org | udp |
| US | 1.1.1.1:53 | addons.mozilla.org | udp |
| US | 1.1.1.1:53 | addons.mozilla.org | udp |
| US | 18.173.205.72:443 | addons.mozilla.org | tcp |
| US | 1.1.1.1:53 | normandy.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | normandy.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | normandy-cdn.services.mozilla.com | udp |
| US | 35.201.103.21:443 | normandy.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | a1887.dscq.akamai.net | udp |
| US | 1.1.1.1:53 | a1887.dscq.akamai.net | udp |
| US | 1.1.1.1:53 | classify-client.services.mozilla.com | udp |
| US | 1.1.1.1:53 | classify-client.services.mozilla.com | udp |
| US | 1.1.1.1:53 | prod-classifyclient.normandy.prod.cloudops.mozgcp.net | udp |
| US | 34.98.75.36:443 | classify-client.services.mozilla.com | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | safebrowsing.googleapis.com | udp |
| US | 1.1.1.1:53 | safebrowsing.googleapis.com | udp |
| GB | 142.250.200.42:443 | safebrowsing.googleapis.com | tcp |
| GB | 142.250.200.42:443 | safebrowsing.googleapis.com | udp |
| US | 18.173.205.128:443 | addons.mozilla.org | tcp |
| US | 1.1.1.1:53 | turbobt.net | udp |
| US | 1.1.1.1:53 | turbobt.net | udp |
| US | 103.224.212.215:443 | turbobt.net | tcp |
| US | 103.224.212.215:443 | turbobt.net | tcp |
| US | 1.1.1.1:53 | a1887.dscq.akamai.net | udp |
| US | 1.1.1.1:53 | a1887.dscq.akamai.net | udp |
| GB | 104.86.110.202:80 | a1887.dscq.akamai.net | tcp |
| US | 1.1.1.1:53 | ww25.turbobt.net | udp |
| US | 1.1.1.1:53 | ww25.turbobt.net | udp |
| GB | 142.250.200.42:443 | safebrowsing.googleapis.com | tcp |
| US | 1.1.1.1:53 | 77026.bodis.com | udp |
| US | 199.59.243.225:443 | ww25.turbobt.net | tcp |
| US | 199.59.243.225:80 | ww25.turbobt.net | tcp |
| US | 1.1.1.1:53 | detectportal.firefox.com | udp |
| US | 1.1.1.1:53 | detectportal.firefox.com | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 172.217.169.68:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | pki-goog.l.google.com | udp |
| GB | 172.217.169.68:443 | www.google.com | udp |
| US | 1.1.1.1:53 | www.adsensecustomsearchads.com | udp |
| US | 1.1.1.1:53 | www.adsensecustomsearchads.com | udp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | udp |
| US | 1.1.1.1:53 | afs.googleusercontent.com | udp |
| US | 1.1.1.1:53 | afs.googleusercontent.com | udp |
| GB | 142.250.179.225:443 | afs.googleusercontent.com | tcp |
| GB | 142.250.179.225:443 | afs.googleusercontent.com | tcp |
| GB | 142.250.179.225:443 | afs.googleusercontent.com | udp |
| US | 1.1.1.1:53 | www.turbobit.net | udp |
| US | 1.1.1.1:53 | www.turbobit.net | udp |
| US | 1.1.1.1:53 | turbobit.net | udp |
| NL | 212.192.240.178:443 | www.turbobit.net | tcp |
| US | 1.1.1.1:53 | a1887.dscq.akamai.net | udp |
| US | 1.1.1.1:53 | a1887.dscq.akamai.net | udp |
| NL | 212.192.240.178:443 | www.turbobit.net | tcp |
| NL | 212.192.240.178:443 | www.turbobit.net | tcp |
| NL | 212.192.240.178:443 | www.turbobit.net | tcp |
| NL | 212.192.240.178:443 | www.turbobit.net | tcp |
| NL | 212.192.240.178:443 | www.turbobit.net | tcp |
| NL | 212.192.240.178:443 | www.turbobit.net | tcp |
| US | 1.1.1.1:53 | turbo.to | udp |
| US | 1.1.1.1:53 | turbo.to | udp |
| US | 1.1.1.1:53 | hif.to | udp |
| US | 1.1.1.1:53 | hif.to | udp |
| US | 1.1.1.1:53 | app.turbobit.net | udp |
| US | 1.1.1.1:53 | app.turbobit.net | udp |
| NL | 212.192.240.178:443 | app.turbobit.net | tcp |
| NL | 212.192.240.178:443 | app.turbobit.net | tcp |
| NL | 5.45.70.250:443 | hif.to | tcp |
| NL | 5.61.56.172:443 | turbo.to | tcp |
| GB | 104.86.110.202:80 | a1887.dscq.akamai.net | tcp |
| US | 1.1.1.1:53 | vo.turbocap.net | udp |
| US | 1.1.1.1:53 | vo.turbocap.net | udp |
| DE | 94.130.130.77:443 | vo.turbocap.net | tcp |
| US | 1.1.1.1:53 | cdn.jsdelivr.net | udp |
| US | 1.1.1.1:53 | cdn.jsdelivr.net | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | udp |
| US | 1.1.1.1:53 | turbobita.net | udp |
| US | 1.1.1.1:53 | turbobita.net | udp |
| NL | 5.61.48.58:443 | turbobita.net | tcp |
| NL | 5.45.70.250:80 | hif.to | tcp |
| US | 1.1.1.1:53 | s.o333o.com | udp |
| US | 1.1.1.1:53 | s.o333o.com | udp |
| DE | 85.10.205.45:443 | s.o333o.com | tcp |
| DE | 94.130.130.77:443 | vo.turbocap.net | tcp |
| US | 1.1.1.1:53 | mc.webvisor.org | udp |
| US | 1.1.1.1:53 | mc.webvisor.org | udp |
| RU | 87.250.250.119:443 | mc.webvisor.org | tcp |
| DE | 94.130.130.77:443 | vo.turbocap.net | tcp |
| US | 1.1.1.1:53 | engine.spotscenered.info | udp |
| US | 1.1.1.1:53 | engine.spotscenered.info | udp |
| US | 1.1.1.1:53 | i.gyazo.com | udp |
| US | 1.1.1.1:53 | i.gyazo.com | udp |
| US | 104.18.24.163:443 | i.gyazo.com | tcp |
| US | 104.18.24.163:443 | i.gyazo.com | tcp |
| US | 104.16.176.168:443 | engine.spotscenered.info | tcp |
| US | 104.16.176.168:443 | engine.spotscenered.info | udp |
| US | 1.1.1.1:53 | pocketoption.com | udp |
| US | 1.1.1.1:53 | pocketoption.com | udp |
| CZ | 185.104.210.34:443 | pocketoption.com | tcp |
| US | 1.1.1.1:53 | recaptcha.net | udp |
| US | 1.1.1.1:53 | recaptcha.net | udp |
| GB | 142.250.187.227:443 | recaptcha.net | tcp |
| GB | 142.250.187.227:443 | recaptcha.net | udp |
| US | 1.1.1.1:53 | analytics.google.com | udp |
| US | 1.1.1.1:53 | analytics.google.com | udp |
| GB | 172.217.169.78:443 | analytics.google.com | tcp |
| GB | 172.217.169.78:443 | analytics.google.com | udp |
| GB | 172.217.169.68:443 | www.google.com | tcp |
| GB | 172.217.169.68:443 | www.google.com | tcp |
| GB | 172.217.169.68:443 | www.google.com | udp |
Files
/root/.mozilla/firefox/Crash Reports/InstallTime20230522134052
| MD5 | 77f74535c20a4fd8c4e078c7df0f067f |
| SHA1 | 43a4fc51d88e833f139bc2a29e95ad004d3735f7 |
| SHA256 | 1af6997e6c29f106f9f7096daec4e1293c6bc62a9c947c8e70d5a05147bf0c78 |
| SHA512 | 41d95fde4b67ee1c4af98d885f0687373420b77415a8ae10d5ac0421cb8c4004a387c14871a1681ae86edb901fe00fc847a3414174da1399ac8cf9f22ad5e6c1 |
/root/.mozilla/firefox/ann6wzwk.default-release/times.json
| MD5 | 2dfba5c51ee5b2659119559f61597af8 |
| SHA1 | e5e23bc5b9fc308f344044455812cc1828812514 |
| SHA256 | d614f2ba12e3711c34305e97ddfdc12470267af906e3b6cd82925c1254fa20be |
| SHA512 | 2c97706dd0a6f9c38be5ded0899251173385fa65553a90b93f3f8d9700bfe65e6bbc2982371d36d76d32b75f9b3893a11f0e5e4ab1ac7a1c9ab745636381fc36 |
/root/.mozilla/firefox/zxtmunfd.default/times.json
| MD5 | fd8179d02349999b22e0a808bc796bbb |
| SHA1 | 5797f38845d42a4cfcfd58fead9e7aa1048c1058 |
| SHA256 | 124aa6882152a3e9f73e97dc4f85ed9b529ec23bc9bd91210fac861014981e52 |
| SHA512 | 91fa563f7835fad6ab3cad91e203a8c893b6771587a7560498c280292d9a56a269e6b5fec77c000bcf95ccaa8e1f21715b0bc8add2d0238b5be773f31579283e |
/root/.mozilla/firefox/installs.ini
| MD5 | 3432aa92a0a7994432b520ae86c095e9 |
| SHA1 | 2366a656223b83a67ab9c9b8149ec9d8e0ec216a |
| SHA256 | 440ea6116b08f09a88f93ae06d755c24625b8b387d31355862decc8f8737cf79 |
| SHA512 | 94a1b8ae44b25aa37badf279e63fb9096dc480f1202fc427f739acc6acdc460a670ab47cee37411ae8b947f94fe0bb01e5f08a99ba5396541472e7d5bfe34849 |
/root/.mozilla/firefox/profiles.ini
| MD5 | cce869550b3db6126aaa69e476212a21 |
| SHA1 | 171499acbc9eb1d481d31f05905202a616fd7b17 |
| SHA256 | 2411b21efd2711ee558e281c46df94535ebb88fa6bc8f860eb40072d180592bb |
| SHA512 | 153ee603f9669f205c0ce713b1d6620d85cb998bd4638ae5432e9ea3f4b0258230971cac25bc85ed67d4682c583dcdeeb99d89bbc78eb40fc6cf67ab7de53e06 |
/root/.dbus/session-bus/11c67417355f45d397f6be11f62e85a6-0
| MD5 | b5e02dd65a7e593c230214a677d855a4 |
| SHA1 | 9e04221da285f4450ee56643c2933999248b80f6 |
| SHA256 | 4f00d6618733dec68d88ec014b848a3f33c67474ea7dcffd7ae6b126a36ccd91 |
| SHA512 | 3e4cea711b28a0e9f8ed99a291ba2cf5317a7d26c05d5093e7e6fc60b790b967e71d2a907720a88ef4b70559fdb68096721245d7fca71f506b05c59ba0d75d37 |
/root/.mozilla/firefox/ann6wzwk.default-release/compatibility.ini
| MD5 | fe452b7294d5928a9a5863b89ee0a6bd |
| SHA1 | a5d4c245071fa96476ba48b4725bdae7f1b7940f |
| SHA256 | d5bfb07561606a19aa96557ea109b175050dc0eb805cbef9c813503587d77900 |
| SHA512 | dc37d8507f08849e3382d2dbafd4a64555dbd57a288c95131e9aefb366630f1585811a9e1456b861bb9d2b816ed88b18ffb7580cd92b41bb9b0227ce1363843e |
/root/.mozilla/firefox/ann6wzwk.default-release/prefs.js
| MD5 | 4b2c8eacb41c70b4f78da830e8850559 |
| SHA1 | 3b00299a66b61d377e0e76e0e22fc4c9cc04b024 |
| SHA256 | 8f180b89d3d9fceb52897dd6258f740848ab6a76be208d10dc9bfba7cc49ca74 |
| SHA512 | e8d6cdd90b8e2557415a99929c8b738c88c577f63162e67b30627e9a5340e6c69977b9b66998d626dff2fb6df067c1f0641d70002afbc7b0d9b8ded5ceaf9285 |
/root/.mozilla/firefox/ann6wzwk.default-release/cookies.sqlite
| MD5 | a7bcea1c0a0dfb9d44a9726ba016edff |
| SHA1 | 8dbdf3083273d3ba6aa3c7111321014383c6e823 |
| SHA256 | 0bf18382bae9b86c437f97017d3649075c13780273bb080dfe15f2a9be7a99e6 |
| SHA512 | 78316fef8ef1f1c1544717bef5344de0b896549f9c479b2318cf117cee078348fd4546e9e82e3a3ab4c65776cf0a116301440489ed75b475140c844eec84b765 |