Edit tour

Linux Analysis Report
https://greensofttech1-my.sharepoint.com/:f:/g/personal/stella_huang_greensofttech1_onmicrosoft_com/EuOSopXBEUpFhaHAwqFRDM8BeWLY-Gsl0U9Az2fOy4x80A?e=GhPegT&xsdata=MDV8MDJ8TVB1Z2FAaHljaXRlLmNvbXxjMDM5NmJhZjcxOTM0YzBkMTc3ZDA4ZGQxMzcwNWQ3MnxmYzVjNjhmNjk3ZjM0ZWZlYjY4OWViNWMxMjM0ZjgyMXwwfDB8NjM4Njg4MDk1N

Overview

General Information

Sample URL:	https://greensofttech1-my.sharepoint.com/:f:/g/personal/stella_huang_greensofttech1_onmicrosoft_com/EuOSopXBEUpFhaHAwqFRDM8BeWLY-Gsl0U9Az2fOy4x80A?e=GhPegT&xsdata=MDV8MDJ8TVB1Z2FAaHljaXRlLmNvbXxjMDM5N
Analysis ID:	1581474
Infos:

Detection

HTMLPhisher

Score:	48
Range:	0 - 100
Whitelisted:	false

Signatures

Yara detected BlockedWebSite

Creates hidden files and/or directories

Creates hidden files without content (potentially used as a mutex)

Queries the installed Ubuntu/CentOS release

Reads the 'hosts' file potentially containing internal network hosts

Uses the "uname" system call to query kernel version information (possible evasion)

Classification

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1581474
Start date and time:	2024-12-27 20:59:04 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 21s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://greensofttech1-my.sharepoint.com/:f:/g/personal/stella_huang_greensofttech1_onmicrosoft_com/EuOSopXBEUpFhaHAwqFRDM8BeWLY-Gsl0U9Az2fOy4x80A?e=GhPegT&xsdata=MDV8MDJ8TVB1Z2FAaHljaXRlLmNvbXxjMDM5NmJhZjcxOTM0YzBkMTc3ZDA4ZGQxMzcwNWQ3MnxmYzVjNjhmNjk3ZjM0ZWZlYjY4OWViNWMxMjM0ZjgyMXwwfDB8NjM4Njg4MDk1NTQ0NTA0NzA2fFVua25vd258VFdGcGJHWnNiM2Q4ZXlKRmJYQjBlVTFoY0draU9uUnlkV1VzSWxZaU9pSXdMakF1TURBd01DSXNJbEFpT2lKWGFXNHpNaUlzSWtGT0lqb2lUV0ZwYkNJc0lsZFVJam95ZlE9PXwwfHx8&sdata=SVpsejJNYUlwY213VjNreGxSNU1LaFJXcnpXS3pwWjhYR2k5ZUthLzlsMD0%3d
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Detection:	MAL
Classification:	mal48.phis.lin@0/48@35/0

Warnings

Excluded IPs from analysis (whitelisted): 34.120.208.123, 35.244.181.201
Excluded domains from analysis (whitelisted): 193246-ipv4v6e.farm.dprodmgd105.sharepointonline.com.akadns.net, incoming.telemetry.mozilla.org, aus5.mozilla.org
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://greensofttech1-my.sharepoint.com/:f:/g/personal/stella_huang_greensofttech1_onmicrosoft_com/EuOSopXBEUpFhaHAwqFRDM8BeWLY-Gsl0U9Az2fOy4x80A?e=GhPegT&xsdata=MDV8MDJ8TVB1Z2FAaHljaXRlLmNvbXxjMDM5NmJhZjcxOTM0YzBkMTc3ZDA4ZGQxMzcwNWQ3MnxmYzVjNjhmNjk3ZjM0ZWZlYjY4OWViNWMxMjM0ZjgyMXwwfDB8NjM4Njg4MDk1NTQ0NTA0NzA2fFVua25vd258VFdGcGJHWnNiM2Q4ZXlKRmJYQjBlVTFoY0draU9uUnlkV1VzSWxZaU9pSXdMakF1TURBd01DSXNJbEFpT2lKWGFXNHpNaUlzSWtGT0lqb2lUV0ZwYkNJc0lsZFVJam95ZlE9PXwwfHx8&sdata=SVpsejJNYUlwY213VjNreGxSNU1LaFJXcnpXS3pwWjhYR2k5ZUthLzlsMD0%3d

Process Tree

system is lnxubuntu20

exo-open (PID: 6249, Parent: 6236, MD5: 60a307a6a6325e2034eb5cc56bff1abd) Arguments: exo-open https://greensofttech1-my.sharepoint.com/:f:/g/personal/stella_huang_greensofttech1_onmicrosoft_com/EuOSopXBEUpFhaHAwqFRDM8BeWLY-Gsl0U9Az2fOy4x80A?e=GhPegT&xsdata=MDV8MDJ8TVB1Z2FAaHljaXRlLmNvbXxjMDM5NmJhZjcxOTM0YzBkMTc3ZDA4ZGQxMzcwNWQ3MnxmYzVjNjhmNjk3ZjM0ZWZlYjY4OWViNWMxMjM0ZjgyMXwwfDB8NjM4Njg4MDk1NTQ0NTA0NzA2fFVua25vd258VFdGcGJHWnNiM2Q4ZXlKRmJYQjBlVTFoY0draU9uUnlkV1VzSWxZaU9pSXdMakF1TURBd01DSXNJbEFpT2lKWGFXNHpNaUlzSWtGT0lqb2lUV0ZwYkNJc0lsZFVJam95ZlE9PXwwfHx8&sdata=SVpsejJNYUlwY213VjNreGxSNU1LaFJXcnpXS3pwWjhYR2k5ZUthLzlsMD0%3d

exo-open New Fork (PID: 6250, Parent: 6249)

exo-open New Fork (PID: 6251, Parent: 6250)

exo-helper-2 (PID: 6251, Parent: 1860, MD5: ab59c8990baa7254463cdf800a83b9e3) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/exo-2/exo-helper-2 --launch WebBrowser https://greensofttech1-my.sharepoint.com/:f:/g/personal/stella_huang_greensofttech1_onmicrosoft_com/EuOSopXBEUpFhaHAwqFRDM8BeWLY-Gsl0U9Az2fOy4x80A?e=GhPegT&xsdata=MDV8MDJ8TVB1Z2FAaHljaXRlLmNvbXxjMDM5NmJhZjcxOTM0YzBkMTc3ZDA4ZGQxMzcwNWQ3MnxmYzVjNjhmNjk3ZjM0ZWZlYjY4OWViNWMxMjM0ZjgyMXwwfDB8NjM4Njg4MDk1NTQ0NTA0NzA2fFVua25vd258VFdGcGJHWnNiM2Q4ZXlKRmJYQjBlVTFoY0draU9uUnlkV1VzSWxZaU9pSXdMakF1TURBd01DSXNJbEFpT2lKWGFXNHpNaUlzSWtGT0lqb2lUV0ZwYkNJc0lsZFVJam95ZlE9PXwwfHx8&sdata=SVpsejJNYUlwY213VjNreGxSNU1LaFJXcnpXS3pwWjhYR2k5ZUthLzlsMD0%3d

exo-helper-2 New Fork (PID: 6252, Parent: 6251)

sensible-browser (PID: 6252, Parent: 6251, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/bin/sensible-browser https://greensofttech1-my.sharepoint.com/:f:/g/personal/stella_huang_greensofttech1_onmicrosoft_com/EuOSopXBEUpFhaHAwqFRDM8BeWLY-Gsl0U9Az2fOy4x80A?e=GhPegT&xsdata=MDV8MDJ8TVB1Z2FAaHljaXRlLmNvbXxjMDM5NmJhZjcxOTM0YzBkMTc3ZDA4ZGQxMzcwNWQ3MnxmYzVjNjhmNjk3ZjM0ZWZlYjY4OWViNWMxMjM0ZjgyMXwwfDB8NjM4Njg4MDk1NTQ0NTA0NzA2fFVua25vd258VFdGcGJHWnNiM2Q4ZXlKRmJYQjBlVTFoY0draU9uUnlkV1VzSWxZaU9pSXdMakF1TURBd01DSXNJbEFpT2lKWGFXNHpNaUlzSWtGT0lqb2lUV0ZwYkNJc0lsZFVJam95ZlE9PXwwfHx8&sdata=SVpsejJNYUlwY213VjNreGxSNU1LaFJXcnpXS3pwWjhYR2k5ZUthLzlsMD0%3d

sensible-browser New Fork (PID: 6253, Parent: 6252)

which (PID: 6253, Parent: 6252, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: which sensible-browser

x-www-browser (PID: 6252, Parent: 6251, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/bin/x-www-browser https://greensofttech1-my.sharepoint.com/:f:/g/personal/stella_huang_greensofttech1_onmicrosoft_com/EuOSopXBEUpFhaHAwqFRDM8BeWLY-Gsl0U9Az2fOy4x80A?e=GhPegT&xsdata=MDV8MDJ8TVB1Z2FAaHljaXRlLmNvbXxjMDM5NmJhZjcxOTM0YzBkMTc3ZDA4ZGQxMzcwNWQ3MnxmYzVjNjhmNjk3ZjM0ZWZlYjY4OWViNWMxMjM0ZjgyMXwwfDB8NjM4Njg4MDk1NTQ0NTA0NzA2fFVua25vd258VFdGcGJHWnNiM2Q4ZXlKRmJYQjBlVTFoY0draU9uUnlkV1VzSWxZaU9pSXdMakF1TURBd01DSXNJbEFpT2lKWGFXNHpNaUlzSWtGT0lqb2lUV0ZwYkNJc0lsZFVJam95ZlE9PXwwfHx8&sdata=SVpsejJNYUlwY213VjNreGxSNU1LaFJXcnpXS3pwWjhYR2k5ZUthLzlsMD0%3d

x-www-browser New Fork (PID: 6254, Parent: 6252)

which (PID: 6254, Parent: 6252, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: which /usr/bin/x-www-browser

firefox (PID: 6252, Parent: 6251, MD5: bf9680bcd223dba6b6e38b63bc4f73d7) Arguments: /usr/lib/firefox/firefox https://greensofttech1-my.sharepoint.com/:f:/g/personal/stella_huang_greensofttech1_onmicrosoft_com/EuOSopXBEUpFhaHAwqFRDM8BeWLY-Gsl0U9Az2fOy4x80A?e=GhPegT&xsdata=MDV8MDJ8TVB1Z2FAaHljaXRlLmNvbXxjMDM5NmJhZjcxOTM0YzBkMTc3ZDA4ZGQxMzcwNWQ3MnxmYzVjNjhmNjk3ZjM0ZWZlYjY4OWViNWMxMjM0ZjgyMXwwfDB8NjM4Njg4MDk1NTQ0NTA0NzA2fFVua25vd258VFdGcGJHWnNiM2Q4ZXlKRmJYQjBlVTFoY0draU9uUnlkV1VzSWxZaU9pSXdMakF1TURBd01DSXNJbEFpT2lKWGFXNHpNaUlzSWtGT0lqb2lUV0ZwYkNJc0lsZFVJam95ZlE9PXwwfHx8&sdata=SVpsejJNYUlwY213VjNreGxSNU1LaFJXcnpXS3pwWjhYR2k5ZUthLzlsMD0%3d

firefox New Fork (PID: 6256, Parent: 6252)

firefox New Fork (PID: 6257, Parent: 6252)

firefox New Fork (PID: 6275, Parent: 6252)

lsb_release (PID: 6275, Parent: 6252, MD5: 69f442c3e33b5f9a66b722c29ad89435) Arguments: /usr/bin/lsb_release -idrc

firefox New Fork (PID: 6297, Parent: 6252)

dbus-launch (PID: 6297, Parent: 6252, MD5: 0b22a45154a51c6121bb1d208d8ab203) Arguments: dbus-launch --autolaunch=ee49dfd4fa47433baee88884e2d7de7c --binary-syntax --close-stderr

firefox New Fork (PID: 6306, Parent: 6252)

firefox New Fork (PID: 6308, Parent: 6306)

firefox (PID: 6306, Parent: 6252, MD5: bf9680bcd223dba6b6e38b63bc4f73d7) Arguments: /usr/lib/firefox/firefox -contentproc -parentBuildID 20210816143654 -prefsLen 1 -prefMapSize 238647 -appdir /usr/lib/firefox/browser 6252 true socket

firefox New Fork (PID: 6337, Parent: 6252)

firefox New Fork (PID: 6341, Parent: 6337)

firefox (PID: 6337, Parent: 6252, MD5: bf9680bcd223dba6b6e38b63bc4f73d7) Arguments: /usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 188 -prefMapSize 238647 -jsInit 285716 -parentBuildID 20210816143654 -appdir /usr/lib/firefox/browser 6252 true tab

firefox New Fork (PID: 6378, Parent: 6252)

firefox New Fork (PID: 6380, Parent: 6378)

firefox (PID: 6378, Parent: 6252, MD5: bf9680bcd223dba6b6e38b63bc4f73d7) Arguments: /usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 5251 -prefMapSize 238647 -jsInit 285716 -parentBuildID 20210816143654 -appdir /usr/lib/firefox/browser 6252 true tab

firefox New Fork (PID: 6442, Parent: 6252)

firefox New Fork (PID: 6444, Parent: 6442)

firefox (PID: 6442, Parent: 6252, MD5: bf9680bcd223dba6b6e38b63bc4f73d7) Arguments: /usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 5982 -prefMapSize 238647 -jsInit 285716 -parentBuildID 20210816143654 -appdir /usr/lib/firefox/browser 6252 true tab

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
/home/saturnino/.cache/mozilla/firefox/a3xevaya.default-release/cache2/entries/0D2746162CF9693A6244B4819CF2FB1C4335D110	JoeSecurity_BlockedWebSite	Yara detected BlockedWebSite	Joe Security

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

Yara detected BlockedWebSite

Source: Yara match

File source: /home/saturnino/.cache/mozilla/firefox/a3xevaya.default-release/cache2/entries/0D2746162CF9693A6244B4819CF2FB1C4335D110, type: DROPPED

Source: /usr/lib/firefox/firefox (PID: 6252)

Reads hosts file: /etc/hosts

Jump to behavior

Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /chains/remote-settings.content-signature.mozilla.org-2021-09-19-15-17-11.chain HTTP/1.1Host: content-signature-2.cdn.mozilla.netUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-aliveSec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: cross-siteIf-Modified-Since: Sat, 31 Jul 2021 15:17:12 GMTIf-None-Match: "8cfd2c8fe1fb0bc900759661d7a6ee89"
Source: global traffic	HTTP traffic detected: GET /:f:/g/personal/stella_huang_greensofttech1_onmicrosoft_com/EuOSopXBEUpFhaHAwqFRDM8BeWLY-Gsl0U9Az2fOy4x80A?e=GhPegT&xsdata=MDV8MDJ8TVB1Z2FAaHljaXRlLmNvbXxjMDM5NmJhZjcxOTM0YzBkMTc3ZDA4ZGQxMzcwNWQ3MnxmYzVjNjhmNjk3ZjM0ZWZlYjY4OWViNWMxMjM0ZjgyMXwwfDB8NjM4Njg4MDk1NTQ0NTA0NzA2fFVua25vd258VFdGcGJHWnNiM2Q4ZXlKRmJYQjBlVTFoY0draU9uUnlkV1VzSWxZaU9pSXdMakF1TURBd01DSXNJbEFpT2lKWGFXNHpNaUlzSWtGT0lqb2lUV0ZwYkNJc0lsZFVJam95ZlE9PXwwfHx8&sdata=SVpsejJNYUlwY213VjNreGxSNU1LaFJXcnpXS3pwWjhYR2k5ZUthLzlsMD0%3d HTTP/1.1Host: greensofttech1-my.sharepoint.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-aliveUpgrade-Insecure-Requests: 1Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: cross-site
Source: global traffic	HTTP traffic detected: GET /?url=https%3A%2F%2Fgreensofttech1-my.sharepoint.com%2F%3Af%3A%2Fg%2Fpersonal%2Fstella_huang_greensofttech1_onmicrosoft_com%2FEuOSopXBEUpFhaHAwqFRDM8BeWLY-Gsl0U9Az2fOy4x80A%3Fe%3DGhPegT&data=05%7C02%7Cmpuga%40hycite.com%7Cc0396baf71934c0d177d08dd13705d72%7Cfc5c68f697f34efeb689eb5c1234f821%7C0%7C0%7C638709264060840847%7CBad%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyLCJBUCI6eyJGSWQiOiIxOTMyNDYiLCJGTGJsIjoiVVNfMjA4X0NvbnRlbnQiLCJHZW8iOiJOQU0iLCJSZXFJZCI6IjEyYmU3MWExLTgwZWYtNzAwMC02MTExLWU4ZDgyODhkMTg5NSIsIk1JZCI6Ijc3Mzc2MzAiLCJNTmFtZSI6IlVTUjE5MzI0Ni0yNDAiLCJDbGllbnRJUCI6IjguNDYuMTIzLjE4OSIsIkNsaWVudC1BZ2VudCI6Ik1vemlsbGEvNS4wIChYMTE7IFVidW50dTsgTGludXggeDg2XzY0OyBydjo5MS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzkxLjAiLCJDSUQtT3JpZ2luIjoiU1BPIn19%7C1%7CYzAzOTZiYWYtNzE5My00YzBkLTE3N2QtMDhkZDEzNzA1ZDcy%7C6dd2cea9a5cf426dad8708dd26b10f0a%7C14be71a1f00070006111e2c8db3b2c2b&sdata=0R1IqC4YI94knkL4%2F2aQ3XbeMezol8MmQadD5bNehyQ%3D&reserved=0 HTTP/1.1Host: nam12.safelinks.protection.outlook.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-aliveUpgrade-Insecure-Requests: 1Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: cross-site
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: push.services.mozilla.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brSec-WebSocket-Version: 13Origin: wss://push.services.mozilla.com/Sec-WebSocket-Protocol: push-notificationSec-WebSocket-Extensions: permessage-deflateSec-WebSocket-Key: +4v6YwZoRKHvWjeA8PJwWw==Connection: keep-alive, UpgradeSec-Fetch-Dest: websocketSec-Fetch-Mode: websocketSec-Fetch-Site: cross-sitePragma: no-cacheCache-Control: no-cacheUpgrade: websocket
Source: global traffic	HTTP traffic detected: GET /Content/Scripts/safelinksv2.css HTTP/1.1Host: nam12.safelinks.protection.outlook.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0Accept: text/css,/;q=0.1Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgreensofttech1-my.sharepoint.com%2F%3Af%3A%2Fg%2Fpersonal%2Fstella_huang_greensofttech1_onmicrosoft_com%2FEuOSopXBEUpFhaHAwqFRDM8BeWLY-Gsl0U9Az2fOy4x80A%3Fe%3DGhPegT&data=05%7C02%7Cmpuga%40hycite.com%7Cc0396baf71934c0d177d08dd13705d72%7Cfc5c68f697f34efeb689eb5c1234f821%7C0%7C0%7C638709264060840847%7CBad%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyLCJBUCI6eyJGSWQiOiIxOTMyNDYiLCJGTGJsIjoiVVNfMjA4X0NvbnRlbnQiLCJHZW8iOiJOQU0iLCJSZXFJZCI6IjEyYmU3MWExLTgwZWYtNzAwMC02MTExLWU4ZDgyODhkMTg5NSIsIk1JZCI6Ijc3Mzc2MzAiLCJNTmFtZSI6IlVTUjE5MzI0Ni0yNDAiLCJDbGllbnRJUCI6IjguNDYuMTIzLjE4OSIsIkNsaWVudC1BZ2VudCI6Ik1vemlsbGEvNS4wIChYMTE7IFVidW50dTsgTGludXggeDg2XzY0OyBydjo5MS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzkxLjAiLCJDSUQtT3JpZ2luIjoiU1BPIn19%7C1%7CYzAzOTZiYWYtNzE5My00YzBkLTE3N2QtMDhkZDEzNzA1ZDcy%7C6dd2cea9a5cf426dad8708dd26b10f0a%7C14be71a1f00070006111e2c8db3b2c2b&sdata=0R1IqC4YI94knkL4%2F2aQ3XbeMezol8MmQadD5bNehyQ%3D&reserved=0Connection: keep-aliveSec-Fetch-Dest: styleSec-Fetch-Mode: no-corsSec-Fetch-Site: same-origin
Source: global traffic	HTTP traffic detected: GET /Content/Scripts/site.js HTTP/1.1Host: nam12.safelinks.protection.outlook.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgreensofttech1-my.sharepoint.com%2F%3Af%3A%2Fg%2Fpersonal%2Fstella_huang_greensofttech1_onmicrosoft_com%2FEuOSopXBEUpFhaHAwqFRDM8BeWLY-Gsl0U9Az2fOy4x80A%3Fe%3DGhPegT&data=05%7C02%7Cmpuga%40hycite.com%7Cc0396baf71934c0d177d08dd13705d72%7Cfc5c68f697f34efeb689eb5c1234f821%7C0%7C0%7C638709264060840847%7CBad%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyLCJBUCI6eyJGSWQiOiIxOTMyNDYiLCJGTGJsIjoiVVNfMjA4X0NvbnRlbnQiLCJHZW8iOiJOQU0iLCJSZXFJZCI6IjEyYmU3MWExLTgwZWYtNzAwMC02MTExLWU4ZDgyODhkMTg5NSIsIk1JZCI6Ijc3Mzc2MzAiLCJNTmFtZSI6IlVTUjE5MzI0Ni0yNDAiLCJDbGllbnRJUCI6IjguNDYuMTIzLjE4OSIsIkNsaWVudC1BZ2VudCI6Ik1vemlsbGEvNS4wIChYMTE7IFVidW50dTsgTGludXggeDg2XzY0OyBydjo5MS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzkxLjAiLCJDSUQtT3JpZ2luIjoiU1BPIn19%7C1%7CYzAzOTZiYWYtNzE5My00YzBkLTE3N2QtMDhkZDEzNzA1ZDcy%7C6dd2cea9a5cf426dad8708dd26b10f0a%7C14be71a1f00070006111e2c8db3b2c2b&sdata=0R1IqC4YI94knkL4%2F2aQ3XbeMezol8MmQadD5bNehyQ%3D&reserved=0Connection: keep-aliveSec-Fetch-Dest: scriptSec-Fetch-Mode: no-corsSec-Fetch-Site: same-origin
Source: global traffic	HTTP traffic detected: GET /Content/images/cross.png HTTP/1.1Host: nam12.safelinks.protection.outlook.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0Accept: image/webp,/Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgreensofttech1-my.sharepoint.com%2F%3Af%3A%2Fg%2Fpersonal%2Fstella_huang_greensofttech1_onmicrosoft_com%2FEuOSopXBEUpFhaHAwqFRDM8BeWLY-Gsl0U9Az2fOy4x80A%3Fe%3DGhPegT&data=05%7C02%7Cmpuga%40hycite.com%7Cc0396baf71934c0d177d08dd13705d72%7Cfc5c68f697f34efeb689eb5c1234f821%7C0%7C0%7C638709264060840847%7CBad%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyLCJBUCI6eyJGSWQiOiIxOTMyNDYiLCJGTGJsIjoiVVNfMjA4X0NvbnRlbnQiLCJHZW8iOiJOQU0iLCJSZXFJZCI6IjEyYmU3MWExLTgwZWYtNzAwMC02MTExLWU4ZDgyODhkMTg5NSIsIk1JZCI6Ijc3Mzc2MzAiLCJNTmFtZSI6IlVTUjE5MzI0Ni0yNDAiLCJDbGllbnRJUCI6IjguNDYuMTIzLjE4OSIsIkNsaWVudC1BZ2VudCI6Ik1vemlsbGEvNS4wIChYMTE7IFVidW50dTsgTGludXggeDg2XzY0OyBydjo5MS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzkxLjAiLCJDSUQtT3JpZ2luIjoiU1BPIn19%7C1%7CYzAzOTZiYWYtNzE5My00YzBkLTE3N2QtMDhkZDEzNzA1ZDcy%7C6dd2cea9a5cf426dad8708dd26b10f0a%7C14be71a1f00070006111e2c8db3b2c2b&sdata=0R1IqC4YI94knkL4%2F2aQ3XbeMezol8MmQadD5bNehyQ%3D&reserved=0Connection: keep-aliveSec-Fetch-Dest: imageSec-Fetch-Mode: no-corsSec-Fetch-Site: same-origin
Source: global traffic	HTTP traffic detected: GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0Accept: application/jsonAccept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Type: application/jsonConnection: keep-aliveSec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: cross-siteIf-Modified-Since: Tue, 01 Jun 2021 14:28:23 GMTIf-None-Match: "1622557703112"
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-aliveSec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: cross-site
Source: global traffic	HTTP traffic detected: GET /main-workspace/ms-language-packs/b8aa99dd-b2b6-4312-8c40-d15867393b13.ftl HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-aliveSec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: cross-site
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: push.services.mozilla.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brSec-WebSocket-Version: 13Origin: wss://push.services.mozilla.com/Sec-WebSocket-Protocol: push-notificationSec-WebSocket-Extensions: permessage-deflateSec-WebSocket-Key: fNkynAcoXL1nqDaAMZdXcw==Connection: keep-alive, UpgradeSec-Fetch-Dest: websocketSec-Fetch-Mode: websocketSec-Fetch-Site: cross-sitePragma: no-cacheCache-Control: no-cacheUpgrade: websocket
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: push.services.mozilla.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brSec-WebSocket-Version: 13Origin: wss://push.services.mozilla.com/Sec-WebSocket-Protocol: push-notificationSec-WebSocket-Extensions: permessage-deflateSec-WebSocket-Key: kkR/WlV4bMXDcjrvbUwjDA==Connection: keep-alive, UpgradeSec-Fetch-Dest: websocketSec-Fetch-Mode: websocketSec-Fetch-Site: cross-sitePragma: no-cacheCache-Control: no-cacheUpgrade: websocket
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: push.services.mozilla.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brSec-WebSocket-Version: 13Origin: wss://push.services.mozilla.com/Sec-WebSocket-Protocol: push-notificationSec-WebSocket-Extensions: permessage-deflateSec-WebSocket-Key: AXO+7g6SZ80EYYIz718hOA==Connection: keep-alive, UpgradeSec-Fetch-Dest: websocketSec-Fetch-Mode: websocketSec-Fetch-Site: cross-sitePragma: no-cacheCache-Control: no-cacheUpgrade: websocket
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: push.services.mozilla.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brSec-WebSocket-Version: 13Origin: wss://push.services.mozilla.com/Sec-WebSocket-Protocol: push-notificationSec-WebSocket-Extensions: permessage-deflateSec-WebSocket-Key: xZuka8t7/9N1p9BzdioTzA==Connection: keep-alive, UpgradeSec-Fetch-Dest: websocketSec-Fetch-Mode: websocketSec-Fetch-Site: cross-sitePragma: no-cacheCache-Control: no-cacheUpgrade: websocket

Source: global traffic	DNS traffic detected: DNS query: greensofttech1-my.sharepoint.com
Source: global traffic	DNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
Source: global traffic	DNS traffic detected: DNS query: nam12.safelinks.protection.outlook.com
Source: global traffic	DNS traffic detected: DNS query: push.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: firefox.settings.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: firefox-settings-attachments.cdn.mozilla.net
Source: global traffic	DNS traffic detected: DNS query: attachments.prod.remote-settings.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: www.wikipedia.org
Source: global traffic	DNS traffic detected: DNS query: www.example.com
Source: global traffic	DNS traffic detected: DNS query: www.youtube.com
Source: global traffic	DNS traffic detected: DNS query: www.facebook.com
Source: global traffic	DNS traffic detected: DNS query: www.reddit.com
Source: global traffic	DNS traffic detected: DNS query: twitter.com
Source: global traffic	DNS traffic detected: DNS query: reddit.map.fastly.net

Source: cert9.db-journal.42.dr, cert9.db.42.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: cert9.db-journal.42.dr, cert9.db.42.dr	String found in binary or memory: http://crl.pki.goog/gsr2/gsr2.crl0?
Source: cert9.db-journal.42.dr, cert9.db.42.dr	String found in binary or memory: http://crl.pki.goog/gtsr1/gtsr1.crl0W
Source: cert9.db-journal.42.dr, cert9.db.42.dr	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: cert9.db-journal.42.dr, cert9.db.42.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: cert9.db-journal.42.dr, cert9.db.42.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: cert9.db-journal.42.dr, cert9.db.42.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl0=
Source: cert9.db-journal.42.dr, cert9.db.42.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
Source: cert9.db-journal.42.dr, cert9.db.42.dr	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: scriptCache-new.bin.42.dr	String found in binary or memory: http://json-schema.org/draft-04/schema#
Source: F8CBD54DDA10F4286A41EC6A537240712D6C2308.42.dr	String found in binary or memory: http://kinto.readthedocs.io/en/latest/tutorials/synchronisation.html#polling-for-remote-changes
Source: asrouter.ftl.tmp.42.dr, 37373F56CBD822F5FCF64BA01E1320A0924D8460.42.dr	String found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: cert9.db.42.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: cert9.db-journal.42.dr, cert9.db.42.dr	String found in binary or memory: http://ocsp.digicert.com0K
Source: cert9.db-journal.42.dr, cert9.db.42.dr	String found in binary or memory: http://ocsp.pki.goog/gsr202
Source: cert9.db-journal.42.dr, cert9.db.42.dr	String found in binary or memory: http://ocsp.pki.goog/gtsr100
Source: cert9.db-journal.42.dr, cert9.db.42.dr	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: cert9.db-journal.42.dr, cert9.db.42.dr	String found in binary or memory: http://pki.goog/repo/certs/gtsr1.der04
Source: places.sqlite-wal.42.dr	String found in binary or memory: http://wiki.ubuntu.com
Source: places.sqlite-wal.42.dr	String found in binary or memory: http://wiki.ubuntu.com/moc.utnubu.ikiw.
Source: places.sqlite-wal.42.dr	String found in binary or memory: http://www.debian.org
Source: places.sqlite-wal.42.dr	String found in binary or memory: http://www.debian.org/gro.naibed.www.
Source: scriptCache-new.bin.42.dr	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: scriptCache-new.bin.42.dr	String found in binary or memory: http://www.mozilla.org/newlayout/xml/parsererror.xml
Source: places.sqlite-wal.42.dr	String found in binary or memory: http://www.ubuntu.com
Source: places.sqlite-wal.42.dr	String found in binary or memory: http://www.ubuntu.com/moc.utnubu.www.
Source: cert9.db-journal.42.dr, cert9.db.42.dr	String found in binary or memory: http://x1.c.lencr.org/0
Source: cert9.db-journal.42.dr, cert9.db.42.dr	String found in binary or memory: http://x1.i.lencr.org/0
Source: scriptCache-new.bin.42.dr	String found in binary or memory: https://amazon.com
Source: places.sqlite-wal.42.dr	String found in binary or memory: https://answers.launchpad.net
Source: places.sqlite-wal.42.dr	String found in binary or memory: https://answers.launchpad.net/ubuntu/
Source: scriptCache-new.bin.42.dr	String found in binary or memory: https://baidu.com
Source: scriptCache-new.bin.42.dr	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1238180
Source: scriptCache-new.bin.42.dr	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=921157
Source: 5FFD69415953BE9CE9C07B2E9C26DA959ADEA6CB.42.dr	String found in binary or memory: https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-202
Source: scriptCache-child-new.bin.42.dr	String found in binary or memory: https://developer.mozilla.org/en-US/Add-ons/WebExtensions/manifest.json/commands#Key_combinations
Source: scriptCache-new.bin.42.dr	String found in binary or memory: https://developer.mozilla.org/en-US/docs/JavaScript_OS.File/OS.File.Info#Cross-platform_Attributes
Source: 3870112724rsegmnoittet-es.sqlite.42.dr, 3870112724rsegmnoittet-es.sqlite-wal.42.dr	String found in binary or memory: https://doh.xfinity.com/dns-query
Source: scriptCache-new.bin.42.dr	String found in binary or memory: https://duckduckgo.com
Source: scriptCache-new.bin.42.dr	String found in binary or memory: https://ebay.com
Source: F8CBD54DDA10F4286A41EC6A537240712D6C2308.42.dr	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/
Source: 37373F56CBD822F5FCF64BA01E1320A0924D8460.42.dr	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-language-packs/b8aa99dd-b2b6-
Source: 3870112724rsegmnoittet-es.sqlite.42.dr, 3870112724rsegmnoittet-es.sqlite-wal.42.dr	String found in binary or memory: https://firefox.dns.next
Source: scriptCache-new.bin.42.dr	String found in binary or memory: https://firefox.dns.nextdns.io/
Source: scriptCache-new.bin.42.dr	String found in binary or memory: https://firefox.settings.services.mozilla.com/v1
Source: F8CBD54DDA10F4286A41EC6A537240712D6C2308.42.dr	String found in binary or memory: https://firefox.settings.services.mozilla.com/v1/
Source: scriptCache-new.bin.42.dr	String found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main-preview/collections/search-config/reco
Source: 254256B27E0C48CF9B80B695F0B3B8CA84610495.42.dr	String found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/
Source: scriptCache-new.bin.42.dr	String found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-config/records
Source: F8CBD54DDA10F4286A41EC6A537240712D6C2308.42.dr	String found in binary or memory: https://github.com/Kinto/kinto-attachment/
Source: scriptCache-new.bin.42.dr	String found in binary or memory: https://google.com
Source: places.sqlite-wal.42.dr	String found in binary or memory: https://greensofttech1-my.sharepoint.com
Source: 19F3C9BFFFB226064E4C7D82B0316E390EE79530.42.dr	String found in binary or memory: https://greensofttech1-my.sharepoint.com/
Source: 2EB498719AE24260CCB27F5835DFD94AE777B4CB.42.dr, 0D2746162CF9693A6244B4819CF2FB1C4335D110.42.dr	String found in binary or memory: https://greensofttech1-my.sharepoint.com/:f:/g/personal/stella_huang_greensofttech1_onmicrosoft_com/
Source: 19F3C9BFFFB226064E4C7D82B0316E390EE79530.42.dr	String found in binary or memory: https://greensofttech1-my.sharepoint.com/predictor::seen1
Source: scriptCache-new.bin.42.dr	String found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/7dafd5f51c0afd1ae627bb4762ac0c140a6cd5f5
Source: 47E041953657F70771DE09976C57A333DEDC4408.42.dr	String found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/deletion-request/1/a5f7d124-2a4b-4e86-
Source: 3870112724rsegmnoittet-es.sqlite.42.dr, 3870112724rsegmnoittet-es.sqlite-wal.42.dr	String found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
Source: places.sqlite-wal.42.dr, 0D2746162CF9693A6244B4819CF2FB1C4335D110.42.dr	String found in binary or memory: https://nam12.safelinks.protection.outlook.com
Source: recovery.jsonlz4.tmp.42.dr	String found in binary or memory: https://nam12.safelinks.protection.outlook.com/?url=4
Source: places.sqlite-wal.42.dr, 2EB498719AE24260CCB27F5835DFD94AE777B4CB.42.dr, 0D2746162CF9693A6244B4819CF2FB1C4335D110.42.dr	String found in binary or memory: https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgreensofttech1-my.sharepoint.com%2
Source: 85B78A1A718FD71B967FD9E87FAC8B490506EBCE.42.dr	String found in binary or memory: https://nam12.safelinks.protection.outlook.com/Content/Scripts/safelinksv2.css
Source: B3F6EC0DC12711CC1E5D30B917A3B5BFB83A5800.42.dr	String found in binary or memory: https://nam12.safelinks.protection.outlook.com/Content/Scripts/site.js
Source: 8FE5899A52ED3FA53CC6B76C120A9E60856D9A07.42.dr	String found in binary or memory: https://nam12.safelinks.protection.outlook.com/Content/images/cross.png
Source: places.sqlite-wal.42.dr	String found in binary or memory: https://nam12.safelinks.protection.outlook.comd.
Source: cert9.db-journal.42.dr, cert9.db.42.dr	String found in binary or memory: https://pki.goog/repository/0
Source: 3870112724rsegmnoittet-es.sqlite.42.dr, 3870112724rsegmnoittet-es.sqlite-wal.42.dr	String found in binary or memory: https://private.canadianshield.cira.ca/dns-query
Source: scriptCache-new.bin.42.dr	String found in binary or memory: https://profiler.firefox.com
Source: F8CBD54DDA10F4286A41EC6A537240712D6C2308.42.dr	String found in binary or memory: https://remote-settings.readthedocs.io
Source: scriptCache-new.bin.42.dr	String found in binary or memory: https://settings.stage.mozaws.net/v1/buckets/main-preview/collections/search-config/records
Source: scriptCache-new.bin.42.dr	String found in binary or memory: https://settings.stage.mozaws.net/v1/buckets/main/collections/search-config/records
Source: 2EB498719AE24260CCB27F5835DFD94AE777B4CB.42.dr	String found in binary or memory: https://spo.nel.measure.office.net/api/report?tenantId=00000000-0000-0000-0000-000000000000&destinat
Source: places.sqlite-wal.42.dr	String found in binary or memory: https://support.mozilla.org
Source: places.sqlite-wal.42.dr	String found in binary or memory: https://support.mozilla.org/en-US/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=fire
Source: places.sqlite-wal.42.dr	String found in binary or memory: https://support.mozilla.org/en-US/products/firefoxgro.allizom.troppus.
Source: scriptCache-new.bin.42.dr	String found in binary or memory: https://support.mozilla.org/kb/
Source: scriptCache-new.bin.42.dr	String found in binary or memory: https://support.mozilla.org/kb/firefox-crashes-troubleshoot-prevent-and-get-help
Source: scriptCache-new.bin.42.dr	String found in binary or memory: https://support.mozilla.org/kb/flash-protected-mode-autodisabled
Source: scriptCache-new.bin.42.dr	String found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings
Source: scriptCache-new.bin.42.dr	String found in binary or memory: https://support.mozilla.org/kb/warning-unresponsive-script#w_other-causes
Source: scriptCache-new.bin.42.dr	String found in binary or memory: https://trr.dns.nextdns.io/
Source: scriptCache-new.bin.42.dr	String found in binary or memory: https://twitter.com
Source: cert9.db-journal.42.dr, cert9.db.42.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: places.sqlite-wal.42.dr	String found in binary or memory: https://www.google.com
Source: scriptCache-new.bin.42.dr	String found in binary or memory: https://www.google.com/policies/privacy/
Source: places.sqlite-wal.42.dr	String found in binary or memory: https://www.google.com/search?channel=fs&client=ubuntu&q=googlegoogle
Source: places.sqlite-wal.42.dr	String found in binary or memory: https://www.mozilla.org
Source: places.sqlite-wal.42.dr	String found in binary or memory: https://www.mozilla.org/en-US/about/gro.allizom.www.
Source: places.sqlite-wal.42.dr	String found in binary or memory: https://www.mozilla.org/en-US/contribute/gro.allizom.www.
Source: places.sqlite-wal.42.dr	String found in binary or memory: https://www.mozilla.org/en-US/firefox/central/gro.allizom.www.
Source: places.sqlite-wal.42.dr	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: scriptCache-new.bin.42.dr	String found in binary or memory: https://www.mozilla.org/firefox/new/
Source: places.sqlite-wal.42.dr	String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
Source: places.sqlite-wal.42.dr	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: scriptCache-new.bin.42.dr	String found in binary or memory: https://www.openh264.org/
Source: scriptCache-new.bin.42.dr	String found in binary or memory: https://www.widevine.com/
Source: scriptCache-new.bin.42.dr	String found in binary or memory: https://yandex.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51228
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 38690
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 36572
Source: unknown	Network traffic detected: HTTP traffic on port 51228 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 39322
Source: unknown	Network traffic detected: HTTP traffic on port 40896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 39912
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 40922
Source: unknown	Network traffic detected: HTTP traffic on port 39912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 39914
Source: unknown	Network traffic detected: HTTP traffic on port 40922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 39914 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 40920
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 39906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 40920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 40914 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 36562 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 40918
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 36562
Source: unknown	Network traffic detected: HTTP traffic on port 39910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 39910
Source: unknown	Network traffic detected: HTTP traffic on port 36566 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 36566
Source: unknown	Network traffic detected: HTTP traffic on port 38690 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 40914
Source: unknown	Network traffic detected: HTTP traffic on port 40918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 39906
Source: unknown	Network traffic detected: HTTP traffic on port 39322 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 40896
Source: unknown	Network traffic detected: HTTP traffic on port 36572 -> 443

Source: classification engine

Classification label: mal48.phis.lin@0/48@35/0

Source: /usr/bin/exo-open (PID: 6249)	Directory: /home/saturnino/.Xdefaults-galassia	Jump to behavior
Source: /usr/bin/exo-open (PID: 6249)	Directory: /home/saturnino/.cache	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/exo-2/exo-helper-2 (PID: 6251)	Directory: /home/saturnino/.Xdefaults-galassia	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/exo-2/exo-helper-2 (PID: 6251)	Directory: /home/saturnino/.cache	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/exo-2/exo-helper-2 (PID: 6251)	Directory: /home/saturnino/.local	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/exo-2/exo-helper-2 (PID: 6251)	Directory: /home/saturnino/.config	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /home/saturnino/.Xdefaults-galassia	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	File: /tmp/firefox/.parentlock	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	File: /home/saturnino/.mozilla/firefox/a3xevaya.default-release/.parentlock	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	File: /home/saturnino/.cache/mozilla/firefox/a3xevaya.default-release/.startup-incomplete	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/local/share/fonts/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /home/saturnino/.local/share/fonts/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /home/saturnino/.fonts/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/X11/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/cMap/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/cmap/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/opentype/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/truetype/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/type1/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/X11/Type1/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/X11/encodings/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/X11/misc/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/X11/util/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/cmap/adobe-cns1/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/cmap/adobe-gb1/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/cmap/adobe-japan1/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/cmap/adobe-japan2/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/cmap/adobe-korea1/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/opentype/malayalam/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/opentype/mathjax/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/opentype/noto/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/opentype/urw-base35/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/truetype/Gargi/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/truetype/Gubbi/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/truetype/Nakula/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/truetype/Navilu/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/truetype/Sahadeva/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/truetype/Sarai/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/truetype/abyssinica/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/truetype/ancient-scripts/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/truetype/dejavu/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/truetype/droid/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/truetype/freefont/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/truetype/kacst/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/truetype/kacst-one/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/truetype/lao/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/truetype/lato/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/truetype/liberation/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/truetype/liberation2/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/truetype/lohit-assamese/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/truetype/lohit-bengali/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/truetype/lohit-kannada/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/truetype/lohit-oriya/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/truetype/lohit-tamil/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/truetype/lohit-telugu/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/truetype/malayalam/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/truetype/noto/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/truetype/openoffice/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/truetype/padauk/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/truetype/pagul/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/truetype/samyak/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/truetype/samyak-fonts/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/truetype/sinhala/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/truetype/tibetan-machine/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/truetype/tlwg/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/truetype/ubuntu/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/type1/urw-base35/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/share/fonts/X11/encodings/large/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	File: /usr/lib/firefox/fonts/.uuid.TMP-BMfMuW	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /usr/lib/firefox/fonts/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /home/saturnino/.mime.types	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /home/saturnino/.mozilla/firefox/a3xevaya.default-release/storage/permanent/chrome/.metadata-v2	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /home/saturnino/.mailcap	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Directory: /home/saturnino/.cache	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6257)	Directory: /home/saturnino/.drirc	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/local/share/fonts/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /home/saturnino/.local/share/fonts/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /home/saturnino/.fonts/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/X11/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/cMap/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/cmap/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/opentype/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/truetype/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/type1/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/X11/Type1/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/X11/encodings/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/X11/misc/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/X11/util/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/cmap/adobe-cns1/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/cmap/adobe-gb1/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/cmap/adobe-japan1/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/cmap/adobe-japan2/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/cmap/adobe-korea1/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/opentype/malayalam/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/opentype/mathjax/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/opentype/noto/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/opentype/urw-base35/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/truetype/Gargi/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/truetype/Gubbi/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/truetype/Nakula/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/truetype/Navilu/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/truetype/Sahadeva/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/truetype/Sarai/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/truetype/abyssinica/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/truetype/ancient-scripts/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/truetype/dejavu/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/truetype/droid/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/truetype/freefont/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/truetype/kacst/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/truetype/kacst-one/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/truetype/lao/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/truetype/lato/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/truetype/liberation/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/truetype/liberation2/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/truetype/lohit-assamese/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/truetype/lohit-bengali/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/truetype/lohit-kannada/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/truetype/lohit-oriya/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/truetype/lohit-tamil/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/truetype/lohit-telugu/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/truetype/malayalam/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/truetype/noto/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/truetype/openoffice/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/truetype/padauk/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/truetype/pagul/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/truetype/samyak/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/truetype/samyak-fonts/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/truetype/sinhala/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/truetype/tibetan-machine/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/truetype/tlwg/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/truetype/ubuntu/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/type1/urw-base35/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Directory: /usr/share/fonts/X11/encodings/large/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/local/share/fonts/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /home/saturnino/.local/share/fonts/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /home/saturnino/.fonts/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/X11/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/cMap/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/cmap/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/opentype/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/truetype/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/type1/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/X11/Type1/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/X11/encodings/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/X11/misc/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/X11/util/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/cmap/adobe-cns1/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/cmap/adobe-gb1/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/cmap/adobe-japan1/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/cmap/adobe-japan2/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/cmap/adobe-korea1/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/opentype/malayalam/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/opentype/mathjax/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/opentype/noto/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/opentype/urw-base35/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/truetype/Gargi/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/truetype/Gubbi/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/truetype/Nakula/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/truetype/Navilu/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/truetype/Sahadeva/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/truetype/Sarai/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/truetype/abyssinica/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/truetype/ancient-scripts/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/truetype/dejavu/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/truetype/droid/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/truetype/freefont/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/truetype/kacst/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/truetype/kacst-one/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/truetype/lao/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/truetype/lato/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/truetype/liberation/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/truetype/liberation2/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/truetype/lohit-assamese/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/truetype/lohit-bengali/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/truetype/lohit-kannada/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/truetype/lohit-oriya/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/truetype/lohit-tamil/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/truetype/lohit-telugu/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/truetype/malayalam/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/truetype/noto/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/truetype/openoffice/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/truetype/padauk/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/truetype/pagul/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/truetype/samyak/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/truetype/samyak-fonts/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/truetype/sinhala/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/truetype/tibetan-machine/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/truetype/tlwg/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/truetype/ubuntu/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/type1/urw-base35/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Directory: /usr/share/fonts/X11/encodings/large/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/local/share/fonts/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /home/saturnino/.local/share/fonts/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /home/saturnino/.fonts/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/X11/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/cMap/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/cmap/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/opentype/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/truetype/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/type1/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/X11/Type1/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/X11/encodings/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/X11/misc/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/X11/util/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/cmap/adobe-cns1/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/cmap/adobe-gb1/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/cmap/adobe-japan1/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/cmap/adobe-japan2/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/cmap/adobe-korea1/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/opentype/malayalam/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/opentype/mathjax/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/opentype/noto/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/opentype/urw-base35/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/truetype/Gargi/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/truetype/Gubbi/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/truetype/Nakula/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/truetype/Navilu/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/truetype/Sahadeva/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/truetype/Sarai/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/truetype/abyssinica/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/truetype/ancient-scripts/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/truetype/dejavu/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/truetype/droid/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/truetype/freefont/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/truetype/kacst/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/truetype/kacst-one/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/truetype/lao/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/truetype/lato/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/truetype/liberation/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/truetype/liberation2/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/truetype/lohit-assamese/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/truetype/lohit-bengali/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/truetype/lohit-kannada/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/truetype/lohit-oriya/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/truetype/lohit-tamil/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/truetype/lohit-telugu/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/truetype/malayalam/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/truetype/noto/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/truetype/openoffice/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/truetype/padauk/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/truetype/pagul/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/truetype/samyak/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/truetype/samyak-fonts/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/truetype/sinhala/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/truetype/tibetan-machine/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/truetype/tlwg/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/truetype/ubuntu/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/type1/urw-base35/.uuid	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Directory: /usr/share/fonts/X11/encodings/large/.uuid	Jump to behavior

Source: /usr/lib/firefox/firefox (PID: 6252)	Empty hidden file: /tmp/firefox/.parentlock	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Empty hidden file: /usr/lib/firefox/fonts/.uuid.TMP-BMfMuW	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Empty hidden file: /home/saturnino/.mozilla/firefox/a3xevaya.default-release/.parentlock	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Empty hidden file: /home/saturnino/.cache/mozilla/firefox/a3xevaya.default-release/.startup-incomplete	Jump to behavior

Source: /usr/bin/exo-open (PID: 6249)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/exo-2/exo-helper-2 (PID: 6251)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6252)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6257)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/dbus-launch (PID: 6297)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6337)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6378)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6442)	Queries kernel information via 'uname':	Jump to behavior

Source: /usr/lib/firefox/firefox (PID: 6275)

Arguments: /usr/bin/lsb_release -> /usr/bin/lsb_release -idrc

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	1 Hide Artifacts	OS Credential Dumping	1 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Hidden Files and Directories	LSASS Memory	1 File and Directory Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://greensofttech1-my.sharepoint.com/:f:/g/personal/stella_huang_greensofttech1_onmicrosoft_com/EuOSopXBEUpFhaHAwqFRDM8BeWLY-Gsl0U9Az2fOy4x80A?e=GhPegT&xsdata=MDV8MDJ8TVB1Z2FAaHljaXRlLmNvbXxjMDM5NmJhZjcxOTM0YzBkMTc3ZDA4ZGQxMzcwNWQ3MnxmYzVjNjhmNjk3ZjM0ZWZlYjY4OWViNWMxMjM0ZjgyMXwwfDB8NjM4Njg4MDk1NTQ0NTA0NzA2fFVua25vd258VFdGcGJHWnNiM2Q4ZXlKRmJYQjBlVTFoY0draU9uUnlkV1VzSWxZaU9pSXdMakF1TURBd01DSXNJbEFpT2lKWGFXNHpNaUlzSWtGT0lqb2lUV0ZwYkNJc0lsZFVJam95ZlE9PXwwfHx8&sdata=SVpsejJNYUlwY213VjNreGxSNU1LaFJXcnpXS3pwWjhYR2k5ZUthLzlsMD0%3d	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://greensofttech1-my.sharepoint.com/	0%	Avira URL Cloud	safe
https://remote-settings.readthedocs.io	0%	Avira URL Cloud	safe
https://greensofttech1-my.sharepoint.com/:f:/g/personal/stella_huang_greensofttech1_onmicrosoft_com/	0%	Avira URL Cloud	safe
https://firefox.dns.next	0%	Avira URL Cloud	safe
https://settings.stage.mozaws.net/v1/buckets/main-preview/collections/search-config/records	0%	Avira URL Cloud	safe
https://trr.dns.nextdns.io/	0%	Avira URL Cloud	safe
https://settings.stage.mozaws.net/v1/buckets/main/collections/search-config/records	0%	Avira URL Cloud	safe
https://greensofttech1-my.sharepoint.com/predictor::seen1	0%	Avira URL Cloud	safe
https://nam12.safelinks.protection.outlook.comd.	0%	Avira URL Cloud	safe
http://kinto.readthedocs.io/en/latest/tutorials/synchronisation.html#polling-for-remote-changes	0%	Avira URL Cloud	safe
https://answers.launchpad.net/ubuntu/	0%	Avira URL Cloud	safe
https://greensofttech1-my.sharepoint.com	0%	Avira URL Cloud	safe
https://answers.launchpad.net	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
star-mini.c10r.facebook.com	157.240.252.35	true	false	high
prod.balrog.prod.cloudops.mozgcp.net	35.244.181.201	true	false	high
twitter.com	104.244.42.193	true	false	high
dual-spo-0005.spo-msedge.net	13.107.136.10	true	false	high
nam12.safelinks.eop-tm2.outlook.com	104.47.59.156	true	false	high
dyna.wikimedia.org	185.15.58.224	true	false	high
prod.remote-settings.prod.webservices.mozgcp.net	34.149.100.209	true	false	high
www.example.com	93.184.215.14	true	false	high
prod.content-signature-chains.prod.webservices.mozgcp.net	34.160.144.191	true	false	high
youtube-ui.l.google.com	172.217.19.238	true	false	high
attachments.prod.remote-settings.prod.webservices.mozgcp.net	34.117.121.53	true	false	high
reddit.map.fastly.net	151.101.1.140	true	false	high
push.services.mozilla.com	34.107.243.93	true	false	high
telemetry-incoming.r53-2.services.mozilla.com	34.120.208.123	true	false	high
www.facebook.com	unknown	unknown	false	high
greensofttech1-my.sharepoint.com	unknown	unknown	false	unknown
www.reddit.com	unknown	unknown	false	high
content-signature-2.cdn.mozilla.net	unknown	unknown	false	high
nam12.safelinks.protection.outlook.com	unknown	unknown	false	high
firefox.settings.services.mozilla.com	unknown	unknown	false	high
www.youtube.com	unknown	unknown	false	high
www.wikipedia.org	unknown	unknown	false	high
firefox-settings-attachments.cdn.mozilla.net	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
https://firefox.settings.services.mozilla.com/v1/	false	high
https://nam12.safelinks.protection.outlook.com/Content/Scripts/safelinksv2.css	false	high
https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgreensofttech1-my.sharepoint.com%2F%3Af%3A%2Fg%2Fpersonal%2Fstella_huang_greensofttech1_onmicrosoft_com%2FEuOSopXBEUpFhaHAwqFRDM8BeWLY-Gsl0U9Az2fOy4x80A%3Fe%3DGhPegT&data=05%7C02%7Cmpuga%40hycite.com%7Cc0396baf71934c0d177d08dd13705d72%7Cfc5c68f697f34efeb689eb5c1234f821%7C0%7C0%7C638709264060840847%7CBad%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyLCJBUCI6eyJGSWQiOiIxOTMyNDYiLCJGTGJsIjoiVVNfMjA4X0NvbnRlbnQiLCJHZW8iOiJOQU0iLCJSZXFJZCI6IjEyYmU3MWExLTgwZWYtNzAwMC02MTExLWU4ZDgyODhkMTg5NSIsIk1JZCI6Ijc3Mzc2MzAiLCJNTmFtZSI6IlVTUjE5MzI0Ni0yNDAiLCJDbGllbnRJUCI6IjguNDYuMTIzLjE4OSIsIkNsaWVudC1BZ2VudCI6Ik1vemlsbGEvNS4wIChYMTE7IFVidW50dTsgTGludXggeDg2XzY0OyBydjo5MS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzkxLjAiLCJDSUQtT3JpZ2luIjoiU1BPIn19%7C1%7CYzAzOTZiYWYtNzE5My00YzBkLTE3N2QtMDhkZDEzNzA1ZDcy%7C6dd2cea9a5cf426dad8708dd26b10f0a%7C14be71a1f00070006111e2c8db3b2c2b&sdata=0R1IqC4YI94knkL4%2F2aQ3XbeMezol8MmQadD5bNehyQ%3D&reserved=0	false	high
https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-language-packs/b8aa99dd-b2b6-4312-8c40-d15867393b13.ftl	false	high
https://nam12.safelinks.protection.outlook.com/Content/Scripts/site.js	false	high
https://push.services.mozilla.com/	false	high
https://greensofttech1-my.sharepoint.com/:f:/g/personal/stella_huang_greensofttech1_onmicrosoft_com/EuOSopXBEUpFhaHAwqFRDM8BeWLY-Gsl0U9Az2fOy4x80A?e=GhPegT&xsdata=MDV8MDJ8TVB1Z2FAaHljaXRlLmNvbXxjMDM5NmJhZjcxOTM0YzBkMTc3ZDA4ZGQxMzcwNWQ3MnxmYzVjNjhmNjk3ZjM0ZWZlYjY4OWViNWMxMjM0ZjgyMXwwfDB8NjM4Njg4MDk1NTQ0NTA0NzA2fFVua25vd258VFdGcGJHWnNiM2Q4ZXlKRmJYQjBlVTFoY0draU9uUnlkV1VzSWxZaU9pSXdMakF1TURBd01DSXNJbEFpT2lKWGFXNHpNaUlzSWtGT0lqb2lUV0ZwYkNJc0lsZFVJam95ZlE9PXwwfHx8&sdata=SVpsejJNYUlwY213VjNreGxSNU1LaFJXcnpXS3pwWjhYR2k5ZUthLzlsMD0%3d	false	unknown
https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US	false	high
https://nam12.safelinks.protection.outlook.com/Content/images/cross.png	false	high
https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2021-09-19-15-17-11.chain	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://greensofttech1-my.sharepoint.com/	19F3C9BFFFB226064E4C7D82B0316E390EE79530.42.dr	false	Avira URL Cloud: safe	unknown
https://www.google.com/policies/privacy/	scriptCache-new.bin.42.dr	false		high
https://settings.stage.mozaws.net/v1/buckets/main-preview/collections/search-config/records	scriptCache-new.bin.42.dr	false	Avira URL Cloud: safe	unknown
https://support.mozilla.org/kb/	scriptCache-new.bin.42.dr	false		high
http://www.debian.org/gro.naibed.www.	places.sqlite-wal.42.dr	false		high
https://yandex.com	scriptCache-new.bin.42.dr	false		high
http://www.ubuntu.com	places.sqlite-wal.42.dr	false		high
https://trr.dns.nextdns.io/	scriptCache-new.bin.42.dr	false	Avira URL Cloud: safe	unknown
https://bugzilla.mozilla.org/show_bug.cgi?id=921157	scriptCache-new.bin.42.dr	false		high
https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgreensofttech1-my.sharepoint.com%2	places.sqlite-wal.42.dr, 2EB498719AE24260CCB27F5835DFD94AE777B4CB.42.dr, 0D2746162CF9693A6244B4819CF2FB1C4335D110.42.dr	false		high
https://developer.mozilla.org/en-US/docs/JavaScript_OS.File/OS.File.Info#Cross-platform_Attributes	scriptCache-new.bin.42.dr	false		high
https://private.canadianshield.cira.ca/dns-query	3870112724rsegmnoittet-es.sqlite.42.dr, 3870112724rsegmnoittet-es.sqlite-wal.42.dr	false		high
http://mozilla.org/MPL/2.0/.	asrouter.ftl.tmp.42.dr, 37373F56CBD822F5FCF64BA01E1320A0924D8460.42.dr	false		high
http://www.ubuntu.com/moc.utnubu.www.	places.sqlite-wal.42.dr	false		high
https://bugzilla.mozilla.org/show_bug.cgi?id=1238180	scriptCache-new.bin.42.dr	false		high
https://ebay.com	scriptCache-new.bin.42.dr	false		high
https://www.openh264.org/	scriptCache-new.bin.42.dr	false		high
http://pki.goog/repo/certs/gtsr1.der04	cert9.db-journal.42.dr, cert9.db.42.dr	false		high
https://www.google.com	places.sqlite-wal.42.dr	false		high
https://firefox.dns.next	3870112724rsegmnoittet-es.sqlite.42.dr, 3870112724rsegmnoittet-es.sqlite-wal.42.dr	false	Avira URL Cloud: safe	unknown
https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings	scriptCache-new.bin.42.dr	false		high
https://support.mozilla.org/en-US/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=fire	places.sqlite-wal.42.dr	false		high
https://www.google.com/search?channel=fs&client=ubuntu&q=googlegoogle	places.sqlite-wal.42.dr	false		high
https://nam12.safelinks.protection.outlook.com	places.sqlite-wal.42.dr, 0D2746162CF9693A6244B4819CF2FB1C4335D110.42.dr	false		high
https://twitter.com	scriptCache-new.bin.42.dr	false		high
http://x1.c.lencr.org/0	cert9.db-journal.42.dr, cert9.db.42.dr	false		high
http://x1.i.lencr.org/0	cert9.db-journal.42.dr, cert9.db.42.dr	false		high
https://firefox.dns.nextdns.io/	scriptCache-new.bin.42.dr	false		high
https://remote-settings.readthedocs.io	F8CBD54DDA10F4286A41EC6A537240712D6C2308.42.dr	false	Avira URL Cloud: safe	unknown
https://profiler.firefox.com	scriptCache-new.bin.42.dr	false		high
http://json-schema.org/draft-04/schema#	scriptCache-new.bin.42.dr	false		high
http://www.debian.org	places.sqlite-wal.42.dr	false		high
https://greensofttech1-my.sharepoint.com/:f:/g/personal/stella_huang_greensofttech1_onmicrosoft_com/	2EB498719AE24260CCB27F5835DFD94AE777B4CB.42.dr, 0D2746162CF9693A6244B4819CF2FB1C4335D110.42.dr	false	Avira URL Cloud: safe	unknown
https://mozilla.cloudflare-dns.com/dns-query	3870112724rsegmnoittet-es.sqlite.42.dr, 3870112724rsegmnoittet-es.sqlite-wal.42.dr	false		high
https://greensofttech1-my.sharepoint.com/predictor::seen1	19F3C9BFFFB226064E4C7D82B0316E390EE79530.42.dr	false	Avira URL Cloud: safe	unknown
https://doh.xfinity.com/dns-query	3870112724rsegmnoittet-es.sqlite.42.dr, 3870112724rsegmnoittet-es.sqlite-wal.42.dr	false		high
https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/	254256B27E0C48CF9B80B695F0B3B8CA84610495.42.dr	false		high
http://kinto.readthedocs.io/en/latest/tutorials/synchronisation.html#polling-for-remote-changes	F8CBD54DDA10F4286A41EC6A537240712D6C2308.42.dr	false	Avira URL Cloud: safe	unknown
https://support.mozilla.org/en-US/products/firefoxgro.allizom.troppus.	places.sqlite-wal.42.dr	false		high
https://nam12.safelinks.protection.outlook.comd.	places.sqlite-wal.42.dr	false	Avira URL Cloud: safe	unknown
https://www.widevine.com/	scriptCache-new.bin.42.dr	false		high
http://crl.rootca1.amazontrust.com/rootca1.crl0	cert9.db-journal.42.dr, cert9.db.42.dr	false		high
https://settings.stage.mozaws.net/v1/buckets/main/collections/search-config/records	scriptCache-new.bin.42.dr	false	Avira URL Cloud: safe	unknown
http://crl.pki.goog/gtsr1/gtsr1.crl0W	cert9.db-journal.42.dr, cert9.db.42.dr	false		high
https://developer.mozilla.org/en-US/Add-ons/WebExtensions/manifest.json/commands#Key_combinations	scriptCache-child-new.bin.42.dr	false		high
http://ocsp.rootca1.amazontrust.com0:	cert9.db-journal.42.dr, cert9.db.42.dr	false		high
http://wiki.ubuntu.com/moc.utnubu.ikiw.	places.sqlite-wal.42.dr	false		high
https://support.mozilla.org/kb/warning-unresponsive-script#w_other-causes	scriptCache-new.bin.42.dr	false		high
https://pki.goog/repository/0	cert9.db-journal.42.dr, cert9.db.42.dr	false		high
https://answers.launchpad.net/ubuntu/	places.sqlite-wal.42.dr	false	Avira URL Cloud: safe	unknown
https://firefox.settings.services.mozilla.com/v1	scriptCache-new.bin.42.dr	false		high
https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-language-packs/b8aa99dd-b2b6-	37373F56CBD822F5FCF64BA01E1320A0924D8460.42.dr	false		high
https://duckduckgo.com	scriptCache-new.bin.42.dr	false		high
https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-config/records	scriptCache-new.bin.42.dr	false		high
https://github.com/Kinto/kinto-attachment/	F8CBD54DDA10F4286A41EC6A537240712D6C2308.42.dr	false		high
https://answers.launchpad.net	places.sqlite-wal.42.dr	false	Avira URL Cloud: safe	unknown
https://amazon.com	scriptCache-new.bin.42.dr	false		high
http://crt.rootca1.amazontrust.com/rootca1.cer0?	cert9.db-journal.42.dr, cert9.db.42.dr	false		high
http://wiki.ubuntu.com	places.sqlite-wal.42.dr	false		high
https://support.mozilla.org/kb/firefox-crashes-troubleshoot-prevent-and-get-help	scriptCache-new.bin.42.dr	false		high
https://firefox-settings-attachments.cdn.mozilla.net/	F8CBD54DDA10F4286A41EC6A537240712D6C2308.42.dr	false		high
https://support.mozilla.org/kb/flash-protected-mode-autodisabled	scriptCache-new.bin.42.dr	false		high
https://support.mozilla.org	places.sqlite-wal.42.dr	false		high
https://spo.nel.measure.office.net/api/report?tenantId=00000000-0000-0000-0000-000000000000&destinat	2EB498719AE24260CCB27F5835DFD94AE777B4CB.42.dr	false		high
http://crl.pki.goog/gsr2/gsr2.crl0?	cert9.db-journal.42.dr, cert9.db.42.dr	false		high
https://google.com	scriptCache-new.bin.42.dr	false		high
https://hg.mozilla.org/releases/mozilla-release/rev/7dafd5f51c0afd1ae627bb4762ac0c140a6cd5f5	scriptCache-new.bin.42.dr	false		high
https://greensofttech1-my.sharepoint.com	places.sqlite-wal.42.dr	false	Avira URL Cloud: safe	unknown
https://nam12.safelinks.protection.outlook.com/?url=4	recovery.jsonlz4.tmp.42.dr	false		high
https://firefox.settings.services.mozilla.com/v1/buckets/main-preview/collections/search-config/reco	scriptCache-new.bin.42.dr	false		high
https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-202	5FFD69415953BE9CE9C07B2E9C26DA959ADEA6CB.42.dr	false		high
https://baidu.com	scriptCache-new.bin.42.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
13.107.138.10	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
34.117.121.53	attachments.prod.remote-settings.prod.webservices.mozgcp.net	United States	139070	GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	false
104.47.55.156	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
34.149.100.209	prod.remote-settings.prod.webservices.mozgcp.net	United States	2686	ATGS-MMD-ASUS	false
34.160.144.191	prod.content-signature-chains.prod.webservices.mozgcp.net	United States	2686	ATGS-MMD-ASUS	false
109.202.202.202	unknown	Switzerland	13030	INIT7CH	false
34.107.243.93	push.services.mozilla.com	United States	15169	GOOGLEUS	false
91.189.91.43	unknown	United Kingdom	41231	CANONICAL-ASGB	false
91.189.91.42	unknown	United Kingdom	41231	CANONICAL-ASGB	false

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

/home/saturnino/.cache/dconf/user

Download File

Process:	/usr/lib/firefox/firefox
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	93B885ADFE0DA089CDF634904FD59F71
SHA1:	5BA93C9DB0CFF93F52B521D7420E43F6EDA2784F
SHA-256:	6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D
SHA-512:	B8244D028981D693AF7B456AF8EFA4CAD63D282E19FF14942C246E50D9351D22704A802A71C3580B6370DE4CEB293C324A8423342557D4E5C38438F0E36910EE
Malicious:	false
Reputation:	low
Preview:	.

/home/saturnino/.cache/mozilla/firefox/a3xevaya.default-release/cache2/entries/0D2746162CF9693A6244B4819CF2FB1C4335D110

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	20630
Entropy (8bit):	6.114858241415126
Encrypted:	false
SSDEEP:	384:QpDdX7xcp5cDrTOf0Xk6/V7NxSu604jUu1fh8T6gEgs6ATaIdLDeDZ:Ec9O/V7NUgyUuHk6vgs6ca83MZ
MD5:	9A3C011DE893D520E530BAC7455A8868
SHA1:	138EE25AA26D9B63B6C6B986E3DEAB1D96C41910
SHA-256:	D9B412878910FEDB6BD2C91F2B6EAF5F4C40B8E1BA0C76F048A4B163AD9827B6
SHA-512:	EEFAD501496E1120191DC451329B9777DA15568DBA61D55AB19C9F25B216395AC7665F899930B154D74F2CF15CFDF6C20172248676AC707CD79047F6923C5C3A
Malicious:	true
Yara Hits:	Rule: JoeSecurity_BlockedWebSite, Description: Yara detected BlockedWebSite, Source: /home/saturnino/.cache/mozilla/firefox/a3xevaya.default-release/cache2/entries/0D2746162CF9693A6244B4819CF2FB1C4335D110, Author: Joe Security
Reputation:	low
Preview:	<!doctype html>..<html>..<head>.. <meta charset="UTF-8">.. <title>Microsoft Defender for Office 365</title>.. <meta name="referrer" content="same-origin" />.. <meta name="robots" content="noindex,nofollow" />.. <link rel="icon" href="data:,">.... <base href="https://nam12.safelinks.protection.outlook.com">.... <link href="/Content/Scripts/safelinksv2.css" rel="stylesheet" />.. <script src="/Content/Scripts/site.js" type="text/javascript"></script>..</head>..<body>.. <div id="header_container_branding" style="background-color: #F3F3F5;">.. <div id="header_branding">.. <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAMgAAAAwCAYAAABUmTXqAAAACXBIWXMAAC4jAAAuIwF4pT92AAAGlmlUWHRYTUw6Y29tLmFkb2JlLnhtcAAAAAAAPD94cGFja2V0IGJlZ2luPSLvu78iIGlkPSJXNU0wTXBDZWhpSHpyZVN6TlRjemtjOWQiPz4gPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iQWRvYmUgWE1QIENvcmUgOS4wLWMwMDAgNzkuMTcxYzI3ZiwgMjAyMi8wOC8xNi0xODowMjo0MyAgICAgICAgI

/home/saturnino/.cache/mozilla/firefox/a3xevaya.default-release/cache2/entries/19F3C9BFFFB226064E4C7D82B0316E390EE79530

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	119
Entropy (8bit):	4.669095525616202
Encrypted:	false
SSDEEP:	3:ssl0jKOJO3BR7bTvX3XDkHAu3NVArLJX8sX3u+llln:sslgA7LXD2HVAfqsHHl/n
MD5:	12D2A48BB790FBADAFE18B69366E804A
SHA1:	0DAD00F8C0EB8FB2AE506D54A3716B387C48C97B
SHA-256:	49F3C661076090DF20E2175EEDA3F950536CB78BEAC4182455D5D0C0365509DF
SHA-512:	620C191852B2B7DE0E0435B857045B9DD6CC93A71BAF6BB26659E6D0B5A298D9E711A911F92D51F77390A8F0707720DAC426BF25840B9BEE1FC233EFC420329B
Malicious:	false
Reputation:	low
Preview:	..".........go.Hgo.HG..).......<....~predictor-origin,:https://greensofttech1-my.sharepoint.com/.predictor::seen.1.....

/home/saturnino/.cache/mozilla/firefox/a3xevaya.default-release/cache2/entries/254256B27E0C48CF9B80B695F0B3B8CA84610495

Download File

Process:	/usr/lib/firefox/firefox
File Type:	JSON data
Category:	dropped
Size (bytes):	15960
Entropy (8bit):	6.077885491085659
Encrypted:	false
SSDEEP:	384:T3KET3KE8AmvIMvI63KET3KE8AmvIMvI+:T3KET3KE8AgIyI63KET3KE8AgIyI+
MD5:	44ADFEA7537BB22ED5F69684EEF67078
SHA1:	0FC8178FFF987C35D7131CF63F175603A4228704
SHA-256:	08691043299B9DB3867CE7DD342D8822DAF8029A4614D471FBB81A5FFA68B21C
SHA-512:	5AD803C2A7A9A4FDD1D037408E25D7D700789A9683A919AFB1CB0846786B11B4478AD5FF9169B269E3F394B42F00F9093803063487C7F6EF2E93C9422317A0D2
Malicious:	false
Reputation:	low
Preview:	{"permissions":{},"data":{"attachment":{"hash":"7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798","size":15829,"filename":"asrouter.ftl","location":"main-workspace/ms-language-packs/b8aa99dd-b2b6-4312-8c40-d15867393b13.ftl","mimetype":"application/octet-stream"},"id":"cfr-v1-en-US","last_modified":1733178311775}}..*../............go.VG..3go.u...q....:https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEANgFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAXxMIIF7TCCA9WgAwIBAgISBMJtMDN3uE5OHv5lykaJKknXMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEqMCgGA1UECgwhVGhlIFVuaXZlcnNlIFNlY3VyaXR5IENvbXBhbnkgTHRkMSowKAYDVQQDDCFUaGUgVW5pdmVyc2UgU2VjdXJpdHkgQ29tcGFueSBMdGQwHhcNMjQxMjI2MjAwMDIzWhcNMjUxMjI2MjAwMDIzWjAmMSQwIgYDVQQDExtyZW1vdGUtc2V0dG

/home/saturnino/.cache/mozilla/firefox/a3xevaya.default-release/cache2/entries/2EB498719AE24260CCB27F5835DFD94AE777B4CB

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	14129
Entropy (8bit):	6.127049157364804
Encrypted:	false
SSDEEP:	192:Oy1hy1VwbTXM86LHfny8Lbh3ycJRniH8jjt8+RZFPP6s+gyww2QBeFMs+gyww2Q7:/2b6i68wcHXtLMPgcPgm
MD5:	9DE45762A99E92689F02D5C8E8871DD6
SHA1:	051347EF3A65051AE748F3B21CF40A9A63EF08B0
SHA-256:	19E0386D0C041588CDC094598048B6A9267E87163E6D58B51BFACBBD90F28AE9
SHA-512:	91D68B3EF1FD2F01BEDCDCC404196A44A892077FFF456497E93E01FDF70ADC8D77A87FFD5AF71E39F05A7A36856863D5491071F4E7DC79C8DB8E62BA7229ADE3
Malicious:	false
Reputation:	low
Preview:	..........go.Bgo.BG..%.......A....O^partitionKey=%28https%2Csharepoint.com%29,:https://greensofttech1-my.sharepoint.com/:f:/g/personal/stella_huang_greensofttech1_onmicrosoft_com/EuOSopXBEUpFhaHAwqFRDM8BeWLY-Gsl0U9Az2fOy4x80A?e=GhPegT&xsdata=MDV8MDJ8TVB1Z2FAaHljaXRlLmNvbXxjMDM5NmJhZjcxOTM0YzBkMTc3ZDA4ZGQxMzcwNWQ3MnxmYzVjNjhmNjk3ZjM0ZWZlYjY4OWViNWMxMjM0ZjgyMXwwfDB8NjM4Njg4MDk1NTQ0NTA0NzA2fFVua25vd258VFdGcGJHWnNiM2Q4ZXlKRmJYQjBlVTFoY0draU9uUnlkV1VzSWxZaU9pSXdMakF1TURBd01DSXNJbEFpT2lKWGFXNHpNaUlzSWtGT0lqb2lUV0ZwYkNJc0lsZFVJam95ZlE9PXwwfHx8&sdata=SVpsejJNYUlwY213VjNreGxSNU1LaFJXcnpXS3pwWjhYR2k5ZUthLzlsMD0%3d.necko:classified.1......s:.........go.Bgo.LG..%go.L...A....O^partitionKey=%28https%2Csharepoint.com%29,:https://greensofttech1-my.sharepoint.com/:f:/g/personal/stella_huang_greensofttech1_onmicrosoft_com/EuOSopXBEUpFhaHAwqFRDM8BeWLY-Gsl0U9Az2fOy4x80A?e=GhPegT&xsdata=MDV8MDJ8TVB1Z2FAaHljaXRlLmNvbXxjMDM5NmJhZjcxOTM0YzBkMTc3ZDA4ZGQxMzcwNWQ3MnxmYzVjNjhmNjk3ZjM0ZWZlYjY4OWViNWMxMjM0ZjgyMXw

/home/saturnino/.cache/mozilla/firefox/a3xevaya.default-release/cache2/entries/37373F56CBD822F5FCF64BA01E1320A0924D8460

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	23930
Entropy (8bit):	5.59294641459759
Encrypted:	false
SSDEEP:	384:CuPngEG1xNUIzFnieWrjAED8y/YTaId3iLTzLZ:CuPgEvIzFnieeAED8y/ka83iLTzLZ
MD5:	B5D3BEF6E6AE9A0D73C48D80C1F8378C
SHA1:	2461FB3FF5FEBFC86A286D5BE7C1B0698AC19BC9
SHA-256:	B275133E26281F1D131BDAD2EE09730DC2A725B46A3CD4FEE9696E4803F6EF29
SHA-512:	DA3F4F5BA676E0D1DDD2F53E9A4431CF9AD102D6461EA28B971B5A08A79910AF05B36E8CF00FA42C13313B5F144F80997989F8399C7F1EE9DAED6B8BCE64A862
Malicious:	false
Reputation:	low
Preview:	Y.Z.........go.Xgo.XG..4............:https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-language-packs/b8aa99dd-b2b6-4312-8c40-d15867393b13.ftl.....# This Source Code Form is subject to the terms of the Mozilla Public.# License, v. 2.0. If a copy of the MPL was not distributed with this.# file, You can obtain one at http://mozilla.org/MPL/2.0/...## These messages are used as headings in the recommendation doorhanger..cfr-doorhanger-extension-heading = Recommended Extension.cfr-doorhanger-feature-heading = Recommended Feature..##..cfr-doorhanger-extension-sumo-link =. .tooltiptext = Why am I seeing this..cfr-doorhanger-extension-cancel-button = Not Now. .accesskey = N..cfr-doorhanger-extension-ok-button = Add Now. .accesskey = A..cfr-doorhanger-extension-manage-settings-button = Manage Recommendation Settings. .accesskey = M..cfr-doorhanger-extension-never-show-recommendation = Don.t Show Me This Recommendation. .accesskey = S..cfr-doorhanger-extension-learn-m

/home/saturnino/.cache/mozilla/firefox/a3xevaya.default-release/cache2/entries/47E041953657F70771DE09976C57A333DEDC4408

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	15932
Entropy (8bit):	6.039925290811884
Encrypted:	false
SSDEEP:	192:ucV2GaftA/y8Lb83yEXvQ8jjt8+RZFPPoK6cV2GaftA/y8Lb83yEXvQ8jjt8+RZb:9VIH8TEXXtLKKZVIH8TEXXtLKKr
MD5:	54792F0A2E178AC0CE4EDEB9C3A15E5E
SHA1:	841969AC943062097238CD50670F7B70D00E194C
SHA-256:	5811EAA213C70F8B59F5C719D335F4F490AD4187BE821CBD7CEA05336D7E728C
SHA-512:	21200C6F7C6903F0484AA4837B7FD86E36B23614ED359D6D51215F800A88E8817F1541B5BA0360624E75A60241AA666356ECF1E849704761665114DD166C3DC6
Malicious:	false
Reputation:	low
Preview:	rI..........go.Tgo.VG..1go.V........a,~1735329597,:https://incoming.telemetry.mozilla.org/submit/firefox-desktop/deletion-request/1/a5f7d124-2a4b-4e86-9504-468bc4cb89a7.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEANgFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAX1MIIF8TCCA9mgAwIBAgIQA5q//bDwriMfOZM6B/QDRTANBgkqhkiG9w0BAQsFADCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xKjAoBgNVBAoMIVRoZSBVbml2ZXJzZSBTZWN1cml0eSBDb21wYW55IEx0ZDEqMCgGA1UEAwwhVGhlIFVuaXZlcnNlIFNlY3VyaXR5IENvbXBhbnkgTHRkMB4XDTI0MTIyNjIwMDAyMloXDTI1MTIyNjIwMDAyMlowgYExCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMScwJQYDVQQDEx5pbmNvbWluZy50ZWxlbWV0cnkubW96aWxsYS5vcmcwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQCgPA4uO6s1wm+qmnnp5A59xtrpquj/lRuV0HSuQkFSZ3/qKtANUkXIQPlNqEClSl+NM/PVNHQTLTyEyWkC03HsesmwoO4PV7ZyhQRF+tA0tpN+ZzDJtwxQqBRntrw2EJ0

/home/saturnino/.cache/mozilla/firefox/a3xevaya.default-release/cache2/entries/5FFD69415953BE9CE9C07B2E9C26DA959ADEA6CB

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	7590
Entropy (8bit):	6.063694305115394
Encrypted:	false
SSDEEP:	192:xXNaamqj4jKpby8LbL3yBafTJtLo8tfbaI8j3qRFfELE:HaC4j/8OcbJrtTaIdRREQ
MD5:	EF44732293B73D1EDC12D885AF1C0954
SHA1:	546C9D45BD5E391B37A2B5D7D2D0236EC7B61BDA
SHA-256:	F0740B47A9B1BDA775AED4FC4AF17B1CF20468042F895E5A011C202EAC903C9C
SHA-512:	58147202B2D689DE2AEEFFA635B510B0A12A4FEFE1D61E719BC575ACB9DE4C56099E1E4E4A42966A426CF841E897E24146F27B8850F63AA313069E5431F9E8ED
Malicious:	false
Reputation:	low
Preview:	.yI.z.........go.Bgo.HG..%go.:...{....:https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2021-09-19-15-17-11.chain.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEANgFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAWoMIIFpDCCA4ygAwIBAgISBLLQLOSenMPJpuXUqA1arqJHMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEqMCgGA1UECgwhVGhlIFVuaXZlcnNlIFNlY3VyaXR5IENvbXBhbnkgTHRkMSowKAYDVQQDDCFUaGUgVW5pdmVyc2UgU2VjdXJpdHkgQ29tcGFueSBMdGQwHhcNMjQxMjI2MjAwMDA0WhcNMjUxMjI2MjAwMDA0WjAuMSwwKgYDVQQDEyNjb250ZW50LXNpZ25hdHVyZS0yLmNkbi5tb3ppbGxhLm5ldDCCASAwDQYJKoZIhvcNAQEBBQADggENADCCAQgCggEBAKA8Di47qzXCb6qaeenkDn3G2umq6P+VG5XQdK5CQVJnf+oq0A1SRchA+U2oQKVKX40z89U0dBMtPITJaQLTcex6ybCg7g9XtnKFBEX60DS2k35nMMm3DFCoFGe2vDYQnThQmvA9ldGiSQ4eLD7AgoIBEnGuxnTSLojMQsMu6ldjKXizZG1MLAZAQbobJOoH6ZVYNI8IRmcQhHNJcryKt9PLUfsEB7HSZEHmRodfCRluMLXxL5WMNj

/home/saturnino/.cache/mozilla/firefox/a3xevaya.default-release/cache2/entries/85B78A1A718FD71B967FD9E87FAC8B490506EBCE

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	11915
Entropy (8bit):	6.119620043604072
Encrypted:	false
SSDEEP:	192:MmmqvWCiLfxpSgfsHjrAwHkVwLlVfNff0e8TamqKegEvIsXqAfbaI8j3qdo5qo5H:Mm9WCiL5UgfijrAVu1fh8T6gEgs6ATal
MD5:	8DC63A8FD3910073A0FC04BC8BD349F4
SHA1:	246D4AA5AAD73BC23477128093B2B128846E0236
SHA-256:	7B07CC14B3559DF301A09DF87613D442B93392106AC3A618ED7ED94C09CB326A
SHA-512:	F072F1830E25D55D8755017E17E46D8EB8D2BF1286ED6D26A9F9D5DEC1A1F1C9187A0951C17373F6C4B2D2EE43F3334B6FD4B554EBD170F54880199F10895380
Malicious:	false
Reputation:	low
Preview:	@charset "UTF-8";../* CSS Document */....body{...margin:0px;...padding:0px;..}....div{.. text-align:left;..}....#recommendation_container{...width:100%;..}....#icon img {...margin-left: 40px;...margin-top: 45px;..}....#url {height: 32px;..background-color: #f4f4f4;..margin-left: 40px;..margin-right: 40px;..margin-bottom: 20px;..margin-top: 0px;..font-family: Segoe, "Segoe UI", "DejaVu Sans", "Trebuchet MS", Verdana, "sans-serif";..display: inline-block;..}....#url p {...margin:4px 12px;..}......#close {height: 32px;..background-color: #0078d7;..margin-left: 40px;..margin-right:40px;..margin-top:20px;..padding: 4px 12px 8px 12px;..font-family: Segoe, "Segoe UI", "DejaVu Sans", "Trebuchet MS", Verdana, "sans-serif";..width: auto;..display: inline-block;..color: #fff;..border: 0;...font-size:100%;..}....#text {...margin-left:40px;...margin-right: 40px;...margin-top: 0px;...font-family: Segoe, "Segoe UI", "DejaVu Sans", "Trebuchet MS", Verdana, "sans-serif";..}....#tips {...margin-left:

/home/saturnino/.cache/mozilla/firefox/a3xevaya.default-release/cache2/entries/8FE5899A52ED3FA53CC6B76C120A9E60856D9A07

Download File

Process:	/usr/lib/firefox/firefox
File Type:	PNG image data, 186 x 200, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	33625
Entropy (8bit):	5.650978949833531
Encrypted:	false
SSDEEP:	768:E35Ki7PGJNJBZOpZKevYuHk6vgs6ca8ajxjU:JuPqUrm6otr8ajxjU
MD5:	10F9AA7CCCF9ECC23C1C48D145E2C2C3
SHA1:	B48EE388A8A0FC49459B91D82403AAC18484F3A2
SHA-256:	94E32498AB6132C47239A4D071E4FB01554B7301412AC475D7AC1FC80E2AC16C
SHA-512:	97EAD7A0F19A658E2C8A1158EF548E1C352BAE90AD20234F11E61FDC720985D914AC099A7542D491240F2BFEFC5E0B1480A26EBC33C3E3F8FD03C22F71AD0216
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR............._..;....pHYs...%...%.IR$....OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

/home/saturnino/.cache/mozilla/firefox/a3xevaya.default-release/cache2/entries/B3F6EC0DC12711CC1E5D30B917A3B5BFB83A5800

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	9591
Entropy (8bit):	6.160314684847342
Encrypted:	false
SSDEEP:	192:pinoE/B9Ga/wLlVfNff0e8TamqKegEvIsXqAfbaI8j3qnS9Sk:pio89hu1fh8T6gEgs6ATaIdnS9Sk
MD5:	C67CB6341C2D2DD5CDDC0EC02F158800
SHA1:	3BC5A50CA010D43C4DAACCA0C0563F6ECFBD6FEC
SHA-256:	552D9231DE528D9D72E992A4974BF979617E9AFA07AC7F8AF33FD57720125758
SHA-512:	8934E29345844C1EF0C40EFDB3B940C707A63303CF197E0677BC04B1B74D1A0775D5EAC0BF7598A19564A770E222C4D3335323533F4B3E34688EB73CF825FE28
Malicious:	false
Reputation:	low
Preview:	window.onload = function OnLoadHandler(){...if (window.history.length <= 1) {....document.getElementById("close").style.display = "none";...}..}....var theme = null;..try {.. (function (URLSearchParams, str) {.. if (!new URLSearchParams(window.location.search).get(str)){....throw URLSearchParams;...}....var urlParams = new URLSearchParams(window.location.search);....if (urlParams.has(str)){.....theme = String(urlParams.get(str));....}.. }(URLSearchParams, "theme"));..} catch(URLSearchParams){...var params = {}...var parts = window.location.search.substring(1).split('&');...for (var i = 0; i < parts.length; i++) {....var val = parts[i].split('=');....if (!val[0]) continue;....params[val[0]] = val[1] \|\| true;...}...theme = params["theme"];...}....// Load theme specific css..if (theme === "dark"){...AddCSS("Safelinksv2-dark.css");..}..else if (theme === "contrast"){...AddCSS("Safelinksv2-highcontrast.css")..}....// Add CSS based on theme..function AddCSS(fileName){... var ss = docume

/home/saturnino/.cache/mozilla/firefox/a3xevaya.default-release/cache2/entries/F8CBD54DDA10F4286A41EC6A537240712D6C2308

Download File

Process:	/usr/lib/firefox/firefox
File Type:	JSON data
Category:	dropped
Size (bytes):	8508
Entropy (8bit):	6.082310981020288
Encrypted:	false
SSDEEP:	192:6Tpb3cPrVNuTf3cPrVNuTYNbZovSd9hd9n:6Tpb3KET3KE8A29L9n
MD5:	28F3181C2D4BB5008A9D0EDDF9B43028
SHA1:	301B689704C0BF06B39D465CECF8D6DB1BB02E12
SHA-256:	91413E17E4DFC17B6587DDCB322EA91B8C9F5F3D6A2F512D3439A8D45FE02F37
SHA-512:	BED6C189F1C8DE9A3C4AC5D6CFB0E27DB427EAD55D3F30DE40E24CCFA7BDF2A38BF4A83A62B0575CECF9E3707289ABE0FDDBEF089C5C552AC24A2422994BC8C4
Malicious:	false
Reputation:	low
Preview:	{"project_name":"Remote Settings PROD","project_version":"19.3.0","http_api_version":"1.22","project_docs":"https://remote-settings.readthedocs.io","url":"https://firefox.settings.services.mozilla.com/v1/","settings":{"explicit_permissions":false,"batch_max_requests":25,"readonly":true},"capabilities":{"changes":{"description":"Track modifications of records in Kinto and store the collection timestamps into a specific bucket and collection.","url":"http://kinto.readthedocs.io/en/latest/tutorials/synchronisation.html#polling-for-remote-changes","version":"32.8.0","collections":["/buckets/blocklists","/buckets/blocklists-preview","/buckets/main","/buckets/main-preview","/buckets/security-state","/buckets/security-state-preview"]},"attachments":{"description":"Add file attachments to records","url":"https://github.com/Kinto/kinto-attachment/","version":"7.0.0","base_url":"https://firefox-settings-attachments.cdn.mozilla.net/"}}}..c{..........go.Wgo.XG..3go.....2....:https://firefox.settin

/home/saturnino/.cache/mozilla/firefox/a3xevaya.default-release/settings/main/ms-language-packs/asrouter.ftl.tmp

Download File

Process:	/usr/lib/firefox/firefox
File Type:	Unicode text, UTF-8 text
Category:	dropped
Size (bytes):	15829
Entropy (8bit):	4.8063055926523655
Encrypted:	false
SSDEEP:	192:63/CCBmqCIKJumwOGmnOq6b4b9C4GoTlbo2ofF9/cFnSPhxtj3tCiwwau13151iS:OuPngEG1xNUIzFnieWrc
MD5:	96C542DEC016D9EC1ECC4DDDFCBAAC66
SHA1:	6199F7648BB744EFA58ACF7B96FEE85D938389E4
SHA-256:	7F32769D6BB4E875F58CEB9E2FBFDC9BD6B82397ECA7A4C5230B0786E68F1798
SHA-512:	CDA2F159C3565BC636E0523C893B293109DE2717142871B1EC78F335C12BAD96FC3F62BCF56A1A88ABDEED2AC3F3E5E9A008B45E24D713E13C23103ACC15E658
Malicious:	false
Reputation:	low
Preview:	# This Source Code Form is subject to the terms of the Mozilla Public.# License, v. 2.0. If a copy of the MPL was not distributed with this.# file, You can obtain one at http://mozilla.org/MPL/2.0/...## These messages are used as headings in the recommendation doorhanger..cfr-doorhanger-extension-heading = Recommended Extension.cfr-doorhanger-feature-heading = Recommended Feature..##..cfr-doorhanger-extension-sumo-link =. .tooltiptext = Why am I seeing this..cfr-doorhanger-extension-cancel-button = Not Now. .accesskey = N..cfr-doorhanger-extension-ok-button = Add Now. .accesskey = A..cfr-doorhanger-extension-manage-settings-button = Manage Recommendation Settings. .accesskey = M..cfr-doorhanger-extension-never-show-recommendation = Don.t Show Me This Recommendation. .accesskey = S..cfr-doorhanger-extension-learn-more-link = Learn more..# This string is used on a new line below the add-on name.# Variables:.# $name (String) - Add-on author name.cfr-doorhanger-extension-author =

/home/saturnino/.cache/mozilla/firefox/a3xevaya.default-release/startupCache/scriptCache-child-new.bin

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	528133
Entropy (8bit):	5.067594388010848
Encrypted:	false
SSDEEP:	6144:3ykPreu5AMr56pLwC4tbkd2+aPZLucfYJoRilo3sxz6tmS35:iGGW8LwC4tpS9JCsIV35
MD5:	8DF4A99C62C110AE29C74B6D8C8DC10A
SHA1:	0F983A533B8A32A0AC098338A7EF2BA5ACA954D8
SHA-256:	8962BFB31C3C3DF8D624CD1CF295D619D34898A9DC44325C1CE7EB46301A71E0
SHA-512:	0265F2F91BF8F6F850593CBB801F9F353329B1080ABD387C45CE52AA1BA6E09FDE08C551AB7EFD9E9C270C7DFAFA5675B790E6381BCC940C1DF9753320871C7E
Malicious:	false
Reputation:	low
Preview:	mozXDRcachev002.5....chrome://global/content/process-content.js.chrome://global/content/process-content.js....`....6.resource://gre/modules/extensionProcessScriptLoader.js6.resource://gre/modules/extensionProcessScriptLoader.js`...4....1.resource://gre/modules/ExtensionProcessScript.jsmF.jsloader/non-syntactic/resource/gre/modules/ExtensionProcessScript.jsm.....X...).resource://gre/modules/MessageChannel.jsm>.jsloader/non-syntactic/resource/gre/modules/MessageChannel.jsm0]..h....).resource://gre/modules/ExtensionUtils.jsm>.jsloader/non-syntactic/resource/gre/modules/ExtensionUtils.jsm.....?... .resource://gre/modules/Timer.jsm5.jsloader/non-syntactic/resource/gre/modules/Timer.jsmP'.......*.resource://gre/modules/ExtensionCommon.jsm?.jsloader/non-syntactic/resource/gre/modules/ExtensionCommon.jsmL=..t....".resource://gre/modules/Schemas.jsm7.jsloader/non-syntactic/resource/gre/modules/Schemas.jsm....d..../.resource://gre/modules/PrivateBrowsingUtils.jsmD.jsloader/non-syntactic/resour

/home/saturnino/.cache/mozilla/firefox/a3xevaya.default-release/startupCache/scriptCache-new.bin

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	8061681
Entropy (8bit):	5.20338035746899
Encrypted:	false
SSDEEP:	49152:rfZLE60+X3aplFYgO0+NI2tidKxgNbcuApK9llF3zyQFWjbVPU1Hd63p3sem7x:uT/R2tidKxgNbcuApKf3rabz3S
MD5:	20C9632C241B181000BA584DF93134C6
SHA1:	35A2173DB7E1624F43FD33EE06E3E892DE3CF708
SHA-256:	74E35B0F0822508BD653768873995F6FE7D89AD62703BE19C57692C2EFE8A545
SHA-512:	231CFDC8B2898F99FBB231DDF79BCEE258B5439C10A5FE2905CBF6D39D2BF604AD5EAC6A0B9AB0D3D1615758885F1115D43E8A491A1E06AA4B455F55902088CF
Malicious:	false
Reputation:	low
Preview:	mozXDRcachev002...../.resource://gre/modules/MainProcessSingleton.jsmD.jsloader/non-syntactic/resource/gre/modules/MainProcessSingleton.jsm.........#.resource://gre/modules/Services.jsm8.jsloader/non-syntactic/resource/gre/modules/Services.jsm....d....1.resource://gre/modules/CustomElementsListener.jsmF.jsloader/non-syntactic/resource/gre/modules/CustomElementsListener.jsmh...L....#.resource:///modules/BrowserGlue.jsm;.jsloader/non-syntactic/resource/app/modules/BrowserGlue.jsm.........%.resource://gre/modules/XPCOMUtils.jsm:.jsloader/non-syntactic/resource/gre/modules/XPCOMUtils.jsmP...TU...'.resource://gre/modules/AppConstants.jsm<.jsloader/non-syntactic/resource/gre/modules/AppConstants.jsm.#.......-.resource://gre/modules/ActorManagerParent.jsmB.jsloader/non-syntactic/resource/gre/modules/ActorManagerParent.jsm08..0O...-.resource://gre/modules/EnterprisePolicies.jsmB.jsloader/non-syntactic/resource/gre/modules/EnterprisePolicies.jsm`........3.resource://gre/modules/EnterprisePolici

/home/saturnino/.cache/mozilla/firefox/a3xevaya.default-release/startupCache/urlCache-new.bin

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	2359
Entropy (8bit):	4.723197587308875
Encrypted:	false
SSDEEP:	48:0oixAl2dXUGttISt3bqJtgtkt0IbFr9cHSWpVcaXBsneJrQc:76Al2dXUIIq3bAcwfWseJr3
MD5:	BBAFA4904B8EC4404105FD232E2D6BF3
SHA1:	764DC7BFD554F82C05EF43E9A8765B9CC2764A34
SHA-256:	08A0ADC928EB4C2B45C17203EA50A866128E2ACF4060A84CD6E7D301B3BBFFBD
SHA-512:	98EBCE5C1FBF9A25E1B5EED4284D2BE8948A02C4708995F81D3EC4C19E0974A1E83F4BDFF2A53C5F4129170D2C8A1327A3B62725D3449E55A6EE893A40202960
Malicious:	false
Reputation:	low
Preview:	mozURLcachev002.#....+./usr/lib/firefox/distribution/policies.json.3.chrome/browser/content/browser/built_in_addons.json.O./home/saturnino/.mozilla/firefox/a3xevaya.default-release/addonStartup.json.lz4.0.chrome/en-US/locale/en-US/global/intl.properties.../usr/lib/firefox/distribution/distribution.ini.7.chrome/en-US/locale/en-US/global/aboutReader.properties.%.chrome/toolkit/content/global/xul.css...chrome/toolkit/skin/classic/global/tooltip.css...res/contenteditable.css.$.chrome/toolkit/res/counterstyles.css...res/designmode.css...chrome/toolkit/res/forms.css...chrome/toolkit/res/html.css...chrome/toolkit/res/mathml.css.-.chrome/toolkit/content/global/minimal-xul.css...chrome/toolkit/res/noframes.css...chrome/toolkit/res/noscript.css...chrome/toolkit/res/quirk.css.1.chrome/toolkit/skin/classic/global/scrollbars.css...res/svg.css...chrome/toolkit/res/ua.css.G./home/saturnino/.mozilla/firefox/a3xevaya.default-release/xulstore.json.%.localization/en-US/branding/brand.ftl.2.localization/e

/home/saturnino/.mozilla/firefox/a3xevaya.default-release/addonStartup.json.lz4.tmp

Download File

Process:	/usr/lib/firefox/firefox
File Type:	Mozilla lz4 compressed data, originally 17200 bytes
Category:	dropped
Size (bytes):	8599
Entropy (8bit):	6.567495269840381
Encrypted:	false
SSDEEP:	192:oftuM9K/DTZ97Xjq7XN+ftuM9K/DrZd7q/qBXoa:ofsM9eH7Tq74fsM9enZd7uqBJ
MD5:	A1D3DFDE4342A057ABB725F7326C08E9
SHA1:	A0AC57260753854C4F43CFF75497507B9570BEC7
SHA-256:	90B7DE98A0E12A8736D2D2B6A26516420A532165DE18349F16267BEBD2700AE9
SHA-512:	723DC8DA47CCD8959828C71DEE300E70B5F58AA36193497FCFFAC05AEC03CCE6E45BCD2CCAE8AF8C1F0742EF28B04311971FCE4F043D47951197CCC569E8B61B
Malicious:	false
Reputation:	low
Preview:	mozLz40.0C....{"app-system-addons":{"....reset-search-defaults@mozilla.com/..Gdependencies":[],"enabled":true,"lastModifiedTime":1629470033402,"loader":null,"path":\|.....xpi","rootURI":"jar:file:///home/saturnino/...../firefox/a3xevaya....-release/fe5...es/%7Bb2669443-b5ea-44d6-8105-fcece6050402%7D/'..... !/...unInSafeMode ..signedState":3...D...162764250...,"telemetryKey$..3%40.......:2.1.0","version":"..#},......tection..;/11....g..~...8..6....o.......&.8512593....{.....Y1.0.1......startupData...p..astentL..!er...webRequest%..onBefore...[[{"incognito..UtabId..!yp...."main_frame"],"url...."https://www.google.../\.9",!...amazon.de/exec/obidos/external3../6.ObingU..@duck..!go!..:..ebay.ch/sV...en.wikipedia.org/.../Special:S.....dwindow....},["blocking"]]]}..`,"stag..%{}.....0.{....}............`.....doh-rollout..1org.....#a147618.......r......uusr/lib..vbrowser...U.......u.....l..V..{.}org:2.0b.....{.....formautofilld.T.s...e.+.V...f.(.W..g...........g..picturein...k.T.n..w...o.+.Z...

/home/saturnino/.mozilla/firefox/a3xevaya.default-release/broadcast-listeners.json.tmp

Download File

Process:	/usr/lib/firefox/firefox
File Type:	JSON data
Category:	dropped
Size (bytes):	216
Entropy (8bit):	4.755039128811985
Encrypted:	false
SSDEEP:	6:YWLSf85jcM2MAfeKSyikXMDuQ6s/WoMmgjwHbSRmnPE2cb:YWLSf6gMAfzSy7MDNFMmqmpncBb
MD5:	3F4783C4A6E2C30C125D1A3E464B8381
SHA1:	E0341861A8E1E7A780AD941DBF2887C5C1DF734A
SHA-256:	DE1D02EC9612920EF8E6FC72D437259756D96CFB2FC6973EF69B29E3EA04C769
SHA-512:	9C580A197186EBBDB1DB70DE2945D93C68F07840BC0A207BCDEF7ECEDAC747F4B524279AD1CFE5EF32D309C0E548583AFCA912EC871F1FBC092415755EB93EBD
Malicious:	false
Reputation:	low
Preview:	{"version":1,"listeners":{"remote-settings/monitor_changes":{"version":"\"1629467836325\"","sourceInfo":{"moduleURI":"resource://services-settings/remote-settings.js","symbolName":"remoteSettingsBroadcastHandler"}}}}

/home/saturnino/.mozilla/firefox/a3xevaya.default-release/cert9.db

Download File

Process:	/usr/lib/firefox/firefox
File Type:	SQLite 3.x database, last written using SQLite version 3036000, page size 32768, file counter 9, database pages 7, cookie 0x5, schema 4, UTF-8, version-valid-for 9
Category:	dropped
Size (bytes):	458752
Entropy (8bit):	0.8648435957767462
Encrypted:	false
SSDEEP:	384:Ss1zkVmvQhyn+Zoz67gwJt2dZ60ubZI3C18+PNliMM06DZ8BX9W1zkVmvQhyn+Z6:SsbwJtZNuM+3GwJtZNuMYq
MD5:	2FF565FC926FA09CACDF2FC5B7BA5F55
SHA1:	7CBF3DEA333EE3FEAB8108E18E5F4FEB8CCEED99
SHA-256:	3747F3F63C2D47726F7ECDFFCA8333EB9521A93A2854C7455523847AC0EA545A
SHA-512:	2FDB94718FCA5E478364B6333F341D339DF3ABF808C195B48A3DB7D9D55A2FF8C57E16F5C489360404EDD124CA206E40340C64723A0F7F3165E9156F1CC83EB1
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ ..........................................................................S`.....z..{...{.{j{*z.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/home/saturnino/.mozilla/firefox/a3xevaya.default-release/cert9.db-journal

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	459912
Entropy (8bit):	0.7972083919679226
Encrypted:	false
SSDEEP:	384:A5sz6SZUdZ60ubZI3C18+PNliMM0R41zkVmvQhyn+Zoz67CXXSuZB8wJt2dZ60ug:Y+NuMil8wJtZNuM1sl
MD5:	51A26643C2C711AA6ADE3589E51D029E
SHA1:	0A961E8EA74C56E2BF338062FE4AE5A56865C2CE
SHA-256:	5EF1E104A316774D330BEE1F7BC72DCB636F90DE3AA630A7409ACC21151B4585
SHA-512:	5AA6B1D2419A1C0EC97C1962C3A6127FC182221EB0A282920A08EB2DCB02B50A58B4692643D7901B152B57E5B40A567E0E499DCA5FC1B9869327AB5A0FC9D363
Malicious:	false
Reputation:	low
Preview:	..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R..R.k........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/home/saturnino/.mozilla/firefox/a3xevaya.default-release/crashes/store.json.mozlz4.tmp

Download File

Process:	/usr/lib/firefox/firefox
File Type:	Mozilla lz4 compressed data, originally 56 bytes
Category:	dropped
Size (bytes):	66
Entropy (8bit):	4.837595020998689
Encrypted:	false
SSDEEP:	3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
MD5:	A6338865EB252D0EF8FCF11FA9AF3F0D
SHA1:	CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
SHA-256:	078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
SHA-512:	D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
Malicious:	false
Reputation:	low
Preview:	mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

/home/saturnino/.mozilla/firefox/a3xevaya.default-release/datareporting/aborted-session-ping.tmp

Download File

Process:	/usr/lib/firefox/firefox
File Type:	JSON data
Category:	dropped
Size (bytes):	41791
Entropy (8bit):	5.252058844507158
Encrypted:	false
SSDEEP:	768:JGPsGQ/QRhQXpkXf1Zrpxb2p9fi2M1eMmvwjQ4WUV6d6pxVs8:jIRmZA1fii2M1eb4WUV6d6dR
MD5:	C2EFE85AC5A9BBF0E93A81F87CDDA3C2
SHA1:	CEE155A9AFBFF5236DD05022ED58B6A5EB543081
SHA-256:	CB0F395D8AE278B848EF1E7B92D0D10B625C7A0322062941E0868AB3AD8FBD5D
SHA-512:	45F6DE6E340715D5C56EDE4B0277B20DC60BEB3C9483CD94ADE7D6B0E226765A18938F7BA97AAAFB0377312792E0584A994DF8D74E0C135E40A92F0C64A80C3E
Malicious:	false
Reputation:	low
Preview:	{"type":"main","id":"61130f92-9e79-4460-bd1b-9a7329168fdd","creationDate":"2024-12-27T20:00:55.019Z","version":4,"application":{"architecture":"x86-64","buildId":"20210816143654","name":"Firefox","version":"91.0.1","displayVersion":"91.0.1","vendor":"Mozilla","platformVersion":"91.0.1","xpcomAbi":"x86_64-gcc3","channel":"release"},"payload":{"ver":4,"simpleMeasurements":{"totalTime":64,"start":130,"main":500,"selectProfile":1087,"afterProfileLocked":2220,"startupCrashDetectionBegin":2761,"startupCrashDetectionEnd":56581,"firstPaint":9637,"firstPaint2":7738,"sessionRestoreInit":3962,"sessionRestored":10984,"createTopLevelWindow":3973,"AMI_startup_begin":2820,"XPI_startup_begin":2826,"XPI_bootstrap_addons_begin":2852,"XPI_bootstrap_addons_end":2877,"XPI_startup_end":2877,"AMI_startup_end":2877,"XPI_finalUIStartup":3962,"sessionRestoreInitialized":3963,"delayedStartupStarted":7790,"delayedStartupFinished":7937,"startupInterrupted":0,"debuggerAttached":0,"activeTicks":0},"processes":{"pare

/home/saturnino/.mozilla/firefox/a3xevaya.default-release/datareporting/glean/db/data.safe.bin

Download File

Process:	/usr/lib/firefox/firefox
File Type:	Matlab v4 mat-file (little endian) r, rows 0, columns 1025
Category:	dropped
Size (bytes):	22034
Entropy (8bit):	4.165596260318541
Encrypted:	false
SSDEEP:	192:WFvQVbmFvQVbsFvQVb+FvQVbJFvQVb/FvQVbwFvQVbWFvQVb:zVbjVbBVbbVbsVb6Vb9VbzVb
MD5:	80995E08B264AB1059FD3849ECBF5E4C
SHA1:	C5FB2EF968A50BF35110531DE6106BA74E163803
SHA-256:	E77770BA4E48BE34A63A71D5129E49EBDD2BC4C8CA433C76A7AD0623CDA34F62
SHA-512:	D69416E198CAF9F6BF280613D948F833F0AB93C5BB57EE93D92BB02BA913931BBCCFC1FCFAD0C1443F040CC950F26D0F9D8986FAFAE9AC8FD77097F53D0661DF
Malicious:	false
Reputation:	low
Preview:	.................user............(.......baseline#glean.validation.first_run_hour<........3...........#.......2021-08-17T14:08:08.158120089+00:00............glean_client_info#client_id9........0...........$.......f80109fa-2a5b-4fd2-a42f-76603a7fb825 .......glean_client_info#first_run_date<........3...........#.......2021-08-17T14:08:08.158031120+00:00....%.......glean_internal_info#baseline#sequence.........................".......glean_internal_info#baseline#start<........3...........#.......2021-08-20T14:34:02.169400117+00:00............glean_internal_info#dirtybit......................$.......glean_internal_info#metrics#sequence.........................!.......glean_internal_info#metrics#start<........3...........#.......2021-08-20T13:26:30.353680484+00:00....&.......glean_internal_info#mps.last_sent_time<........3...........#.......2021-08-20T13:26:30.353508118+00:00....'.......metrics#glean.validation.first_run_hour<........3...........#.......2021-08-17T14:08:08.158120089+00:00..

/home/saturnino/.mozilla/firefox/a3xevaya.default-release/datareporting/glean/tmp/a5f7d124-2a4b-4e86-9504-468bc4cb89a7

Download File

Process:	/usr/lib/firefox/firefox
File Type:	ASCII text, with very long lines (447)
Category:	dropped
Size (bytes):	527
Entropy (8bit):	5.013673017955688
Encrypted:	false
SSDEEP:	12:BG2asuzbj9uMQUiAU7xNBHDkD4z+4um4cFHDvVp3mHaMATO:BGzsGf9BQyUpjkD4K4umPFjNp3AaM7
MD5:	7D87F98650D8D61E8C40DE534C917A84
SHA1:	2D5C5EBFD2FBC908870B4647A33515A27B256BA7
SHA-256:	1F8DEEE626A4B8F87CF646D9CD8E0BE632D93E17450005BF76E396D0DB78B20F
SHA-512:	BC1CE3FA9CF60E4A8D5F07578A253855101F6CBC217EEA98DB9C291785DB327B2390C6323F8215277590861C7152CDD5CE22EFB928FF2D34805CE76C4D51AE58
Malicious:	false
Reputation:	low
Preview:	/submit/firefox-desktop/deletion-request/1/a5f7d124-2a4b-4e86-9504-468bc4cb89a7.{"ping_info":{"seq":0,"start_time":"2024-12-27T14:00-06:00","end_time":"2024-12-27T14:00-06:00","reason":"at_init"},"client_info":{"telemetry_sdk_build":"39.0.0","first_run_date":"2021-08-17+00:00","device_manufacturer":"unknown","device_model":"unknown","app_channel":"release","app_build":"20210816143654","os_version":"5.4","app_display_version":"91.0.1","architecture":"x86_64","os":"Linux","client_id":"f80109fa-2a5b-4fd2-a42f-76603a7fb825"}}

/home/saturnino/.mozilla/firefox/a3xevaya.default-release/datareporting/session-state.json.tmp

Download File

Process:	/usr/lib/firefox/firefox
File Type:	JSON data
Category:	dropped
Size (bytes):	162
Entropy (8bit):	4.8688442115941895
Encrypted:	false
SSDEEP:	3:YWAqKsAI4RbSDwV3xMfmRWDDUTuzWJdT7oQJA2aqnLPJUoa/H5C:YWAqft4ReDW3KfmRWDN6Jd3oQOanLc/Q
MD5:	F1576F723E5AE7AC67B5AABF39FEC54A
SHA1:	725D4E2C05051C4AA12476992D5603765E24A5E2
SHA-256:	6BCDEE54805753E2EC47EB2199EBAE7121DB0FA53896BC552FBB35447CB06899
SHA-512:	6E5354EA21DCE9F35D21A0E35F7D09105E28A5E778A82A7A5C23175DEC7D920C35254FA50573365AF5675F84EA311C8A8ECD5D743F0D8422FCEEE926EDA044A4
Malicious:	false
Reputation:	low
Preview:	{"sessionId":"085fc915-fa04-4584-8f01-5f63030f4fa7","subsessionId":"4f143cb5-a8c1-457f-9d23-319b43f08611","profileSubsessionCounter":10,"newProfilePingSent":true}

/home/saturnino/.mozilla/firefox/a3xevaya.default-release/datareporting/state.json.tmp

Download File

Process:	/usr/lib/firefox/firefox
File Type:	JSON data
Category:	dropped
Size (bytes):	51
Entropy (8bit):	3.2717530240771033
Encrypted:	false
SSDEEP:	3:YGJBQvAcgVgcVIDwf:YG8PgfiDE
MD5:	3E32E2CC1ED028DD8FF9B06F50A4707B
SHA1:	B3910351BD8E13AD1479DB699CF6FAC6544A5BEF
SHA-256:	4A3A666D98E61B5FE06FECAC56807137A0FFFB4BB71D4C3B16BAA8702DDE738C
SHA-512:	4585EE9EC04ADF138727CD039A9CBE78DB6CF2926F6CE92524312A42EFD1250100848A919EC4B833F9A013181CE93734575B86EED37F1BF32EFFA3237EBA84DB
Malicious:	false
Reputation:	low
Preview:	{"clientID":"c0ffeec0-ffee-c0ff-eec0-ffeec0ffeec0"}

/home/saturnino/.mozilla/firefox/a3xevaya.default-release/extensions.json.tmp

Download File

Process:	/usr/lib/firefox/firefox
File Type:	JSON data
Category:	dropped
Size (bytes):	48713
Entropy (8bit):	5.174045011351523
Encrypted:	false
SSDEEP:	768:9On4M4wfVXy4nWXOxJO9/pN4sG4G4J4k4wh5hvM4r4y4l4G4O4gC6v4j:6ORpphfvG4co
MD5:	CAAE9DFD85622A51E40BC81E527E6A7D
SHA1:	8E1559A6C7E831446C791D827E4788EEF3FCFD59
SHA-256:	836339FA04A74196FAB90D3128B1C4AFEB52876322A0DB38001BD87AAD660488
SHA-512:	69053EBEBB03D84AF4FA8B1656B99F543F33414B039FEA55CB0F93BAA23AA169527DE10F9A45F6724A708BA8F638F4E4486D614FEC43EF85031C7572A95C9EE6
Malicious:	false
Reputation:	low
Preview:	{"schemaVersion":33,"addons":[{"id":"doh-rollout@mozilla.org","syncGUID":"{0b694065-4b8a-4b9f-bc88-9f12b8b5cf70}","version":"2.0.0","type":"extension","loader":null,"updateURL":null,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"DoH Roll-Out","description":"This used to be a Mozilla add-on that supported the roll-out of DoH, but now only exists as a stub to enable migrations.","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1628151708000,"updateDate":1629147618000,"applyBackgroundUpdates":1,"path":"/usr/lib/firefox/browser/features/doh-rollout@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":"72.0a1","maxVersion":null}],"target

/home/saturnino/.mozilla/firefox/a3xevaya.default-release/key4.db

Download File

Process:	/usr/lib/firefox/firefox
File Type:	SQLite 3.x database, last written using SQLite version 3036000, page size 32768, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.40402636668738867
Encrypted:	false
SSDEEP:	192:mva0zkVmvQhyn+Zoz679fqlQbGhMHPaVAL23vHMlakfzW:m1zkVmvQhyn+Zoz67vlaizW
MD5:	A0B5ADD1AC206C45BA50A4F29A5DB338
SHA1:	4204FD6DFA463B121D5068542992918E79486050
SHA-256:	60FB53D4D3A6404EDB9C1A45897136B508FA662B0355B47085B75ECC94A23BF9
SHA-512:	4A0D3E17FAA9CFDF52C5D25D9B00A04FA6990DE7ADFEF481EB3BA0D10A7ADBDE124B2C2768E0681E80EC797587CAEB324A7A833BE38AD545E0B7FCF3F8980080
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ ..........................................................................S`.....z<.{...{.{a{.z.z<z.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/home/saturnino/.mozilla/firefox/a3xevaya.default-release/key4.db-journal

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	98852
Entropy (8bit):	0.22714185849949706
Encrypted:	false
SSDEEP:	192:d7Vva0zkVmvQhyn+Zoz679fqlQbGhMHPaVAL23v/o:BV1zkVmvQhyn+Zoz67x
MD5:	45A4F306B896131E89A2380AE80FD462
SHA1:	80343D55353B507221FCC76AFD44E6699E2F22EA
SHA-256:	8F01823D5A2491560AE648D425872ACF11AD979469779690170A2ED195C98AC3
SHA-512:	72775BFF566765D5507B4262E21E01E52B12045BD0691A8F9E362A305BD100A1FB6CA39D313D874EB878479A1CC9B749218E9A693E7A93CB8B6C7B0F050BAF59
Malicious:	false
Reputation:	low
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/home/saturnino/.mozilla/firefox/a3xevaya.default-release/places.sqlite-wal

Download File

Process:	/usr/lib/firefox/firefox
File Type:	SQLite Write-Ahead Log, version 3007000
Category:	dropped
Size (bytes):	1016584
Entropy (8bit):	0.21513030946387982
Encrypted:	false
SSDEEP:	192:6y13B1KQ3IRjSoUSU+3s+gyry13B1KEUBR0IzR+Rs+gyUAy13B1KQ:DD1S/BuD1VIojED1B
MD5:	696D9870D51A3C02733497D6864FF844
SHA1:	0D96BEDE38A6DA201E3882B32CF6EEA39A1EAA1D
SHA-256:	BB7A32D9395697D4174F3764B2C62D5787B2A22D69A80CD373153E6C973AEB7D
SHA-512:	C6ED3BD30153ED6F87FCDAD4F6C4E2BBC8F7B2AEF44C3BC99B572F1403565A8DC5B2731759EB9B21438693E3222B53D8B8BAB7E7AA4C2BF31F9B3F6B3B52F2E6
Malicious:	false
Reputation:	low
Preview:	7....-..........y..../>.y..&..$........y..../>...~`......F..~.....W...'.{....~.~.~.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/home/saturnino/.mozilla/firefox/a3xevaya.default-release/prefs-1.js

Download File

Process:	/usr/lib/firefox/firefox
File Type:	ASCII text, with very long lines (1127)
Category:	dropped
Size (bytes):	109760
Entropy (8bit):	5.219048988028482
Encrypted:	false
SSDEEP:	768:MoyhNJoyhNPoyhVPoyhjJoyhjJoyFjMoyFjMoyFwMoyFI/:5yKykyUykykyvyvyQyy
MD5:	EB557C0AD0274F3711D9122DAA207F38
SHA1:	B6CC93BF458A9FFF870AE92E9FF99F2D8826DBE7
SHA-256:	42E2D6E47199CBF9FEADEAFCFFC8B08B75DF7BEB491D2B739BA7278B925AB395
SHA-512:	22627F6CECDE607499F4C261838378480831F019B18E542A538D3296C8A8991038D48611A9F2B583FB4C4BBAA9F72F3B5DA3EA7DD2F7F9E075477D722C6CADCF
Malicious:	false
Reputation:	low
Preview:	// Mozilla User Preferences..// DO NOT EDIT THIS FILE..//.// If you make changes to this file while the application is running,.// the changes will be overwritten when the application exits..//.// To change a preference value, you can either:.// - modify it via the UI (e.g. via about:config in the browser); or.// - set it within a user.js file in your profile...user_pref("app.normandy.first_run", false);.user_pref("app.normandy.migrationsApplied", 12);.user_pref("app.normandy.startupRolloutPrefs.media.peerconnection.mtransport_process", true);.user_pref("app.normandy.startupRolloutPrefs.network.process.enabled", true);.user_pref("app.normandy.user_id", "e34bc139-ede7-4eef-acd2-d2d8ffa0c304");.user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1629470032);.user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1629466019);.user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1629467970);.user_pref("app.update.lastUpdateTime.region-update-timer", 0)

/home/saturnino/.mozilla/firefox/a3xevaya.default-release/search.json.mozlz4

Download File

Process:	/usr/lib/firefox/firefox
File Type:	Mozilla lz4 compressed data, originally 467 bytes
Category:	dropped
Size (bytes):	196
Entropy (8bit):	5.4478819013219715
Encrypted:	false
SSDEEP:	6:vXvz2SNtSapaBlP7521T06xz3Jg75I2k7TEv2X8W6:vvz2SNtjpOPWgsz3JYk7vq
MD5:	DE18406D63DF1F173806E777DABDADFB
SHA1:	076F314F75C8555C0220BB0EF7129750D9B1B9C8
SHA-256:	89F9037A361F2A097E61121697426233D8D8AF5B6E18E92D6612E8D65D0A562C
SHA-512:	0E94A9D0D5DAC99BC07C1C9C191EDE376041D8C43D3B9DAC99A47ABE451C518B8F65EF6513A0956B9FC72AF96A05A7A81040257C40A26215F91841C7488C93B2
Malicious:	false
Reputation:	low
Preview:	mozLz40......A{"version":6,"engines":[{"_name":"Google","_isAppProvided":true,"_metaData":{}},8..Wikipedia (en)@..OBing6...Amazon.d.. @Duck../Gow..OeBay6.....?com<..7],"o..."useSavedOrder":false}}

/home/saturnino/.mozilla/firefox/a3xevaya.default-release/sessionCheckpoints.json.tmp

Download File

Process:	/usr/lib/firefox/firefox
File Type:	JSON data
Category:	dropped
Size (bytes):	143
Entropy (8bit):	4.223691028533093
Encrypted:	false
SSDEEP:	3:YVXKQJAyiVLQwJtJDBA+ABaQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+kOy6Lb1BA+m2L69Yr
MD5:	C0E4C22C50DD21142F57714EF49B8713
SHA1:	06B77307DCA5C889EA279243E74730CBC10801BE
SHA-256:	6FE46B65B76B3DF32D8392853740B35ED75B6E23F4FBD6F45F3EFA1D496E6717
SHA-512:	A4516B4F15EDB429F7B8CE3EA709D3777BFCC590838B1E113147E6BFB4DF0F34F0F2B24F6185D4E4277A77F75711BB470461B86AA507921AF037A6D22DF9278E
Malicious:	false
Reputation:	low
Preview:	{"profile-after-change":true,"final-ui-startup":true}{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

/home/saturnino/.mozilla/firefox/a3xevaya.default-release/sessionstore-backups/recovery.jsonlz4.tmp

Download File

Process:	/usr/lib/firefox/firefox
File Type:	Mozilla lz4 compressed data, originally 3230 bytes
Category:	dropped
Size (bytes):	7001
Entropy (8bit):	6.554580702904019
Encrypted:	false
SSDEEP:	96:qVTz6tVq8N8o3TBC3wM1CaBa6yRqq8N8o3TBC3wM1CaBa63Qa0C:qknBJS/146dBJS/1463j
MD5:	1A273864BE036DE00AA1033F453BB467
SHA1:	63AB2D060AAFB8C02B7676ADD4B0429B4BD35FBD
SHA-256:	40F31797F78804F6AF411DB639BD67343607D587581F847FD338DFCD09A85CD9
SHA-512:	5C94E965AE18EB3268AE101081F180B4157E298A1D3034F551045628278296831D7FFFC3E40ECC7ECDC25B3EC2423AFD91DB143AFEF796360B3366C2D1925ED9
Malicious:	false
Reputation:	low
Preview:	mozLz40.......{"version":["ses....restore",1],"windows":[],"selectedW...":0,"_clos...'..H...":{"lastUpdate":1735329618786,"startTim....595201,"recentCrashes":0},"global":{},"cooki......a..S..!Stg.....P{"tab..b{"entrU.. {"url":"about:home","title":"New Tab","cacheKey....ID":1,"docshellUU...."{387a7475-8923-4191-a685-829ff165a620}"....sultPrincipalURI":null,"p...sToInherit_base64":"eyIwIjp7IjAiOiJtb3otbnVsbHByaW5jaXBhbDp7ODQ1ZTllNTUtYzUwMi00Zjk2LThhMzAtOWNmMjRhZGMxYjNlfSJ9fQ==","partitionedP..k..hasUserInteract....false,"triggeringB..%..z%.0fX0....docIdentifier":2147483649,"persist":true}[...Accessed":1629470047042,"hidde...searchMode...userContextId%..attribut.....Qindex8..requestedI....0,"image":"chrome://branding/cU..nt/icon32.png"......Q.....T.......dth":921,"height":666,"screenX":4...Y..Aizem..."maximized"...BeforeMin...&..workspace..S0","z...1K..._shouldRx....","Y.*At{..3...U..........................:269.....P39107......@{"hoG..."addons.mozilla.org","valu...A2da17c6a8cc11f2fc08359

/home/saturnino/.mozilla/firefox/a3xevaya.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	6.117080021933792
Encrypted:	false
SSDEEP:	768:K3sCJm3z3a3M3jWHjF2NNrnsrx4Nab6MSBHhap6Ul22y1HaqeHhcHm91Hp:K3o3z3a3M3Ojf1kBHhap6Ul2n1HaqeH3
MD5:	2672D6B57621B74D060C6FC399DFCADD
SHA1:	7500A1E08D82966806E231D3DA34B211151B5457
SHA-256:	DA329DDB72B5E05874BA4E78B0D524F19BC200A0A539F6CDB273BDFAD304A65D
SHA-512:	643877BCEB2B0A74AF8B559B6060D30121FBC82B7AFBAF29BD62EC0985E3069F3434A1D6C0C29028188D98037DCABB1ADE1ABBBBDBAA895849D5DF620CD53151
Malicious:	false
Reputation:	low
Preview:	.... ......l...e...........n.........S.v.....`...n.l............,.D...j...F...~.......>.....N..............................................................................R..2~..0nbjo0tfbsdi.dpogjh.nbjo0tfbsdi.dpogjh.0f:9d774e.519e.5:12.:777.77f78b4195c5\..D~....nbjo0tfbsdi.dpogjh...w .....nbjo0tfbsdi.dpogjh.0d61edd98.12:3.5572.cc99.28b66cb292d8R..2~..0nbjo0tfbsdi.dpogjh.nbjo0tfbsdi.dpogjh.0d61edd98.12:3.5572.cc99.28b66cb292d8\..D~....nbjo0tfbsdi.dpogjh...w .....nbjo0tfbsdi.dpogjh.0g6:geecd.691c.5783.:deb.43:52dffd83:R..2~..0nbjo0tfbsdi.dpogjh.nbjo0tfbsdi.dpogjh.0g6:geecd.691c.5783.:deb.43:52dffd83:\..D~....nbjo0tfbsdi.dpogjh...w .....nbjo0tfbsdi.dpogjh.0f1db5:75.f435.55f8.91c7.27b942817e28R..2~..0nbjo0tfbsdi.dpogjh.nbjo0tfbsdi.dpogjh.0f1db5:75.f435.55f8.91c7.27b94...._..F......nbjo0qbttxpse.svmft...w..s2.nbjo0qbttxpse.svmft.0cg9f6958.c121.534f.:679.f2ed88g9g319...._..F......nbjo0qbttxpse.svmft...w..s`.nbjo0qbttxpse.svmft.0113b2f6e.5dg7.5:65.96b:.6e1f8d1edbge...8U..4....0nbjo0qbttxp

/home/saturnino/.mozilla/firefox/a3xevaya.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite-wal

Download File

Process:	/usr/lib/firefox/firefox
File Type:	SQLite Write-Ahead Log, version 3007000
Category:	dropped
Size (bytes):	41232
Entropy (8bit):	6.1633016284669315
Encrypted:	false
SSDEEP:	768:w3sCJU3z3a3M3jWCq68FNNrnsrx4Nab6MhBHhap6Ul2R6jads1HDjeHhcHm91Hgc:w3S3z3a3M3Dqc1fBHhap6Ul2R6jam1Hq
MD5:	12243611887957CD32016FAA085F7143
SHA1:	B90F4FBF734307EBAA3DB1396DCF5AD8013567BF
SHA-256:	C0813A5EC2F4F3FE07312695A5BAFA789B1EBE6EFFAABCB0F486DD9BED4DB6A6
SHA-512:	B7361976D3FE37F020F254F68B0BCB8F7867C6229D56C2C4E28E8300D017B781C29F85A4FDB03DBDB1E939500F98D0F5634A813D8D1B4FEF0E52D367D73B9A81
Malicious:	false
Reputation:	low
Preview:	7....-..........R..`c...5x.e.Q.m........R..`c....L.kV.;..... ......l...e...........n.........S.v.....`...n.l............,.D...j...F...~.......>.....N..............................................................................R..2~..0nbjo0tfbsdi.dpogjh.nbjo0tfbsdi.dpogjh.0f:9d774e.519e.5:12.:777.77f78b4195c5\..D~....nbjo0tfbsdi.dpogjh...w .....nbjo0tfbsdi.dpogjh.0d61edd98.12:3.5572.cc99.28b66cb292d8R..2~..0nbjo0tfbsdi.dpogjh.nbjo0tfbsdi.dpogjh.0d61edd98.12:3.5572.cc99.28b66cb292d8\..D~....nbjo0tfbsdi.dpogjh...w .....nbjo0tfbsdi.dpogjh.0g6:geecd.691c.5783.:deb.43:52dffd83:R..2~..0nbjo0tfbsdi.dpogjh.nbjo0tfbsdi.dpogjh.0g6:geecd.691c.5783.:deb.43:52dffd83:\..D~....nbjo0tfbsdi.dpogjh...w .....nbjo0tfbsdi.dpogjh.0f1db5:75.f435.55f8.91c7.27b942817e28R..2~..0nbjo0tfbsdi.dpogjh.nbjo0tfbsdi.dpogjh.0f1db5:75.f435.55f8.91c7.27b94...._..F......nbjo0qbttxpse.svmft...w..s2.nbjo0qbttxpse.svmft.0cg9f6958.c121.534f.:679.f2ed88g9g319...._..F......nbjo0qbttxpse.svmft...w..s`.nbjo0qbttxpse.svmft.0113b

/proc/6306/gid_map

Download File

Process:	/usr/lib/firefox/firefox
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	11
Entropy (8bit):	1.4353713907745331
Encrypted:	false
SSDEEP:	3:MVUGn:MCG
MD5:	54258652109C33FE06188083A3EC23F4
SHA1:	013EC30A95D66C56642C193613A829B746982601
SHA-256:	C459EBB6CF3917EFB05A2E72EF25E223BE9B78780B1CE0CAACCE49C773DF199E
SHA-512:	AAE8A67B91BDEC9C21ACD88711C262EA3ACD3EE086AEB27645531C47DD618708C7FF284759A68000414579B77C0D8A3449F95480D039A9901F7352121B7D78F0
Malicious:	false
Reputation:	low
Preview:	1000 1000 1

/proc/6306/setgroups

Download File

Process:	/usr/lib/firefox/firefox
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	4
Entropy (8bit):	2.0
Encrypted:	false
SSDEEP:	3:9n:9n
MD5:	05AFB6CE69B9CEF1BD6ECE7E4745F96C
SHA1:	1D16DC2DCC6851208C1B981E2EC377250A4A0CC5
SHA-256:	3026A0CA485E5831657BA0120FA8DD66B3425427BFB0A2BE0DB743E2305CC7C5
SHA-512:	A37A7790CCB2FA5A3C3F2740480CF4035F2870502060F398A1882A44B675DE736E33D8ECD9B834BB3D19D807B46875E30AA835EDD847C5FE8F1F2942A870BAD5
Malicious:	false
Reputation:	low
Preview:	deny

/proc/6306/uid_map

Download File

Process:	/usr/lib/firefox/firefox
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	11
Entropy (8bit):	1.4353713907745331
Encrypted:	false
SSDEEP:	3:MVUGn:MCG
MD5:	54258652109C33FE06188083A3EC23F4
SHA1:	013EC30A95D66C56642C193613A829B746982601
SHA-256:	C459EBB6CF3917EFB05A2E72EF25E223BE9B78780B1CE0CAACCE49C773DF199E
SHA-512:	AAE8A67B91BDEC9C21ACD88711C262EA3ACD3EE086AEB27645531C47DD618708C7FF284759A68000414579B77C0D8A3449F95480D039A9901F7352121B7D78F0
Malicious:	false
Reputation:	low
Preview:	1000 1000 1

/proc/6337/gid_map

Download File

Process:	/usr/lib/firefox/firefox
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	11
Entropy (8bit):	1.4353713907745331
Encrypted:	false
SSDEEP:	3:MVUGn:MCG
MD5:	54258652109C33FE06188083A3EC23F4
SHA1:	013EC30A95D66C56642C193613A829B746982601
SHA-256:	C459EBB6CF3917EFB05A2E72EF25E223BE9B78780B1CE0CAACCE49C773DF199E
SHA-512:	AAE8A67B91BDEC9C21ACD88711C262EA3ACD3EE086AEB27645531C47DD618708C7FF284759A68000414579B77C0D8A3449F95480D039A9901F7352121B7D78F0
Malicious:	false
Reputation:	low
Preview:	1000 1000 1

/proc/6337/setgroups

Download File

Process:	/usr/lib/firefox/firefox
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	4
Entropy (8bit):	2.0
Encrypted:	false
SSDEEP:	3:9n:9n
MD5:	05AFB6CE69B9CEF1BD6ECE7E4745F96C
SHA1:	1D16DC2DCC6851208C1B981E2EC377250A4A0CC5
SHA-256:	3026A0CA485E5831657BA0120FA8DD66B3425427BFB0A2BE0DB743E2305CC7C5
SHA-512:	A37A7790CCB2FA5A3C3F2740480CF4035F2870502060F398A1882A44B675DE736E33D8ECD9B834BB3D19D807B46875E30AA835EDD847C5FE8F1F2942A870BAD5
Malicious:	false
Reputation:	low
Preview:	deny

/proc/6337/uid_map

Download File

Process:	/usr/lib/firefox/firefox
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	11
Entropy (8bit):	1.4353713907745331
Encrypted:	false
SSDEEP:	3:MVUGn:MCG
MD5:	54258652109C33FE06188083A3EC23F4
SHA1:	013EC30A95D66C56642C193613A829B746982601
SHA-256:	C459EBB6CF3917EFB05A2E72EF25E223BE9B78780B1CE0CAACCE49C773DF199E
SHA-512:	AAE8A67B91BDEC9C21ACD88711C262EA3ACD3EE086AEB27645531C47DD618708C7FF284759A68000414579B77C0D8A3449F95480D039A9901F7352121B7D78F0
Malicious:	false
Reputation:	low
Preview:	1000 1000 1

/proc/6378/gid_map

Download File

Process:	/usr/lib/firefox/firefox
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	11
Entropy (8bit):	1.4353713907745331
Encrypted:	false
SSDEEP:	3:MVUGn:MCG
MD5:	54258652109C33FE06188083A3EC23F4
SHA1:	013EC30A95D66C56642C193613A829B746982601
SHA-256:	C459EBB6CF3917EFB05A2E72EF25E223BE9B78780B1CE0CAACCE49C773DF199E
SHA-512:	AAE8A67B91BDEC9C21ACD88711C262EA3ACD3EE086AEB27645531C47DD618708C7FF284759A68000414579B77C0D8A3449F95480D039A9901F7352121B7D78F0
Malicious:	false
Reputation:	low
Preview:	1000 1000 1

/proc/6378/setgroups

Download File

Process:	/usr/lib/firefox/firefox
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	4
Entropy (8bit):	2.0
Encrypted:	false
SSDEEP:	3:9n:9n
MD5:	05AFB6CE69B9CEF1BD6ECE7E4745F96C
SHA1:	1D16DC2DCC6851208C1B981E2EC377250A4A0CC5
SHA-256:	3026A0CA485E5831657BA0120FA8DD66B3425427BFB0A2BE0DB743E2305CC7C5
SHA-512:	A37A7790CCB2FA5A3C3F2740480CF4035F2870502060F398A1882A44B675DE736E33D8ECD9B834BB3D19D807B46875E30AA835EDD847C5FE8F1F2942A870BAD5
Malicious:	false
Reputation:	low
Preview:	deny

/proc/6378/uid_map

Download File

Process:	/usr/lib/firefox/firefox
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	11
Entropy (8bit):	1.4353713907745331
Encrypted:	false
SSDEEP:	3:MVUGn:MCG
MD5:	54258652109C33FE06188083A3EC23F4
SHA1:	013EC30A95D66C56642C193613A829B746982601
SHA-256:	C459EBB6CF3917EFB05A2E72EF25E223BE9B78780B1CE0CAACCE49C773DF199E
SHA-512:	AAE8A67B91BDEC9C21ACD88711C262EA3ACD3EE086AEB27645531C47DD618708C7FF284759A68000414579B77C0D8A3449F95480D039A9901F7352121B7D78F0
Malicious:	false
Reputation:	low
Preview:	1000 1000 1

/proc/6442/gid_map

Download File

Process:	/usr/lib/firefox/firefox
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	11
Entropy (8bit):	1.4353713907745331
Encrypted:	false
SSDEEP:	3:MVUGn:MCG
MD5:	54258652109C33FE06188083A3EC23F4
SHA1:	013EC30A95D66C56642C193613A829B746982601
SHA-256:	C459EBB6CF3917EFB05A2E72EF25E223BE9B78780B1CE0CAACCE49C773DF199E
SHA-512:	AAE8A67B91BDEC9C21ACD88711C262EA3ACD3EE086AEB27645531C47DD618708C7FF284759A68000414579B77C0D8A3449F95480D039A9901F7352121B7D78F0
Malicious:	false
Reputation:	low
Preview:	1000 1000 1

/proc/6442/setgroups

Download File

Process:	/usr/lib/firefox/firefox
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	4
Entropy (8bit):	2.0
Encrypted:	false
SSDEEP:	3:9n:9n
MD5:	05AFB6CE69B9CEF1BD6ECE7E4745F96C
SHA1:	1D16DC2DCC6851208C1B981E2EC377250A4A0CC5
SHA-256:	3026A0CA485E5831657BA0120FA8DD66B3425427BFB0A2BE0DB743E2305CC7C5
SHA-512:	A37A7790CCB2FA5A3C3F2740480CF4035F2870502060F398A1882A44B675DE736E33D8ECD9B834BB3D19D807B46875E30AA835EDD847C5FE8F1F2942A870BAD5
Malicious:	false
Reputation:	low
Preview:	deny

/proc/6442/uid_map

Download File

Process:	/usr/lib/firefox/firefox
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	11
Entropy (8bit):	1.4353713907745331
Encrypted:	false
SSDEEP:	3:MVUGn:MCG
MD5:	54258652109C33FE06188083A3EC23F4
SHA1:	013EC30A95D66C56642C193613A829B746982601
SHA-256:	C459EBB6CF3917EFB05A2E72EF25E223BE9B78780B1CE0CAACCE49C773DF199E
SHA-512:	AAE8A67B91BDEC9C21ACD88711C262EA3ACD3EE086AEB27645531C47DD618708C7FF284759A68000414579B77C0D8A3449F95480D039A9901F7352121B7D78F0
Malicious:	false
Reputation:	low
Preview:	1000 1000 1

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 27, 2024 20:59:51.495538950 CET	43928	443	192.168.2.23	91.189.91.42
Dec 27, 2024 20:59:57.130736113 CET	42836	443	192.168.2.23	91.189.91.43
Dec 27, 2024 20:59:57.894623995 CET	42516	80	192.168.2.23	109.202.202.202
Dec 27, 2024 21:00:03.345858097 CET	38690	443	192.168.2.23	34.160.144.191
Dec 27, 2024 21:00:03.345906019 CET	443	38690	34.160.144.191	192.168.2.23
Dec 27, 2024 21:00:03.345954895 CET	38690	443	192.168.2.23	34.160.144.191
Dec 27, 2024 21:00:03.348583937 CET	38690	443	192.168.2.23	34.160.144.191
Dec 27, 2024 21:00:03.348597050 CET	443	38690	34.160.144.191	192.168.2.23
Dec 27, 2024 21:00:03.797795057 CET	51228	443	192.168.2.23	13.107.138.10
Dec 27, 2024 21:00:03.797825098 CET	443	51228	13.107.138.10	192.168.2.23
Dec 27, 2024 21:00:03.797890902 CET	51228	443	192.168.2.23	13.107.138.10
Dec 27, 2024 21:00:03.800585032 CET	51228	443	192.168.2.23	13.107.138.10
Dec 27, 2024 21:00:03.800599098 CET	443	51228	13.107.138.10	192.168.2.23
Dec 27, 2024 21:00:04.657313108 CET	443	38690	34.160.144.191	192.168.2.23
Dec 27, 2024 21:00:04.657372952 CET	38690	443	192.168.2.23	34.160.144.191
Dec 27, 2024 21:00:04.769614935 CET	38690	443	192.168.2.23	34.160.144.191
Dec 27, 2024 21:00:04.769648075 CET	443	38690	34.160.144.191	192.168.2.23
Dec 27, 2024 21:00:04.769721031 CET	443	38690	34.160.144.191	192.168.2.23
Dec 27, 2024 21:00:04.769835949 CET	38690	443	192.168.2.23	34.160.144.191
Dec 27, 2024 21:00:04.769850969 CET	38690	443	192.168.2.23	34.160.144.191
Dec 27, 2024 21:00:04.769856930 CET	443	38690	34.160.144.191	192.168.2.23
Dec 27, 2024 21:00:04.769891024 CET	38690	443	192.168.2.23	34.160.144.191
Dec 27, 2024 21:00:05.106240988 CET	443	38690	34.160.144.191	192.168.2.23
Dec 27, 2024 21:00:05.106297016 CET	38690	443	192.168.2.23	34.160.144.191
Dec 27, 2024 21:00:05.106312037 CET	443	38690	34.160.144.191	192.168.2.23
Dec 27, 2024 21:00:05.106431961 CET	38690	443	192.168.2.23	34.160.144.191
Dec 27, 2024 21:00:05.106472015 CET	443	38690	34.160.144.191	192.168.2.23
Dec 27, 2024 21:00:05.106487989 CET	38690	443	192.168.2.23	34.160.144.191
Dec 27, 2024 21:00:05.106493950 CET	443	38690	34.160.144.191	192.168.2.23
Dec 27, 2024 21:00:05.346400023 CET	443	51228	13.107.138.10	192.168.2.23
Dec 27, 2024 21:00:05.346456051 CET	51228	443	192.168.2.23	13.107.138.10
Dec 27, 2024 21:00:05.400532007 CET	51228	443	192.168.2.23	13.107.138.10
Dec 27, 2024 21:00:05.400532007 CET	51228	443	192.168.2.23	13.107.138.10
Dec 27, 2024 21:00:05.400547028 CET	443	51228	13.107.138.10	192.168.2.23
Dec 27, 2024 21:00:05.400559902 CET	443	51228	13.107.138.10	192.168.2.23
Dec 27, 2024 21:00:05.400840998 CET	443	51228	13.107.138.10	192.168.2.23
Dec 27, 2024 21:00:05.400934935 CET	51228	443	192.168.2.23	13.107.138.10
Dec 27, 2024 21:00:05.400940895 CET	443	51228	13.107.138.10	192.168.2.23
Dec 27, 2024 21:00:05.401036978 CET	51228	443	192.168.2.23	13.107.138.10
Dec 27, 2024 21:00:06.322555065 CET	443	51228	13.107.138.10	192.168.2.23
Dec 27, 2024 21:00:06.322624922 CET	443	51228	13.107.138.10	192.168.2.23
Dec 27, 2024 21:00:06.322649002 CET	51228	443	192.168.2.23	13.107.138.10
Dec 27, 2024 21:00:06.322679043 CET	443	51228	13.107.138.10	192.168.2.23
Dec 27, 2024 21:00:06.322729111 CET	51228	443	192.168.2.23	13.107.138.10
Dec 27, 2024 21:00:06.322798014 CET	51228	443	192.168.2.23	13.107.138.10
Dec 27, 2024 21:00:06.328015089 CET	443	51228	13.107.138.10	192.168.2.23
Dec 27, 2024 21:00:06.328088999 CET	51228	443	192.168.2.23	13.107.138.10
Dec 27, 2024 21:00:06.328102112 CET	443	51228	13.107.138.10	192.168.2.23
Dec 27, 2024 21:00:06.328135014 CET	51228	443	192.168.2.23	13.107.138.10
Dec 27, 2024 21:00:06.328145981 CET	51228	443	192.168.2.23	13.107.138.10
Dec 27, 2024 21:00:06.328145981 CET	51228	443	192.168.2.23	13.107.138.10
Dec 27, 2024 21:00:12.228648901 CET	43928	443	192.168.2.23	91.189.91.42
Dec 27, 2024 21:00:14.880985975 CET	39906	443	192.168.2.23	104.47.55.156
Dec 27, 2024 21:00:14.881095886 CET	443	39906	104.47.55.156	192.168.2.23
Dec 27, 2024 21:00:14.881159067 CET	39906	443	192.168.2.23	104.47.55.156
Dec 27, 2024 21:00:14.892770052 CET	39906	443	192.168.2.23	104.47.55.156
Dec 27, 2024 21:00:14.892792940 CET	443	39906	104.47.55.156	192.168.2.23
Dec 27, 2024 21:00:16.568317890 CET	443	39906	104.47.55.156	192.168.2.23
Dec 27, 2024 21:00:16.568397999 CET	39906	443	192.168.2.23	104.47.55.156
Dec 27, 2024 21:00:16.618334055 CET	39906	443	192.168.2.23	104.47.55.156
Dec 27, 2024 21:00:16.618380070 CET	443	39906	104.47.55.156	192.168.2.23
Dec 27, 2024 21:00:16.618453026 CET	443	39906	104.47.55.156	192.168.2.23
Dec 27, 2024 21:00:16.618510962 CET	39906	443	192.168.2.23	104.47.55.156
Dec 27, 2024 21:00:16.618530989 CET	443	39906	104.47.55.156	192.168.2.23
Dec 27, 2024 21:00:16.618594885 CET	39906	443	192.168.2.23	104.47.55.156
Dec 27, 2024 21:00:16.619013071 CET	39906	443	192.168.2.23	104.47.55.156
Dec 27, 2024 21:00:16.619055033 CET	443	39906	104.47.55.156	192.168.2.23
Dec 27, 2024 21:00:18.177647114 CET	443	39906	104.47.55.156	192.168.2.23
Dec 27, 2024 21:00:18.177671909 CET	443	39906	104.47.55.156	192.168.2.23
Dec 27, 2024 21:00:18.177712917 CET	443	39906	104.47.55.156	192.168.2.23
Dec 27, 2024 21:00:18.177721024 CET	39906	443	192.168.2.23	104.47.55.156
Dec 27, 2024 21:00:18.177721024 CET	39906	443	192.168.2.23	104.47.55.156
Dec 27, 2024 21:00:18.177789927 CET	443	39906	104.47.55.156	192.168.2.23
Dec 27, 2024 21:00:18.177835941 CET	39906	443	192.168.2.23	104.47.55.156
Dec 27, 2024 21:00:18.177835941 CET	39906	443	192.168.2.23	104.47.55.156
Dec 27, 2024 21:00:18.177937031 CET	39906	443	192.168.2.23	104.47.55.156
Dec 27, 2024 21:00:18.177975893 CET	39906	443	192.168.2.23	104.47.55.156
Dec 27, 2024 21:00:18.178107023 CET	443	39906	104.47.55.156	192.168.2.23
Dec 27, 2024 21:00:18.178141117 CET	443	39906	104.47.55.156	192.168.2.23
Dec 27, 2024 21:00:18.178206921 CET	39906	443	192.168.2.23	104.47.55.156
Dec 27, 2024 21:00:18.178208113 CET	39906	443	192.168.2.23	104.47.55.156
Dec 27, 2024 21:00:20.451031923 CET	40896	443	192.168.2.23	34.107.243.93
Dec 27, 2024 21:00:20.451143026 CET	443	40896	34.107.243.93	192.168.2.23
Dec 27, 2024 21:00:20.451235056 CET	40896	443	192.168.2.23	34.107.243.93
Dec 27, 2024 21:00:20.474515915 CET	40896	443	192.168.2.23	34.107.243.93
Dec 27, 2024 21:00:20.474556923 CET	443	40896	34.107.243.93	192.168.2.23
Dec 27, 2024 21:00:21.090979099 CET	39910	443	192.168.2.23	104.47.55.156
Dec 27, 2024 21:00:21.091021061 CET	443	39910	104.47.55.156	192.168.2.23
Dec 27, 2024 21:00:21.091067076 CET	39910	443	192.168.2.23	104.47.55.156
Dec 27, 2024 21:00:21.101963997 CET	39910	443	192.168.2.23	104.47.55.156
Dec 27, 2024 21:00:21.101979971 CET	443	39910	104.47.55.156	192.168.2.23
Dec 27, 2024 21:00:21.132289886 CET	39912	443	192.168.2.23	104.47.55.156
Dec 27, 2024 21:00:21.132324934 CET	443	39912	104.47.55.156	192.168.2.23
Dec 27, 2024 21:00:21.132404089 CET	39912	443	192.168.2.23	104.47.55.156
Dec 27, 2024 21:00:21.137150049 CET	39912	443	192.168.2.23	104.47.55.156
Dec 27, 2024 21:00:21.137165070 CET	443	39912	104.47.55.156	192.168.2.23
Dec 27, 2024 21:00:21.168822050 CET	39914	443	192.168.2.23	104.47.55.156
Dec 27, 2024 21:00:21.168832064 CET	443	39914	104.47.55.156	192.168.2.23
Dec 27, 2024 21:00:21.168879032 CET	39914	443	192.168.2.23	104.47.55.156
Dec 27, 2024 21:00:21.173899889 CET	39914	443	192.168.2.23	104.47.55.156
Dec 27, 2024 21:00:21.173911095 CET	443	39914	104.47.55.156	192.168.2.23
Dec 27, 2024 21:00:21.734112978 CET	443	40896	34.107.243.93	192.168.2.23
Dec 27, 2024 21:00:21.734214067 CET	40896	443	192.168.2.23	34.107.243.93
Dec 27, 2024 21:00:22.000890970 CET	40896	443	192.168.2.23	34.107.243.93
Dec 27, 2024 21:00:22.000940084 CET	443	40896	34.107.243.93	192.168.2.23
Dec 27, 2024 21:00:22.001065016 CET	443	40896	34.107.243.93	192.168.2.23
Dec 27, 2024 21:00:22.001132965 CET	40896	443	192.168.2.23	34.107.243.93
Dec 27, 2024 21:00:22.001149893 CET	443	40896	34.107.243.93	192.168.2.23
Dec 27, 2024 21:00:22.001200914 CET	40896	443	192.168.2.23	34.107.243.93
Dec 27, 2024 21:00:22.005498886 CET	40896	443	192.168.2.23	34.107.243.93
Dec 27, 2024 21:00:22.047350883 CET	443	40896	34.107.243.93	192.168.2.23
Dec 27, 2024 21:00:22.065140009 CET	36562	443	192.168.2.23	34.149.100.209
Dec 27, 2024 21:00:22.065169096 CET	443	36562	34.149.100.209	192.168.2.23
Dec 27, 2024 21:00:22.065279007 CET	36562	443	192.168.2.23	34.149.100.209
Dec 27, 2024 21:00:22.075031996 CET	36562	443	192.168.2.23	34.149.100.209
Dec 27, 2024 21:00:22.075047970 CET	443	36562	34.149.100.209	192.168.2.23
Dec 27, 2024 21:00:22.388977051 CET	443	40896	34.107.243.93	192.168.2.23
Dec 27, 2024 21:00:22.389081001 CET	40896	443	192.168.2.23	34.107.243.93
Dec 27, 2024 21:00:22.389106035 CET	443	40896	34.107.243.93	192.168.2.23
Dec 27, 2024 21:00:22.389161110 CET	40896	443	192.168.2.23	34.107.243.93
Dec 27, 2024 21:00:22.389168978 CET	443	40896	34.107.243.93	192.168.2.23
Dec 27, 2024 21:00:22.428725958 CET	40896	443	192.168.2.23	34.107.243.93
Dec 27, 2024 21:00:22.428725958 CET	40896	443	192.168.2.23	34.107.243.93
Dec 27, 2024 21:00:22.428770065 CET	443	40896	34.107.243.93	192.168.2.23
Dec 27, 2024 21:00:22.765525103 CET	443	39910	104.47.55.156	192.168.2.23
Dec 27, 2024 21:00:22.765615940 CET	39910	443	192.168.2.23	104.47.55.156
Dec 27, 2024 21:00:22.766366005 CET	39910	443	192.168.2.23	104.47.55.156
Dec 27, 2024 21:00:22.766371965 CET	443	39910	104.47.55.156	192.168.2.23
Dec 27, 2024 21:00:22.766438007 CET	443	39910	104.47.55.156	192.168.2.23
Dec 27, 2024 21:00:22.766508102 CET	39910	443	192.168.2.23	104.47.55.156
Dec 27, 2024 21:00:22.784331083 CET	443	39914	104.47.55.156	192.168.2.23
Dec 27, 2024 21:00:22.784393072 CET	39914	443	192.168.2.23	104.47.55.156
Dec 27, 2024 21:00:22.801918983 CET	443	39912	104.47.55.156	192.168.2.23
Dec 27, 2024 21:00:22.801992893 CET	39912	443	192.168.2.23	104.47.55.156
Dec 27, 2024 21:00:22.819274902 CET	39910	443	192.168.2.23	104.47.55.156
Dec 27, 2024 21:00:22.819350958 CET	443	39910	104.47.55.156	192.168.2.23
Dec 27, 2024 21:00:22.820115089 CET	39912	443	192.168.2.23	104.47.55.156
Dec 27, 2024 21:00:22.820127964 CET	443	39912	104.47.55.156	192.168.2.23
Dec 27, 2024 21:00:22.820213079 CET	443	39912	104.47.55.156	192.168.2.23
Dec 27, 2024 21:00:22.820837021 CET	39912	443	192.168.2.23	104.47.55.156
Dec 27, 2024 21:00:22.888497114 CET	39914	443	192.168.2.23	104.47.55.156
Dec 27, 2024 21:00:22.888505936 CET	443	39914	104.47.55.156	192.168.2.23
Dec 27, 2024 21:00:22.888591051 CET	443	39914	104.47.55.156	192.168.2.23
Dec 27, 2024 21:00:22.888672113 CET	39914	443	192.168.2.23	104.47.55.156
Dec 27, 2024 21:00:22.949052095 CET	39914	443	192.168.2.23	104.47.55.156
Dec 27, 2024 21:00:22.995317936 CET	443	39914	104.47.55.156	192.168.2.23
Dec 27, 2024 21:00:23.229007006 CET	443	39910	104.47.55.156	192.168.2.23
Dec 27, 2024 21:00:23.229020119 CET	443	39910	104.47.55.156	192.168.2.23
Dec 27, 2024 21:00:23.229067087 CET	39910	443	192.168.2.23	104.47.55.156
Dec 27, 2024 21:00:23.229067087 CET	39910	443	192.168.2.23	104.47.55.156
Dec 27, 2024 21:00:23.229079962 CET	443	39910	104.47.55.156	192.168.2.23
Dec 27, 2024 21:00:23.229085922 CET	443	39910	104.47.55.156	192.168.2.23
Dec 27, 2024 21:00:23.229198933 CET	39910	443	192.168.2.23	104.47.55.156
Dec 27, 2024 21:00:23.229198933 CET	39910	443	192.168.2.23	104.47.55.156
Dec 27, 2024 21:00:23.229198933 CET	39910	443	192.168.2.23	104.47.55.156
Dec 27, 2024 21:00:23.229219913 CET	443	39910	104.47.55.156	192.168.2.23
Dec 27, 2024 21:00:23.284646034 CET	443	39914	104.47.55.156	192.168.2.23
Dec 27, 2024 21:00:23.284658909 CET	443	39914	104.47.55.156	192.168.2.23
Dec 27, 2024 21:00:23.284698009 CET	39914	443	192.168.2.23	104.47.55.156
Dec 27, 2024 21:00:23.284698009 CET	39914	443	192.168.2.23	104.47.55.156
Dec 27, 2024 21:00:23.284708023 CET	443	39914	104.47.55.156	192.168.2.23
Dec 27, 2024 21:00:23.289350986 CET	443	36562	34.149.100.209	192.168.2.23
Dec 27, 2024 21:00:23.289407015 CET	36562	443	192.168.2.23	34.149.100.209
Dec 27, 2024 21:00:23.300141096 CET	39912	443	192.168.2.23	104.47.55.156
Dec 27, 2024 21:00:23.300158978 CET	39914	443	192.168.2.23	104.47.55.156
Dec 27, 2024 21:00:23.300158978 CET	39914	443	192.168.2.23	104.47.55.156
Dec 27, 2024 21:00:23.300175905 CET	443	39914	104.47.55.156	192.168.2.23
Dec 27, 2024 21:00:23.347332001 CET	443	39912	104.47.55.156	192.168.2.23
Dec 27, 2024 21:00:23.394685030 CET	36562	443	192.168.2.23	34.149.100.209
Dec 27, 2024 21:00:23.394702911 CET	443	36562	34.149.100.209	192.168.2.23
Dec 27, 2024 21:00:23.394809961 CET	443	36562	34.149.100.209	192.168.2.23
Dec 27, 2024 21:00:23.394865036 CET	36562	443	192.168.2.23	34.149.100.209
Dec 27, 2024 21:00:23.394871950 CET	443	36562	34.149.100.209	192.168.2.23
Dec 27, 2024 21:00:23.394929886 CET	36562	443	192.168.2.23	34.149.100.209
Dec 27, 2024 21:00:23.400568008 CET	36562	443	192.168.2.23	34.149.100.209
Dec 27, 2024 21:00:23.447357893 CET	443	36562	34.149.100.209	192.168.2.23
Dec 27, 2024 21:00:23.722616911 CET	443	36562	34.149.100.209	192.168.2.23
Dec 27, 2024 21:00:23.722680092 CET	443	36562	34.149.100.209	192.168.2.23
Dec 27, 2024 21:00:23.722707987 CET	36562	443	192.168.2.23	34.149.100.209
Dec 27, 2024 21:00:23.722784996 CET	36562	443	192.168.2.23	34.149.100.209
Dec 27, 2024 21:00:23.722784996 CET	36562	443	192.168.2.23	34.149.100.209
Dec 27, 2024 21:00:23.722801924 CET	443	36562	34.149.100.209	192.168.2.23
Dec 27, 2024 21:00:23.839565039 CET	443	39912	104.47.55.156	192.168.2.23
Dec 27, 2024 21:00:23.839586020 CET	443	39912	104.47.55.156	192.168.2.23
Dec 27, 2024 21:00:23.839598894 CET	443	39912	104.47.55.156	192.168.2.23
Dec 27, 2024 21:00:23.839607000 CET	39912	443	192.168.2.23	104.47.55.156
Dec 27, 2024 21:00:23.839631081 CET	443	39912	104.47.55.156	192.168.2.23
Dec 27, 2024 21:00:23.839647055 CET	39912	443	192.168.2.23	104.47.55.156
Dec 27, 2024 21:00:23.839647055 CET	39912	443	192.168.2.23	104.47.55.156
Dec 27, 2024 21:00:23.839685917 CET	39912	443	192.168.2.23	104.47.55.156
Dec 27, 2024 21:00:23.946024895 CET	36566	443	192.168.2.23	34.149.100.209
Dec 27, 2024 21:00:23.946055889 CET	443	36566	34.149.100.209	192.168.2.23
Dec 27, 2024 21:00:23.946110964 CET	36566	443	192.168.2.23	34.149.100.209
Dec 27, 2024 21:00:23.949685097 CET	443	39912	104.47.55.156	192.168.2.23
Dec 27, 2024 21:00:23.949740887 CET	443	39912	104.47.55.156	192.168.2.23
Dec 27, 2024 21:00:23.949744940 CET	39912	443	192.168.2.23	104.47.55.156
Dec 27, 2024 21:00:23.949762106 CET	443	39912	104.47.55.156	192.168.2.23
Dec 27, 2024 21:00:23.949774027 CET	443	39912	104.47.55.156	192.168.2.23
Dec 27, 2024 21:00:23.949800014 CET	39912	443	192.168.2.23	104.47.55.156
Dec 27, 2024 21:00:23.949800014 CET	39912	443	192.168.2.23	104.47.55.156
Dec 27, 2024 21:00:23.953279972 CET	36566	443	192.168.2.23	34.149.100.209
Dec 27, 2024 21:00:23.953291893 CET	443	36566	34.149.100.209	192.168.2.23
Dec 27, 2024 21:00:23.953334093 CET	39912	443	192.168.2.23	104.47.55.156
Dec 27, 2024 21:00:23.953334093 CET	39912	443	192.168.2.23	104.47.55.156
Dec 27, 2024 21:00:23.953356028 CET	443	39912	104.47.55.156	192.168.2.23
Dec 27, 2024 21:00:24.514894009 CET	42836	443	192.168.2.23	91.189.91.43
Dec 27, 2024 21:00:25.212977886 CET	443	36566	34.149.100.209	192.168.2.23
Dec 27, 2024 21:00:25.213035107 CET	36566	443	192.168.2.23	34.149.100.209
Dec 27, 2024 21:00:25.213753939 CET	36566	443	192.168.2.23	34.149.100.209
Dec 27, 2024 21:00:25.213762045 CET	443	36566	34.149.100.209	192.168.2.23
Dec 27, 2024 21:00:25.213824987 CET	443	36566	34.149.100.209	192.168.2.23
Dec 27, 2024 21:00:25.213870049 CET	36566	443	192.168.2.23	34.149.100.209
Dec 27, 2024 21:00:25.261868000 CET	36566	443	192.168.2.23	34.149.100.209
Dec 27, 2024 21:00:25.303340912 CET	443	36566	34.149.100.209	192.168.2.23
Dec 27, 2024 21:00:25.665272951 CET	443	36566	34.149.100.209	192.168.2.23
Dec 27, 2024 21:00:25.665328026 CET	36566	443	192.168.2.23	34.149.100.209
Dec 27, 2024 21:00:25.665339947 CET	443	36566	34.149.100.209	192.168.2.23
Dec 27, 2024 21:00:25.665380955 CET	36566	443	192.168.2.23	34.149.100.209
Dec 27, 2024 21:00:25.665388107 CET	443	36566	34.149.100.209	192.168.2.23
Dec 27, 2024 21:00:25.665397882 CET	443	36566	34.149.100.209	192.168.2.23
Dec 27, 2024 21:00:25.665431976 CET	36566	443	192.168.2.23	34.149.100.209
Dec 27, 2024 21:00:25.685461044 CET	36566	443	192.168.2.23	34.149.100.209
Dec 27, 2024 21:00:25.685461044 CET	36566	443	192.168.2.23	34.149.100.209
Dec 27, 2024 21:00:25.685477018 CET	443	36566	34.149.100.209	192.168.2.23
Dec 27, 2024 21:00:26.389846087 CET	39322	443	192.168.2.23	34.117.121.53
Dec 27, 2024 21:00:26.389897108 CET	443	39322	34.117.121.53	192.168.2.23
Dec 27, 2024 21:00:26.389942884 CET	39322	443	192.168.2.23	34.117.121.53
Dec 27, 2024 21:00:26.394465923 CET	39322	443	192.168.2.23	34.117.121.53
Dec 27, 2024 21:00:26.394485950 CET	443	39322	34.117.121.53	192.168.2.23
Dec 27, 2024 21:00:27.508418083 CET	40914	443	192.168.2.23	34.107.243.93
Dec 27, 2024 21:00:27.508443117 CET	443	40914	34.107.243.93	192.168.2.23
Dec 27, 2024 21:00:27.508502007 CET	40914	443	192.168.2.23	34.107.243.93
Dec 27, 2024 21:00:27.512327909 CET	40914	443	192.168.2.23	34.107.243.93
Dec 27, 2024 21:00:27.512341976 CET	443	40914	34.107.243.93	192.168.2.23
Dec 27, 2024 21:00:27.658613920 CET	443	39322	34.117.121.53	192.168.2.23
Dec 27, 2024 21:00:27.659538031 CET	39322	443	192.168.2.23	34.117.121.53
Dec 27, 2024 21:00:27.709667921 CET	39322	443	192.168.2.23	34.117.121.53
Dec 27, 2024 21:00:27.709667921 CET	39322	443	192.168.2.23	34.117.121.53
Dec 27, 2024 21:00:27.709695101 CET	443	39322	34.117.121.53	192.168.2.23
Dec 27, 2024 21:00:27.709708929 CET	443	39322	34.117.121.53	192.168.2.23
Dec 27, 2024 21:00:27.709795952 CET	443	39322	34.117.121.53	192.168.2.23
Dec 27, 2024 21:00:27.709881067 CET	39322	443	192.168.2.23	34.117.121.53
Dec 27, 2024 21:00:27.709888935 CET	443	39322	34.117.121.53	192.168.2.23
Dec 27, 2024 21:00:27.709983110 CET	39322	443	192.168.2.23	34.117.121.53
Dec 27, 2024 21:00:28.101027966 CET	443	39322	34.117.121.53	192.168.2.23
Dec 27, 2024 21:00:28.101073980 CET	443	39322	34.117.121.53	192.168.2.23
Dec 27, 2024 21:00:28.101099968 CET	39322	443	192.168.2.23	34.117.121.53
Dec 27, 2024 21:00:28.101123095 CET	443	39322	34.117.121.53	192.168.2.23
Dec 27, 2024 21:00:28.101145983 CET	39322	443	192.168.2.23	34.117.121.53
Dec 27, 2024 21:00:28.101186037 CET	39322	443	192.168.2.23	34.117.121.53
Dec 27, 2024 21:00:28.101190090 CET	443	39322	34.117.121.53	192.168.2.23
Dec 27, 2024 21:00:28.101202011 CET	443	39322	34.117.121.53	192.168.2.23
Dec 27, 2024 21:00:28.101238966 CET	39322	443	192.168.2.23	34.117.121.53
Dec 27, 2024 21:00:28.101238966 CET	39322	443	192.168.2.23	34.117.121.53
Dec 27, 2024 21:00:28.101248026 CET	443	39322	34.117.121.53	192.168.2.23
Dec 27, 2024 21:00:28.101286888 CET	39322	443	192.168.2.23	34.117.121.53
Dec 27, 2024 21:00:28.101291895 CET	443	39322	34.117.121.53	192.168.2.23
Dec 27, 2024 21:00:28.101349115 CET	39322	443	192.168.2.23	34.117.121.53
Dec 27, 2024 21:00:28.109419107 CET	443	39322	34.117.121.53	192.168.2.23
Dec 27, 2024 21:00:28.109461069 CET	39322	443	192.168.2.23	34.117.121.53
Dec 27, 2024 21:00:28.118067980 CET	443	39322	34.117.121.53	192.168.2.23
Dec 27, 2024 21:00:28.118129015 CET	39322	443	192.168.2.23	34.117.121.53
Dec 27, 2024 21:00:28.118165970 CET	443	39322	34.117.121.53	192.168.2.23
Dec 27, 2024 21:00:28.118279934 CET	39322	443	192.168.2.23	34.117.121.53
Dec 27, 2024 21:00:28.126415968 CET	443	39322	34.117.121.53	192.168.2.23
Dec 27, 2024 21:00:28.126533985 CET	39322	443	192.168.2.23	34.117.121.53
Dec 27, 2024 21:00:28.220740080 CET	443	39322	34.117.121.53	192.168.2.23
Dec 27, 2024 21:00:28.220793009 CET	39322	443	192.168.2.23	34.117.121.53
Dec 27, 2024 21:00:28.220810890 CET	443	39322	34.117.121.53	192.168.2.23
Dec 27, 2024 21:00:28.220854044 CET	39322	443	192.168.2.23	34.117.121.53
Dec 27, 2024 21:00:28.220861912 CET	443	39322	34.117.121.53	192.168.2.23
Dec 27, 2024 21:00:28.220880032 CET	443	39322	34.117.121.53	192.168.2.23
Dec 27, 2024 21:00:28.220906019 CET	39322	443	192.168.2.23	34.117.121.53
Dec 27, 2024 21:00:28.223856926 CET	39322	443	192.168.2.23	34.117.121.53
Dec 27, 2024 21:00:28.223856926 CET	39322	443	192.168.2.23	34.117.121.53
Dec 27, 2024 21:00:28.223871946 CET	443	39322	34.117.121.53	192.168.2.23
Dec 27, 2024 21:00:28.610328913 CET	42516	80	192.168.2.23	109.202.202.202
Dec 27, 2024 21:00:28.686959028 CET	36572	443	192.168.2.23	34.149.100.209
Dec 27, 2024 21:00:28.686999083 CET	443	36572	34.149.100.209	192.168.2.23
Dec 27, 2024 21:00:28.687056065 CET	36572	443	192.168.2.23	34.149.100.209
Dec 27, 2024 21:00:28.692553043 CET	36572	443	192.168.2.23	34.149.100.209
Dec 27, 2024 21:00:28.692564964 CET	443	36572	34.149.100.209	192.168.2.23
Dec 27, 2024 21:00:28.829076052 CET	443	40914	34.107.243.93	192.168.2.23
Dec 27, 2024 21:00:28.829200029 CET	40914	443	192.168.2.23	34.107.243.93
Dec 27, 2024 21:00:28.830110073 CET	40914	443	192.168.2.23	34.107.243.93
Dec 27, 2024 21:00:28.830118895 CET	443	40914	34.107.243.93	192.168.2.23
Dec 27, 2024 21:00:28.830187082 CET	443	40914	34.107.243.93	192.168.2.23
Dec 27, 2024 21:00:28.830255032 CET	40914	443	192.168.2.23	34.107.243.93
Dec 27, 2024 21:00:28.893106937 CET	40914	443	192.168.2.23	34.107.243.93
Dec 27, 2024 21:00:28.935364008 CET	443	40914	34.107.243.93	192.168.2.23
Dec 27, 2024 21:00:29.340722084 CET	443	40914	34.107.243.93	192.168.2.23
Dec 27, 2024 21:00:29.340810061 CET	443	40914	34.107.243.93	192.168.2.23
Dec 27, 2024 21:00:29.340821981 CET	40914	443	192.168.2.23	34.107.243.93
Dec 27, 2024 21:00:29.366566896 CET	40914	443	192.168.2.23	34.107.243.93
Dec 27, 2024 21:00:29.366566896 CET	40914	443	192.168.2.23	34.107.243.93
Dec 27, 2024 21:00:29.366585970 CET	443	40914	34.107.243.93	192.168.2.23
Dec 27, 2024 21:00:29.949045897 CET	443	36572	34.149.100.209	192.168.2.23
Dec 27, 2024 21:00:29.949203968 CET	36572	443	192.168.2.23	34.149.100.209
Dec 27, 2024 21:00:29.950099945 CET	36572	443	192.168.2.23	34.149.100.209
Dec 27, 2024 21:00:29.950109959 CET	443	36572	34.149.100.209	192.168.2.23
Dec 27, 2024 21:00:29.950176954 CET	443	36572	34.149.100.209	192.168.2.23
Dec 27, 2024 21:00:29.950233936 CET	36572	443	192.168.2.23	34.149.100.209
Dec 27, 2024 21:00:34.056956053 CET	36572	443	192.168.2.23	34.149.100.209
Dec 27, 2024 21:00:34.056956053 CET	36572	443	192.168.2.23	34.149.100.209
Dec 27, 2024 21:00:34.057208061 CET	443	36572	34.149.100.209	192.168.2.23
Dec 27, 2024 21:00:34.057250023 CET	443	36572	34.149.100.209	192.168.2.23
Dec 27, 2024 21:00:34.057279110 CET	36572	443	192.168.2.23	34.149.100.209
Dec 27, 2024 21:00:34.057300091 CET	36572	443	192.168.2.23	34.149.100.209
Dec 27, 2024 21:00:39.375577927 CET	40918	443	192.168.2.23	34.107.243.93
Dec 27, 2024 21:00:39.375612020 CET	443	40918	34.107.243.93	192.168.2.23
Dec 27, 2024 21:00:39.375655890 CET	40918	443	192.168.2.23	34.107.243.93
Dec 27, 2024 21:00:39.384982109 CET	40918	443	192.168.2.23	34.107.243.93
Dec 27, 2024 21:00:39.384995937 CET	443	40918	34.107.243.93	192.168.2.23
Dec 27, 2024 21:00:40.641226053 CET	443	40918	34.107.243.93	192.168.2.23
Dec 27, 2024 21:00:40.641294003 CET	40918	443	192.168.2.23	34.107.243.93
Dec 27, 2024 21:00:40.642245054 CET	40918	443	192.168.2.23	34.107.243.93
Dec 27, 2024 21:00:40.642251968 CET	443	40918	34.107.243.93	192.168.2.23
Dec 27, 2024 21:00:40.642318010 CET	443	40918	34.107.243.93	192.168.2.23
Dec 27, 2024 21:00:40.642359972 CET	40918	443	192.168.2.23	34.107.243.93
Dec 27, 2024 21:00:40.650883913 CET	40918	443	192.168.2.23	34.107.243.93
Dec 27, 2024 21:00:40.695324898 CET	443	40918	34.107.243.93	192.168.2.23
Dec 27, 2024 21:00:41.148876905 CET	443	40918	34.107.243.93	192.168.2.23
Dec 27, 2024 21:00:41.148931026 CET	443	40918	34.107.243.93	192.168.2.23
Dec 27, 2024 21:00:41.148963928 CET	40918	443	192.168.2.23	34.107.243.93
Dec 27, 2024 21:00:41.169218063 CET	40918	443	192.168.2.23	34.107.243.93
Dec 27, 2024 21:00:41.169218063 CET	40918	443	192.168.2.23	34.107.243.93
Dec 27, 2024 21:00:41.169234991 CET	443	40918	34.107.243.93	192.168.2.23
Dec 27, 2024 21:00:53.183017015 CET	43928	443	192.168.2.23	91.189.91.42
Dec 27, 2024 21:01:01.183037996 CET	40920	443	192.168.2.23	34.107.243.93
Dec 27, 2024 21:01:01.183063984 CET	443	40920	34.107.243.93	192.168.2.23
Dec 27, 2024 21:01:01.183116913 CET	40920	443	192.168.2.23	34.107.243.93
Dec 27, 2024 21:01:01.194048882 CET	40920	443	192.168.2.23	34.107.243.93
Dec 27, 2024 21:01:01.194062948 CET	443	40920	34.107.243.93	192.168.2.23
Dec 27, 2024 21:01:02.408390045 CET	443	40920	34.107.243.93	192.168.2.23
Dec 27, 2024 21:01:02.408592939 CET	40920	443	192.168.2.23	34.107.243.93
Dec 27, 2024 21:01:02.409631968 CET	40920	443	192.168.2.23	34.107.243.93
Dec 27, 2024 21:01:02.409637928 CET	443	40920	34.107.243.93	192.168.2.23
Dec 27, 2024 21:01:02.409693003 CET	443	40920	34.107.243.93	192.168.2.23
Dec 27, 2024 21:01:02.409734011 CET	40920	443	192.168.2.23	34.107.243.93
Dec 27, 2024 21:01:02.418234110 CET	40920	443	192.168.2.23	34.107.243.93
Dec 27, 2024 21:01:02.459336042 CET	443	40920	34.107.243.93	192.168.2.23
Dec 27, 2024 21:01:02.901612043 CET	443	40920	34.107.243.93	192.168.2.23
Dec 27, 2024 21:01:02.901722908 CET	40920	443	192.168.2.23	34.107.243.93
Dec 27, 2024 21:01:02.901731014 CET	443	40920	34.107.243.93	192.168.2.23
Dec 27, 2024 21:01:02.901773930 CET	40920	443	192.168.2.23	34.107.243.93
Dec 27, 2024 21:01:02.901781082 CET	443	40920	34.107.243.93	192.168.2.23
Dec 27, 2024 21:01:02.901815891 CET	443	40920	34.107.243.93	192.168.2.23
Dec 27, 2024 21:01:02.901823044 CET	40920	443	192.168.2.23	34.107.243.93
Dec 27, 2024 21:01:02.919729948 CET	40920	443	192.168.2.23	34.107.243.93
Dec 27, 2024 21:01:02.919744015 CET	443	40920	34.107.243.93	192.168.2.23
Dec 27, 2024 21:01:02.919755936 CET	40920	443	192.168.2.23	34.107.243.93
Dec 27, 2024 21:01:02.919760942 CET	443	40920	34.107.243.93	192.168.2.23
Dec 27, 2024 21:01:43.059113979 CET	40922	443	192.168.2.23	34.107.243.93
Dec 27, 2024 21:01:43.059164047 CET	443	40922	34.107.243.93	192.168.2.23
Dec 27, 2024 21:01:43.059211016 CET	40922	443	192.168.2.23	34.107.243.93
Dec 27, 2024 21:01:43.075596094 CET	40922	443	192.168.2.23	34.107.243.93
Dec 27, 2024 21:01:43.075611115 CET	443	40922	34.107.243.93	192.168.2.23
Dec 27, 2024 21:01:44.287210941 CET	443	40922	34.107.243.93	192.168.2.23
Dec 27, 2024 21:01:44.287302971 CET	40922	443	192.168.2.23	34.107.243.93
Dec 27, 2024 21:01:44.288856983 CET	40922	443	192.168.2.23	34.107.243.93
Dec 27, 2024 21:01:44.288867950 CET	443	40922	34.107.243.93	192.168.2.23
Dec 27, 2024 21:01:44.288934946 CET	443	40922	34.107.243.93	192.168.2.23
Dec 27, 2024 21:01:44.288969994 CET	40922	443	192.168.2.23	34.107.243.93
Dec 27, 2024 21:01:44.298028946 CET	40922	443	192.168.2.23	34.107.243.93
Dec 27, 2024 21:01:44.343336105 CET	443	40922	34.107.243.93	192.168.2.23
Dec 27, 2024 21:01:44.782054901 CET	443	40922	34.107.243.93	192.168.2.23
Dec 27, 2024 21:01:44.782123089 CET	443	40922	34.107.243.93	192.168.2.23
Dec 27, 2024 21:01:44.782277107 CET	40922	443	192.168.2.23	34.107.243.93
Dec 27, 2024 21:01:44.806472063 CET	40922	443	192.168.2.23	34.107.243.93
Dec 27, 2024 21:01:44.806504011 CET	443	40922	34.107.243.93	192.168.2.23
Dec 27, 2024 21:01:44.806519985 CET	40922	443	192.168.2.23	34.107.243.93
Dec 27, 2024 21:01:44.806526899 CET	443	40922	34.107.243.93	192.168.2.23

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 27, 2024 21:00:02.972537041 CET	53628	53	192.168.2.23	1.1.1.1
Dec 27, 2024 21:00:02.972584009 CET	55099	53	192.168.2.23	1.1.1.1
Dec 27, 2024 21:00:03.173437119 CET	46073	53	192.168.2.23	1.1.1.1
Dec 27, 2024 21:00:03.173481941 CET	54049	53	192.168.2.23	1.1.1.1
Dec 27, 2024 21:00:03.310875893 CET	53	46073	1.1.1.1	192.168.2.23
Dec 27, 2024 21:00:03.314990044 CET	53	54049	1.1.1.1	192.168.2.23
Dec 27, 2024 21:00:08.817373037 CET	42460	443	192.168.2.23	13.107.138.10
Dec 27, 2024 21:00:09.164727926 CET	42460	443	192.168.2.23	13.107.138.10
Dec 27, 2024 21:00:09.164727926 CET	42460	443	192.168.2.23	13.107.138.10
Dec 27, 2024 21:00:09.787520885 CET	42460	443	192.168.2.23	13.107.138.10
Dec 27, 2024 21:00:09.787520885 CET	42460	443	192.168.2.23	13.107.138.10
Dec 27, 2024 21:00:09.909653902 CET	443	42460	13.107.138.10	192.168.2.23
Dec 27, 2024 21:00:09.909979105 CET	42460	443	192.168.2.23	13.107.138.10
Dec 27, 2024 21:00:10.110662937 CET	443	42460	13.107.138.10	192.168.2.23
Dec 27, 2024 21:00:10.218907118 CET	42460	443	192.168.2.23	13.107.138.10
Dec 27, 2024 21:00:10.218907118 CET	42460	443	192.168.2.23	13.107.138.10
Dec 27, 2024 21:00:10.233562946 CET	443	42460	13.107.138.10	192.168.2.23
Dec 27, 2024 21:00:10.233761072 CET	42460	443	192.168.2.23	13.107.138.10
Dec 27, 2024 21:00:14.443967104 CET	36894	53	192.168.2.23	1.1.1.1
Dec 27, 2024 21:00:14.444010973 CET	57322	53	192.168.2.23	1.1.1.1
Dec 27, 2024 21:00:14.813688993 CET	53	57322	1.1.1.1	192.168.2.23
Dec 27, 2024 21:00:14.815907001 CET	53	36894	1.1.1.1	192.168.2.23
Dec 27, 2024 21:00:19.429049015 CET	58793	53	192.168.2.23	1.1.1.1
Dec 27, 2024 21:00:19.429109097 CET	39500	53	192.168.2.23	1.1.1.1
Dec 27, 2024 21:00:20.202869892 CET	53	39500	1.1.1.1	192.168.2.23
Dec 27, 2024 21:00:20.202934980 CET	53	58793	1.1.1.1	192.168.2.23
Dec 27, 2024 21:00:20.279335976 CET	33282	53	192.168.2.23	1.1.1.1
Dec 27, 2024 21:00:20.416464090 CET	53	33282	1.1.1.1	192.168.2.23
Dec 27, 2024 21:00:21.148833036 CET	55769	53	192.168.2.23	1.1.1.1
Dec 27, 2024 21:00:21.285861969 CET	53	55769	1.1.1.1	192.168.2.23
Dec 27, 2024 21:00:21.731499910 CET	47410	53	192.168.2.23	1.1.1.1
Dec 27, 2024 21:00:21.731547117 CET	47037	53	192.168.2.23	1.1.1.1
Dec 27, 2024 21:00:21.868674994 CET	53	47037	1.1.1.1	192.168.2.23
Dec 27, 2024 21:00:21.868870020 CET	48398	53	192.168.2.23	1.1.1.1
Dec 27, 2024 21:00:21.870346069 CET	53	47410	1.1.1.1	192.168.2.23
Dec 27, 2024 21:00:22.006741047 CET	53	48398	1.1.1.1	192.168.2.23
Dec 27, 2024 21:00:23.343631983 CET	35188	53	192.168.2.23	1.1.1.1
Dec 27, 2024 21:00:23.480792999 CET	53	35188	1.1.1.1	192.168.2.23
Dec 27, 2024 21:00:25.762991905 CET	40443	53	192.168.2.23	1.1.1.1
Dec 27, 2024 21:00:25.763022900 CET	56722	53	192.168.2.23	1.1.1.1
Dec 27, 2024 21:00:25.983129025 CET	53	40443	1.1.1.1	192.168.2.23
Dec 27, 2024 21:00:26.195677996 CET	53	56722	1.1.1.1	192.168.2.23
Dec 27, 2024 21:00:26.195970058 CET	55974	53	192.168.2.23	1.1.1.1
Dec 27, 2024 21:00:26.333117008 CET	53	55974	1.1.1.1	192.168.2.23
Dec 27, 2024 21:00:27.460105896 CET	60221	53	192.168.2.23	1.1.1.1
Dec 27, 2024 21:00:27.597023964 CET	53	60221	1.1.1.1	192.168.2.23
Dec 27, 2024 21:00:35.730156898 CET	44846	53	192.168.2.23	1.1.1.1
Dec 27, 2024 21:00:35.730202913 CET	59968	53	192.168.2.23	1.1.1.1
Dec 27, 2024 21:00:35.730338097 CET	55165	53	192.168.2.23	1.1.1.1
Dec 27, 2024 21:00:35.730338097 CET	34147	53	192.168.2.23	1.1.1.1
Dec 27, 2024 21:00:35.755067110 CET	56741	53	192.168.2.23	1.1.1.1
Dec 27, 2024 21:00:35.755067110 CET	59387	53	192.168.2.23	1.1.1.1
Dec 27, 2024 21:00:35.867785931 CET	53	55165	1.1.1.1	192.168.2.23
Dec 27, 2024 21:00:35.869846106 CET	53	44846	1.1.1.1	192.168.2.23
Dec 27, 2024 21:00:35.869879007 CET	53	59968	1.1.1.1	192.168.2.23
Dec 27, 2024 21:00:35.876784086 CET	43158	53	192.168.2.23	1.1.1.1
Dec 27, 2024 21:00:35.876816034 CET	36715	53	192.168.2.23	1.1.1.1
Dec 27, 2024 21:00:35.892466068 CET	53	59387	1.1.1.1	192.168.2.23
Dec 27, 2024 21:00:35.893085003 CET	53	56741	1.1.1.1	192.168.2.23
Dec 27, 2024 21:00:36.014072895 CET	53	43158	1.1.1.1	192.168.2.23
Dec 27, 2024 21:00:36.014106989 CET	53	36715	1.1.1.1	192.168.2.23
Dec 27, 2024 21:00:36.022213936 CET	53	34147	1.1.1.1	192.168.2.23
Dec 27, 2024 21:00:36.056493044 CET	49387	53	192.168.2.23	1.1.1.1
Dec 27, 2024 21:00:36.056535959 CET	59480	53	192.168.2.23	1.1.1.1
Dec 27, 2024 21:00:36.063338995 CET	51239	53	192.168.2.23	1.1.1.1
Dec 27, 2024 21:00:36.063379049 CET	58899	53	192.168.2.23	1.1.1.1
Dec 27, 2024 21:00:36.194508076 CET	53	59480	1.1.1.1	192.168.2.23
Dec 27, 2024 21:00:36.194736958 CET	32894	53	192.168.2.23	1.1.1.1
Dec 27, 2024 21:00:36.196580887 CET	53	49387	1.1.1.1	192.168.2.23
Dec 27, 2024 21:00:36.200263023 CET	53	58899	1.1.1.1	192.168.2.23
Dec 27, 2024 21:00:36.200572968 CET	53	51239	1.1.1.1	192.168.2.23
Dec 27, 2024 21:00:36.398752928 CET	53	32894	1.1.1.1	192.168.2.23
Dec 27, 2024 21:00:39.363457918 CET	42898	53	192.168.2.23	1.1.1.1
Dec 27, 2024 21:00:39.500818014 CET	53	42898	1.1.1.1	192.168.2.23
Dec 27, 2024 21:01:01.168637037 CET	48226	53	192.168.2.23	1.1.1.1
Dec 27, 2024 21:01:01.306004047 CET	53	48226	1.1.1.1	192.168.2.23
Dec 27, 2024 21:01:42.916232109 CET	56361	53	192.168.2.23	1.1.1.1
Dec 27, 2024 21:01:42.916280031 CET	34026	53	192.168.2.23	1.1.1.1
Dec 27, 2024 21:01:43.054467916 CET	53	34026	1.1.1.1	192.168.2.23
Dec 27, 2024 21:01:43.055290937 CET	53	56361	1.1.1.1	192.168.2.23

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 27, 2024 21:00:02.972537041 CET	192.168.2.23	1.1.1.1	0xc85d	Standard query (0)	greensofttech1-my.sharepoint.com	A (IP address)	IN (0x0001)	false
Dec 27, 2024 21:00:02.972584009 CET	192.168.2.23	1.1.1.1	0x8d6e	Standard query (0)	greensofttech1-my.sharepoint.com	28	IN (0x0001)	false
Dec 27, 2024 21:00:03.173437119 CET	192.168.2.23	1.1.1.1	0x7b80	Standard query (0)	content-signature-2.cdn.mozilla.net	A (IP address)	IN (0x0001)	false
Dec 27, 2024 21:00:03.173481941 CET	192.168.2.23	1.1.1.1	0xe584	Standard query (0)	content-signature-2.cdn.mozilla.net	28	IN (0x0001)	false
Dec 27, 2024 21:00:14.443967104 CET	192.168.2.23	1.1.1.1	0xc997	Standard query (0)	nam12.safelinks.protection.outlook.com	A (IP address)	IN (0x0001)	false
Dec 27, 2024 21:00:14.444010973 CET	192.168.2.23	1.1.1.1	0xd4f9	Standard query (0)	nam12.safelinks.protection.outlook.com	28	IN (0x0001)	false
Dec 27, 2024 21:00:19.429049015 CET	192.168.2.23	1.1.1.1	0x27c1	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Dec 27, 2024 21:00:19.429109097 CET	192.168.2.23	1.1.1.1	0x7fdd	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false
Dec 27, 2024 21:00:20.279335976 CET	192.168.2.23	1.1.1.1	0x11dc	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false
Dec 27, 2024 21:00:21.148833036 CET	192.168.2.23	1.1.1.1	0xb969	Standard query (0)	telemetry-incoming.r53-2.services.mozilla.com	28	IN (0x0001)	false
Dec 27, 2024 21:00:21.731499910 CET	192.168.2.23	1.1.1.1	0x7e1c	Standard query (0)	firefox.settings.services.mozilla.com	A (IP address)	IN (0x0001)	false
Dec 27, 2024 21:00:21.731547117 CET	192.168.2.23	1.1.1.1	0x110a	Standard query (0)	firefox.settings.services.mozilla.com	28	IN (0x0001)	false
Dec 27, 2024 21:00:21.868870020 CET	192.168.2.23	1.1.1.1	0x881	Standard query (0)	prod.remote-settings.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 27, 2024 21:00:23.343631983 CET	192.168.2.23	1.1.1.1	0xd012	Standard query (0)	prod.balrog.prod.cloudops.mozgcp.net	28	IN (0x0001)	false
Dec 27, 2024 21:00:25.762991905 CET	192.168.2.23	1.1.1.1	0xc94b	Standard query (0)	firefox-settings-attachments.cdn.mozilla.net	A (IP address)	IN (0x0001)	false
Dec 27, 2024 21:00:25.763022900 CET	192.168.2.23	1.1.1.1	0xa7a	Standard query (0)	firefox-settings-attachments.cdn.mozilla.net	28	IN (0x0001)	false
Dec 27, 2024 21:00:26.195970058 CET	192.168.2.23	1.1.1.1	0xace3	Standard query (0)	attachments.prod.remote-settings.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 27, 2024 21:00:27.460105896 CET	192.168.2.23	1.1.1.1	0x3dd7	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false
Dec 27, 2024 21:00:35.730156898 CET	192.168.2.23	1.1.1.1	0x536f	Standard query (0)	www.wikipedia.org	A (IP address)	IN (0x0001)	false
Dec 27, 2024 21:00:35.730202913 CET	192.168.2.23	1.1.1.1	0xa513	Standard query (0)	www.wikipedia.org	28	IN (0x0001)	false
Dec 27, 2024 21:00:35.730338097 CET	192.168.2.23	1.1.1.1	0xd90e	Standard query (0)	www.example.com	A (IP address)	IN (0x0001)	false
Dec 27, 2024 21:00:35.730338097 CET	192.168.2.23	1.1.1.1	0x69e0	Standard query (0)	www.example.com	28	IN (0x0001)	false
Dec 27, 2024 21:00:35.755067110 CET	192.168.2.23	1.1.1.1	0x4504	Standard query (0)	www.youtube.com	A (IP address)	IN (0x0001)	false
Dec 27, 2024 21:00:35.755067110 CET	192.168.2.23	1.1.1.1	0x927c	Standard query (0)	www.youtube.com	28	IN (0x0001)	false
Dec 27, 2024 21:00:35.876784086 CET	192.168.2.23	1.1.1.1	0xbf9	Standard query (0)	www.facebook.com	A (IP address)	IN (0x0001)	false
Dec 27, 2024 21:00:35.876816034 CET	192.168.2.23	1.1.1.1	0x671e	Standard query (0)	www.facebook.com	28	IN (0x0001)	false
Dec 27, 2024 21:00:36.056493044 CET	192.168.2.23	1.1.1.1	0xff7b	Standard query (0)	www.reddit.com	A (IP address)	IN (0x0001)	false
Dec 27, 2024 21:00:36.056535959 CET	192.168.2.23	1.1.1.1	0xb34c	Standard query (0)	www.reddit.com	28	IN (0x0001)	false
Dec 27, 2024 21:00:36.063338995 CET	192.168.2.23	1.1.1.1	0x42f2	Standard query (0)	twitter.com	A (IP address)	IN (0x0001)	false
Dec 27, 2024 21:00:36.063379049 CET	192.168.2.23	1.1.1.1	0x933c	Standard query (0)	twitter.com	28	IN (0x0001)	false
Dec 27, 2024 21:00:36.194736958 CET	192.168.2.23	1.1.1.1	0x20aa	Standard query (0)	reddit.map.fastly.net	28	IN (0x0001)	false
Dec 27, 2024 21:00:39.363457918 CET	192.168.2.23	1.1.1.1	0x82d4	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false
Dec 27, 2024 21:01:01.168637037 CET	192.168.2.23	1.1.1.1	0xf798	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false
Dec 27, 2024 21:01:42.916232109 CET	192.168.2.23	1.1.1.1	0xfbc9	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Dec 27, 2024 21:01:42.916280031 CET	192.168.2.23	1.1.1.1	0xd86a	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 27, 2024 21:00:03.310875893 CET	1.1.1.1	192.168.2.23	0x7b80	No error (0)	content-signature-2.cdn.mozilla.net	content-signature-chains.prod.autograph.services.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 27, 2024 21:00:03.310875893 CET	1.1.1.1	192.168.2.23	0x7b80	No error (0)	content-signature-chains.prod.autograph.services.mozaws.net	prod.content-signature-chains.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 27, 2024 21:00:03.310875893 CET	1.1.1.1	192.168.2.23	0x7b80	No error (0)	prod.content-signature-chains.prod.webservices.mozgcp.net		34.160.144.191	A (IP address)	IN (0x0001)	false
Dec 27, 2024 21:00:03.314990044 CET	1.1.1.1	192.168.2.23	0xe584	No error (0)	content-signature-2.cdn.mozilla.net	content-signature-chains.prod.autograph.services.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 27, 2024 21:00:03.314990044 CET	1.1.1.1	192.168.2.23	0xe584	No error (0)	content-signature-chains.prod.autograph.services.mozaws.net	prod.content-signature-chains.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 27, 2024 21:00:03.314990044 CET	1.1.1.1	192.168.2.23	0xe584	No error (0)	prod.content-signature-chains.prod.webservices.mozgcp.net			28	IN (0x0001)	false
Dec 27, 2024 21:00:03.723140955 CET	1.1.1.1	192.168.2.23	0x8d6e	No error (0)	greensofttech1-my.sharepoint.com	greensofttech1.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 27, 2024 21:00:03.723140955 CET	1.1.1.1	192.168.2.23	0x8d6e	No error (0)	greensofttech1.sharepoint.com	96-ipv4v6e.clump.dprodmgd105.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 27, 2024 21:00:03.723140955 CET	1.1.1.1	192.168.2.23	0x8d6e	No error (0)	96-ipv4v6e.clump.dprodmgd105.aa-rt.sharepoint.com	193246-ipv4v6e.farm.dprodmgd105.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 27, 2024 21:00:03.723140955 CET	1.1.1.1	192.168.2.23	0x8d6e	No error (0)	193246-ipv4v6e.farm.dprodmgd105.aa-rt.sharepoint.com	193246-ipv4v6e.farm.dprodmgd105.sharepointonline.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 27, 2024 21:00:03.723140955 CET	1.1.1.1	192.168.2.23	0x8d6e	No error (0)	193246-ipv4v6.farm.dprodmgd105.aa-rt.sharepoint.com.dual-spo-0005.spo-msedge.net	dual-spo-0005.spo-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 27, 2024 21:00:03.723140955 CET	1.1.1.1	192.168.2.23	0x8d6e	No error (0)	dual-spo-0005.spo-msedge.net			28	IN (0x0001)	false
Dec 27, 2024 21:00:03.723140955 CET	1.1.1.1	192.168.2.23	0x8d6e	No error (0)	dual-spo-0005.spo-msedge.net			28	IN (0x0001)	false
Dec 27, 2024 21:00:03.745049953 CET	1.1.1.1	192.168.2.23	0xc85d	No error (0)	greensofttech1-my.sharepoint.com	greensofttech1.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 27, 2024 21:00:03.745049953 CET	1.1.1.1	192.168.2.23	0xc85d	No error (0)	greensofttech1.sharepoint.com	96-ipv4v6e.clump.dprodmgd105.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 27, 2024 21:00:03.745049953 CET	1.1.1.1	192.168.2.23	0xc85d	No error (0)	96-ipv4v6e.clump.dprodmgd105.aa-rt.sharepoint.com	193246-ipv4v6e.farm.dprodmgd105.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 27, 2024 21:00:03.745049953 CET	1.1.1.1	192.168.2.23	0xc85d	No error (0)	193246-ipv4v6e.farm.dprodmgd105.aa-rt.sharepoint.com	193246-ipv4v6e.farm.dprodmgd105.sharepointonline.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 27, 2024 21:00:03.745049953 CET	1.1.1.1	192.168.2.23	0xc85d	No error (0)	193246-ipv4v6.farm.dprodmgd105.aa-rt.sharepoint.com.dual-spo-0005.spo-msedge.net	dual-spo-0005.spo-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 27, 2024 21:00:03.745049953 CET	1.1.1.1	192.168.2.23	0xc85d	No error (0)	dual-spo-0005.spo-msedge.net		13.107.136.10	A (IP address)	IN (0x0001)	false
Dec 27, 2024 21:00:03.745049953 CET	1.1.1.1	192.168.2.23	0xc85d	No error (0)	dual-spo-0005.spo-msedge.net		13.107.138.10	A (IP address)	IN (0x0001)	false
Dec 27, 2024 21:00:14.813688993 CET	1.1.1.1	192.168.2.23	0xd4f9	No error (0)	nam12.safelinks.protection.outlook.com	nam12.safelinks.eop-tm2.outlook.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 27, 2024 21:00:14.813688993 CET	1.1.1.1	192.168.2.23	0xd4f9	No error (0)	nam12.safelinks.eop-tm2.outlook.com			28	IN (0x0001)	false
Dec 27, 2024 21:00:14.813688993 CET	1.1.1.1	192.168.2.23	0xd4f9	No error (0)	nam12.safelinks.eop-tm2.outlook.com			28	IN (0x0001)	false
Dec 27, 2024 21:00:14.813688993 CET	1.1.1.1	192.168.2.23	0xd4f9	No error (0)	nam12.safelinks.eop-tm2.outlook.com			28	IN (0x0001)	false
Dec 27, 2024 21:00:14.815907001 CET	1.1.1.1	192.168.2.23	0xc997	No error (0)	nam12.safelinks.protection.outlook.com	nam12.safelinks.eop-tm2.outlook.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 27, 2024 21:00:14.815907001 CET	1.1.1.1	192.168.2.23	0xc997	No error (0)	nam12.safelinks.eop-tm2.outlook.com		104.47.59.156	A (IP address)	IN (0x0001)	false
Dec 27, 2024 21:00:14.815907001 CET	1.1.1.1	192.168.2.23	0xc997	No error (0)	nam12.safelinks.eop-tm2.outlook.com		104.47.66.28	A (IP address)	IN (0x0001)	false
Dec 27, 2024 21:00:14.815907001 CET	1.1.1.1	192.168.2.23	0xc997	No error (0)	nam12.safelinks.eop-tm2.outlook.com		104.47.55.156	A (IP address)	IN (0x0001)	false
Dec 27, 2024 21:00:20.202934980 CET	1.1.1.1	192.168.2.23	0x27c1	No error (0)	push.services.mozilla.com		34.107.243.93	A (IP address)	IN (0x0001)	false
Dec 27, 2024 21:00:21.299675941 CET	1.1.1.1	192.168.2.23	0xb6d1	No error (0)	telemetry-incoming.r53-2.services.mozilla.com		34.120.208.123	A (IP address)	IN (0x0001)	false
Dec 27, 2024 21:00:21.868674994 CET	1.1.1.1	192.168.2.23	0x110a	No error (0)	firefox.settings.services.mozilla.com	prod.remote-settings.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 27, 2024 21:00:21.870346069 CET	1.1.1.1	192.168.2.23	0x7e1c	No error (0)	firefox.settings.services.mozilla.com	prod.remote-settings.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 27, 2024 21:00:21.870346069 CET	1.1.1.1	192.168.2.23	0x7e1c	No error (0)	prod.remote-settings.prod.webservices.mozgcp.net		34.149.100.209	A (IP address)	IN (0x0001)	false
Dec 27, 2024 21:00:23.341984987 CET	1.1.1.1	192.168.2.23	0xd241	No error (0)	balrog-aus5.r53-2.services.mozilla.com	prod.balrog.prod.cloudops.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 27, 2024 21:00:23.341984987 CET	1.1.1.1	192.168.2.23	0xd241	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Dec 27, 2024 21:00:23.343437910 CET	1.1.1.1	192.168.2.23	0x9e9e	No error (0)	balrog-aus5.r53-2.services.mozilla.com	prod.balrog.prod.cloudops.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 27, 2024 21:00:25.983129025 CET	1.1.1.1	192.168.2.23	0xc94b	No error (0)	firefox-settings-attachments.cdn.mozilla.net	attachments.prod.remote-settings.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 27, 2024 21:00:25.983129025 CET	1.1.1.1	192.168.2.23	0xc94b	No error (0)	attachments.prod.remote-settings.prod.webservices.mozgcp.net		34.117.121.53	A (IP address)	IN (0x0001)	false
Dec 27, 2024 21:00:26.195677996 CET	1.1.1.1	192.168.2.23	0xa7a	No error (0)	firefox-settings-attachments.cdn.mozilla.net	attachments.prod.remote-settings.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 27, 2024 21:00:35.867785931 CET	1.1.1.1	192.168.2.23	0xd90e	No error (0)	www.example.com		93.184.215.14	A (IP address)	IN (0x0001)	false
Dec 27, 2024 21:00:35.869846106 CET	1.1.1.1	192.168.2.23	0x536f	No error (0)	www.wikipedia.org	dyna.wikimedia.org		CNAME (Canonical name)	IN (0x0001)	false
Dec 27, 2024 21:00:35.869846106 CET	1.1.1.1	192.168.2.23	0x536f	No error (0)	dyna.wikimedia.org		185.15.58.224	A (IP address)	IN (0x0001)	false
Dec 27, 2024 21:00:35.869879007 CET	1.1.1.1	192.168.2.23	0xa513	No error (0)	www.wikipedia.org	dyna.wikimedia.org		CNAME (Canonical name)	IN (0x0001)	false
Dec 27, 2024 21:00:35.869879007 CET	1.1.1.1	192.168.2.23	0xa513	No error (0)	dyna.wikimedia.org			28	IN (0x0001)	false
Dec 27, 2024 21:00:35.892466068 CET	1.1.1.1	192.168.2.23	0x927c	No error (0)	www.youtube.com	youtube-ui.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 27, 2024 21:00:35.892466068 CET	1.1.1.1	192.168.2.23	0x927c	No error (0)	youtube-ui.l.google.com			28	IN (0x0001)	false
Dec 27, 2024 21:00:35.892466068 CET	1.1.1.1	192.168.2.23	0x927c	No error (0)	youtube-ui.l.google.com			28	IN (0x0001)	false
Dec 27, 2024 21:00:35.892466068 CET	1.1.1.1	192.168.2.23	0x927c	No error (0)	youtube-ui.l.google.com			28	IN (0x0001)	false
Dec 27, 2024 21:00:35.892466068 CET	1.1.1.1	192.168.2.23	0x927c	No error (0)	youtube-ui.l.google.com			28	IN (0x0001)	false
Dec 27, 2024 21:00:35.893085003 CET	1.1.1.1	192.168.2.23	0x4504	No error (0)	www.youtube.com	youtube-ui.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 27, 2024 21:00:35.893085003 CET	1.1.1.1	192.168.2.23	0x4504	No error (0)	youtube-ui.l.google.com		172.217.19.238	A (IP address)	IN (0x0001)	false
Dec 27, 2024 21:00:35.893085003 CET	1.1.1.1	192.168.2.23	0x4504	No error (0)	youtube-ui.l.google.com		142.250.181.46	A (IP address)	IN (0x0001)	false
Dec 27, 2024 21:00:35.893085003 CET	1.1.1.1	192.168.2.23	0x4504	No error (0)	youtube-ui.l.google.com		142.250.181.142	A (IP address)	IN (0x0001)	false
Dec 27, 2024 21:00:35.893085003 CET	1.1.1.1	192.168.2.23	0x4504	No error (0)	youtube-ui.l.google.com		142.250.181.110	A (IP address)	IN (0x0001)	false
Dec 27, 2024 21:00:35.893085003 CET	1.1.1.1	192.168.2.23	0x4504	No error (0)	youtube-ui.l.google.com		172.217.19.14	A (IP address)	IN (0x0001)	false
Dec 27, 2024 21:00:35.893085003 CET	1.1.1.1	192.168.2.23	0x4504	No error (0)	youtube-ui.l.google.com		142.250.181.78	A (IP address)	IN (0x0001)	false
Dec 27, 2024 21:00:35.893085003 CET	1.1.1.1	192.168.2.23	0x4504	No error (0)	youtube-ui.l.google.com		172.217.17.78	A (IP address)	IN (0x0001)	false
Dec 27, 2024 21:00:35.893085003 CET	1.1.1.1	192.168.2.23	0x4504	No error (0)	youtube-ui.l.google.com		172.217.19.206	A (IP address)	IN (0x0001)	false
Dec 27, 2024 21:00:35.893085003 CET	1.1.1.1	192.168.2.23	0x4504	No error (0)	youtube-ui.l.google.com		216.58.208.238	A (IP address)	IN (0x0001)	false
Dec 27, 2024 21:00:35.893085003 CET	1.1.1.1	192.168.2.23	0x4504	No error (0)	youtube-ui.l.google.com		172.217.21.46	A (IP address)	IN (0x0001)	false
Dec 27, 2024 21:00:35.893085003 CET	1.1.1.1	192.168.2.23	0x4504	No error (0)	youtube-ui.l.google.com		172.217.19.174	A (IP address)	IN (0x0001)	false
Dec 27, 2024 21:00:35.893085003 CET	1.1.1.1	192.168.2.23	0x4504	No error (0)	youtube-ui.l.google.com		172.217.17.46	A (IP address)	IN (0x0001)	false
Dec 27, 2024 21:00:36.014072895 CET	1.1.1.1	192.168.2.23	0xbf9	No error (0)	www.facebook.com	star-mini.c10r.facebook.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 27, 2024 21:00:36.014072895 CET	1.1.1.1	192.168.2.23	0xbf9	No error (0)	star-mini.c10r.facebook.com		157.240.252.35	A (IP address)	IN (0x0001)	false
Dec 27, 2024 21:00:36.014106989 CET	1.1.1.1	192.168.2.23	0x671e	No error (0)	www.facebook.com	star-mini.c10r.facebook.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 27, 2024 21:00:36.014106989 CET	1.1.1.1	192.168.2.23	0x671e	No error (0)	star-mini.c10r.facebook.com			28	IN (0x0001)	false
Dec 27, 2024 21:00:36.022213936 CET	1.1.1.1	192.168.2.23	0x69e0	No error (0)	www.example.com			28	IN (0x0001)	false
Dec 27, 2024 21:00:36.194508076 CET	1.1.1.1	192.168.2.23	0xb34c	No error (0)	www.reddit.com	reddit.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 27, 2024 21:00:36.196580887 CET	1.1.1.1	192.168.2.23	0xff7b	No error (0)	www.reddit.com	reddit.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 27, 2024 21:00:36.196580887 CET	1.1.1.1	192.168.2.23	0xff7b	No error (0)	reddit.map.fastly.net		151.101.1.140	A (IP address)	IN (0x0001)	false
Dec 27, 2024 21:00:36.196580887 CET	1.1.1.1	192.168.2.23	0xff7b	No error (0)	reddit.map.fastly.net		151.101.65.140	A (IP address)	IN (0x0001)	false
Dec 27, 2024 21:00:36.196580887 CET	1.1.1.1	192.168.2.23	0xff7b	No error (0)	reddit.map.fastly.net		151.101.193.140	A (IP address)	IN (0x0001)	false
Dec 27, 2024 21:00:36.196580887 CET	1.1.1.1	192.168.2.23	0xff7b	No error (0)	reddit.map.fastly.net		151.101.129.140	A (IP address)	IN (0x0001)	false
Dec 27, 2024 21:00:36.200572968 CET	1.1.1.1	192.168.2.23	0x42f2	No error (0)	twitter.com		104.244.42.193	A (IP address)	IN (0x0001)	false
Dec 27, 2024 21:01:43.055290937 CET	1.1.1.1	192.168.2.23	0xfbc9	No error (0)	push.services.mozilla.com		34.107.243.93	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

content-signature-2.cdn.mozilla.net

greensofttech1-my.sharepoint.com

nam12.safelinks.protection.outlook.com

push.services.mozilla.com

https:

firefox.settings.services.mozilla.com

firefox-settings-attachments.cdn.mozilla.net

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.23	38690	34.160.144.191	443

Timestamp	Bytes transferred	Direction	Data
2024-12-27 20:00:04 UTC	509	OUT	GET /chains/remote-settings.content-signature.mozilla.org-2021-09-19-15-17-11.chain HTTP/1.1 Host: content-signature-2.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site If-Modified-Since: Sat, 31 Jul 2021 15:17:12 GMT If-None-Match: "8cfd2c8fe1fb0bc900759661d7a6ee89"
2024-12-27 20:00:05 UTC	190	IN	HTTP/1.1 304 Not Modified Date: Fri, 27 Dec 2024 19:04:13 GMT Age: 3351 ETag: "8cfd2c8fe1fb0bc900759661d7a6ee89" Cache-Control: public,max-age=3600 Alt-Svc: clear Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
1	192.168.2.23	51228	13.107.138.10	443

Timestamp	Bytes transferred	Direction	Data
2024-12-27 20:00:05 UTC	926	OUT	GET /:f:/g/personal/stella_huang_greensofttech1_onmicrosoft_com/EuOSopXBEUpFhaHAwqFRDM8BeWLY-Gsl0U9Az2fOy4x80A?e=GhPegT&xsdata=MDV8MDJ8TVB1Z2FAaHljaXRlLmNvbXxjMDM5NmJhZjcxOTM0YzBkMTc3ZDA4ZGQxMzcwNWQ3MnxmYzVjNjhmNjk3ZjM0ZWZlYjY4OWViNWMxMjM0ZjgyMXwwfDB8NjM4Njg4MDk1NTQ0NTA0NzA2fFVua25vd258VFdGcGJHWnNiM2Q4ZXlKRmJYQjBlVTFoY0draU9uUnlkV1VzSWxZaU9pSXdMakF1TURBd01DSXNJbEFpT2lKWGFXNHpNaUlzSWtGT0lqb2lUV0ZwYkNJc0lsZFVJam95ZlE9PXwwfHx8&sdata=SVpsejJNYUlwY213VjNreGxSNU1LaFJXcnpXS3pwWjhYR2k5ZUthLzlsMD0%3d HTTP/1.1 Host: greensofttech1-my.sharepoint.com User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site
2024-12-27 20:00:06 UTC	3081	IN	HTTP/1.1 302 Found Cache-Control: private Content-Length: 1169 Content-Type: text/html; charset=utf-8 Location: https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgreensofttech1-my.sharepoint.com%2F%3Af%3A%2Fg%2Fpersonal%2Fstella_huang_greensofttech1_onmicrosoft_com%2FEuOSopXBEUpFhaHAwqFRDM8BeWLY-Gsl0U9Az2fOy4x80A%3Fe%3DGhPegT&data=05%7C02%7Cmpuga%40hycite.com%7Cc0396baf71934c0d177d08dd13705d72%7Cfc5c68f697f34efeb689eb5c1234f821%7C0%7C0%7C638709264060840847%7CBad%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyLCJBUCI6eyJGSWQiOiIxOTMyNDYiLCJGTGJsIjoiVVNfMjA4X0NvbnRlbnQiLCJHZW8iOiJOQU0iLCJSZXFJZCI6IjEyYmU3MWExLTgwZWYtNzAwMC02MTExLWU4ZDgyODhkMTg5NSIsIk1JZCI6Ijc3Mzc2MzAiLCJNTmFtZSI6IlVTUjE5MzI0Ni0yNDAiLCJDbGllbnRJUCI6IjguNDYuMTIzLjE4OSIsIkNsaWVudC1BZ2VudCI6Ik1vemlsbGEvNS4wIChYMTE7IFVidW50dTsgTGludXggeDg2XzY0OyBydjo5MS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzkxLjAiLCJDSUQtT3JpZ2luIjoiU1BPIn19%7C1%7CYzAzOTZiYWYtNzE5My00YzBkLTE3N2QtMDhkZDEzNzA1ZDcy%7C6dd2cea9a5cf426dad8708dd26b10f0a%7C14be71a1f00070006111e2c8db3b2c2b&sdata=0R1IqC4YI94knkL4%2F2aQ3XbeMezol8M [TRUNCATED] P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" X-NetworkStatistics: 8,16775936,1566,7187,12092793,16775936,16775936,57 X-SharePointHealthScore: 0 X-AspNet-Version: 4.0.30319 SPRequestDuration: 469 SPIisLatency: 4 X-DataBoundary: NONE X-1DSCollectorUrl: https://mobile.events.data.microsoft.com/OneCollector/1.0/ X-AriaCollectorURL: https://browser.pipe.aria.microsoft.com/Collector/3.0/ SPRequestGuid: 14be71a1-f000-7000-6111-e2c8db3b2c2b request-id: 14be71a1-f000-7000-6111-e2c8db3b2c2b MS-CV: oXG+FADwAHBhEeLI2zssKw.0 Alt-Svc: h3=":443";ma=86400 Report-To: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=00000000-0000-0000-0000-000000000000&destinationEndpoint=Edge-Prod-EWR31r5b&frontEnd=AFD&RemoteIP=8.46.123.0"}]} NEL: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0} Strict-Transport-Security: max-age=31536000 X-FRAME-OPTIONS: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self' teams.microsoft.com .teams.microsoft.com .skype.com .teams.microsoft.us local.teams.office.com teams.cloud.microsoft .office365.com goals.cloud.microsoft .powerapps.com app.powerbi.com .yammer.com engage.cloud.microsoft word.cloud.microsoft excel.cloud.microsoft powerpoint.cloud.microsoft .officeapps.live.com .office.com .microsoft365.com .stream.azure-test.net .microsoftstream.com .dynamics.com .microsoft.com onedrive.live.com .onedrive.live.com securebroker.sharepointonline.com; X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25520 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 647057773C1C4A06BF4F5C5A9B77DECE Ref B: EWR311000103029 Ref C: 2024-12-27T20:00:05Z Date: Fri, 27 Dec 2024 20:00:05 GMT Connection: close
2024-12-27 20:00:06 UTC	1135	IN	Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6e 61 6d 31 32 2e 73 61 66 65 6c 69 6e 6b 73 2e 70 72 6f 74 65 63 74 69 6f 6e 2e 6f 75 74 6c 6f 6f 6b 2e 63 6f 6d 2f 3f 75 72 6c 3d 68 74 74 70 73 25 33 41 25 32 46 25 32 46 67 72 65 65 6e 73 6f 66 74 74 65 63 68 31 2d 6d 79 2e 73 68 61 72 65 70 6f 69 6e 74 2e 63 6f 6d 25 32 46 25 33 41 66 25 33 41 25 32 46 67 25 32 46 70 65 72 73 6f 6e 61 6c 25 32 46 73 74 65 6c 6c 61 5f 68 75 61 6e 67 5f 67 72 65 65 6e 73 6f 66 74 74 65 63 68 31 5f 6f 6e 6d 69 63 72 6f 73 6f 66 74 5f 63 6f 6d 25 32 46 Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgreensofttech1-my.sharepoint.com%2F%3Af%3A%2Fg%2Fpersonal%2Fstella_huang_greensofttech1_onmicrosoft_com%2F
2024-12-27 20:00:06 UTC	34	IN	Data Raw: 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 68 32 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: ">here</a>.</h2></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
2	192.168.2.23	39906	104.47.55.156	443

Timestamp	Bytes transferred	Direction	Data
2024-12-27 20:00:16 UTC	1434	OUT	GET /?url=https%3A%2F%2Fgreensofttech1-my.sharepoint.com%2F%3Af%3A%2Fg%2Fpersonal%2Fstella_huang_greensofttech1_onmicrosoft_com%2FEuOSopXBEUpFhaHAwqFRDM8BeWLY-Gsl0U9Az2fOy4x80A%3Fe%3DGhPegT&data=05%7C02%7Cmpuga%40hycite.com%7Cc0396baf71934c0d177d08dd13705d72%7Cfc5c68f697f34efeb689eb5c1234f821%7C0%7C0%7C638709264060840847%7CBad%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyLCJBUCI6eyJGSWQiOiIxOTMyNDYiLCJGTGJsIjoiVVNfMjA4X0NvbnRlbnQiLCJHZW8iOiJOQU0iLCJSZXFJZCI6IjEyYmU3MWExLTgwZWYtNzAwMC02MTExLWU4ZDgyODhkMTg5NSIsIk1JZCI6Ijc3Mzc2MzAiLCJNTmFtZSI6IlVTUjE5MzI0Ni0yNDAiLCJDbGllbnRJUCI6IjguNDYuMTIzLjE4OSIsIkNsaWVudC1BZ2VudCI6Ik1vemlsbGEvNS4wIChYMTE7IFVidW50dTsgTGludXggeDg2XzY0OyBydjo5MS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzkxLjAiLCJDSUQtT3JpZ2luIjoiU1BPIn19%7C1%7CYzAzOTZiYWYtNzE5My00YzBkLTE3N2QtMDhkZDEzNzA1ZDcy%7C6dd2cea9a5cf426dad8708dd26b10f0a%7C14be71a1f00070006111e2c8db3b2c2b&sdata=0R1IqC4YI94knkL4%2F2aQ3XbeMezol8MmQadD5bNehyQ%3D&reserved=0 HTTP/1.1 Host: nam12.safelinks.protection.outlook.com User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site
2024-12-27 20:00:18 UTC	613	IN	HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/10.0 X-AspNetMvc-Version: 5.2 X-SL-GetUrlReputation-Verdict: Bad X-Robots-Tag: noindex, nofollow X-AspNet-Version: 4.0.30319 X-ServerName: BN8NAM12WS060 X-ServerVersion: 15.20.8314.001 X-ServerLat: 1135 X-SafeLinks-Tracking-Id: 69bd1fd9-c84a-471d-2c65-08dd26b11582 X-Powered-By: ASP.NET X-Content-Type-Options: nosniff X-UA-Compatible: IE=Edge Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Date: Fri, 27 Dec 2024 20:00:17 GMT Connection: close Content-Length: 11537
2024-12-27 20:00:18 UTC	11537	IN	Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4d 69 63 72 6f 73 6f 66 74 20 44 65 66 65 6e 64 65 72 20 66 6f 72 20 4f 66 66 69 63 65 20 33 36 35 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 73 61 6d 65 2d 6f 72 69 67 69 6e 22 20 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 2c Data Ascii: <!doctype html><html><head> <meta charset="UTF-8"> <title>Microsoft Defender for Office 365</title> <meta name="referrer" content="same-origin" /> <meta name="robots" content="noindex,nofollow" /> <link rel="icon" href="data:,

Session ID	Source IP	Source Port	Destination IP	Destination Port
3	192.168.2.23	40896	34.107.243.93	443

Timestamp	Bytes transferred	Direction	Data
2024-12-27 20:00:22 UTC	604	OUT	GET / HTTP/1.1 Host: push.services.mozilla.com User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Sec-WebSocket-Version: 13 Origin: wss://push.services.mozilla.com/ Sec-WebSocket-Protocol: push-notification Sec-WebSocket-Extensions: permessage-deflate Sec-WebSocket-Key: +4v6YwZoRKHvWjeA8PJwWw== Connection: keep-alive, Upgrade Sec-Fetch-Dest: websocket Sec-Fetch-Mode: websocket Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache Upgrade: websocket
2024-12-27 20:00:22 UTC	220	IN	HTTP/1.1 500 Internal Server Error Content-Length: 81 content-type: application/json date: Fri, 27 Dec 2024 20:00:22 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-27 20:00:22 UTC	81	IN	Data Raw: 7b 22 63 6f 64 65 22 3a 35 30 30 2c 22 65 72 72 6e 6f 22 3a 35 30 30 2c 22 65 72 72 6f 72 22 3a 22 41 63 74 69 78 20 57 65 62 20 65 72 72 6f 72 3a 20 57 65 62 53 6f 63 6b 65 74 20 75 70 67 72 61 64 65 20 69 73 20 65 78 70 65 63 74 65 64 22 7d Data Ascii: {"code":500,"errno":500,"error":"Actix Web error: WebSocket upgrade is expected"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
4	192.168.2.23	39910	104.47.55.156	443

Timestamp	Bytes transferred	Direction	Data
2024-12-27 20:00:22 UTC	1434	OUT	GET /Content/Scripts/safelinksv2.css HTTP/1.1 Host: nam12.safelinks.protection.outlook.com User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgreensofttech1-my.sharepoint.com%2F%3Af%3A%2Fg%2Fpersonal%2Fstella_huang_greensofttech1_onmicrosoft_com%2FEuOSopXBEUpFhaHAwqFRDM8BeWLY-Gsl0U9Az2fOy4x80A%3Fe%3DGhPegT&data=05%7C02%7Cmpuga%40hycite.com%7Cc0396baf71934c0d177d08dd13705d72%7Cfc5c68f697f34efeb689eb5c1234f821%7C0%7C0%7C638709264060840847%7CBad%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyLCJBUCI6eyJGSWQiOiIxOTMyNDYiLCJGTGJsIjoiVVNfMjA4X0NvbnRlbnQiLCJHZW8iOiJOQU0iLCJSZXFJZCI6IjEyYmU3MWExLTgwZWYtNzAwMC02MTExLWU4ZDgyODhkMTg5NSIsIk1JZCI6Ijc3Mzc2MzAiLCJNTmFtZSI6IlVTUjE5MzI0Ni0yNDAiLCJDbGllbnRJUCI6IjguNDYuMTIzLjE4OSIsIkNsaWVudC1BZ2VudCI6Ik1vemlsbGEvNS4wIChYMTE7IFVidW50dTsgTGludXggeDg2XzY0OyBydjo5MS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzkxLjAiLCJDSUQtT3JpZ2luIjoiU1BPIn19%7C1%7CYzAzOTZiYWYtNzE5My00YzBkLTE3N2QtMDhkZDEzNzA1ZDcy%7C6dd2cea9a5cf426dad8708dd26b10f0a%7C14be71a1f00070006111e2c8db3b2c2b&sdata=0R1IqC4YI94knkL4%2F2aQ3XbeMezol8Mm [TRUNCATED] Connection: keep-alive Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin
2024-12-27 20:00:23 UTC	539	IN	HTTP/1.1 200 OK Content-Type: text/css Last-Modified: Mon, 23 Dec 2024 08:19:22 GMT Accept-Ranges: bytes ETag: "0e1c05e1355db1:0" Server: Microsoft-IIS/10.0 X-ServerName: BN8NAM12WS008 X-ServerVersion: 15.20.8293.011 X-ServerLat: 0 X-SafeLinks-Tracking-Id: 7e86ef3d-8702-4a41-ebba-08dd26b11935 X-Powered-By: ASP.NET X-Content-Type-Options: nosniff X-UA-Compatible: IE=Edge Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Date: Fri, 27 Dec 2024 20:00:22 GMT Connection: close Content-Length: 3932
2024-12-27 20:00:23 UTC	3932	IN	Data Raw: 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 0d 0a 2f 2a 20 43 53 53 20 44 6f 63 75 6d 65 6e 74 20 2a 2f 0d 0a 0d 0a 62 6f 64 79 7b 0d 0a 09 6d 61 72 67 69 6e 3a 30 70 78 3b 0d 0a 09 70 61 64 64 69 6e 67 3a 30 70 78 3b 0d 0a 7d 0d 0a 0d 0a 64 69 76 7b 0d 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 3b 0d 0a 7d 0d 0a 0d 0a 23 72 65 63 6f 6d 6d 65 6e 64 61 74 69 6f 6e 5f 63 6f 6e 74 61 69 6e 65 72 7b 0d 0a 09 77 69 64 74 68 3a 31 30 30 25 3b 0d 0a 7d 0d 0a 0d 0a 23 69 63 6f 6e 20 69 6d 67 20 7b 0d 0a 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 34 30 70 78 3b 0d 0a 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 34 35 70 78 3b 0d 0a 7d 0d 0a 0d 0a 23 75 72 6c 20 7b 68 65 69 67 68 74 3a 20 33 32 70 78 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f Data Ascii: @charset "UTF-8";/* CSS Document */body{margin:0px;padding:0px;}div{ text-align:left;}#recommendation_container{width:100%;}#icon img {margin-left: 40px;margin-top: 45px;}#url {height: 32px;background-co

Session ID	Source IP	Source Port	Destination IP	Destination Port
5	192.168.2.23	39914	104.47.55.156	443

Timestamp	Bytes transferred	Direction	Data
2024-12-27 20:00:22 UTC	1412	OUT	GET /Content/Scripts/site.js HTTP/1.1 Host: nam12.safelinks.protection.outlook.com User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgreensofttech1-my.sharepoint.com%2F%3Af%3A%2Fg%2Fpersonal%2Fstella_huang_greensofttech1_onmicrosoft_com%2FEuOSopXBEUpFhaHAwqFRDM8BeWLY-Gsl0U9Az2fOy4x80A%3Fe%3DGhPegT&data=05%7C02%7Cmpuga%40hycite.com%7Cc0396baf71934c0d177d08dd13705d72%7Cfc5c68f697f34efeb689eb5c1234f821%7C0%7C0%7C638709264060840847%7CBad%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyLCJBUCI6eyJGSWQiOiIxOTMyNDYiLCJGTGJsIjoiVVNfMjA4X0NvbnRlbnQiLCJHZW8iOiJOQU0iLCJSZXFJZCI6IjEyYmU3MWExLTgwZWYtNzAwMC02MTExLWU4ZDgyODhkMTg5NSIsIk1JZCI6Ijc3Mzc2MzAiLCJNTmFtZSI6IlVTUjE5MzI0Ni0yNDAiLCJDbGllbnRJUCI6IjguNDYuMTIzLjE4OSIsIkNsaWVudC1BZ2VudCI6Ik1vemlsbGEvNS4wIChYMTE7IFVidW50dTsgTGludXggeDg2XzY0OyBydjo5MS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzkxLjAiLCJDSUQtT3JpZ2luIjoiU1BPIn19%7C1%7CYzAzOTZiYWYtNzE5My00YzBkLTE3N2QtMDhkZDEzNzA1ZDcy%7C6dd2cea9a5cf426dad8708dd26b10f0a%7C14be71a1f00070006111e2c8db3b2c2b&sdata=0R1IqC4YI94knkL4%2F2aQ3XbeMezol8Mm [TRUNCATED] Connection: keep-alive Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin
2024-12-27 20:00:23 UTC	553	IN	HTTP/1.1 200 OK Content-Type: application/javascript Last-Modified: Thu, 26 Dec 2024 08:25:12 GMT Accept-Ranges: bytes ETag: "0e49bae6f57db1:0" Server: Microsoft-IIS/10.0 X-ServerName: BN8NAM12WS023 X-ServerVersion: 15.20.8314.001 X-ServerLat: 0 X-SafeLinks-Tracking-Id: 06dae83b-a519-4ecf-a5d7-08dd26b1193f X-Powered-By: ASP.NET X-Content-Type-Options: nosniff X-UA-Compatible: IE=Edge Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Date: Fri, 27 Dec 2024 20:00:22 GMT Connection: close Content-Length: 1588
2024-12-27 20:00:23 UTC	1588	IN	Data Raw: 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 4f 6e 4c 6f 61 64 48 61 6e 64 6c 65 72 28 29 7b 0d 0a 09 69 66 20 28 77 69 6e 64 6f 77 2e 68 69 73 74 6f 72 79 2e 6c 65 6e 67 74 68 20 3c 3d 20 31 29 20 7b 0d 0a 09 09 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 6c 6f 73 65 22 29 2e 73 74 79 6c 65 2e 64 69 73 70 6c 61 79 20 3d 20 22 6e 6f 6e 65 22 3b 0d 0a 09 7d 0d 0a 7d 0d 0a 0d 0a 76 61 72 20 74 68 65 6d 65 20 3d 20 6e 75 6c 6c 3b 0d 0a 74 72 79 20 7b 0d 0a 20 20 28 66 75 6e 63 74 69 6f 6e 20 28 55 52 4c 53 65 61 72 63 68 50 61 72 61 6d 73 2c 20 73 74 72 29 20 7b 0d 0a 20 20 20 20 69 66 20 28 21 6e 65 77 20 55 52 4c 53 65 61 72 63 68 50 61 72 61 6d 73 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f Data Ascii: window.onload = function OnLoadHandler(){if (window.history.length <= 1) {document.getElementById("close").style.display = "none";}}var theme = null;try { (function (URLSearchParams, str) { if (!new URLSearchParams(window.locatio

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.23	39912	104.47.55.156	443

Timestamp	Bytes transferred	Direction	Data
2024-12-27 20:00:23 UTC	1423	OUT	GET /Content/images/cross.png HTTP/1.1 Host: nam12.safelinks.protection.outlook.com User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0 Accept: image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgreensofttech1-my.sharepoint.com%2F%3Af%3A%2Fg%2Fpersonal%2Fstella_huang_greensofttech1_onmicrosoft_com%2FEuOSopXBEUpFhaHAwqFRDM8BeWLY-Gsl0U9Az2fOy4x80A%3Fe%3DGhPegT&data=05%7C02%7Cmpuga%40hycite.com%7Cc0396baf71934c0d177d08dd13705d72%7Cfc5c68f697f34efeb689eb5c1234f821%7C0%7C0%7C638709264060840847%7CBad%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyLCJBUCI6eyJGSWQiOiIxOTMyNDYiLCJGTGJsIjoiVVNfMjA4X0NvbnRlbnQiLCJHZW8iOiJOQU0iLCJSZXFJZCI6IjEyYmU3MWExLTgwZWYtNzAwMC02MTExLWU4ZDgyODhkMTg5NSIsIk1JZCI6Ijc3Mzc2MzAiLCJNTmFtZSI6IlVTUjE5MzI0Ni0yNDAiLCJDbGllbnRJUCI6IjguNDYuMTIzLjE4OSIsIkNsaWVudC1BZ2VudCI6Ik1vemlsbGEvNS4wIChYMTE7IFVidW50dTsgTGludXggeDg2XzY0OyBydjo5MS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzkxLjAiLCJDSUQtT3JpZ2luIjoiU1BPIn19%7C1%7CYzAzOTZiYWYtNzE5My00YzBkLTE3N2QtMDhkZDEzNzA1ZDcy%7C6dd2cea9a5cf426dad8708dd26b10f0a%7C14be71a1f00070006111e2c8db3b2c2b&sdata=0R1IqC4YI94knkL4%2F2aQ3XbeMezol8Mm [TRUNCATED] Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin
2024-12-27 20:00:23 UTC	541	IN	HTTP/1.1 200 OK Content-Type: image/png Last-Modified: Wed, 25 Dec 2024 08:17:18 GMT Accept-Ranges: bytes ETag: "07bab69a556db1:0" Server: Microsoft-IIS/10.0 X-ServerName: BN8NAM12WS032 X-ServerVersion: 15.20.8314.001 X-ServerLat: 0 X-SafeLinks-Tracking-Id: a7746227-9ba5-45f2-4d3b-08dd26b11980 X-Powered-By: ASP.NET X-Content-Type-Options: nosniff X-UA-Compatible: IE=Edge Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Date: Fri, 27 Dec 2024 20:00:22 GMT Connection: close Content-Length: 25664
2024-12-27 20:00:23 UTC	15843	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 ba 00 00 00 c8 08 06 00 00 00 5f e4 fb 3b 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 0a 4f 69 43 43 50 50 68 6f 74 6f 73 68 6f 70 20 49 43 43 20 70 72 6f 66 69 6c 65 00 00 78 da 9d 53 67 54 53 e9 16 3d f7 de f4 42 4b 88 80 94 4b 6f 52 15 08 20 52 42 8b 80 14 91 26 2a 21 09 10 4a 88 21 a1 d9 15 51 c1 11 45 45 04 1b c8 a0 88 03 8e 8e 80 8c 15 51 2c 0c 8a 0a d8 07 e4 21 a2 8e 83 a3 88 8a ca fb e1 7b a3 6b d6 bc f7 e6 cd fe b5 d7 3e e7 ac f3 9d b3 cf 07 c0 08 0c 96 48 33 51 35 80 0c a9 42 1e 11 e0 83 c7 c4 c6 e1 e4 2e 40 81 0a 24 70 00 10 08 b3 64 21 73 fd 23 01 00 f8 7e 3c 3c 2b 22 c0 07 be 00 01 78 d3 0b 08 00 c0 4d 9b c0 30 1c 87 ff 0f ea 42 99 5c 01 80 84 01 c0 74 91 38 4b Data Ascii: PNGIHDR_;pHYs%%IR$OiCCPPhotoshop ICC profilexSgTS=BKKoR RB&*!J!QEEQ,!{k>H3Q5B.@$pd!s#~<<+"xM0B\t8K
2024-12-27 20:00:23 UTC	9821	IN	Data Raw: 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
7	192.168.2.23	36562	34.149.100.209	443

Timestamp	Bytes transferred	Direction	Data
2024-12-27 20:00:23 UTC	525	OUT	GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0 Accept: application/json Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/json Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site If-Modified-Since: Tue, 01 Jun 2021 14:28:23 GMT If-None-Match: "1622557703112"
2024-12-27 20:00:23 UTC	632	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 330 Access-Control-Allow-Origin: * Access-Control-Expose-Headers: ETag, Backoff, Alert, Retry-After, Last-Modified, Expires, Content-Length, Pragma, Content-Type, Cache-Control X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; Strict-Transport-Security: max-age=31536000 Via: 1.1 google Date: Fri, 27 Dec 2024 19:43:36 GMT Age: 1007 Last-Modified: Mon, 02 Dec 2024 22:25:11 GMT ETag: "1733178311775" Content-Type: application/json Cache-Control: public,max-age=3600 Alt-Svc: clear Connection: close
2024-12-27 20:00:23 UTC	330	IN	Data Raw: 7b 22 70 65 72 6d 69 73 73 69 6f 6e 73 22 3a 7b 7d 2c 22 64 61 74 61 22 3a 7b 22 61 74 74 61 63 68 6d 65 6e 74 22 3a 7b 22 68 61 73 68 22 3a 22 37 66 33 32 37 36 39 64 36 62 62 34 65 38 37 35 66 35 38 63 65 62 39 65 32 66 62 66 64 63 39 62 64 36 62 38 32 33 39 37 65 63 61 37 61 34 63 35 32 33 30 62 30 37 38 36 65 36 38 66 31 37 39 38 22 2c 22 73 69 7a 65 22 3a 31 35 38 32 39 2c 22 66 69 6c 65 6e 61 6d 65 22 3a 22 61 73 72 6f 75 74 65 72 2e 66 74 6c 22 2c 22 6c 6f 63 61 74 69 6f 6e 22 3a 22 6d 61 69 6e 2d 77 6f 72 6b 73 70 61 63 65 2f 6d 73 2d 6c 61 6e 67 75 61 67 65 2d 70 61 63 6b 73 2f 62 38 61 61 39 39 64 64 2d 62 32 62 36 2d 34 33 31 32 2d 38 63 34 30 2d 64 31 35 38 36 37 33 39 33 62 31 33 2e 66 74 6c 22 2c 22 6d 69 6d 65 74 79 70 65 22 3a 22 61 70 70 Data Ascii: {"permissions":{},"data":{"attachment":{"hash":"7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798","size":15829,"filename":"asrouter.ftl","location":"main-workspace/ms-language-packs/b8aa99dd-b2b6-4312-8c40-d15867393b13.ftl","mimetype":"app

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.23	36566	34.149.100.209	443

Timestamp	Bytes transferred	Direction	Data
2024-12-27 20:00:25 UTC	335	OUT	GET /v1/ HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site
2024-12-27 20:00:25 UTC	510	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 939 Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Backoff, Alert, Retry-After, Content-Length, Content-Type X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; Strict-Transport-Security: max-age=31536000 Via: 1.1 google Date: Fri, 27 Dec 2024 19:03:18 GMT Age: 3427 Content-Type: application/json Cache-Control: public,max-age=3600 Alt-Svc: clear Connection: close
2024-12-27 20:00:25 UTC	880	IN	Data Raw: 7b 22 70 72 6f 6a 65 63 74 5f 6e 61 6d 65 22 3a 22 52 65 6d 6f 74 65 20 53 65 74 74 69 6e 67 73 20 50 52 4f 44 22 2c 22 70 72 6f 6a 65 63 74 5f 76 65 72 73 69 6f 6e 22 3a 22 31 39 2e 33 2e 30 22 2c 22 68 74 74 70 5f 61 70 69 5f 76 65 72 73 69 6f 6e 22 3a 22 31 2e 32 32 22 2c 22 70 72 6f 6a 65 63 74 5f 64 6f 63 73 22 3a 22 68 74 74 70 73 3a 2f 2f 72 65 6d 6f 74 65 2d 73 65 74 74 69 6e 67 73 2e 72 65 61 64 74 68 65 64 6f 63 73 2e 69 6f 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72 76 69 63 65 73 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 2f 76 31 2f 22 2c 22 73 65 74 74 69 6e 67 73 22 3a 7b 22 65 78 70 6c 69 63 69 74 5f 70 65 72 6d 69 73 73 69 6f 6e 73 22 3a 66 61 6c 73 65 2c 22 62 61 74 63 68 5f 6d Data Ascii: {"project_name":"Remote Settings PROD","project_version":"19.3.0","http_api_version":"1.22","project_docs":"https://remote-settings.readthedocs.io","url":"https://firefox.settings.services.mozilla.com/v1/","settings":{"explicit_permissions":false,"batch_m
2024-12-27 20:00:25 UTC	59	IN	Data Raw: 3a 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2d 73 65 74 74 69 6e 67 73 2d 61 74 74 61 63 68 6d 65 6e 74 73 2e 63 64 6e 2e 6d 6f 7a 69 6c 6c 61 2e 6e 65 74 2f 22 7d 7d 7d Data Ascii: :"https://firefox-settings-attachments.cdn.mozilla.net/"}}}

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.23	39322	34.117.121.53	443

Timestamp	Bytes transferred	Direction	Data
2024-12-27 20:00:27 UTC	412	OUT	GET /main-workspace/ms-language-packs/b8aa99dd-b2b6-4312-8c40-d15867393b13.ftl HTTP/1.1 Host: firefox-settings-attachments.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site
2024-12-27 20:00:28 UTC	687	IN	HTTP/1.1 200 OK x-goog-generation: 1733172985945667 x-goog-metageneration: 1 x-goog-stored-content-encoding: identity x-goog-stored-content-length: 15829 x-goog-hash: crc32c=Vecspg== x-goog-hash: md5=lsVC3sAW2ewezE3d/LqsZg== x-goog-storage-class: STANDARD Accept-Ranges: bytes Content-Length: 15829 X-GUploader-UploadID: AFiumC7rHTYA4PqYZvo8Yde_xtxJ1rGUOgkzkFzuq8QgRJaqGdCR06WlTqsTx1xeW4VnCXbKCwRoSQ8 Server: UploadServer Date: Mon, 23 Dec 2024 22:34:38 GMT Cache-Control: public,max-age=604800 Age: 336349 Last-Modified: Mon, 02 Dec 2024 20:56:25 GMT ETag: "96c542dec016d9ec1ecc4dddfcbaac66" Content-Type: application/octet-stream Alt-Svc: clear Connection: close
2024-12-27 20:00:28 UTC	703	IN	Data Raw: 23 20 54 68 69 73 20 53 6f 75 72 63 65 20 43 6f 64 65 20 46 6f 72 6d 20 69 73 20 73 75 62 6a 65 63 74 20 74 6f 20 74 68 65 20 74 65 72 6d 73 20 6f 66 20 74 68 65 20 4d 6f 7a 69 6c 6c 61 20 50 75 62 6c 69 63 0a 23 20 4c 69 63 65 6e 73 65 2c 20 76 2e 20 32 2e 30 2e 20 49 66 20 61 20 63 6f 70 79 20 6f 66 20 74 68 65 20 4d 50 4c 20 77 61 73 20 6e 6f 74 20 64 69 73 74 72 69 62 75 74 65 64 20 77 69 74 68 20 74 68 69 73 0a 23 20 66 69 6c 65 2c 20 59 6f 75 20 63 61 6e 20 6f 62 74 61 69 6e 20 6f 6e 65 20 61 74 20 68 74 74 70 3a 2f 2f 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 4d 50 4c 2f 32 2e 30 2f 2e 0a 0a 23 23 20 54 68 65 73 65 20 6d 65 73 73 61 67 65 73 20 61 72 65 20 75 73 65 64 20 61 73 20 68 65 61 64 69 6e 67 73 20 69 6e 20 74 68 65 20 72 65 63 6f 6d 6d 65 6e 64 Data Ascii: # This Source Code Form is subject to the terms of the Mozilla Public# License, v. 2.0. If a copy of the MPL was not distributed with this# file, You can obtain one at http://mozilla.org/MPL/2.0/.## These messages are used as headings in the recommend
2024-12-27 20:00:28 UTC	1390	IN	Data Raw: 6e 67 65 72 2d 65 78 74 65 6e 73 69 6f 6e 2d 6e 65 76 65 72 2d 73 68 6f 77 2d 72 65 63 6f 6d 6d 65 6e 64 61 74 69 6f 6e 20 3d 20 44 6f 6e e2 80 99 74 20 53 68 6f 77 20 4d 65 20 54 68 69 73 20 52 65 63 6f 6d 6d 65 6e 64 61 74 69 6f 6e 0a 20 20 2e 61 63 63 65 73 73 6b 65 79 20 3d 20 53 0a 0a 63 66 72 2d 64 6f 6f 72 68 61 6e 67 65 72 2d 65 78 74 65 6e 73 69 6f 6e 2d 6c 65 61 72 6e 2d 6d 6f 72 65 2d 6c 69 6e 6b 20 3d 20 4c 65 61 72 6e 20 6d 6f 72 65 0a 0a 23 20 54 68 69 73 20 73 74 72 69 6e 67 20 69 73 20 75 73 65 64 20 6f 6e 20 61 20 6e 65 77 20 6c 69 6e 65 20 62 65 6c 6f 77 20 74 68 65 20 61 64 64 2d 6f 6e 20 6e 61 6d 65 0a 23 20 56 61 72 69 61 62 6c 65 73 3a 0a 23 20 20 20 24 6e 61 6d 65 20 28 53 74 72 69 6e 67 29 20 2d 20 41 64 64 2d 6f 6e 20 61 75 74 68 Data Ascii: nger-extension-never-show-recommendation = Dont Show Me This Recommendation .accesskey = Scfr-doorhanger-extension-learn-more-link = Learn more# This string is used on a new line below the add-on name# Variables:# $name (String) - Add-on auth
2024-12-27 20:00:28 UTC	1390	IN	Data Raw: 74 61 6c 20 7d 20 73 74 61 72 73 0a 20 20 20 20 7d 0a 23 20 56 61 72 69 61 62 6c 65 73 3a 0a 23 20 20 20 24 74 6f 74 61 6c 20 28 4e 75 6d 62 65 72 29 20 2d 20 54 68 65 20 74 6f 74 61 6c 20 6e 75 6d 62 65 72 20 6f 66 20 75 73 65 72 73 20 75 73 69 6e 67 20 74 68 65 20 61 64 64 2d 6f 6e 0a 63 66 72 2d 64 6f 6f 72 68 61 6e 67 65 72 2d 65 78 74 65 6e 73 69 6f 6e 2d 74 6f 74 61 6c 2d 75 73 65 72 73 20 3d 0a 20 20 7b 20 24 74 6f 74 61 6c 20 2d 3e 0a 20 20 20 20 20 20 5b 6f 6e 65 5d 20 7b 20 24 74 6f 74 61 6c 20 7d 20 75 73 65 72 0a 20 20 20 20 20 2a 5b 6f 74 68 65 72 5d 20 7b 20 24 74 6f 74 61 6c 20 7d 20 75 73 65 72 73 0a 20 20 7d 0a 0a 23 23 20 46 69 72 65 66 6f 78 20 41 63 63 6f 75 6e 74 73 20 4d 65 73 73 61 67 65 0a 0a 63 66 72 2d 64 6f 6f 72 68 61 6e 67 65 Data Ascii: tal } stars }# Variables:# $total (Number) - The total number of users using the add-oncfr-doorhanger-extension-total-users = { $total -> [one] { $total } user *[other] { $total } users }## Firefox Accounts Messagecfr-doorhange
2024-12-27 20:00:28 UTC	1390	IN	Data Raw: 20 7d 0a 63 66 72 2d 64 6f 6f 72 68 61 6e 67 65 72 2d 6d 69 6c 65 73 74 6f 6e 65 2d 6f 6b 2d 62 75 74 74 6f 6e 20 3d 20 53 65 65 20 41 6c 6c 0a 20 20 2e 61 63 63 65 73 73 6b 65 79 20 3d 20 53 0a 63 66 72 2d 64 6f 6f 72 68 61 6e 67 65 72 2d 6d 69 6c 65 73 74 6f 6e 65 2d 63 6c 6f 73 65 2d 62 75 74 74 6f 6e 20 3d 20 43 6c 6f 73 65 0a 20 20 2e 61 63 63 65 73 73 6b 65 79 20 3d 20 43 0a 0a 23 23 20 44 4f 48 20 4d 65 73 73 61 67 65 0a 0a 63 66 72 2d 64 6f 6f 72 68 61 6e 67 65 72 2d 64 6f 68 2d 62 6f 64 79 20 3d 20 59 6f 75 72 20 70 72 69 76 61 63 79 20 6d 61 74 74 65 72 73 2e 20 7b 20 2d 62 72 61 6e 64 2d 73 68 6f 72 74 2d 6e 61 6d 65 20 7d 20 6e 6f 77 20 73 65 63 75 72 65 6c 79 20 72 6f 75 74 65 73 20 79 6f 75 72 20 44 4e 53 20 72 65 71 75 65 73 74 73 20 77 68 Data Ascii: }cfr-doorhanger-milestone-ok-button = See All .accesskey = Scfr-doorhanger-milestone-close-button = Close .accesskey = C## DOH Messagecfr-doorhanger-doh-body = Your privacy matters. { -brand-short-name } now securely routes your DNS requests wh
2024-12-27 20:00:28 UTC	1390	IN	Data Raw: 70 20 6b 65 65 70 20 79 6f 75 20 70 72 6f 74 65 63 74 65 64 20 77 68 65 6e 20 62 72 6f 77 73 69 6e 67 20 69 6e 20 70 75 62 6c 69 63 20 70 6c 61 63 65 73 20 6c 69 6b 65 20 61 69 72 70 6f 72 74 73 20 61 6e 64 20 63 6f 66 66 65 65 20 73 68 6f 70 73 2e 0a 73 70 6f 74 6c 69 67 68 74 2d 70 75 62 6c 69 63 2d 77 69 66 69 2d 76 70 6e 2d 70 72 69 6d 61 72 79 2d 62 75 74 74 6f 6e 20 3d 20 53 74 61 79 20 70 72 69 76 61 74 65 20 77 69 74 68 20 7b 20 2d 6d 6f 7a 69 6c 6c 61 2d 76 70 6e 2d 62 72 61 6e 64 2d 6e 61 6d 65 20 7d 0a 20 20 2e 61 63 63 65 73 73 6b 65 79 20 3d 20 53 0a 73 70 6f 74 6c 69 67 68 74 2d 70 75 62 6c 69 63 2d 77 69 66 69 2d 76 70 6e 2d 6c 69 6e 6b 20 3d 20 4e 6f 74 20 4e 6f 77 0a 20 20 2e 61 63 63 65 73 73 6b 65 79 20 3d 20 4e 0a 0a 23 23 20 45 6d 6f Data Ascii: p keep you protected when browsing in public places like airports and coffee shops.spotlight-public-wifi-vpn-primary-button = Stay private with { -mozilla-vpn-brand-name } .accesskey = Sspotlight-public-wifi-vpn-link = Not Now .accesskey = N## Emo
2024-12-27 20:00:28 UTC	1390	IN	Data Raw: 70 72 69 76 61 74 65 2e 20 46 65 77 65 72 20 74 72 61 63 6b 65 72 73 2e 20 4e 6f 20 63 6f 6d 70 72 6f 6d 69 73 65 73 2e 0a 6d 72 32 30 32 32 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 75 70 64 61 74 65 2d 74 6f 61 73 74 2d 74 65 78 74 20 3d 20 54 72 79 20 74 68 65 20 6e 65 77 65 73 74 20 7b 20 2d 62 72 61 6e 64 2d 73 68 6f 72 74 2d 6e 61 6d 65 20 7d 20 6e 6f 77 2c 20 75 70 67 72 61 64 65 64 20 77 69 74 68 20 6f 75 72 20 73 74 72 6f 6e 67 65 73 74 20 61 6e 74 69 2d 74 72 61 63 6b 69 6e 67 20 70 72 6f 74 65 63 74 69 6f 6e 20 79 65 74 2e 0a 0a 23 20 54 68 69 73 20 62 75 74 74 6f 6e 20 6c 61 62 65 6c 20 77 69 6c 6c 20 62 65 20 66 69 74 74 65 64 20 69 6e 74 6f 20 61 20 6e 61 72 72 6f 77 20 66 69 78 65 64 2d 77 69 64 74 68 20 62 75 74 74 6f 6e 20 62 79 0a 23 20 57 69 Data Ascii: private. Fewer trackers. No compromises.mr2022-background-update-toast-text = Try the newest { -brand-short-name } now, upgraded with our strongest anti-tracking protection yet.# This button label will be fitted into a narrow fixed-width button by# Wi
2024-12-27 20:00:28 UTC	1390	IN	Data Raw: 76 69 6e 67 20 79 6f 75 20 73 61 66 65 2c 20 73 70 65 65 64 79 20 61 63 63 65 73 73 20 74 6f 20 74 68 65 20 67 6f 6f 64 20 69 6e 74 65 72 6e 65 74 2e 0a 6a 75 6c 79 2d 6a 61 6d 2d 73 65 74 2d 64 65 66 61 75 6c 74 2d 70 72 69 6d 61 72 79 20 3d 20 4f 70 65 6e 20 6d 79 20 6c 69 6e 6b 73 20 77 69 74 68 20 7b 20 2d 62 72 61 6e 64 2d 73 68 6f 72 74 2d 6e 61 6d 65 20 7d 0a 66 6f 78 2d 64 6f 6f 64 6c 65 2d 70 69 6e 2d 68 65 61 64 6c 69 6e 65 20 3d 20 57 65 6c 63 6f 6d 65 20 62 61 63 6b 0a 0a 23 20 e2 80 9c 69 6e 64 69 65 e2 80 9d 20 69 73 20 73 68 6f 72 74 20 66 6f 72 20 74 68 65 20 74 65 72 6d 20 e2 80 9c 69 6e 64 65 70 65 6e 64 65 6e 74 e2 80 9d 2e 0a 23 20 49 6e 20 74 68 69 73 20 69 6e 73 74 61 6e 63 65 2c 20 66 72 65 65 20 66 72 6f 6d 20 6f 75 74 73 69 64 65 Data Ascii: ving you safe, speedy access to the good internet.july-jam-set-default-primary = Open my links with { -brand-short-name }fox-doodle-pin-headline = Welcome back# indie is short for the term independent.# In this instance, free from outside
2024-12-27 20:00:28 UTC	1390	IN	Data Raw: 74 65 63 74 65 64 20 61 63 72 6f 73 73 20 61 6c 6c 20 79 6f 75 72 20 64 65 76 69 63 65 73 2e 0a 64 65 76 69 63 65 2d 6d 69 67 72 61 74 69 6f 6e 2d 66 78 61 2d 73 70 6f 74 6c 69 67 68 74 2d 68 65 61 76 79 2d 75 73 65 72 2d 70 72 69 6d 61 72 79 2d 62 75 74 74 6f 6e 20 3d 20 47 65 74 20 73 74 61 72 74 65 64 0a 0a 64 65 76 69 63 65 2d 6d 69 67 72 61 74 69 6f 6e 2d 66 78 61 2d 73 70 6f 74 6c 69 67 68 74 2d 6f 6c 64 65 72 2d 64 65 76 69 63 65 2d 68 65 61 64 65 72 20 3d 20 50 65 61 63 65 20 6f 66 20 6d 69 6e 64 2c 20 66 72 6f 6d 20 7b 20 2d 62 72 61 6e 64 2d 70 72 6f 64 75 63 74 2d 6e 61 6d 65 20 7d 0a 64 65 76 69 63 65 2d 6d 69 67 72 61 74 69 6f 6e 2d 66 78 61 2d 73 70 6f 74 6c 69 67 68 74 2d 6f 6c 64 65 72 2d 64 65 76 69 63 65 2d 62 6f 64 79 20 3d 20 41 6e 20 Data Ascii: tected across all your devices.device-migration-fxa-spotlight-heavy-user-primary-button = Get starteddevice-migration-fxa-spotlight-older-device-header = Peace of mind, from { -brand-product-name }device-migration-fxa-spotlight-older-device-body = An
2024-12-27 20:00:28 UTC	1390	IN	Data Raw: 61 64 20 61 6e 64 20 65 64 69 74 20 50 44 46 73 20 73 61 76 65 64 20 74 6f 20 79 6f 75 72 20 63 6f 6d 70 75 74 65 72 2e 0a 70 64 66 2d 64 65 66 61 75 6c 74 2d 6e 6f 74 69 66 69 63 61 74 69 6f 6e 2d 73 65 74 2d 64 65 66 61 75 6c 74 2d 62 75 74 74 6f 6e 20 3d 0a 20 20 20 20 2e 6c 61 62 65 6c 20 3d 20 53 65 74 20 61 73 20 64 65 66 61 75 6c 74 0a 70 64 66 2d 64 65 66 61 75 6c 74 2d 6e 6f 74 69 66 69 63 61 74 69 6f 6e 2d 64 65 63 6c 69 6e 65 2d 62 75 74 74 6f 6e 20 3d 0a 20 20 20 20 2e 6c 61 62 65 6c 20 3d 20 4e 6f 74 20 6e 6f 77 0a 0a 23 23 20 4c 61 75 6e 63 68 20 6f 6e 20 6c 6f 67 69 6e 20 69 6e 66 6f 62 61 72 20 6e 6f 74 69 66 69 63 61 74 69 6f 6e 0a 0a 6c 61 75 6e 63 68 2d 6f 6e 2d 6c 6f 67 69 6e 2d 69 6e 66 6f 62 61 72 2d 6d 65 73 73 61 67 65 20 3d 20 3c Data Ascii: ad and edit PDFs saved to your computer.pdf-default-notification-set-default-button = .label = Set as defaultpdf-default-notification-decline-button = .label = Not now## Launch on login infobar notificationlaunch-on-login-infobar-message = <
2024-12-27 20:00:28 UTC	1390	IN	Data Raw: 69 67 68 74 2d 74 69 74 6c 65 20 3d 20 4b 65 65 70 20 70 65 73 6b 79 20 74 72 61 63 6b 65 72 73 20 6f 66 66 20 79 6f 75 72 20 74 61 69 6c 0a 74 61 69 6c 2d 66 6f 78 2d 73 70 6f 74 6c 69 67 68 74 2d 73 75 62 74 69 74 6c 65 20 3d 20 53 61 79 20 67 6f 6f 64 62 79 65 20 74 6f 20 61 6e 6e 6f 79 69 6e 67 20 61 64 20 74 72 61 63 6b 65 72 73 20 61 6e 64 20 73 65 74 74 6c 65 20 69 6e 74 6f 20 61 20 73 61 66 65 72 2c 20 73 70 65 65 64 79 20 69 6e 74 65 72 6e 65 74 20 65 78 70 65 72 69 65 6e 63 65 2e 0a 74 61 69 6c 2d 66 6f 78 2d 73 70 6f 74 6c 69 67 68 74 2d 70 72 69 6d 61 72 79 2d 62 75 74 74 6f 6e 20 3d 20 4f 70 65 6e 20 6d 79 20 6c 69 6e 6b 73 20 77 69 74 68 20 7b 20 2d 62 72 61 6e 64 2d 73 68 6f 72 74 2d 6e 61 6d 65 20 7d 0a 74 61 69 6c 2d 66 6f 78 2d 73 70 6f Data Ascii: ight-title = Keep pesky trackers off your tailtail-fox-spotlight-subtitle = Say goodbye to annoying ad trackers and settle into a safer, speedy internet experience.tail-fox-spotlight-primary-button = Open my links with { -brand-short-name }tail-fox-spo

Session ID	Source IP	Source Port	Destination IP	Destination Port
10	192.168.2.23	40914	34.107.243.93	443

Timestamp	Bytes transferred	Direction	Data
2024-12-27 20:00:28 UTC	604	OUT	GET / HTTP/1.1 Host: push.services.mozilla.com User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Sec-WebSocket-Version: 13 Origin: wss://push.services.mozilla.com/ Sec-WebSocket-Protocol: push-notification Sec-WebSocket-Extensions: permessage-deflate Sec-WebSocket-Key: fNkynAcoXL1nqDaAMZdXcw== Connection: keep-alive, Upgrade Sec-Fetch-Dest: websocket Sec-Fetch-Mode: websocket Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache Upgrade: websocket
2024-12-27 20:00:29 UTC	220	IN	HTTP/1.1 500 Internal Server Error Content-Length: 81 content-type: application/json date: Fri, 27 Dec 2024 20:00:28 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-27 20:00:29 UTC	81	IN	Data Raw: 7b 22 63 6f 64 65 22 3a 35 30 30 2c 22 65 72 72 6e 6f 22 3a 35 30 30 2c 22 65 72 72 6f 72 22 3a 22 41 63 74 69 78 20 57 65 62 20 65 72 72 6f 72 3a 20 57 65 62 53 6f 63 6b 65 74 20 75 70 67 72 61 64 65 20 69 73 20 65 78 70 65 63 74 65 64 22 7d Data Ascii: {"code":500,"errno":500,"error":"Actix Web error: WebSocket upgrade is expected"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.23	40918	34.107.243.93	443

Timestamp	Bytes transferred	Direction	Data
2024-12-27 20:00:40 UTC	604	OUT	GET / HTTP/1.1 Host: push.services.mozilla.com User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Sec-WebSocket-Version: 13 Origin: wss://push.services.mozilla.com/ Sec-WebSocket-Protocol: push-notification Sec-WebSocket-Extensions: permessage-deflate Sec-WebSocket-Key: kkR/WlV4bMXDcjrvbUwjDA== Connection: keep-alive, Upgrade Sec-Fetch-Dest: websocket Sec-Fetch-Mode: websocket Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache Upgrade: websocket
2024-12-27 20:00:41 UTC	220	IN	HTTP/1.1 500 Internal Server Error Content-Length: 81 content-type: application/json date: Fri, 27 Dec 2024 20:00:40 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-27 20:00:41 UTC	81	IN	Data Raw: 7b 22 63 6f 64 65 22 3a 35 30 30 2c 22 65 72 72 6e 6f 22 3a 35 30 30 2c 22 65 72 72 6f 72 22 3a 22 41 63 74 69 78 20 57 65 62 20 65 72 72 6f 72 3a 20 57 65 62 53 6f 63 6b 65 74 20 75 70 67 72 61 64 65 20 69 73 20 65 78 70 65 63 74 65 64 22 7d Data Ascii: {"code":500,"errno":500,"error":"Actix Web error: WebSocket upgrade is expected"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.23	40920	34.107.243.93	443

Timestamp	Bytes transferred	Direction	Data
2024-12-27 20:01:02 UTC	604	OUT	GET / HTTP/1.1 Host: push.services.mozilla.com User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Sec-WebSocket-Version: 13 Origin: wss://push.services.mozilla.com/ Sec-WebSocket-Protocol: push-notification Sec-WebSocket-Extensions: permessage-deflate Sec-WebSocket-Key: AXO+7g6SZ80EYYIz718hOA== Connection: keep-alive, Upgrade Sec-Fetch-Dest: websocket Sec-Fetch-Mode: websocket Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache Upgrade: websocket
2024-12-27 20:01:02 UTC	220	IN	HTTP/1.1 500 Internal Server Error Content-Length: 81 content-type: application/json date: Fri, 27 Dec 2024 20:01:02 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-27 20:01:02 UTC	81	IN	Data Raw: 7b 22 63 6f 64 65 22 3a 35 30 30 2c 22 65 72 72 6e 6f 22 3a 35 30 30 2c 22 65 72 72 6f 72 22 3a 22 41 63 74 69 78 20 57 65 62 20 65 72 72 6f 72 3a 20 57 65 62 53 6f 63 6b 65 74 20 75 70 67 72 61 64 65 20 69 73 20 65 78 70 65 63 74 65 64 22 7d Data Ascii: {"code":500,"errno":500,"error":"Actix Web error: WebSocket upgrade is expected"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
13	192.168.2.23	40922	34.107.243.93	443

Timestamp	Bytes transferred	Direction	Data
2024-12-27 20:01:44 UTC	604	OUT	GET / HTTP/1.1 Host: push.services.mozilla.com User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Sec-WebSocket-Version: 13 Origin: wss://push.services.mozilla.com/ Sec-WebSocket-Protocol: push-notification Sec-WebSocket-Extensions: permessage-deflate Sec-WebSocket-Key: xZuka8t7/9N1p9BzdioTzA== Connection: keep-alive, Upgrade Sec-Fetch-Dest: websocket Sec-Fetch-Mode: websocket Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache Upgrade: websocket
2024-12-27 20:01:44 UTC	220	IN	HTTP/1.1 500 Internal Server Error Content-Length: 81 content-type: application/json date: Fri, 27 Dec 2024 20:01:44 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-27 20:01:44 UTC	81	IN	Data Raw: 7b 22 63 6f 64 65 22 3a 35 30 30 2c 22 65 72 72 6e 6f 22 3a 35 30 30 2c 22 65 72 72 6f 72 22 3a 22 41 63 74 69 78 20 57 65 62 20 65 72 72 6f 72 3a 20 57 65 62 53 6f 63 6b 65 74 20 75 70 67 72 61 64 65 20 69 73 20 65 78 70 65 63 74 65 64 22 7d Data Ascii: {"code":500,"errno":500,"error":"Actix Web error: WebSocket upgrade is expected"}

System Behavior

Analysis Process: exo-open PID: 6249, Parent PID: 6236

General

Start time (UTC):	19:59:50
Start date (UTC):	27/12/2024
Path:	/usr/bin/exo-open
Arguments:	exo-open https://greensofttech1-my.sharepoint.com/:f:/g/personal/stella_huang_greensofttech1_onmicrosoft_com/EuOSopXBEUpFhaHAwqFRDM8BeWLY-Gsl0U9Az2fOy4x80A?e=GhPegT&xsdata=MDV8MDJ8TVB1Z2FAaHljaXRlLmNvbXxjMDM5NmJhZjcxOTM0YzBkMTc3ZDA4ZGQxMzcwNWQ3MnxmYzVjNjhmNjk3ZjM0ZWZlYjY4OWViNWMxMjM0ZjgyMXwwfDB8NjM4Njg4MDk1NTQ0NTA0NzA2fFVua25vd258VFdGcGJHWnNiM2Q4ZXlKRmJYQjBlVTFoY0draU9uUnlkV1VzSWxZaU9pSXdMakF1TURBd01DSXNJbEFpT2lKWGFXNHpNaUlzSWtGT0lqb2lUV0ZwYkNJc0lsZFVJam95ZlE9PXwwfHx8&sdata=SVpsejJNYUlwY213VjNreGxSNU1LaFJXcnpXS3pwWjhYR2k5ZUthLzlsMD0%3d
File size:	27264 bytes
MD5 hash:	60a307a6a6325e2034eb5cc56bff1abd

Chronological Activities

Analysis Process: exo-open PID: 6250, Parent PID: 6249

General

Start time (UTC):	19:59:50
Start date (UTC):	27/12/2024
Path:	/usr/bin/exo-open
Arguments:	-
File size:	27264 bytes
MD5 hash:	60a307a6a6325e2034eb5cc56bff1abd

Chronological Activities

Analysis Process: exo-open PID: 6251, Parent PID: 6250

General

Start time (UTC):	19:59:50
Start date (UTC):	27/12/2024
Path:	/usr/bin/exo-open
Arguments:	-
File size:	27264 bytes
MD5 hash:	60a307a6a6325e2034eb5cc56bff1abd

Chronological Activities

Analysis Process: exo-helper-2 PID: 6251, Parent PID: 1860

General

Start time (UTC):	19:59:50
Start date (UTC):	27/12/2024
Path:	/usr/lib/x86_64-linux-gnu/xfce4/exo-2/exo-helper-2
Arguments:	/usr/lib/x86_64-linux-gnu/xfce4/exo-2/exo-helper-2 --launch WebBrowser https://greensofttech1-my.sharepoint.com/:f:/g/personal/stella_huang_greensofttech1_onmicrosoft_com/EuOSopXBEUpFhaHAwqFRDM8BeWLY-Gsl0U9Az2fOy4x80A?e=GhPegT&xsdata=MDV8MDJ8TVB1Z2FAaHljaXRlLmNvbXxjMDM5NmJhZjcxOTM0YzBkMTc3ZDA4ZGQxMzcwNWQ3MnxmYzVjNjhmNjk3ZjM0ZWZlYjY4OWViNWMxMjM0ZjgyMXwwfDB8NjM4Njg4MDk1NTQ0NTA0NzA2fFVua25vd258VFdGcGJHWnNiM2Q4ZXlKRmJYQjBlVTFoY0draU9uUnlkV1VzSWxZaU9pSXdMakF1TURBd01DSXNJbEFpT2lKWGFXNHpNaUlzSWtGT0lqb2lUV0ZwYkNJc0lsZFVJam95ZlE9PXwwfHx8&sdata=SVpsejJNYUlwY213VjNreGxSNU1LaFJXcnpXS3pwWjhYR2k5ZUthLzlsMD0%3d
File size:	80256 bytes
MD5 hash:	ab59c8990baa7254463cdf800a83b9e3

Chronological Activities

Analysis Process: exo-helper-2 PID: 6252, Parent PID: 6251

General

Start time (UTC):	19:59:51
Start date (UTC):	27/12/2024
Path:	/usr/lib/x86_64-linux-gnu/xfce4/exo-2/exo-helper-2
Arguments:	-
File size:	80256 bytes
MD5 hash:	ab59c8990baa7254463cdf800a83b9e3

Chronological Activities

Analysis Process: sensible-browser PID: 6252, Parent PID: 6251

General

Start time (UTC):	19:59:51
Start date (UTC):	27/12/2024
Path:	/usr/bin/sensible-browser
Arguments:	/usr/bin/sensible-browser https://greensofttech1-my.sharepoint.com/:f:/g/personal/stella_huang_greensofttech1_onmicrosoft_com/EuOSopXBEUpFhaHAwqFRDM8BeWLY-Gsl0U9Az2fOy4x80A?e=GhPegT&xsdata=MDV8MDJ8TVB1Z2FAaHljaXRlLmNvbXxjMDM5NmJhZjcxOTM0YzBkMTc3ZDA4ZGQxMzcwNWQ3MnxmYzVjNjhmNjk3ZjM0ZWZlYjY4OWViNWMxMjM0ZjgyMXwwfDB8NjM4Njg4MDk1NTQ0NTA0NzA2fFVua25vd258VFdGcGJHWnNiM2Q4ZXlKRmJYQjBlVTFoY0draU9uUnlkV1VzSWxZaU9pSXdMakF1TURBd01DSXNJbEFpT2lKWGFXNHpNaUlzSWtGT0lqb2lUV0ZwYkNJc0lsZFVJam95ZlE9PXwwfHx8&sdata=SVpsejJNYUlwY213VjNreGxSNU1LaFJXcnpXS3pwWjhYR2k5ZUthLzlsMD0%3d
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sensible-browser PID: 6253, Parent PID: 6252

General

Start time (UTC):	19:59:51
Start date (UTC):	27/12/2024
Path:	/usr/bin/sensible-browser
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: which PID: 6253, Parent PID: 6252

General

Start time (UTC):	19:59:51
Start date (UTC):	27/12/2024
Path:	/usr/bin/which
Arguments:	which sensible-browser
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: x-www-browser PID: 6252, Parent PID: 6251

General

Start time (UTC):	19:59:51
Start date (UTC):	27/12/2024
Path:	/usr/bin/x-www-browser
Arguments:	/usr/bin/x-www-browser https://greensofttech1-my.sharepoint.com/:f:/g/personal/stella_huang_greensofttech1_onmicrosoft_com/EuOSopXBEUpFhaHAwqFRDM8BeWLY-Gsl0U9Az2fOy4x80A?e=GhPegT&xsdata=MDV8MDJ8TVB1Z2FAaHljaXRlLmNvbXxjMDM5NmJhZjcxOTM0YzBkMTc3ZDA4ZGQxMzcwNWQ3MnxmYzVjNjhmNjk3ZjM0ZWZlYjY4OWViNWMxMjM0ZjgyMXwwfDB8NjM4Njg4MDk1NTQ0NTA0NzA2fFVua25vd258VFdGcGJHWnNiM2Q4ZXlKRmJYQjBlVTFoY0draU9uUnlkV1VzSWxZaU9pSXdMakF1TURBd01DSXNJbEFpT2lKWGFXNHpNaUlzSWtGT0lqb2lUV0ZwYkNJc0lsZFVJam95ZlE9PXwwfHx8&sdata=SVpsejJNYUlwY213VjNreGxSNU1LaFJXcnpXS3pwWjhYR2k5ZUthLzlsMD0%3d
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: x-www-browser PID: 6254, Parent PID: 6252

General

Start time (UTC):	19:59:51
Start date (UTC):	27/12/2024
Path:	/usr/bin/x-www-browser
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: which PID: 6254, Parent PID: 6252

General

Start time (UTC):	19:59:51
Start date (UTC):	27/12/2024
Path:	/usr/bin/which
Arguments:	which /usr/bin/x-www-browser
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: firefox PID: 6252, Parent PID: 6251

General

Start time (UTC):	19:59:51
Start date (UTC):	27/12/2024
Path:	/usr/lib/firefox/firefox
Arguments:	/usr/lib/firefox/firefox https://greensofttech1-my.sharepoint.com/:f:/g/personal/stella_huang_greensofttech1_onmicrosoft_com/EuOSopXBEUpFhaHAwqFRDM8BeWLY-Gsl0U9Az2fOy4x80A?e=GhPegT&xsdata=MDV8MDJ8TVB1Z2FAaHljaXRlLmNvbXxjMDM5NmJhZjcxOTM0YzBkMTc3ZDA4ZGQxMzcwNWQ3MnxmYzVjNjhmNjk3ZjM0ZWZlYjY4OWViNWMxMjM0ZjgyMXwwfDB8NjM4Njg4MDk1NTQ0NTA0NzA2fFVua25vd258VFdGcGJHWnNiM2Q4ZXlKRmJYQjBlVTFoY0draU9uUnlkV1VzSWxZaU9pSXdMakF1TURBd01DSXNJbEFpT2lKWGFXNHpNaUlzSWtGT0lqb2lUV0ZwYkNJc0lsZFVJam95ZlE9PXwwfHx8&sdata=SVpsejJNYUlwY213VjNreGxSNU1LaFJXcnpXS3pwWjhYR2k5ZUthLzlsMD0%3d
File size:	736648 bytes
MD5 hash:	bf9680bcd223dba6b6e38b63bc4f73d7

Chronological Activities

Analysis Process: firefox PID: 6256, Parent PID: 6252

General

Start time (UTC):	19:59:51
Start date (UTC):	27/12/2024
Path:	/usr/lib/firefox/firefox
Arguments:	-
File size:	736648 bytes
MD5 hash:	bf9680bcd223dba6b6e38b63bc4f73d7

Analysis Process: firefox PID: 6257, Parent PID: 6252

General

Start time (UTC):	19:59:51
Start date (UTC):	27/12/2024
Path:	/usr/lib/firefox/firefox
Arguments:	-
File size:	736648 bytes
MD5 hash:	bf9680bcd223dba6b6e38b63bc4f73d7

Chronological Activities

Analysis Process: firefox PID: 6275, Parent PID: 6252

General

Start time (UTC):	19:59:53
Start date (UTC):	27/12/2024
Path:	/usr/lib/firefox/firefox
Arguments:	-
File size:	736648 bytes
MD5 hash:	bf9680bcd223dba6b6e38b63bc4f73d7

Chronological Activities

Analysis Process: lsb_release PID: 6275, Parent PID: 6252

General

Start time (UTC):	19:59:53
Start date (UTC):	27/12/2024
Path:	/usr/bin/lsb_release
Arguments:	/usr/bin/lsb_release -idrc
File size:	5490352 bytes
MD5 hash:	69f442c3e33b5f9a66b722c29ad89435

Chronological Activities

Analysis Process: firefox PID: 6297, Parent PID: 6252

General

Start time (UTC):	19:59:56
Start date (UTC):	27/12/2024
Path:	/usr/lib/firefox/firefox
Arguments:	-
File size:	736648 bytes
MD5 hash:	bf9680bcd223dba6b6e38b63bc4f73d7

Chronological Activities

Analysis Process: dbus-launch PID: 6297, Parent PID: 6252

General

Start time (UTC):	19:59:56
Start date (UTC):	27/12/2024
Path:	/usr/bin/dbus-launch
Arguments:	dbus-launch --autolaunch=ee49dfd4fa47433baee88884e2d7de7c --binary-syntax --close-stderr
File size:	34960 bytes
MD5 hash:	0b22a45154a51c6121bb1d208d8ab203

Chronological Activities

Analysis Process: firefox PID: 6306, Parent PID: 6252

General

Start time (UTC):	19:59:56
Start date (UTC):	27/12/2024
Path:	/usr/lib/firefox/firefox
Arguments:	-
File size:	736648 bytes
MD5 hash:	bf9680bcd223dba6b6e38b63bc4f73d7

Chronological Activities

Analysis Process: firefox PID: 6308, Parent PID: 6306

General

Start time (UTC):	19:59:56
Start date (UTC):	27/12/2024
Path:	/usr/lib/firefox/firefox
Arguments:	-
File size:	736648 bytes
MD5 hash:	bf9680bcd223dba6b6e38b63bc4f73d7

Chronological Activities

Analysis Process: firefox PID: 6306, Parent PID: 6252

General

Start time (UTC):	19:59:56
Start date (UTC):	27/12/2024
Path:	/usr/lib/firefox/firefox
Arguments:	/usr/lib/firefox/firefox -contentproc -parentBuildID 20210816143654 -prefsLen 1 -prefMapSize 238647 -appdir /usr/lib/firefox/browser 6252 true socket
File size:	736648 bytes
MD5 hash:	bf9680bcd223dba6b6e38b63bc4f73d7

Chronological Activities

Analysis Process: firefox PID: 6337, Parent PID: 6252

General

Start time (UTC):	19:59:58
Start date (UTC):	27/12/2024
Path:	/usr/lib/firefox/firefox
Arguments:	-
File size:	736648 bytes
MD5 hash:	bf9680bcd223dba6b6e38b63bc4f73d7

Chronological Activities

Analysis Process: firefox PID: 6341, Parent PID: 6337

General

Start time (UTC):	19:59:58
Start date (UTC):	27/12/2024
Path:	/usr/lib/firefox/firefox
Arguments:	-
File size:	736648 bytes
MD5 hash:	bf9680bcd223dba6b6e38b63bc4f73d7

Chronological Activities

Analysis Process: firefox PID: 6337, Parent PID: 6252

General

Start time (UTC):	19:59:58
Start date (UTC):	27/12/2024
Path:	/usr/lib/firefox/firefox
Arguments:	/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 188 -prefMapSize 238647 -jsInit 285716 -parentBuildID 20210816143654 -appdir /usr/lib/firefox/browser 6252 true tab
File size:	736648 bytes
MD5 hash:	bf9680bcd223dba6b6e38b63bc4f73d7

Chronological Activities

Analysis Process: firefox PID: 6378, Parent PID: 6252

General

Start time (UTC):	20:00:03
Start date (UTC):	27/12/2024
Path:	/usr/lib/firefox/firefox
Arguments:	-
File size:	736648 bytes
MD5 hash:	bf9680bcd223dba6b6e38b63bc4f73d7

Chronological Activities

Analysis Process: firefox PID: 6380, Parent PID: 6378

General

Start time (UTC):	20:00:03
Start date (UTC):	27/12/2024
Path:	/usr/lib/firefox/firefox
Arguments:	-
File size:	736648 bytes
MD5 hash:	bf9680bcd223dba6b6e38b63bc4f73d7

Chronological Activities

Analysis Process: firefox PID: 6378, Parent PID: 6252

General

Start time (UTC):	20:00:03
Start date (UTC):	27/12/2024
Path:	/usr/lib/firefox/firefox
Arguments:	/usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 5251 -prefMapSize 238647 -jsInit 285716 -parentBuildID 20210816143654 -appdir /usr/lib/firefox/browser 6252 true tab
File size:	736648 bytes
MD5 hash:	bf9680bcd223dba6b6e38b63bc4f73d7

Chronological Activities

Analysis Process: firefox PID: 6442, Parent PID: 6252

General

Start time (UTC):	20:00:19
Start date (UTC):	27/12/2024
Path:	/usr/lib/firefox/firefox
Arguments:	-
File size:	736648 bytes
MD5 hash:	bf9680bcd223dba6b6e38b63bc4f73d7

Chronological Activities

Analysis Process: firefox PID: 6444, Parent PID: 6442

General

Start time (UTC):	20:00:19
Start date (UTC):	27/12/2024
Path:	/usr/lib/firefox/firefox
Arguments:	-
File size:	736648 bytes
MD5 hash:	bf9680bcd223dba6b6e38b63bc4f73d7

Chronological Activities

Analysis Process: firefox PID: 6442, Parent PID: 6252

General

Start time (UTC):	20:00:19
Start date (UTC):	27/12/2024
Path:	/usr/lib/firefox/firefox
Arguments:	/usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 5982 -prefMapSize 238647 -jsInit 285716 -parentBuildID 20210816143654 -appdir /usr/lib/firefox/browser 6252 true tab
File size:	736648 bytes
MD5 hash:	bf9680bcd223dba6b6e38b63bc4f73d7

Description:	Adversaries may attempt to hide artifacts associated with their behaviors to evade detection. Operating systems may have features to hide various artifacts, such as important system files and administrative task execution, to avoid disrupting user work environments and prevent users from changing files or features on the system. Adversaries may abuse these features to hide artifacts such as files, directories, user accounts, or other system activity to evade detection.
Tactics:	Defense Evasion
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Creation, File: File Metadata, File: File Modification, Firmware: Firmware Modification, Process: OS API Execution, Process: Process Creation, Script: Script Execution, Service: Service Creation, User Account: User Account Creation, User Account: User Account Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Process Tree

Yara Signatures

Dropped Files

Suricata Signatures

Joe Sandbox Signatures

Phishing

Networking

System Summary

Persistence and Installation Behavior

Malware Analysis System Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

/home/saturnino/.cache/dconf/user

/home/saturnino/.cache/mozilla/firefox/a3xevaya.default-release/cache2/entries/0D2746162CF9693A6244B4819CF2FB1C4335D110

/home/saturnino/.cache/mozilla/firefox/a3xevaya.default-release/cache2/entries/19F3C9BFFFB226064E4C7D82B0316E390EE79530

/home/saturnino/.cache/mozilla/firefox/a3xevaya.default-release/cache2/entries/254256B27E0C48CF9B80B695F0B3B8CA84610495

/home/saturnino/.cache/mozilla/firefox/a3xevaya.default-release/cache2/entries/2EB498719AE24260CCB27F5835DFD94AE777B4CB

/home/saturnino/.cache/mozilla/firefox/a3xevaya.default-release/cache2/entries/37373F56CBD822F5FCF64BA01E1320A0924D8460

/home/saturnino/.cache/mozilla/firefox/a3xevaya.default-release/cache2/entries/47E041953657F70771DE09976C57A333DEDC4408

/home/saturnino/.cache/mozilla/firefox/a3xevaya.default-release/cache2/entries/5FFD69415953BE9CE9C07B2E9C26DA959ADEA6CB

/home/saturnino/.cache/mozilla/firefox/a3xevaya.default-release/cache2/entries/85B78A1A718FD71B967FD9E87FAC8B490506EBCE

/home/saturnino/.cache/mozilla/firefox/a3xevaya.default-release/cache2/entries/8FE5899A52ED3FA53CC6B76C120A9E60856D9A07

/home/saturnino/.cache/mozilla/firefox/a3xevaya.default-release/cache2/entries/B3F6EC0DC12711CC1E5D30B917A3B5BFB83A5800

/home/saturnino/.cache/mozilla/firefox/a3xevaya.default-release/cache2/entries/F8CBD54DDA10F4286A41EC6A537240712D6C2308

/home/saturnino/.cache/mozilla/firefox/a3xevaya.default-release/settings/main/ms-language-packs/asrouter.ftl.tmp

/home/saturnino/.cache/mozilla/firefox/a3xevaya.default-release/startupCache/scriptCache-child-new.bin

/home/saturnino/.cache/mozilla/firefox/a3xevaya.default-release/startupCache/scriptCache-new.bin

/home/saturnino/.cache/mozilla/firefox/a3xevaya.default-release/startupCache/urlCache-new.bin

/home/saturnino/.mozilla/firefox/a3xevaya.default-release/addonStartup.json.lz4.tmp

/home/saturnino/.mozilla/firefox/a3xevaya.default-release/broadcast-listeners.json.tmp

/home/saturnino/.mozilla/firefox/a3xevaya.default-release/cert9.db

/home/saturnino/.mozilla/firefox/a3xevaya.default-release/cert9.db-journal

/home/saturnino/.mozilla/firefox/a3xevaya.default-release/crashes/store.json.mozlz4.tmp

/home/saturnino/.mozilla/firefox/a3xevaya.default-release/datareporting/aborted-session-ping.tmp

/home/saturnino/.mozilla/firefox/a3xevaya.default-release/datareporting/glean/db/data.safe.bin

/home/saturnino/.mozilla/firefox/a3xevaya.default-release/datareporting/glean/tmp/a5f7d124-2a4b-4e86-9504-468bc4cb89a7

/home/saturnino/.mozilla/firefox/a3xevaya.default-release/datareporting/session-state.json.tmp

/home/saturnino/.mozilla/firefox/a3xevaya.default-release/datareporting/state.json.tmp

/home/saturnino/.mozilla/firefox/a3xevaya.default-release/extensions.json.tmp

/home/saturnino/.mozilla/firefox/a3xevaya.default-release/key4.db

/home/saturnino/.mozilla/firefox/a3xevaya.default-release/key4.db-journal

/home/saturnino/.mozilla/firefox/a3xevaya.default-release/places.sqlite-wal

/home/saturnino/.mozilla/firefox/a3xevaya.default-release/prefs-1.js

/home/saturnino/.mozilla/firefox/a3xevaya.default-release/search.json.mozlz4