Analysis Overview
Threat Level: Likely benign
The file http://dllgen.z91658n8.beget.tech/ was found to be: Likely benign.
Malicious Activity Summary
Changes its process name
Checks CPU configuration
Reads CPU attributes
Enumerates kernel/hardware configuration
Reads runtime system information
Writes file to tmp directory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-19 02:00
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-19 02:00
Reported
2024-05-19 02:00
Platform
ubuntu2004-amd64-20240508-en
Max time kernel
27s
Max time network
32s
Command Line
Signatures
Changes its process name
| Description | Indicator | Process | Target |
| Changes the process name, possibly in an attempt to hide itself | gmain | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | gdbus | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | glean.dispatche | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Parent | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Parent | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Parent | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Backgro~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Backgro~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPDL Background | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPDL Background | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Thread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Thread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Netlink Monitor | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Netlink Monitor | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | HTML5 Parser | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | HTML5 Parser | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Timer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Timer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | pool-firefox | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | pool-firefox | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | JS Watchdog | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | JS Watchdog | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BGReadURLs | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BGReadURLs | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | glxtest:disk$0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Cache2 I/O | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Cookie | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Cookie | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | TaskCon~ller #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | TaskCon~ller #0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Worker Launcher | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Worker Launcher | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BgIOThr~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BgIOThr~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Softwar~cThread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Softwar~cThread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Softwar~cThread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | CanvasRenderer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | CanvasRenderer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Compositor | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Compositor | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | WRWorkerLP#0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | WRWorker#0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | WRWorkerLP#0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | WRWorker#0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Renderer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Renderer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | ImageIO | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | ImageIO | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Permission | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Permission | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC Launch | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC Launch | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | SandboxReporter | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | SandboxReporter | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Breakpad Server | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Sandbox Forked | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Chroot Helper | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | gmain | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | gdbus | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | pool-/usr/libex | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | gmain | N/A | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/lib/firefox/firefox | N/A |
Reads CPU attributes
| Description | Indicator | Process | Target |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/cpu0/cache/index2/size | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/cpu0/cache/index3/size | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/bin/nautilus | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
Enumerates kernel/hardware configuration
| Description | Indicator | Process | Target |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/subsystem_device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/subsystem_vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/subsystem_vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/uevent | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/kernel/security/apparmor/features/dbus/mask | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/subsystem_device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/uevent | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/vendor | /usr/lib/firefox/glxtest | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/filesystems | /usr/libexec/xdg-desktop-portal-gtk | N/A |
| File opened for reading | /proc/1494/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/36 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/103 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/111 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1454/status | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/nautilus | N/A |
| File opened for reading | /proc/self/fd/78 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /proc/1515/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/fd/102 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/dconf-service | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/mountinfo | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd | /usr/libexec/gvfsd | N/A |
| File opened for reading | /proc/self/fd/60 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/task/1614/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/35 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/125 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/131 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/132 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/task/1671/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/79 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/mountinfo | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/task/1646/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/136 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/task/1712/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1454/attr/current | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/57 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/task/1575/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/134 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1542/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/140 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/task/1496/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/gvfsd-trash | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/cgroup | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/xdg-document-portal | N/A |
| File opened for reading | /proc/self/mountinfo | /usr/libexec/gvfsd-trash | N/A |
| File opened for reading | /proc/mounts | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/1400/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/fd/32 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1519/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/1547/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/fd/142 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/gvfsd | N/A |
| File opened for reading | /proc/1552/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/fd/129 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1500/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/task/1663/stat | /usr/lib/firefox/firefox | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/firefox/.parentlock | /usr/lib/firefox/firefox | N/A |
Processes
/usr/bin/firefox
[firefox -new-tab http://dllgen.z91658n8.beget.tech/]
/usr/bin/which
[which /usr/bin/firefox]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -new-tab http://dllgen.z91658n8.beget.tech/]
/usr/local/sbin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/local/bin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/sbin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/bin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/bin/dbus-daemon
[/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session]
/usr/lib/firefox/glxtest
[/usr/lib/firefox/glxtest -f 13]
/usr/bin/lsb_release
[/usr/bin/lsb_release -idrc]
/usr/local/sbin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/local/bin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/sbin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/bin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -parentBuildID 20240108143603 -prefsLen 20597 -prefMapSize 234708 -appDir /usr/lib/firefox/browser {b290c9b7-f659-4e06-9853-cffd368a794a} 1400 true socket]
/usr/libexec/xdg-desktop-portal
[/usr/libexec/xdg-desktop-portal]
/usr/libexec/xdg-document-portal
[/usr/libexec/xdg-document-portal]
/usr/libexec/xdg-permission-store
[/usr/libexec/xdg-permission-store]
/usr/libexec/xdg-desktop-portal-gtk
[/usr/libexec/xdg-desktop-portal-gtk]
/usr/libexec/gvfsd
[/usr/libexec/gvfsd]
/usr/libexec/gvfsd-fuse
[/usr/libexec/gvfsd-fuse /root/.cache/gvfs -f -o big_writes]
/usr/libexec/dconf-service
[/usr/libexec/dconf-service]
/usr/bin/nautilus
[/usr/bin/nautilus --gapplication-service]
/usr/libexec/gvfsd-trash
[/usr/libexec/gvfsd-trash --spawner :1.6 /org/gtk/gvfs/exec_spaw/0]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 20206 -prefMapSize 234708 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {f72abe93-1925-4f8c-aac6-25884172f6aa} 1400 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 28966 -prefMapSize 234708 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {bd05e754-ba84-4d34-af43-f6a6cb778818} 1400 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -parentBuildID 20240108143603 -sandboxingKind 0 -prefsLen 28966 -prefMapSize 234708 -appDir /usr/lib/firefox/browser {2f47ba84-621e-473c-bd7d-9c5c747a8e8c} 1400 true utility]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 25826 -prefMapSize 234708 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {5834f039-6f12-4240-aa08-01d389908353} 1400 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 4 -isForBrowser -prefsLen 25826 -prefMapSize 234708 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {17c6f88b-42d3-48bc-99c3-d59f2cf2a682} 1400 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 5 -isForBrowser -prefsLen 25826 -prefMapSize 234708 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {4e09ead9-620b-4366-915b-89bc41413fc8} 1400 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 6 -isForBrowser -prefsLen 25826 -prefMapSize 234708 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {08dbafa3-dd8b-440a-85a6-67a5ffc04dd8} 1400 true tab]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | firefox.settings.services.mozilla.com | udp |
| US | 1.1.1.1:53 | firefox.settings.services.mozilla.com | udp |
| US | 1.1.1.1:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | dllgen.z91658n8.beget.tech | udp |
| US | 1.1.1.1:53 | dllgen.z91658n8.beget.tech | udp |
| US | 1.1.1.1:53 | location.services.mozilla.com | udp |
| US | 1.1.1.1:53 | location.services.mozilla.com | udp |
| US | 1.1.1.1:53 | locprod2-elb-us-west-2.prod.mozaws.net | udp |
| US | 44.241.205.248:443 | location.services.mozilla.com | tcp |
| RU | 185.50.25.57:80 | dllgen.z91658n8.beget.tech | tcp |
| US | 1.1.1.1:53 | contile.services.mozilla.com | udp |
| US | 1.1.1.1:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | spocs.getpocket.com | udp |
| US | 1.1.1.1:53 | spocs.getpocket.com | udp |
| US | 1.1.1.1:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | tcp |
| US | 34.117.188.166:443 | spocs.getpocket.com | udp |
| US | 1.1.1.1:53 | getpocket.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | getpocket.cdn.mozilla.net | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 34.117.188.166:443 | spocs.getpocket.com | udp |
| US | 1.1.1.1:53 | tapcontrol.ru | udp |
| US | 1.1.1.1:53 | tapcontrol.ru | udp |
| NL | 5.61.58.247:80 | tapcontrol.ru | tcp |
| US | 1.1.1.1:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | shavar.services.mozilla.com | udp |
| US | 1.1.1.1:53 | shavar.services.mozilla.com | udp |
| US | 1.1.1.1:53 | shavar.prod.mozaws.net | udp |
| US | 44.230.111.112:443 | shavar.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | push.services.mozilla.com | udp |
| US | 1.1.1.1:53 | push.services.mozilla.com | udp |
| US | 1.1.1.1:53 | autopush.prod.mozaws.net | udp |
| US | 1.1.1.1:53 | autopush.prod.mozaws.net | udp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tapcontrol.ru | udp |
| NL | 5.61.58.247:80 | tapcontrol.ru | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | p457312.clksite.com | udp |
| US | 1.1.1.1:53 | p457312.clksite.com | udp |
| US | 1.1.1.1:53 | pl19098504.highrevenuegate.com | udp |
| US | 1.1.1.1:53 | pl19098504.highrevenuegate.com | udp |
| US | 1.1.1.1:53 | bbckdl.mfcewkrob.com | udp |
| US | 1.1.1.1:53 | promotionnecessity.com | udp |
| US | 1.1.1.1:53 | bbckdl.mfcewkrob.com | udp |
| US | 1.1.1.1:53 | promotionnecessity.com | udp |
| US | 1.1.1.1:53 | ads.people-group.net | udp |
| US | 1.1.1.1:53 | ads.people-group.net | udp |
| US | 1.1.1.1:53 | inquiryclank.com | udp |
| US | 1.1.1.1:53 | inquiryclank.com | udp |
| US | 1.1.1.1:53 | push.multibux.org | udp |
| US | 1.1.1.1:53 | push.multibux.org | udp |
| US | 1.1.1.1:53 | multibux.org | udp |
| US | 1.1.1.1:53 | multibux.org | udp |
| US | 1.1.1.1:53 | v.visitweb.com | udp |
| US | 1.1.1.1:53 | steaser.ru | udp |
| US | 1.1.1.1:53 | steaser.ru | udp |
| US | 1.1.1.1:53 | ladnova.info | udp |
| US | 1.1.1.1:53 | ladnova.info | udp |
| US | 172.67.131.94:80 | multibux.org | tcp |
| US | 104.21.3.245:80 | multibux.org | tcp |
| RU | 185.50.25.57:80 | dllgen.z91658n8.beget.tech | tcp |
| FI | 95.217.100.37:80 | ads.people-group.net | tcp |
| US | 1.1.1.1:53 | shinasi.info | udp |
| US | 1.1.1.1:53 | shinasi.info | udp |
| NL | 95.211.222.152:80 | bbckdl.mfcewkrob.com | tcp |
| NL | 95.211.222.152:80 | bbckdl.mfcewkrob.com | tcp |
| US | 1.1.1.1:53 | linkslot.ru | udp |
| US | 1.1.1.1:53 | linkslot.ru | udp |
| NL | 95.211.222.152:80 | bbckdl.mfcewkrob.com | tcp |
| US | 1.1.1.1:53 | govbusi.info | udp |
| US | 1.1.1.1:53 | govbusi.info | udp |
| NL | 206.54.181.250:80 | ladnova.info | tcp |
| US | 1.1.1.1:53 | incyclemarketing.com | udp |
| US | 1.1.1.1:53 | incyclemarketing.com | udp |
| US | 52.116.53.147:80 | p457312.clksite.com | tcp |
| US | 52.116.53.147:80 | p457312.clksite.com | tcp |
| US | 52.116.53.147:80 | p457312.clksite.com | tcp |
| US | 52.116.53.147:80 | p457312.clksite.com | tcp |
| US | 52.116.53.147:80 | p457312.clksite.com | tcp |
| US | 52.116.53.147:80 | p457312.clksite.com | tcp |
| US | 1.1.1.1:53 | taz.mfcewkrob.com | udp |
| US | 1.1.1.1:53 | taz.mfcewkrob.com | udp |
| US | 192.243.61.225:80 | inquiryclank.com | tcp |
| US | 199.59.243.225:443 | shinasi.info | tcp |
| US | 1.1.1.1:53 | dllgen.disqus.com | udp |
| US | 1.1.1.1:53 | dllgen.disqus.com | udp |
| US | 199.59.243.225:443 | shinasi.info | tcp |
| US | 1.1.1.1:53 | v.visitweb.com | udp |
| US | 1.1.1.1:53 | prod.disqus.map.fastlylb.net | udp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 69.16.230.42:80 | govbusi.info | tcp |
| US | 199.232.196.134:80 | dllgen.disqus.com | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| RU | 91.227.16.12:443 | steaser.ru | tcp |
| RU | 91.227.16.12:443 | steaser.ru | tcp |
| RU | 91.227.16.12:443 | steaser.ru | tcp |
| NL | 95.211.222.167:80 | taz.mfcewkrob.com | tcp |
| NL | 206.54.181.250:80 | ladnova.info | tcp |
| US | 172.67.223.195:443 | linkslot.ru | tcp |
| US | 199.250.197.88:443 | incyclemarketing.com | tcp |
| US | 192.243.61.227:80 | inquiryclank.com | tcp |
| US | 172.240.108.68:80 | inquiryclank.com | tcp |
| US | 172.240.108.68:80 | inquiryclank.com | tcp |
| US | 69.16.230.42:80 | govbusi.info | tcp |
| US | 1.1.1.1:53 | myckdom.com | udp |
| US | 1.1.1.1:53 | myckdom.com | udp |
| US | 52.117.247.211:443 | myckdom.com | tcp |
| US | 52.117.247.211:443 | myckdom.com | tcp |
| US | 52.117.247.211:443 | myckdom.com | tcp |
| US | 52.117.247.211:443 | myckdom.com | tcp |
| US | 52.117.247.211:443 | myckdom.com | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 52.117.247.211:443 | myckdom.com | tcp |
| US | 199.232.196.134:443 | dllgen.disqus.com | tcp |
| US | 172.67.223.195:443 | linkslot.ru | udp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 69.16.230.42:80 | govbusi.info | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 69.16.230.42:80 | govbusi.info | tcp |
| US | 69.16.230.42:80 | govbusi.info | tcp |
| US | 1.1.1.1:53 | goomaphy.com | udp |
| US | 1.1.1.1:53 | goomaphy.com | udp |
| NL | 139.45.197.239:80 | goomaphy.com | tcp |
| US | 69.16.230.42:80 | govbusi.info | tcp |
| FI | 95.217.100.37:80 | ads.people-group.net | tcp |
| US | 69.16.230.42:80 | govbusi.info | tcp |
| US | 1.1.1.1:53 | eutklckedlks.xyz | udp |
| US | 1.1.1.1:53 | eutklckedlks.xyz | udp |
| NL | 139.45.197.156:443 | eutklckedlks.xyz | tcp |
| US | 69.16.230.42:80 | govbusi.info | tcp |
| FI | 95.217.100.37:80 | ads.people-group.net | tcp |
| US | 1.1.1.1:53 | ads.people-group.net | udp |
| US | 69.16.230.42:80 | govbusi.info | tcp |
| US | 1.1.1.1:53 | www.people-group.net | udp |
| US | 1.1.1.1:53 | www.people-group.net | udp |
| FI | 95.217.100.37:80 | www.people-group.net | tcp |
| US | 69.16.230.42:80 | govbusi.info | tcp |
| US | 1.1.1.1:53 | ads.people-group.net | udp |
| US | 1.1.1.1:53 | region1.google-analytics.com | udp |
| US | 1.1.1.1:53 | region1.google-analytics.com | udp |
| US | 1.1.1.1:53 | thoohizoogli.xyz | udp |
| US | 1.1.1.1:53 | thoohizoogli.xyz | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| NL | 139.45.197.151:443 | thoohizoogli.xyz | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| NL | 139.45.197.151:443 | thoohizoogli.xyz | tcp |
| US | 1.1.1.1:53 | www.people-group.net | udp |
| FI | 95.217.100.37:443 | www.people-group.net | tcp |
| US | 1.1.1.1:53 | 0yt92ybt47qm.puscomosca.com | udp |
| US | 1.1.1.1:53 | 0yt92ybt47qm.puscomosca.com | udp |
| US | 104.21.3.245:443 | multibux.org | tcp |
| US | 172.67.131.94:443 | multibux.org | tcp |
| US | 1.1.1.1:53 | v.visitweb.com | udp |
| NL | 83.149.126.87:80 | 0yt92ybt47qm.puscomosca.com | tcp |
| US | 104.21.3.245:443 | multibux.org | udp |
| US | 104.21.3.245:80 | multibux.org | tcp |
| US | 172.67.131.94:443 | multibux.org | udp |
| FI | 95.217.100.37:80 | www.people-group.net | tcp |
| US | 1.1.1.1:53 | www.people-group.net | udp |
| FI | 95.217.100.37:80 | www.people-group.net | tcp |
| FI | 95.217.100.37:80 | www.people-group.net | tcp |
| FI | 95.217.100.37:80 | www.people-group.net | tcp |
| FI | 95.217.100.37:80 | www.people-group.net | tcp |
| US | 1.1.1.1:53 | st.top100.ru | udp |
| US | 1.1.1.1:53 | st.top100.ru | udp |
| FI | 95.217.100.37:80 | www.people-group.net | tcp |
| RU | 81.19.89.17:80 | st.top100.ru | tcp |
| US | 1.1.1.1:53 | help.people-group.net | udp |
| US | 1.1.1.1:53 | help.people-group.net | udp |
| US | 1.1.1.1:53 | people-group.net | udp |
| FI | 95.217.100.37:80 | help.people-group.net | tcp |
Files
/root/.cache/dconf/user
| MD5 | c4103f122d27677c9db144cae1394a66 |
| SHA1 | 1489f923c4dca729178b3e3233458550d8dddf29 |
| SHA256 | 96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7 |
| SHA512 | 5ea71dc6d0b4f57bf39aadd07c208c35f06cd2bac5fde210397f70de11d439c62ec1cdf3183758865fd387fcea0bada2f6c37a4a17851dd1d78fefe6f204ee54 |