Analysis Overview
Threat Level: Known bad
The file https://github.com/MalwareSamples/Linux-Malware-Samples was found to be: Known bad.
Malicious Activity Summary
XMRig Miner payload
xmrig
Executes dropped EXE
Legitimate hosting services abused for malware hosting/C2
Changes its process name
Checks CPU configuration
Reads CPU attributes
Reads runtime system information
Writes file to tmp directory
Enumerates kernel/hardware configuration
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-19 10:12
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-19 10:12
Reported
2024-05-19 10:42
Platform
ubuntu2004-amd64-20240508-en
Max time kernel
1799s
Max time network
1733s
Command Line
Signatures
XMRig Miner payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
xmrig
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /root/Downloads/00ae07c9fe63b080181b8a6d59c6b3b6f9913938858829e5a42ab90fb72edf7a | /root/Downloads/00ae07c9fe63b080181b8a6d59c6b3b6f9913938858829e5a42ab90fb72edf7a | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
Changes its process name
| Description | Indicator | Process | Target |
| Changes the process name, possibly in an attempt to hide itself | gmain | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | gdbus | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | glean.dispatche | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Parent | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Parent | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Parent | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Backgro~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Backgro~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPDL Background | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Thread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPDL Background | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Thread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Netlink Monitor | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Netlink Monitor | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Timer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Timer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | HTML5 Parser | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | HTML5 Parser | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | pool-firefox | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | pool-firefox | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | JS Watchdog | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | JS Watchdog | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BGReadURLs | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BGReadURLs | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | glxtest:disk$0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Cache2 I/O | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Cookie | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Cookie | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | TaskCon~ller #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | TaskCon~ller #0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Worker Launcher | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Worker Launcher | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BgIOThr~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BgIOThr~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Softwar~cThread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Softwar~cThread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Softwar~cThread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | CanvasRenderer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | CanvasRenderer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Compositor | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Compositor | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | WRWorkerLP#0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | WRWorker#0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Renderer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | WRWorkerLP#0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Renderer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | WRWorker#0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | ImageIO | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | ImageIO | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Permission | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Permission | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC Launch | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC Launch | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | SandboxReporter | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | SandboxReporter | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Breakpad Server | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Sandbox Forked | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Chroot Helper | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | gmain | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | gdbus | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | pool-/usr/libex | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | gmain | N/A | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/lib/firefox/firefox | N/A |
Reads CPU attributes
| Description | Indicator | Process | Target |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/bin/nautilus | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/cpu0/cache/index2/size | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/cpu0/cache/index3/size | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
Enumerates kernel/hardware configuration
| Description | Indicator | Process | Target |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/uevent | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/uevent | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/subsystem_vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/subsystem_vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus | /usr/libexec/gvfs-gphoto2-volume-monitor | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/1-1:1.0/uevent | /usr/libexec/gvfs-mtp-volume-monitor | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/uevent | /usr/libexec/gvfs-gphoto2-volume-monitor | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/usb/devices | /usr/libexec/gvfs-mtp-volume-monitor | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/uevent | /usr/libexec/gvfs-gphoto2-volume-monitor | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/uevent | /usr/libexec/gvfs-mtp-volume-monitor | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/subsystem_device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/uevent | /usr/libexec/gvfs-mtp-volume-monitor | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/1-0:1.0/uevent | /usr/libexec/gvfs-gphoto2-volume-monitor | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/1-1:1.0/uevent | /usr/libexec/gvfs-gphoto2-volume-monitor | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus | /usr/libexec/gvfs-mtp-volume-monitor | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/class | /usr/libexec/gvfs-mtp-volume-monitor | N/A |
| File opened for reading | /sys/bus/pci/devices | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/class | /usr/lib/firefox/glxtest | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/mountinfo | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/84 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sed | N/A |
| File opened for reading | /proc/self/fd/70 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/gnome-keyring-daemon | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/gvfs-gphoto2-volume-monitor | N/A |
| File opened for reading | /proc/self/fd/112 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/mounts | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/1424/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /proc/self/fd/12 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/mountinfo | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/50 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/task/1810/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/1589/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/goa-daemon | N/A |
| File opened for reading | /proc/self/fd/114 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/117 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1720/cgroup | /usr/libexec/gvfs-udisks2-volume-monitor | N/A |
| File opened for reading | /proc/self/task/1519/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/gvfsd | N/A |
| File opened for reading | /proc/1617/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/fd/113 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/123 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/mountinfo | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sed | N/A |
| File opened for reading | /proc/self/fd/35 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1578/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/fd/66 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1737/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/task/1808/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1573/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/task/1650/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/cmdline | /usr/libexec/dconf-service | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1408/status | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/1408/attr/current | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sed | N/A |
| File opened for reading | /proc/self/fd | /usr/bin/dbus-send | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/task/2019/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/task/1939/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/task/1692/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1515/root | /usr/libexec/xdg-desktop-portal | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/gvfs-udisks2-volume-monitor | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/gvfs-afc-volume-monitor | N/A |
| File opened for reading | /proc/self/fd/111 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/xdg-desktop-portal-gtk | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/XvgxNs7O | /usr/lib/firefox/firefox | N/A |
| File opened for modification | /tmp/firefox/.parentlock | /usr/lib/firefox/firefox | N/A |
| File opened for modification | /tmp/tmpaddon | /usr/lib/firefox/firefox | N/A |
| File opened for modification | /tmp/mozilla-temp-1074305642 | /usr/lib/firefox/firefox | N/A |
Processes
/usr/bin/xdg-open
[xdg-open https://github.com/MalwareSamples/Linux-Malware-Samples]
/usr/bin/dbus-send
[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]
/usr/bin/dbus-launch
[dbus-launch --autolaunch 4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/bin/dbus-daemon
[/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session]
/usr/bin/grep
[grep = \"xfce4\"$]
/usr/bin/xprop
[xprop -root _DT_SAVE_MODE]
/usr/bin/grep
[grep -i ^xfce_desktop_window]
/usr/bin/xprop
[xprop -root]
/usr/bin/grep
[grep -q ^Enlightenment]
/usr/bin/uname
[uname]
/usr/bin/grep
[grep -q ^file://]
/usr/bin/egrep
[egrep -q ^[[:alpha:]+\.\-]+:]
/usr/local/sbin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/local/bin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/sbin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/bin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/bin/sed
[sed -n s/\(^[[:alnum:]+\.-]*\):.*$/\1/p]
/usr/bin/xdg-mime
[xdg-mime query default x-scheme-handler/https]
/usr/bin/dbus-send
[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]
/usr/bin/dbus-launch
[dbus-launch --autolaunch 4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/bin/grep
[grep = \"xfce4\"$]
/usr/bin/xprop
[xprop -root _DT_SAVE_MODE]
/usr/bin/grep
[grep -i ^xfce_desktop_window]
/usr/bin/xprop
[xprop -root]
/usr/bin/grep
[grep -q ^Enlightenment]
/usr/bin/uname
[uname]
/usr/bin/sed
[sed s/:/ /g]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/usr/bin/grep
[grep x-scheme-handler/https= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/usr/bin/grep
[grep x-scheme-handler/https= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]
/usr/bin/head
[head -n 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/grep
[grep x-scheme-handler/https= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/head
[head -n 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/grep
[grep x-scheme-handler/https= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]
/usr/bin/head
[head -n 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/grep
[grep x-scheme-handler/https= /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache]
/usr/bin/sed
[sed s/:/ /g]
/usr/bin/sed
[sed -e s|-|/|]
/usr/bin/sed
[sed -e s|-|/|]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/which
[which firefox]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/firefox
[/usr/bin/firefox https://github.com/MalwareSamples/Linux-Malware-Samples]
/usr/bin/which
[which /usr/bin/firefox]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox https://github.com/MalwareSamples/Linux-Malware-Samples]
/usr/local/sbin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/local/bin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/sbin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/bin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/lib/firefox/glxtest
[/usr/lib/firefox/glxtest -f 13]
/usr/bin/lsb_release
[/usr/bin/lsb_release -idrc]
/usr/local/sbin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/local/bin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/sbin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/bin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -parentBuildID 20240108143603 -prefsLen 20597 -prefMapSize 234708 -appDir /usr/lib/firefox/browser {dde417a7-69a8-4e41-8881-8d5308f21499} 1515 true socket]
/usr/libexec/xdg-desktop-portal
[/usr/libexec/xdg-desktop-portal]
/usr/libexec/xdg-document-portal
[/usr/libexec/xdg-document-portal]
/usr/libexec/xdg-permission-store
[/usr/libexec/xdg-permission-store]
/usr/libexec/xdg-desktop-portal-gtk
[/usr/libexec/xdg-desktop-portal-gtk]
/usr/libexec/gvfsd
[/usr/libexec/gvfsd]
/usr/libexec/gvfsd-fuse
[/usr/libexec/gvfsd-fuse /root/.cache/gvfs -f -o big_writes]
/usr/libexec/dconf-service
[/usr/libexec/dconf-service]
/usr/bin/nautilus
[/usr/bin/nautilus --gapplication-service]
/usr/libexec/gvfsd-trash
[/usr/libexec/gvfsd-trash --spawner :1.8 /org/gtk/gvfs/exec_spaw/0]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 20271 -prefMapSize 234708 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {17e0997f-949c-4dcf-bad8-9780181390d7} 1515 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 28891 -prefMapSize 234708 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {a2abb816-062e-45ac-b7f4-faf5ad56ce05} 1515 true tab]
/usr/bin/gnome-keyring-daemon
[/usr/bin/gnome-keyring-daemon --start --foreground --components=secrets]
/usr/libexec/gvfs-udisks2-volume-monitor
[/usr/libexec/gvfs-udisks2-volume-monitor]
/usr/libexec/gvfs-afc-volume-monitor
[/usr/libexec/gvfs-afc-volume-monitor]
/usr/libexec/gvfs-mtp-volume-monitor
[/usr/libexec/gvfs-mtp-volume-monitor]
/usr/libexec/gvfs-gphoto2-volume-monitor
[/usr/libexec/gvfs-gphoto2-volume-monitor]
/usr/libexec/gvfs-goa-volume-monitor
[/usr/libexec/gvfs-goa-volume-monitor]
/usr/libexec/goa-daemon
[/usr/libexec/goa-daemon]
/usr/libexec/goa-identity-service
[/usr/libexec/goa-identity-service]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -parentBuildID 20240108143603 -sandboxingKind 0 -prefsLen 30012 -prefMapSize 234708 -appDir /usr/lib/firefox/browser {4bbf7138-9678-425d-adb3-85dd7256c984} 1515 true utility]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 27292 -prefMapSize 234708 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {f679fae1-ecba-405b-b201-b678d850ec9b} 1515 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 4 -isForBrowser -prefsLen 27292 -prefMapSize 234708 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {3f9cd6c6-9820-4879-a1f3-34af15ca753c} 1515 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 5 -isForBrowser -prefsLen 27292 -prefMapSize 234708 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {fb076ee9-31b6-4915-b02f-f74e1cf5947e} 1515 true tab]
/root/Downloads/00ae07c9fe63b080181b8a6d59c6b3b6f9913938858829e5a42ab90fb72edf7a
[/root/Downloads/00ae07c9fe63b080181b8a6d59c6b3b6f9913938858829e5a42ab90fb72edf7a file:///root/Downloads/00ae07c9fe63b080181b8a6d59c6b3b6f9913938858829e5a42ab90fb72edf7a]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 6 -isForBrowser -prefsLen 33763 -prefMapSize 234708 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {b0476097-a1f1-49cf-b99c-94640b297b3e} 1515 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 7 -isForBrowser -prefsLen 29224 -prefMapSize 234708 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {ba9d0750-a180-406f-b849-170d67cbb4a6} 1515 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 8 -isForBrowser -prefsLen 29224 -prefMapSize 234708 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {95608847-f2a2-4b50-aa52-a68e9f586414} 1515 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 9 -isForBrowser -prefsLen 29224 -prefMapSize 234708 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {fc30f6a2-306c-458d-9951-e4045573f852} 1515 true tab]
/usr/bin/speech-dispatcher
[/usr/bin/speech-dispatcher --spawn --communication-method unix_socket --socket-path /root/.cache/speech-dispatcher/speechd.sock]
/bin/sh
[sh -c type espeak > /dev/null 2>&1]
/bin/sh
[sh -c type mbrola > /dev/null 2>&1]
/bin/sh
[sh -c type espeak > /dev/null 2>&1]
/bin/sh
[sh -c type espeak-ng > /dev/null 2>&1]
/bin/sh
[sh -c type mbrola > /dev/null 2>&1]
/bin/sh
[sh -c type curl > /dev/null 2>&1]
/bin/sh
[sh -c type epos-say > /dev/null 2>&1]
/bin/sh
[sh -c type say > /dev/null 2>&1]
/bin/sh
[sh -c type pico2wave > /dev/null 2>&1]
/bin/sh
[sh -c type llia_phon > /dev/null 2>&1]
/bin/sh
[sh -c type mbrola > /dev/null 2>&1]
/bin/sh
[sh -c type /opt/swift/bin/swift > /dev/null 2>&1]
/usr/lib/speech-dispatcher-modules/sd_espeak-ng
[/usr/lib/speech-dispatcher-modules/sd_espeak-ng /etc/speech-dispatcher/modules/espeak-ng.conf]
/usr/lib/speech-dispatcher-modules/sd_generic
[/usr/lib/speech-dispatcher-modules/sd_generic /etc/speech-dispatcher/modules/mary-generic.conf]
/usr/lib/speech-dispatcher-modules/sd_dummy
[/usr/lib/speech-dispatcher-modules/sd_dummy /etc/speech-dispatcher/modules/dummy.conf]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | firefox.settings.services.mozilla.com | udp |
| US | 1.1.1.1:53 | firefox.settings.services.mozilla.com | udp |
| US | 1.1.1.1:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | github.com | udp |
| US | 1.1.1.1:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 1.1.1.1:53 | location.services.mozilla.com | udp |
| US | 1.1.1.1:53 | location.services.mozilla.com | udp |
| US | 1.1.1.1:53 | locprod2-elb-us-west-2.prod.mozaws.net | udp |
| US | 52.12.172.42:443 | location.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | contile.services.mozilla.com | udp |
| US | 1.1.1.1:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | spocs.getpocket.com | udp |
| US | 1.1.1.1:53 | spocs.getpocket.com | udp |
| US | 1.1.1.1:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | tcp |
| US | 1.1.1.1:53 | getpocket.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | getpocket.cdn.mozilla.net | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 34.117.188.166:443 | spocs.getpocket.com | udp |
| US | 1.1.1.1:53 | github.githubassets.com | udp |
| US | 1.1.1.1:53 | github.githubassets.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 1.1.1.1:53 | avatars.githubusercontent.com | udp |
| US | 1.1.1.1:53 | avatars.githubusercontent.com | udp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 34.117.188.166:443 | spocs.getpocket.com | udp |
| US | 1.1.1.1:53 | camo.githubusercontent.com | udp |
| US | 1.1.1.1:53 | camo.githubusercontent.com | udp |
| US | 185.199.110.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | camo.githubusercontent.com | tcp |
| US | 1.1.1.1:53 | shavar.services.mozilla.com | udp |
| US | 1.1.1.1:53 | shavar.services.mozilla.com | udp |
| US | 1.1.1.1:53 | shavar.prod.mozaws.net | udp |
| US | 35.164.250.149:443 | shavar.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | push.services.mozilla.com | udp |
| US | 1.1.1.1:53 | push.services.mozilla.com | udp |
| US | 1.1.1.1:53 | autopush.prod.mozaws.net | udp |
| US | 1.1.1.1:53 | autopush.prod.mozaws.net | udp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | aus5.mozilla.org | udp |
| US | 1.1.1.1:53 | aus5.mozilla.org | udp |
| US | 1.1.1.1:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 1.1.1.1:53 | ciscobinary.openh264.org | udp |
| US | 1.1.1.1:53 | ciscobinary.openh264.org | udp |
| GB | 88.221.134.209:80 | ciscobinary.openh264.org | tcp |
| US | 1.1.1.1:53 | collector.github.com | udp |
| US | 1.1.1.1:53 | collector.github.com | udp |
| US | 1.1.1.1:53 | glb-db52c2cf8be544.github.com | udp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 1.1.1.1:53 | api.github.com | udp |
| US | 1.1.1.1:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 1.1.1.1:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 1.1.1.1:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 1.1.1.1:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 1.1.1.1:53 | github.com | udp |
| US | 1.1.1.1:53 | github.com | udp |
| US | 1.1.1.1:53 | github.githubassets.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 1.1.1.1:53 | raw.githubusercontent.com | udp |
| US | 1.1.1.1:53 | raw.githubusercontent.com | udp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 1.1.1.1:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 216.58.201.100:443 | www.google.com | tcp |
| GB | 216.58.201.100:443 | www.google.com | udp |
| US | 1.1.1.1:53 | support.mozilla.org | udp |
| US | 1.1.1.1:53 | support.mozilla.org | udp |
| US | 1.1.1.1:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 91.189.91.96:80 | connectivity-check.ubuntu.com | tcp |
| US | 1.1.1.1:53 | play.google.com | udp |
| US | 1.1.1.1:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 1.1.1.1:53 | consent.google.com | udp |
| US | 1.1.1.1:53 | consent.google.com | udp |
| GB | 216.58.204.78:443 | consent.google.com | tcp |
| GB | 216.58.204.78:443 | consent.google.com | udp |
| US | 1.1.1.1:53 | unix.stackexchange.com | udp |
| US | 1.1.1.1:53 | unix.stackexchange.com | udp |
| US | 104.18.43.226:443 | unix.stackexchange.com | tcp |
| US | 1.1.1.1:53 | ajax.googleapis.com | udp |
| US | 1.1.1.1:53 | ajax.googleapis.com | udp |
| US | 1.1.1.1:53 | cdn.sstatic.net | udp |
| US | 1.1.1.1:53 | cdn.sstatic.net | udp |
| GB | 142.250.180.10:443 | ajax.googleapis.com | tcp |
| US | 172.64.147.34:443 | cdn.sstatic.net | tcp |
| US | 172.64.147.34:443 | cdn.sstatic.net | tcp |
| US | 172.64.147.34:443 | cdn.sstatic.net | tcp |
| US | 172.64.147.34:443 | cdn.sstatic.net | tcp |
| US | 172.64.147.34:443 | cdn.sstatic.net | tcp |
| US | 172.64.147.34:443 | cdn.sstatic.net | tcp |
| US | 1.1.1.1:53 | i.stack.imgur.com | udp |
| US | 1.1.1.1:53 | i.stack.imgur.com | udp |
| US | 1.1.1.1:53 | www.gravatar.com | udp |
| US | 1.1.1.1:53 | www.gravatar.com | udp |
| US | 1.1.1.1:53 | lh3.googleusercontent.com | udp |
| US | 1.1.1.1:53 | lh3.googleusercontent.com | udp |
| US | 1.1.1.1:53 | cdn.cookielaw.org | udp |
| US | 1.1.1.1:53 | cdn.cookielaw.org | udp |
| US | 172.64.155.170:443 | i.stack.imgur.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| GB | 216.58.204.65:443 | lh3.googleusercontent.com | tcp |
| US | 104.19.177.52:443 | cdn.cookielaw.org | tcp |
| GB | 142.250.180.10:443 | ajax.googleapis.com | udp |
| GB | 216.58.204.65:443 | lh3.googleusercontent.com | udp |
| US | 192.0.73.2:443 | www.gravatar.com | udp |
| US | 1.1.1.1:53 | pub.doubleverify.com | udp |
| US | 1.1.1.1:53 | pub.doubleverify.com | udp |
| US | 104.19.177.52:443 | cdn.cookielaw.org | tcp |
| US | 104.18.166.224:443 | pub.doubleverify.com | tcp |
| US | 104.18.166.224:443 | pub.doubleverify.com | udp |
| US | 1.1.1.1:53 | i.sstatic.net | udp |
| US | 1.1.1.1:53 | i.sstatic.net | udp |
| US | 172.64.146.223:443 | i.sstatic.net | tcp |
| US | 104.18.166.224:443 | pub.doubleverify.com | udp |
| US | 104.18.166.224:443 | pub.doubleverify.com | tcp |
| US | 1.1.1.1:53 | qa.sockets.stackexchange.com | udp |
| US | 1.1.1.1:53 | qa.sockets.stackexchange.com | udp |
| US | 1.1.1.1:53 | qa.sockets.stackexchange.com | udp |
| US | 198.252.206.25:443 | qa.sockets.stackexchange.com | tcp |
| US | 1.1.1.1:53 | region1.google-analytics.com | udp |
| US | 1.1.1.1:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 1.1.1.1:53 | geolocation.onetrust.com | udp |
| US | 1.1.1.1:53 | geolocation.onetrust.com | udp |
| US | 172.64.155.119:443 | geolocation.onetrust.com | tcp |
| US | 1.1.1.1:53 | dcc7614c7117da0a0cb203165725588c.safeframe.googlesyndication.com | udp |
| US | 1.1.1.1:53 | dcc7614c7117da0a0cb203165725588c.safeframe.googlesyndication.com | udp |
| GB | 142.250.180.1:443 | dcc7614c7117da0a0cb203165725588c.safeframe.googlesyndication.com | tcp |
| GB | 142.250.180.1:443 | dcc7614c7117da0a0cb203165725588c.safeframe.googlesyndication.com | udp |
| US | 1.1.1.1:53 | tpc.googlesyndication.com | udp |
| US | 1.1.1.1:53 | tpc.googlesyndication.com | udp |
| GB | 216.58.201.97:443 | tpc.googlesyndication.com | tcp |
| GB | 216.58.201.97:443 | tpc.googlesyndication.com | udp |
| US | 1.1.1.1:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 1.1.1.1:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 1.1.1.1:53 | contile.services.mozilla.com | udp |
| US | 1.1.1.1:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | firefox.settings.services.mozilla.com | udp |
| US | 1.1.1.1:53 | firefox.settings.services.mozilla.com | udp |
| US | 1.1.1.1:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | content-signature-chains.prod.autograph.services.mozaws.net | udp |
| US | 1.1.1.1:53 | content-signature-chains.prod.autograph.services.mozaws.net | udp |
| US | 34.160.144.191:443 | content-signature-chains.prod.autograph.services.mozaws.net | tcp |
| US | 1.1.1.1:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 1.1.1.1:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| GB | 185.125.190.98:80 | connectivity-check.ubuntu.com | tcp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 91.189.91.97:80 | connectivity-check.ubuntu.com | tcp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| GB | 185.125.190.98:80 | connectivity-check.ubuntu.com | tcp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| GB | 185.125.190.98:80 | connectivity-check.ubuntu.com | tcp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 91.189.91.97:80 | connectivity-check.ubuntu.com | tcp |
Files
/root/.cache/dconf/user
| MD5 | c4103f122d27677c9db144cae1394a66 |
| SHA1 | 1489f923c4dca729178b3e3233458550d8dddf29 |
| SHA256 | 96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7 |
| SHA512 | 5ea71dc6d0b4f57bf39aadd07c208c35f06cd2bac5fde210397f70de11d439c62ec1cdf3183758865fd387fcea0bada2f6c37a4a17851dd1d78fefe6f204ee54 |
/tmp/tmpaddon
| MD5 | 30082ae40dc48af6343db2fd22cfc645 |
| SHA1 | 3eb577555ee638e8beb01173e8f29e172747a728 |
| SHA256 | 85d4b95f9b2075daee9b0e64bce8d9d7343d0dda10e6072d7f9485a68472ee76 |
| SHA512 | 53a58bfb4c8124ad4f7655b99bfdea290033a085e0796b19245b33b91c0948fdac9f0c3e817130b352493a65d9a7a0fc8a7c1eedc618cdaa2b4580734a11cd9c |
/tmp/mozilla-temp-1074305642
| MD5 | c34b120cfc08b0d0591038f0656f9944 |
| SHA1 | f6af73bcb8365c1db0565b8e37f67b89cdd03859 |
| SHA256 | 00ae07c9fe63b080181b8a6d59c6b3b6f9913938858829e5a42ab90fb72edf7a |
| SHA512 | 032c13db6ff5de0d3fba9ee1b48cd5d804d2673ef9e55b99fdb0eb6e6bef8456c9f2a50ed64dc4f651d41ab5abab6b0bf3e29dbd1dd555e1387974fd1673a669 |
/root/Downloads/XvgxNs7O.part
| MD5 | 2f15b94f5da7a7e365bc884604dfad36 |
| SHA1 | 19ebf4c7ecdc66c10d8dc86653ddf8b92375fdbd |
| SHA256 | e52529780f25299f956551b4ef754e770e9265539e2c783714a321871309a075 |
| SHA512 | 1bb249d6a263da5a1c7d08fbb6a8535ea8aab80c78f19c808056dec4617724339091dd25bf9be7f8e8c26bb07c05650b046cc35db6cabc958bbba447f37e3f4f |
/root/Downloads/00ae07c9fe63b080181b8a6d59c6b3b6f9913938858829e5a42ab90fb72edf7a.GBGbclxx.part
| MD5 | 5224fadf37ad3c7e7d1e234693534517 |
| SHA1 | 972de517621e23e76d6d937883f7e715c1a154e1 |
| SHA256 | cf7dc986188f0bd6fc38130c170d81547098a747c813254bd4dde9785d54b5d9 |
| SHA512 | 908e3a77b2e13657e8d17c2ededce97214a0f63266ed4580e296db5b67c9ea7a36682625e1e72e1dcd649b798fb9c628bcbaf8472b8d4c337c8f3ff8abe0fe81 |
/root/.cache/speech-dispatcher/pid/speech-dispatcher.pid
| MD5 | 04b4c8c2e4c087c6587e2804400d4656 |
| SHA1 | 60634b20b46fe90475a57f383f459b9990a62f20 |
| SHA256 | 30df2d2c5df73ae2b8910b979637ae7147b6ad9a81fa05333c56a929b00ba1e5 |
| SHA512 | b18b509876d9f936dba95dfefe2b5f6bc9297a2663af8b7dc7cc97464b1ecdb9281d03ca8d787df04a625f7efc9b8ff262ba81cdde37f7dd7f58e12fa90b9811 |
/root/.cache/speech-dispatcher/log/speech-dispatcher.log
| MD5 | 5de638fb43ff129134e256d8ef033846 |
| SHA1 | de9743e460eb01a27d5ad3d958aa97c3554c9c71 |
| SHA256 | fe306b84a5e6b1c1a9b9810abc4a72ff6d219ed5e6d1da98a27f426abf304607 |
| SHA512 | 4bf5b7030ca924c6a908291bdf5daa8a95d38fb71470cb584e782eff806e2833f54d3b365f8354f0110e65d4e8a997f448623301c51bddd61160e35215f6c7ca |
/root/.cache/speech-dispatcher/log/espeak-ng.log
| MD5 | ef84f4e65f11da983c74a7bb8edb00e4 |
| SHA1 | 6a6b59b99ceba44216cfa42e5be6a1d641615ded |
| SHA256 | f56bc2309418b8e3f485b18fa4cc2a641912f03a08e3555387faa6fb925ca547 |
| SHA512 | 85019f18beeea67e60030755b3181fc3305eaade197200bd37a956dab9c4aea9ca0006f350c9def753c2036ddf851822733e9a050829b563624e9fec52fe784d |
/root/.cache/speech-dispatcher/log/mary-generic.log
| MD5 | 7b92a4d1d104620c17b8b007b82f4ea6 |
| SHA1 | fd86d4191806d10aa33baa3f47d2251dbacf461e |
| SHA256 | 7a0cea6035a30a623000fec0b0b03f597049663dcf103bb47af898a2e5db4966 |
| SHA512 | 64620869fc6c85c667f7543c5fecc6771756bf2d429295a2c6f3397deab885e373ed2542625de8e67ce696bc506c300c43a14ccb482f628b17e869cb07f0e2d2 |
/root/.cache/speech-dispatcher/log/dummy.log
| MD5 | b2b3a649e7e18f578a7d885627764958 |
| SHA1 | 9581944e1dd494b74896964a2b2db251428849be |
| SHA256 | 4d0663e7c2b22f2942d0e8eb992e7cce6350a01bde90d941a4fb1fab1e65065a |
| SHA512 | db150cd21eeea03ae2a4e0a1325f3f5d60343d08de349cb27e1da0a51402301b6271ede58f69377dc0d337e9db1071d5921a4d26f81427b74d361959d2c823e7 |