Malware Analysis Report

2024-10-24 21:47

Sample ID 240519-l8q68sdf3y
Target https://github.com/MalwareSamples/Linux-Malware-Samples
Tags
xmrig antivm miner
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://github.com/MalwareSamples/Linux-Malware-Samples was found to be: Known bad.

Malicious Activity Summary

xmrig antivm miner

XMRig Miner payload

xmrig

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Changes its process name

Checks CPU configuration

Reads CPU attributes

Reads runtime system information

Writes file to tmp directory

Enumerates kernel/hardware configuration

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-19 10:12

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-19 10:12

Reported

2024-05-19 10:42

Platform

ubuntu2004-amd64-20240508-en

Max time kernel

1799s

Max time network

1733s

Command Line

[xdg-open https://github.com/MalwareSamples/Linux-Malware-Samples]

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

Executes dropped EXE

Description Indicator Process Target
N/A /root/Downloads/00ae07c9fe63b080181b8a6d59c6b3b6f9913938858829e5a42ab90fb72edf7a /root/Downloads/00ae07c9fe63b080181b8a6d59c6b3b6f9913938858829e5a42ab90fb72edf7a N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A

Changes its process name

Description Indicator Process Target
Changes the process name, possibly in an attempt to hide itself gmain N/A N/A
Changes the process name, possibly in an attempt to hide itself gdbus N/A N/A
Changes the process name, possibly in an attempt to hide itself glean.dispatche N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Parent N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Parent N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Parent N/A N/A
Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself IPDL Background N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Thread N/A N/A
Changes the process name, possibly in an attempt to hide itself IPDL Background N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Thread N/A N/A
Changes the process name, possibly in an attempt to hide itself Netlink Monitor N/A N/A
Changes the process name, possibly in an attempt to hide itself Netlink Monitor N/A N/A
Changes the process name, possibly in an attempt to hide itself Timer N/A N/A
Changes the process name, possibly in an attempt to hide itself Timer N/A N/A
Changes the process name, possibly in an attempt to hide itself HTML5 Parser N/A N/A
Changes the process name, possibly in an attempt to hide itself HTML5 Parser N/A N/A
Changes the process name, possibly in an attempt to hide itself pool-firefox N/A N/A
Changes the process name, possibly in an attempt to hide itself pool-firefox N/A N/A
Changes the process name, possibly in an attempt to hide itself JS Watchdog N/A N/A
Changes the process name, possibly in an attempt to hide itself JS Watchdog N/A N/A
Changes the process name, possibly in an attempt to hide itself BGReadURLs N/A N/A
Changes the process name, possibly in an attempt to hide itself BGReadURLs N/A N/A
Changes the process name, possibly in an attempt to hide itself glxtest:disk$0 N/A N/A
Changes the process name, possibly in an attempt to hide itself Cache2 I/O N/A N/A
Changes the process name, possibly in an attempt to hide itself Cookie N/A N/A
Changes the process name, possibly in an attempt to hide itself Cookie N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself TaskCon~ller #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself TaskCon~ller #0 N/A N/A
Changes the process name, possibly in an attempt to hide itself Worker Launcher N/A N/A
Changes the process name, possibly in an attempt to hide itself Worker Launcher N/A N/A
Changes the process name, possibly in an attempt to hide itself BgIOThr~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself BgIOThr~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself Softwar~cThread N/A N/A
Changes the process name, possibly in an attempt to hide itself Softwar~cThread N/A N/A
Changes the process name, possibly in an attempt to hide itself Softwar~cThread N/A N/A
Changes the process name, possibly in an attempt to hide itself CanvasRenderer N/A N/A
Changes the process name, possibly in an attempt to hide itself CanvasRenderer N/A N/A
Changes the process name, possibly in an attempt to hide itself Compositor N/A N/A
Changes the process name, possibly in an attempt to hide itself Compositor N/A N/A
Changes the process name, possibly in an attempt to hide itself WRWorkerLP#0 N/A N/A
Changes the process name, possibly in an attempt to hide itself WRWorker#0 N/A N/A
Changes the process name, possibly in an attempt to hide itself Renderer N/A N/A
Changes the process name, possibly in an attempt to hide itself WRWorkerLP#0 N/A N/A
Changes the process name, possibly in an attempt to hide itself Renderer N/A N/A
Changes the process name, possibly in an attempt to hide itself WRWorker#0 N/A N/A
Changes the process name, possibly in an attempt to hide itself ImageIO N/A N/A
Changes the process name, possibly in an attempt to hide itself ImageIO N/A N/A
Changes the process name, possibly in an attempt to hide itself Permission N/A N/A
Changes the process name, possibly in an attempt to hide itself Permission N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC Launch N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC Launch N/A N/A
Changes the process name, possibly in an attempt to hide itself SandboxReporter N/A N/A
Changes the process name, possibly in an attempt to hide itself SandboxReporter N/A N/A
Changes the process name, possibly in an attempt to hide itself Breakpad Server N/A N/A
Changes the process name, possibly in an attempt to hide itself Sandbox Forked N/A N/A
Changes the process name, possibly in an attempt to hide itself Chroot Helper N/A N/A
Changes the process name, possibly in an attempt to hide itself gmain N/A N/A
Changes the process name, possibly in an attempt to hide itself gdbus N/A N/A
Changes the process name, possibly in an attempt to hide itself pool-/usr/libex N/A N/A
Changes the process name, possibly in an attempt to hide itself gmain N/A N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/lib/firefox/firefox N/A

Reads CPU attributes

Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/online /usr/bin/nautilus N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/size /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/size /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A

Enumerates kernel/hardware configuration

Description Indicator Process Target
File opened for reading /sys/bus/pci/devices/0000:00:03.0/vendor /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/device /usr/lib/firefox/glxtest N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/glxtest N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/uevent /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/irq /usr/lib/firefox/glxtest N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/uevent /usr/lib/firefox/glxtest N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/subsystem_vendor /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/vendor /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/vendor /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/device /usr/lib/firefox/glxtest N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/subsystem_vendor /usr/lib/firefox/glxtest N/A
File opened for reading /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/vendor /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus /usr/libexec/gvfs-gphoto2-volume-monitor N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/device /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/device /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/device /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/device /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/device /usr/lib/firefox/glxtest N/A
File opened for reading /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/1-1:1.0/uevent /usr/libexec/gvfs-mtp-volume-monitor N/A
File opened for reading /sys/devices/pci0000:00/0000:00:05.0/usb1/uevent /usr/libexec/gvfs-gphoto2-volume-monitor N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/resource /usr/lib/firefox/glxtest N/A
File opened for reading /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/class /usr/lib/firefox/glxtest N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/usb/devices /usr/libexec/gvfs-mtp-volume-monitor N/A
File opened for reading /sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/uevent /usr/libexec/gvfs-gphoto2-volume-monitor N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/class /usr/lib/firefox/glxtest N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/uevent /usr/libexec/gvfs-mtp-volume-monitor N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/vendor /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/subsystem_device /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/class /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/vendor /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/device /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/vendor /usr/lib/firefox/glxtest N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/vendor /usr/lib/firefox/glxtest N/A
File opened for reading /sys/devices/pci0000:00/0000:00:05.0/usb1/uevent /usr/libexec/gvfs-mtp-volume-monitor N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/irq /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/resource /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/class /usr/lib/firefox/glxtest N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/pci0000:00/0000:00:05.0/usb1/1-0:1.0/uevent /usr/libexec/gvfs-gphoto2-volume-monitor N/A
File opened for reading /sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/1-1:1.0/uevent /usr/libexec/gvfs-gphoto2-volume-monitor N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/resource /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/vendor /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/resource /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/irq /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus /usr/libexec/gvfs-mtp-volume-monitor N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/resource /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/class /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/resource /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/class /usr/lib/firefox/glxtest N/A
File opened for reading /sys/class /usr/libexec/gvfs-mtp-volume-monitor N/A
File opened for reading /sys/bus/pci/devices /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/class /usr/lib/firefox/glxtest N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/self/stat /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/mountinfo /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/84 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/stat /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/bin/sed N/A
File opened for reading /proc/self/fd/70 /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/bin/gnome-keyring-daemon N/A
File opened for reading /proc/filesystems /usr/libexec/gvfs-gphoto2-volume-monitor N/A
File opened for reading /proc/self/fd/112 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/stat /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/mounts /usr/bin/dbus-daemon N/A
File opened for reading /proc/1424/cmdline /usr/bin/dbus-daemon N/A
File opened for reading /proc/filesystems /usr/lib/firefox/glxtest N/A
File opened for reading /proc/self/fd/12 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/mountinfo /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/50 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/1810/stat /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/bin/dbus-daemon N/A
File opened for reading /proc/1589/cmdline /usr/bin/dbus-daemon N/A
File opened for reading /proc/filesystems /usr/libexec/goa-daemon N/A
File opened for reading /proc/self/fd/114 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/117 /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/1720/cgroup /usr/libexec/gvfs-udisks2-volume-monitor N/A
File opened for reading /proc/self/task/1519/stat /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/libexec/gvfsd N/A
File opened for reading /proc/1617/cmdline /usr/bin/dbus-daemon N/A
File opened for reading /proc/self/fd/113 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/123 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/mountinfo /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/bin/sed N/A
File opened for reading /proc/self/fd/35 /usr/lib/firefox/firefox N/A
File opened for reading /proc/1578/cmdline /usr/bin/dbus-daemon N/A
File opened for reading /proc/self/fd/66 /usr/lib/firefox/firefox N/A
File opened for reading /proc/1737/cmdline /usr/bin/dbus-daemon N/A
File opened for reading /proc/self/task/1808/stat /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/1573/cmdline /usr/bin/dbus-daemon N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/1650/stat /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/stat /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/cmdline /usr/libexec/dconf-service N/A
File opened for reading /proc/self/stat /usr/lib/firefox/firefox N/A
File opened for reading /proc/1408/status /usr/bin/dbus-daemon N/A
File opened for reading /proc/1408/attr/current /usr/bin/dbus-daemon N/A
File opened for reading /proc/filesystems /usr/bin/sed N/A
File opened for reading /proc/self/fd /usr/bin/dbus-send N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/2019/stat /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/1939/stat /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/1692/stat /usr/lib/firefox/firefox N/A
File opened for reading /proc/1515/root /usr/libexec/xdg-desktop-portal N/A
File opened for reading /proc/filesystems /usr/libexec/gvfs-udisks2-volume-monitor N/A
File opened for reading /proc/filesystems /usr/libexec/gvfs-afc-volume-monitor N/A
File opened for reading /proc/self/fd/111 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/stat /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/libexec/xdg-desktop-portal-gtk N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/XvgxNs7O /usr/lib/firefox/firefox N/A
File opened for modification /tmp/firefox/.parentlock /usr/lib/firefox/firefox N/A
File opened for modification /tmp/tmpaddon /usr/lib/firefox/firefox N/A
File opened for modification /tmp/mozilla-temp-1074305642 /usr/lib/firefox/firefox N/A

Processes

/usr/bin/xdg-open

[xdg-open https://github.com/MalwareSamples/Linux-Malware-Samples]

/usr/bin/dbus-send

[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]

/usr/bin/dbus-launch

[dbus-launch --autolaunch 4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]

/usr/bin/dbus-daemon

[/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session]

/usr/bin/grep

[grep = \"xfce4\"$]

/usr/bin/xprop

[xprop -root _DT_SAVE_MODE]

/usr/bin/grep

[grep -i ^xfce_desktop_window]

/usr/bin/xprop

[xprop -root]

/usr/bin/grep

[grep -q ^Enlightenment]

/usr/bin/uname

[uname]

/usr/bin/grep

[grep -q ^file://]

/usr/bin/egrep

[egrep -q ^[[:alpha:]+\.\-]+:]

/usr/local/sbin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/usr/local/bin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/usr/sbin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/usr/bin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/usr/bin/sed

[sed -n s/\(^[[:alnum:]+\.-]*\):.*$/\1/p]

/usr/bin/xdg-mime

[xdg-mime query default x-scheme-handler/https]

/usr/bin/dbus-send

[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]

/usr/bin/dbus-launch

[dbus-launch --autolaunch 4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]

/usr/bin/grep

[grep = \"xfce4\"$]

/usr/bin/xprop

[xprop -root _DT_SAVE_MODE]

/usr/bin/grep

[grep -i ^xfce_desktop_window]

/usr/bin/xprop

[xprop -root]

/usr/bin/grep

[grep -q ^Enlightenment]

/usr/bin/uname

[uname]

/usr/bin/sed

[sed s/:/ /g]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/usr/bin/grep

[grep x-scheme-handler/https= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/usr/bin/grep

[grep x-scheme-handler/https= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]

/usr/bin/head

[head -n 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/grep

[grep x-scheme-handler/https= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/head

[head -n 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/grep

[grep x-scheme-handler/https= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]

/usr/bin/head

[head -n 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/grep

[grep x-scheme-handler/https= /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache]

/usr/bin/sed

[sed s/:/ /g]

/usr/bin/sed

[sed -e s|-|/|]

/usr/bin/sed

[sed -e s|-|/|]

/usr/bin/cut

[cut -d= -f 2-]

/usr/bin/which

[which firefox]

/usr/bin/cut

[cut -d= -f 2-]

/usr/bin/cut

[cut -d= -f 2-]

/usr/bin/cut

[cut -d= -f 2-]

/usr/bin/firefox

[/usr/bin/firefox https://github.com/MalwareSamples/Linux-Malware-Samples]

/usr/bin/which

[which /usr/bin/firefox]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox https://github.com/MalwareSamples/Linux-Malware-Samples]

/usr/local/sbin/dbus-launch

[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]

/usr/local/bin/dbus-launch

[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]

/usr/sbin/dbus-launch

[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]

/usr/bin/dbus-launch

[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]

/usr/lib/firefox/glxtest

[/usr/lib/firefox/glxtest -f 13]

/usr/bin/lsb_release

[/usr/bin/lsb_release -idrc]

/usr/local/sbin/dbus-launch

[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]

/usr/local/bin/dbus-launch

[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]

/usr/sbin/dbus-launch

[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]

/usr/bin/dbus-launch

[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -parentBuildID 20240108143603 -prefsLen 20597 -prefMapSize 234708 -appDir /usr/lib/firefox/browser {dde417a7-69a8-4e41-8881-8d5308f21499} 1515 true socket]

/usr/libexec/xdg-desktop-portal

[/usr/libexec/xdg-desktop-portal]

/usr/libexec/xdg-document-portal

[/usr/libexec/xdg-document-portal]

/usr/libexec/xdg-permission-store

[/usr/libexec/xdg-permission-store]

/usr/libexec/xdg-desktop-portal-gtk

[/usr/libexec/xdg-desktop-portal-gtk]

/usr/libexec/gvfsd

[/usr/libexec/gvfsd]

/usr/libexec/gvfsd-fuse

[/usr/libexec/gvfsd-fuse /root/.cache/gvfs -f -o big_writes]

/usr/libexec/dconf-service

[/usr/libexec/dconf-service]

/usr/bin/nautilus

[/usr/bin/nautilus --gapplication-service]

/usr/libexec/gvfsd-trash

[/usr/libexec/gvfsd-trash --spawner :1.8 /org/gtk/gvfs/exec_spaw/0]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 20271 -prefMapSize 234708 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {17e0997f-949c-4dcf-bad8-9780181390d7} 1515 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 28891 -prefMapSize 234708 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {a2abb816-062e-45ac-b7f4-faf5ad56ce05} 1515 true tab]

/usr/bin/gnome-keyring-daemon

[/usr/bin/gnome-keyring-daemon --start --foreground --components=secrets]

/usr/libexec/gvfs-udisks2-volume-monitor

[/usr/libexec/gvfs-udisks2-volume-monitor]

/usr/libexec/gvfs-afc-volume-monitor

[/usr/libexec/gvfs-afc-volume-monitor]

/usr/libexec/gvfs-mtp-volume-monitor

[/usr/libexec/gvfs-mtp-volume-monitor]

/usr/libexec/gvfs-gphoto2-volume-monitor

[/usr/libexec/gvfs-gphoto2-volume-monitor]

/usr/libexec/gvfs-goa-volume-monitor

[/usr/libexec/gvfs-goa-volume-monitor]

/usr/libexec/goa-daemon

[/usr/libexec/goa-daemon]

/usr/libexec/goa-identity-service

[/usr/libexec/goa-identity-service]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -parentBuildID 20240108143603 -sandboxingKind 0 -prefsLen 30012 -prefMapSize 234708 -appDir /usr/lib/firefox/browser {4bbf7138-9678-425d-adb3-85dd7256c984} 1515 true utility]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 27292 -prefMapSize 234708 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {f679fae1-ecba-405b-b201-b678d850ec9b} 1515 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 4 -isForBrowser -prefsLen 27292 -prefMapSize 234708 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {3f9cd6c6-9820-4879-a1f3-34af15ca753c} 1515 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 5 -isForBrowser -prefsLen 27292 -prefMapSize 234708 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {fb076ee9-31b6-4915-b02f-f74e1cf5947e} 1515 true tab]

/root/Downloads/00ae07c9fe63b080181b8a6d59c6b3b6f9913938858829e5a42ab90fb72edf7a

[/root/Downloads/00ae07c9fe63b080181b8a6d59c6b3b6f9913938858829e5a42ab90fb72edf7a file:///root/Downloads/00ae07c9fe63b080181b8a6d59c6b3b6f9913938858829e5a42ab90fb72edf7a]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 6 -isForBrowser -prefsLen 33763 -prefMapSize 234708 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {b0476097-a1f1-49cf-b99c-94640b297b3e} 1515 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 7 -isForBrowser -prefsLen 29224 -prefMapSize 234708 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {ba9d0750-a180-406f-b849-170d67cbb4a6} 1515 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 8 -isForBrowser -prefsLen 29224 -prefMapSize 234708 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {95608847-f2a2-4b50-aa52-a68e9f586414} 1515 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 9 -isForBrowser -prefsLen 29224 -prefMapSize 234708 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {fc30f6a2-306c-458d-9951-e4045573f852} 1515 true tab]

/usr/bin/speech-dispatcher

[/usr/bin/speech-dispatcher --spawn --communication-method unix_socket --socket-path /root/.cache/speech-dispatcher/speechd.sock]

/bin/sh

[sh -c type espeak > /dev/null 2>&1]

/bin/sh

[sh -c type mbrola > /dev/null 2>&1]

/bin/sh

[sh -c type espeak > /dev/null 2>&1]

/bin/sh

[sh -c type espeak-ng > /dev/null 2>&1]

/bin/sh

[sh -c type mbrola > /dev/null 2>&1]

/bin/sh

[sh -c type curl > /dev/null 2>&1]

/bin/sh

[sh -c type epos-say > /dev/null 2>&1]

/bin/sh

[sh -c type say > /dev/null 2>&1]

/bin/sh

[sh -c type pico2wave > /dev/null 2>&1]

/bin/sh

[sh -c type llia_phon > /dev/null 2>&1]

/bin/sh

[sh -c type mbrola > /dev/null 2>&1]

/bin/sh

[sh -c type /opt/swift/bin/swift > /dev/null 2>&1]

/usr/lib/speech-dispatcher-modules/sd_espeak-ng

[/usr/lib/speech-dispatcher-modules/sd_espeak-ng /etc/speech-dispatcher/modules/espeak-ng.conf]

/usr/lib/speech-dispatcher-modules/sd_generic

[/usr/lib/speech-dispatcher-modules/sd_generic /etc/speech-dispatcher/modules/mary-generic.conf]

/usr/lib/speech-dispatcher-modules/sd_dummy

[/usr/lib/speech-dispatcher-modules/sd_dummy /etc/speech-dispatcher/modules/dummy.conf]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
US 1.1.1.1:53 firefox.settings.services.mozilla.com udp
US 1.1.1.1:53 firefox.settings.services.mozilla.com udp
US 1.1.1.1:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 1.1.1.1:53 github.com udp
US 1.1.1.1:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 1.1.1.1:53 location.services.mozilla.com udp
US 1.1.1.1:53 location.services.mozilla.com udp
US 1.1.1.1:53 locprod2-elb-us-west-2.prod.mozaws.net udp
US 52.12.172.42:443 location.services.mozilla.com tcp
US 1.1.1.1:53 contile.services.mozilla.com udp
US 1.1.1.1:53 contile.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 1.1.1.1:53 spocs.getpocket.com udp
US 1.1.1.1:53 spocs.getpocket.com udp
US 1.1.1.1:53 prod.ads.prod.webservices.mozgcp.net udp
US 34.117.188.166:443 spocs.getpocket.com tcp
US 1.1.1.1:53 getpocket.cdn.mozilla.net udp
US 1.1.1.1:53 getpocket.cdn.mozilla.net udp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 34.117.188.166:443 spocs.getpocket.com udp
US 1.1.1.1:53 github.githubassets.com udp
US 1.1.1.1:53 github.githubassets.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 1.1.1.1:53 avatars.githubusercontent.com udp
US 1.1.1.1:53 avatars.githubusercontent.com udp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 34.117.188.166:443 spocs.getpocket.com udp
US 1.1.1.1:53 camo.githubusercontent.com udp
US 1.1.1.1:53 camo.githubusercontent.com udp
US 185.199.110.133:443 camo.githubusercontent.com tcp
US 185.199.110.133:443 camo.githubusercontent.com tcp
US 185.199.110.133:443 camo.githubusercontent.com tcp
US 1.1.1.1:53 shavar.services.mozilla.com udp
US 1.1.1.1:53 shavar.services.mozilla.com udp
US 1.1.1.1:53 shavar.prod.mozaws.net udp
US 35.164.250.149:443 shavar.services.mozilla.com tcp
US 1.1.1.1:53 tracking-protection.cdn.mozilla.net udp
US 1.1.1.1:53 tracking-protection.cdn.mozilla.net udp
US 1.1.1.1:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 1.1.1.1:53 content-signature-2.cdn.mozilla.net udp
US 1.1.1.1:53 content-signature-2.cdn.mozilla.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 1.1.1.1:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 1.1.1.1:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 1.1.1.1:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 1.1.1.1:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 1.1.1.1:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 1.1.1.1:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 1.1.1.1:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 1.1.1.1:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 1.1.1.1:53 push.services.mozilla.com udp
US 1.1.1.1:53 push.services.mozilla.com udp
US 1.1.1.1:53 autopush.prod.mozaws.net udp
US 1.1.1.1:53 autopush.prod.mozaws.net udp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 1.1.1.1:53 firefox-settings-attachments.cdn.mozilla.net udp
US 1.1.1.1:53 firefox-settings-attachments.cdn.mozilla.net udp
US 1.1.1.1:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 1.1.1.1:53 aus5.mozilla.org udp
US 1.1.1.1:53 aus5.mozilla.org udp
US 1.1.1.1:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 1.1.1.1:53 ciscobinary.openh264.org udp
US 1.1.1.1:53 ciscobinary.openh264.org udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 1.1.1.1:53 collector.github.com udp
US 1.1.1.1:53 collector.github.com udp
US 1.1.1.1:53 glb-db52c2cf8be544.github.com udp
US 140.82.114.21:443 collector.github.com tcp
US 1.1.1.1:53 api.github.com udp
US 1.1.1.1:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 1.1.1.1:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 1.1.1.1:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 1.1.1.1:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 1.1.1.1:53 github.com udp
US 1.1.1.1:53 github.com udp
US 1.1.1.1:53 github.githubassets.com udp
GB 20.26.156.210:443 api.github.com tcp
US 1.1.1.1:53 raw.githubusercontent.com udp
US 1.1.1.1:53 raw.githubusercontent.com udp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 1.1.1.1:53 firefox-settings-attachments.cdn.mozilla.net udp
US 1.1.1.1:53 firefox-settings-attachments.cdn.mozilla.net udp
US 1.1.1.1:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
US 1.1.1.1:53 www.google.com udp
US 1.1.1.1:53 www.google.com udp
GB 216.58.201.100:443 www.google.com tcp
GB 216.58.201.100:443 www.google.com udp
US 1.1.1.1:53 support.mozilla.org udp
US 1.1.1.1:53 support.mozilla.org udp
US 1.1.1.1:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
US 91.189.91.96:80 connectivity-check.ubuntu.com tcp
US 1.1.1.1:53 play.google.com udp
US 1.1.1.1:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com udp
US 1.1.1.1:53 consent.google.com udp
US 1.1.1.1:53 consent.google.com udp
GB 216.58.204.78:443 consent.google.com tcp
GB 216.58.204.78:443 consent.google.com udp
US 1.1.1.1:53 unix.stackexchange.com udp
US 1.1.1.1:53 unix.stackexchange.com udp
US 104.18.43.226:443 unix.stackexchange.com tcp
US 1.1.1.1:53 ajax.googleapis.com udp
US 1.1.1.1:53 ajax.googleapis.com udp
US 1.1.1.1:53 cdn.sstatic.net udp
US 1.1.1.1:53 cdn.sstatic.net udp
GB 142.250.180.10:443 ajax.googleapis.com tcp
US 172.64.147.34:443 cdn.sstatic.net tcp
US 172.64.147.34:443 cdn.sstatic.net tcp
US 172.64.147.34:443 cdn.sstatic.net tcp
US 172.64.147.34:443 cdn.sstatic.net tcp
US 172.64.147.34:443 cdn.sstatic.net tcp
US 172.64.147.34:443 cdn.sstatic.net tcp
US 1.1.1.1:53 i.stack.imgur.com udp
US 1.1.1.1:53 i.stack.imgur.com udp
US 1.1.1.1:53 www.gravatar.com udp
US 1.1.1.1:53 www.gravatar.com udp
US 1.1.1.1:53 lh3.googleusercontent.com udp
US 1.1.1.1:53 lh3.googleusercontent.com udp
US 1.1.1.1:53 cdn.cookielaw.org udp
US 1.1.1.1:53 cdn.cookielaw.org udp
US 172.64.155.170:443 i.stack.imgur.com tcp
US 192.0.73.2:443 www.gravatar.com tcp
GB 216.58.204.65:443 lh3.googleusercontent.com tcp
US 104.19.177.52:443 cdn.cookielaw.org tcp
GB 142.250.180.10:443 ajax.googleapis.com udp
GB 216.58.204.65:443 lh3.googleusercontent.com udp
US 192.0.73.2:443 www.gravatar.com udp
US 1.1.1.1:53 pub.doubleverify.com udp
US 1.1.1.1:53 pub.doubleverify.com udp
US 104.19.177.52:443 cdn.cookielaw.org tcp
US 104.18.166.224:443 pub.doubleverify.com tcp
US 104.18.166.224:443 pub.doubleverify.com udp
US 1.1.1.1:53 i.sstatic.net udp
US 1.1.1.1:53 i.sstatic.net udp
US 172.64.146.223:443 i.sstatic.net tcp
US 104.18.166.224:443 pub.doubleverify.com udp
US 104.18.166.224:443 pub.doubleverify.com tcp
US 1.1.1.1:53 qa.sockets.stackexchange.com udp
US 1.1.1.1:53 qa.sockets.stackexchange.com udp
US 1.1.1.1:53 qa.sockets.stackexchange.com udp
US 198.252.206.25:443 qa.sockets.stackexchange.com tcp
US 1.1.1.1:53 region1.google-analytics.com udp
US 1.1.1.1:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 216.239.32.36:443 region1.google-analytics.com udp
US 1.1.1.1:53 geolocation.onetrust.com udp
US 1.1.1.1:53 geolocation.onetrust.com udp
US 172.64.155.119:443 geolocation.onetrust.com tcp
US 1.1.1.1:53 dcc7614c7117da0a0cb203165725588c.safeframe.googlesyndication.com udp
US 1.1.1.1:53 dcc7614c7117da0a0cb203165725588c.safeframe.googlesyndication.com udp
GB 142.250.180.1:443 dcc7614c7117da0a0cb203165725588c.safeframe.googlesyndication.com tcp
GB 142.250.180.1:443 dcc7614c7117da0a0cb203165725588c.safeframe.googlesyndication.com udp
US 1.1.1.1:53 tpc.googlesyndication.com udp
US 1.1.1.1:53 tpc.googlesyndication.com udp
GB 216.58.201.97:443 tpc.googlesyndication.com tcp
GB 216.58.201.97:443 tpc.googlesyndication.com udp
US 1.1.1.1:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 1.1.1.1:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 1.1.1.1:53 contile.services.mozilla.com udp
US 1.1.1.1:53 contile.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
US 1.1.1.1:53 firefox.settings.services.mozilla.com udp
US 1.1.1.1:53 firefox.settings.services.mozilla.com udp
US 1.1.1.1:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 1.1.1.1:53 content-signature-chains.prod.autograph.services.mozaws.net udp
US 1.1.1.1:53 content-signature-chains.prod.autograph.services.mozaws.net udp
US 34.160.144.191:443 content-signature-chains.prod.autograph.services.mozaws.net tcp
US 1.1.1.1:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 1.1.1.1:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
GB 185.125.190.98:80 connectivity-check.ubuntu.com tcp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
US 91.189.91.97:80 connectivity-check.ubuntu.com tcp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
GB 185.125.190.98:80 connectivity-check.ubuntu.com tcp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
GB 185.125.190.98:80 connectivity-check.ubuntu.com tcp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
US 91.189.91.97:80 connectivity-check.ubuntu.com tcp

Files

/root/.cache/dconf/user

MD5 c4103f122d27677c9db144cae1394a66
SHA1 1489f923c4dca729178b3e3233458550d8dddf29
SHA256 96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7
SHA512 5ea71dc6d0b4f57bf39aadd07c208c35f06cd2bac5fde210397f70de11d439c62ec1cdf3183758865fd387fcea0bada2f6c37a4a17851dd1d78fefe6f204ee54

/tmp/tmpaddon

MD5 30082ae40dc48af6343db2fd22cfc645
SHA1 3eb577555ee638e8beb01173e8f29e172747a728
SHA256 85d4b95f9b2075daee9b0e64bce8d9d7343d0dda10e6072d7f9485a68472ee76
SHA512 53a58bfb4c8124ad4f7655b99bfdea290033a085e0796b19245b33b91c0948fdac9f0c3e817130b352493a65d9a7a0fc8a7c1eedc618cdaa2b4580734a11cd9c

/tmp/mozilla-temp-1074305642

MD5 c34b120cfc08b0d0591038f0656f9944
SHA1 f6af73bcb8365c1db0565b8e37f67b89cdd03859
SHA256 00ae07c9fe63b080181b8a6d59c6b3b6f9913938858829e5a42ab90fb72edf7a
SHA512 032c13db6ff5de0d3fba9ee1b48cd5d804d2673ef9e55b99fdb0eb6e6bef8456c9f2a50ed64dc4f651d41ab5abab6b0bf3e29dbd1dd555e1387974fd1673a669

/root/Downloads/XvgxNs7O.part

MD5 2f15b94f5da7a7e365bc884604dfad36
SHA1 19ebf4c7ecdc66c10d8dc86653ddf8b92375fdbd
SHA256 e52529780f25299f956551b4ef754e770e9265539e2c783714a321871309a075
SHA512 1bb249d6a263da5a1c7d08fbb6a8535ea8aab80c78f19c808056dec4617724339091dd25bf9be7f8e8c26bb07c05650b046cc35db6cabc958bbba447f37e3f4f

/root/Downloads/00ae07c9fe63b080181b8a6d59c6b3b6f9913938858829e5a42ab90fb72edf7a.GBGbclxx.part

MD5 5224fadf37ad3c7e7d1e234693534517
SHA1 972de517621e23e76d6d937883f7e715c1a154e1
SHA256 cf7dc986188f0bd6fc38130c170d81547098a747c813254bd4dde9785d54b5d9
SHA512 908e3a77b2e13657e8d17c2ededce97214a0f63266ed4580e296db5b67c9ea7a36682625e1e72e1dcd649b798fb9c628bcbaf8472b8d4c337c8f3ff8abe0fe81

/root/.cache/speech-dispatcher/pid/speech-dispatcher.pid

MD5 04b4c8c2e4c087c6587e2804400d4656
SHA1 60634b20b46fe90475a57f383f459b9990a62f20
SHA256 30df2d2c5df73ae2b8910b979637ae7147b6ad9a81fa05333c56a929b00ba1e5
SHA512 b18b509876d9f936dba95dfefe2b5f6bc9297a2663af8b7dc7cc97464b1ecdb9281d03ca8d787df04a625f7efc9b8ff262ba81cdde37f7dd7f58e12fa90b9811

/root/.cache/speech-dispatcher/log/speech-dispatcher.log

MD5 5de638fb43ff129134e256d8ef033846
SHA1 de9743e460eb01a27d5ad3d958aa97c3554c9c71
SHA256 fe306b84a5e6b1c1a9b9810abc4a72ff6d219ed5e6d1da98a27f426abf304607
SHA512 4bf5b7030ca924c6a908291bdf5daa8a95d38fb71470cb584e782eff806e2833f54d3b365f8354f0110e65d4e8a997f448623301c51bddd61160e35215f6c7ca

/root/.cache/speech-dispatcher/log/espeak-ng.log

MD5 ef84f4e65f11da983c74a7bb8edb00e4
SHA1 6a6b59b99ceba44216cfa42e5be6a1d641615ded
SHA256 f56bc2309418b8e3f485b18fa4cc2a641912f03a08e3555387faa6fb925ca547
SHA512 85019f18beeea67e60030755b3181fc3305eaade197200bd37a956dab9c4aea9ca0006f350c9def753c2036ddf851822733e9a050829b563624e9fec52fe784d

/root/.cache/speech-dispatcher/log/mary-generic.log

MD5 7b92a4d1d104620c17b8b007b82f4ea6
SHA1 fd86d4191806d10aa33baa3f47d2251dbacf461e
SHA256 7a0cea6035a30a623000fec0b0b03f597049663dcf103bb47af898a2e5db4966
SHA512 64620869fc6c85c667f7543c5fecc6771756bf2d429295a2c6f3397deab885e373ed2542625de8e67ce696bc506c300c43a14ccb482f628b17e869cb07f0e2d2

/root/.cache/speech-dispatcher/log/dummy.log

MD5 b2b3a649e7e18f578a7d885627764958
SHA1 9581944e1dd494b74896964a2b2db251428849be
SHA256 4d0663e7c2b22f2942d0e8eb992e7cce6350a01bde90d941a4fb1fab1e65065a
SHA512 db150cd21eeea03ae2a4e0a1325f3f5d60343d08de349cb27e1da0a51402301b6271ede58f69377dc0d337e9db1071d5921a4d26f81427b74d361959d2c823e7