Analysis Overview
Threat Level: Shows suspicious behavior
The file http://192.227.232.151:81/ was found to be: Shows suspicious behavior.
Malicious Activity Summary
Executes dropped EXE
Checks CPU configuration
Reads CPU attributes
Changes its process name
Enumerates kernel/hardware configuration
Reads runtime system information
Writes file to tmp directory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-21 15:36
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-21 15:36
Reported
2024-05-21 15:44
Platform
ubuntu2004-amd64-20240508-en
Max time kernel
442s
Max time network
441s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /root/Downloads/install-latest-yak.sh | /root/Downloads/install-latest-yak.sh | N/A |
| N/A | /root/Downloads/install-latest-yak.sh | /root/Downloads/install-latest-yak.sh | N/A |
Changes its process name
| Description | Indicator | Process | Target |
| Changes the process name, possibly in an attempt to hide itself | gmain | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | gdbus | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | glean.dispatche | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Parent | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Parent | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Parent | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPDL Background | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Thread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPDL Background | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Thread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Backgro~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Netlink Monitor | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Netlink Monitor | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Backgro~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Timer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Timer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | HTML5 Parser | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | HTML5 Parser | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | pool-firefox | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | pool-firefox | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | JS Watchdog | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | JS Watchdog | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BGReadURLs | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BGReadURLs | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | glxtest:disk$0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Cache2 I/O | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Cookie | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Cookie | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | TaskCon~ller #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | TaskCon~ller #0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Worker Launcher | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Worker Launcher | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BgIOThr~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BgIOThr~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Softwar~cThread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Softwar~cThread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Softwar~cThread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | CanvasRenderer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Compositor | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | CanvasRenderer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Compositor | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | WRWorkerLP#0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | WRWorker#0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | WRWorkerLP#0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Renderer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Renderer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | WRWorker#0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | ImageIO | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | ImageIO | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Permission | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Permission | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC Launch | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC Launch | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | SandboxReporter | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | SandboxReporter | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Breakpad Server | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Sandbox Forked | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Chroot Helper | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | gmain | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | gdbus | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | pool-/usr/libex | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | gmain | N/A | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/lib/firefox/firefox | N/A |
Reads CPU attributes
| Description | Indicator | Process | Target |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/bin/nautilus | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/bin/nautilus | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/cpu0/cache/index2/size | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/cpu0/cache/index3/size | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
Enumerates kernel/hardware configuration
| Description | Indicator | Process | Target |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/1-0:1.0/uevent | /usr/libexec/gvfs-mtp-volume-monitor | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/1-1:1.0/uevent | /usr/libexec/gvfs-gphoto2-volume-monitor | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/subsystem_vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/uevent | /usr/libexec/gvfs-gphoto2-volume-monitor | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/1-0:1.0/uevent | /usr/libexec/gvfs-gphoto2-volume-monitor | N/A |
| File opened for reading | /sys/bus | /usr/libexec/gvfs-mtp-volume-monitor | N/A |
| File opened for reading | /sys/class | /usr/libexec/gvfs-mtp-volume-monitor | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/uevent | /usr/libexec/gvfs-mtp-volume-monitor | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/1-1:1.0/uevent | /usr/libexec/gvfs-mtp-volume-monitor | N/A |
| File opened for reading | /sys/class | /usr/libexec/gvfs-gphoto2-volume-monitor | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus | /usr/libexec/gvfs-gphoto2-volume-monitor | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/uevent | /usr/libexec/gvfs-mtp-volume-monitor | N/A |
| File opened for reading | /sys/bus/usb/devices | /usr/libexec/gvfs-gphoto2-volume-monitor | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/subsystem_device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/device | /usr/lib/firefox/glxtest | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/self/task/1769/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1824/status | /usr/bin/gnome-keyring-daemon | N/A |
| File opened for reading | /proc/self/fd/121 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/meminfo | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/gvfs-goa-volume-monitor | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1824/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/1412/attr/current | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/35 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/task/1723/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/bin/sudo | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sudo | N/A |
| File opened for reading | /proc/1398/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/fd | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/125 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/gnome-keyring-daemon | N/A |
| File opened for reading | /proc/1610/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/fd/81 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/104 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/mountinfo | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/116 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/gvfsd-metadata | N/A |
| File opened for reading | /proc/self/task/2273/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1922/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/1958/cgroup | /usr/libexec/gnome-terminal-server | N/A |
| File opened for reading | /proc/self/mountinfo | /usr/libexec/gvfsd-trash | N/A |
| File opened for reading | /proc/self/mountinfo | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/bin/sudo | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/xdg-document-portal | N/A |
| File opened for reading | /proc/self/fd/53 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/96 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/bin/sudo | N/A |
| File opened for reading | /proc/self/fd/58 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1527/root | /usr/libexec/xdg-desktop-portal | N/A |
| File opened for reading | /proc/1867/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/bin/sudo | N/A |
| File opened for reading | /proc/1582/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/fd/79 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1844/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/sys/kernel/overflowgid | /usr/bin/bwrap | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/xdg-desktop-portal-gtk | N/A |
| File opened for reading | /proc/self/cgroup | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/mountinfo | /usr/libexec/gvfs-udisks2-volume-monitor | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/gvfs-mtp-volume-monitor | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/nautilus | N/A |
| File opened for reading | /proc/self/fd | /usr/bin/dbus-send | N/A |
| File opened for reading | /proc/1860/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/stat | /usr/bin/sudo | N/A |
| File opened for reading | /proc/self/fd/36 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/stat | /usr/bin/sudo | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/gedit | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/firefox/.parentlock | /usr/lib/firefox/firefox | N/A |
| File opened for modification | /tmp/Nyr55Q3N.sh | /usr/lib/firefox/firefox | N/A |
| File opened for modification | /tmp/2NFIBGho.bmp | /usr/lib/firefox/firefox | N/A |
| File opened for modification | /tmp/tmpaddon | /usr/lib/firefox/firefox | N/A |
| File opened for modification | /tmp/flatpak-seccomp-Y5JTN2 | /usr/bin/nautilus | N/A |
Processes
/usr/bin/xdg-open
[xdg-open http://192.227.232.151:81/]
/usr/bin/dbus-send
[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]
/usr/bin/dbus-launch
[dbus-launch --autolaunch 4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/bin/dbus-daemon
[/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session]
/usr/bin/grep
[grep = \"xfce4\"$]
/usr/bin/xprop
[xprop -root _DT_SAVE_MODE]
/usr/bin/grep
[grep -i ^xfce_desktop_window]
/usr/bin/xprop
[xprop -root]
/usr/bin/grep
[grep -q ^Enlightenment]
/usr/bin/uname
[uname]
/usr/bin/grep
[grep -q ^file://]
/usr/bin/egrep
[egrep -q ^[[:alpha:]+\.\-]+:]
/usr/local/sbin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/local/bin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/sbin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/bin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/bin/sed
[sed -n s/\(^[[:alnum:]+\.-]*\):.*$/\1/p]
/usr/bin/xdg-mime
[xdg-mime query default x-scheme-handler/http]
/usr/bin/dbus-send
[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]
/usr/bin/dbus-launch
[dbus-launch --autolaunch 4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/bin/grep
[grep = \"xfce4\"$]
/usr/bin/xprop
[xprop -root _DT_SAVE_MODE]
/usr/bin/grep
[grep -i ^xfce_desktop_window]
/usr/bin/xprop
[xprop -root]
/usr/bin/grep
[grep -q ^Enlightenment]
/usr/bin/uname
[uname]
/usr/bin/sed
[sed s/:/ /g]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/usr/bin/grep
[grep x-scheme-handler/http= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/usr/bin/grep
[grep x-scheme-handler/http= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/usr/bin/grep
[grep x-scheme-handler/http= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/usr/bin/grep
[grep x-scheme-handler/http= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/usr/bin/grep
[grep x-scheme-handler/http= /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache]
/usr/bin/sed
[sed s/:/ /g]
/usr/bin/sed
[sed -e s|-|/|]
/usr/bin/sed
[sed -e s|-|/|]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/which
[which firefox]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/firefox
[/usr/bin/firefox http://192.227.232.151:81/]
/usr/bin/which
[which /usr/bin/firefox]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox http://192.227.232.151:81/]
/usr/local/sbin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/local/bin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/sbin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/bin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/lib/firefox/glxtest
[/usr/lib/firefox/glxtest -f 13]
/usr/bin/lsb_release
[/usr/bin/lsb_release -idrc]
/usr/local/sbin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/local/bin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/sbin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/bin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/libexec/xdg-desktop-portal
[/usr/libexec/xdg-desktop-portal]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -parentBuildID 20240108143603 -prefsLen 20597 -prefMapSize 234708 -appDir /usr/lib/firefox/browser {0eea513c-10ae-4310-9352-9f41ebc0e65d} 1527 true socket]
/usr/libexec/xdg-document-portal
[/usr/libexec/xdg-document-portal]
/usr/libexec/xdg-permission-store
[/usr/libexec/xdg-permission-store]
/usr/libexec/xdg-desktop-portal-gtk
[/usr/libexec/xdg-desktop-portal-gtk]
/usr/libexec/gvfsd
[/usr/libexec/gvfsd]
/usr/libexec/gvfsd-fuse
[/usr/libexec/gvfsd-fuse /root/.cache/gvfs -f -o big_writes]
/usr/libexec/dconf-service
[/usr/libexec/dconf-service]
/usr/bin/nautilus
[/usr/bin/nautilus --gapplication-service]
/usr/libexec/gvfsd-trash
[/usr/libexec/gvfsd-trash --spawner :1.8 /org/gtk/gvfs/exec_spaw/0]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 20206 -prefMapSize 234708 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {51e0787f-d77f-40f0-b1aa-fb4cb621c96c} 1527 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 28644 -prefMapSize 234708 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {20196e2a-f447-4fa3-b20e-055743945bd5} 1527 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -parentBuildID 20240108143603 -sandboxingKind 0 -prefsLen 29335 -prefMapSize 234708 -appDir /usr/lib/firefox/browser {acebcedb-c0a2-4577-8eef-bcfed62c4f54} 1527 true utility]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 25826 -prefMapSize 234708 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {f5c1c81d-aa42-459b-8a9e-72821738dbcf} 1527 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 4 -isForBrowser -prefsLen 25826 -prefMapSize 234708 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {0b70ad3f-2435-4318-b2b2-1a05b6481257} 1527 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 5 -isForBrowser -prefsLen 25969 -prefMapSize 234708 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {f5b3e52f-da4b-4cc3-bb7c-9c92cce655ae} 1527 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 6 -isForBrowser -prefsLen 25969 -prefMapSize 234708 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {f8cd8792-32ca-4f2b-96a7-e2640a0e7ca3} 1527 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 7 -isForBrowser -prefsLen 25969 -prefMapSize 234708 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {691d00be-b56e-44c3-9bc3-90c10188d425} 1527 true tab]
/usr/bin/gnome-keyring-daemon
[/usr/bin/gnome-keyring-daemon --start --foreground --components=secrets]
/usr/libexec/gvfs-udisks2-volume-monitor
[/usr/libexec/gvfs-udisks2-volume-monitor]
/usr/libexec/gvfs-afc-volume-monitor
[/usr/libexec/gvfs-afc-volume-monitor]
/usr/libexec/gvfs-mtp-volume-monitor
[/usr/libexec/gvfs-mtp-volume-monitor]
/usr/libexec/gvfs-gphoto2-volume-monitor
[/usr/libexec/gvfs-gphoto2-volume-monitor]
/usr/libexec/gvfs-goa-volume-monitor
[/usr/libexec/gvfs-goa-volume-monitor]
/usr/libexec/goa-daemon
[/usr/libexec/goa-daemon]
/usr/libexec/goa-identity-service
[/usr/libexec/goa-identity-service]
/usr/bin/nautilus
[/usr/bin/nautilus --gapplication-service]
/usr/local/sbin/bwrap
[bwrap --ro-bind /usr /usr --ro-bind /etc/ld.so.cache /etc/ld.so.cache --symlink /usr//bin /bin --symlink /usr//lib64 /lib64 --symlink /usr//lib /lib --symlink /usr//sbin /sbin --ro-bind-try /var/cache/fontconfig /var/cache/fontconfig --ro-bind-try /etc/alternatives /etc/alternatives --proc /proc --dev /dev --chdir / --setenv GIO_USE_VFS local --unshare-all --die-with-parent --bind /tmp/gnome-desktop-thumbnailer-3NJTN2 /tmp --ro-bind /root/Downloads/resZZTyRQ.bmp /tmp/resZZTyRQ.bmp --seccomp 26 /usr/bin/gdk-pixbuf-thumbnailer -s 256 file:///tmp/resZZTyRQ.bmp /tmp/gnome-desktop-thumbnailer.png]
/usr/local/bin/bwrap
[bwrap --ro-bind /usr /usr --ro-bind /etc/ld.so.cache /etc/ld.so.cache --symlink /usr//bin /bin --symlink /usr//lib64 /lib64 --symlink /usr//lib /lib --symlink /usr//sbin /sbin --ro-bind-try /var/cache/fontconfig /var/cache/fontconfig --ro-bind-try /etc/alternatives /etc/alternatives --proc /proc --dev /dev --chdir / --setenv GIO_USE_VFS local --unshare-all --die-with-parent --bind /tmp/gnome-desktop-thumbnailer-3NJTN2 /tmp --ro-bind /root/Downloads/resZZTyRQ.bmp /tmp/resZZTyRQ.bmp --seccomp 26 /usr/bin/gdk-pixbuf-thumbnailer -s 256 file:///tmp/resZZTyRQ.bmp /tmp/gnome-desktop-thumbnailer.png]
/usr/sbin/bwrap
[bwrap --ro-bind /usr /usr --ro-bind /etc/ld.so.cache /etc/ld.so.cache --symlink /usr//bin /bin --symlink /usr//lib64 /lib64 --symlink /usr//lib /lib --symlink /usr//sbin /sbin --ro-bind-try /var/cache/fontconfig /var/cache/fontconfig --ro-bind-try /etc/alternatives /etc/alternatives --proc /proc --dev /dev --chdir / --setenv GIO_USE_VFS local --unshare-all --die-with-parent --bind /tmp/gnome-desktop-thumbnailer-3NJTN2 /tmp --ro-bind /root/Downloads/resZZTyRQ.bmp /tmp/resZZTyRQ.bmp --seccomp 26 /usr/bin/gdk-pixbuf-thumbnailer -s 256 file:///tmp/resZZTyRQ.bmp /tmp/gnome-desktop-thumbnailer.png]
/usr/bin/bwrap
[bwrap --ro-bind /usr /usr --ro-bind /etc/ld.so.cache /etc/ld.so.cache --symlink /usr//bin /bin --symlink /usr//lib64 /lib64 --symlink /usr//lib /lib --symlink /usr//sbin /sbin --ro-bind-try /var/cache/fontconfig /var/cache/fontconfig --ro-bind-try /etc/alternatives /etc/alternatives --proc /proc --dev /dev --chdir / --setenv GIO_USE_VFS local --unshare-all --die-with-parent --bind /tmp/gnome-desktop-thumbnailer-3NJTN2 /tmp --ro-bind /root/Downloads/resZZTyRQ.bmp /tmp/resZZTyRQ.bmp --seccomp 26 /usr/bin/gdk-pixbuf-thumbnailer -s 256 file:///tmp/resZZTyRQ.bmp /tmp/gnome-desktop-thumbnailer.png]
/usr/bin/gdk-pixbuf-thumbnailer
[/usr/bin/gdk-pixbuf-thumbnailer -s 256 file:///tmp/resZZTyRQ.bmp /tmp/gnome-desktop-thumbnailer.png]
/usr/bin/gedit
[/usr/bin/gedit --gapplication-service]
/usr/libexec/gvfsd-metadata
[/usr/libexec/gvfsd-metadata]
/usr/bin/gedit
[/usr/bin/gedit --gapplication-service]
/usr/libexec/gnome-terminal-server
[/usr/libexec/gnome-terminal-server]
/bin/bash
[bash]
/usr/bin/groups
[groups]
/usr/bin/lesspipe
[lesspipe]
/usr/bin/basename
[basename /usr/bin/lesspipe]
/usr/bin/dirname
[dirname /usr/bin/lesspipe]
/usr/bin/dircolors
[dircolors -b]
/usr/bin/ls
[ls --color=auto]
/root/Downloads/install-latest-yak.sh
[./install-latest-yak.sh]
/usr/bin/sudo
[sudo ./install-latest-yak.sh]
/usr/bin/sudo
[sudo install-latest-yak.sh]
/usr/bin/sudo
[sudo execinstall-latest-yak.sh]
/usr/bin/sudo
[sudo exec install-latest-yak.sh]
/usr/bin/sudo
[sudo .install-latest-yak.sh]
/root/Downloads/install-latest-yak.sh
[/root/Downloads/install-latest-yak.sh]
/usr/bin/sudo
[sudo /root/Downloads/install-latest-yak.sh]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 8 -isForBrowser -prefsLen 28813 -prefMapSize 234708 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {55cfcb02-b27b-4aa8-a30e-b72a6c167d47} 1527 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 9 -isForBrowser -prefsLen 28813 -prefMapSize 234708 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {8fe820c5-1bb3-41cd-a8b4-8ae08dfe83ce} 1527 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 10 -isForBrowser -prefsLen 28813 -prefMapSize 234708 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {9ff60a0e-2b84-4230-8d21-2dfac5a4b146} 1527 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 11 -isForBrowser -prefsLen 28937 -prefMapSize 234708 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {cc081c7b-fd69-4740-8766-80a2dc71891e} 1527 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 12 -isForBrowser -prefsLen 33139 -prefMapSize 234708 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {367631a6-99f0-4426-a07c-2d6ac4ac2bbe} 1527 true tab]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | firefox.settings.services.mozilla.com | udp |
| US | 1.1.1.1:53 | firefox.settings.services.mozilla.com | udp |
| US | 1.1.1.1:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 192.227.232.151:81 | 192.227.232.151 | tcp |
| US | 1.1.1.1:53 | location.services.mozilla.com | udp |
| US | 1.1.1.1:53 | location.services.mozilla.com | udp |
| US | 1.1.1.1:53 | locprod2-elb-us-west-2.prod.mozaws.net | udp |
| US | 34.216.87.223:443 | location.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | contile.services.mozilla.com | udp |
| US | 1.1.1.1:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | spocs.getpocket.com | udp |
| US | 1.1.1.1:53 | spocs.getpocket.com | udp |
| US | 1.1.1.1:53 | getpocket.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | getpocket.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 34.117.188.166:443 | spocs.getpocket.com | tcp |
| US | 34.117.188.166:443 | spocs.getpocket.com | tcp |
| US | 34.117.188.166:443 | spocs.getpocket.com | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | udp |
| US | 192.227.232.151:81 | tcp | |
| US | 192.227.232.151:81 | 192.227.232.151 | tcp |
| US | 1.1.1.1:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 192.227.232.151:81 | 192.227.232.151 | tcp |
| US | 1.1.1.1:53 | shavar.services.mozilla.com | udp |
| US | 1.1.1.1:53 | shavar.services.mozilla.com | udp |
| US | 1.1.1.1:53 | shavar.prod.mozaws.net | udp |
| US | 54.188.201.143:443 | shavar.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | push.services.mozilla.com | udp |
| US | 1.1.1.1:53 | push.services.mozilla.com | udp |
| US | 1.1.1.1:53 | autopush.prod.mozaws.net | udp |
| US | 1.1.1.1:53 | autopush.prod.mozaws.net | udp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 192.227.232.151:81 | 192.227.232.151 | tcp |
| US | 192.227.232.151:81 | 192.227.232.151 | tcp |
| US | 1.1.1.1:53 | aus5.mozilla.org | udp |
| US | 1.1.1.1:53 | aus5.mozilla.org | udp |
| US | 1.1.1.1:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 1.1.1.1:53 | ciscobinary.openh264.org | udp |
| US | 1.1.1.1:53 | ciscobinary.openh264.org | udp |
| GB | 88.221.134.155:80 | ciscobinary.openh264.org | tcp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| GB | 185.125.190.97:80 | connectivity-check.ubuntu.com | tcp |
| US | 1.1.1.1:53 | virustotal.com | udp |
| US | 1.1.1.1:53 | virustotal.com | udp |
| US | 216.239.34.21:80 | virustotal.com | tcp |
| US | 216.239.34.21:80 | virustotal.com | tcp |
| US | 216.239.32.21:443 | virustotal.com | tcp |
| US | 1.1.1.1:53 | www.virustotal.com | udp |
| US | 1.1.1.1:53 | www.virustotal.com | udp |
| US | 1.1.1.1:53 | ghs-svc-https-c46.ghs-ssl.googlehosted.com | udp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 1.1.1.1:53 | www.recaptcha.net | udp |
| US | 1.1.1.1:53 | www.recaptcha.net | udp |
| GB | 172.217.16.227:443 | www.recaptcha.net | tcp |
| GB | 172.217.16.227:443 | www.recaptcha.net | udp |
| US | 1.1.1.1:53 | recaptcha.net | udp |
| US | 1.1.1.1:53 | recaptcha.net | udp |
| BE | 66.102.1.94:443 | recaptcha.net | tcp |
| BE | 66.102.1.94:443 | recaptcha.net | udp |
| US | 1.1.1.1:53 | region1.google-analytics.com | udp |
| US | 1.1.1.1:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 1.1.1.1:53 | ghs-svc-https-c46.ghs-ssl.googlehosted.com | udp |
| US | 1.1.1.1:53 | ghs-svc-https-c46.ghs-ssl.googlehosted.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 1.1.1.1:53 | contile.services.mozilla.com | udp |
| US | 1.1.1.1:53 | contile.services.mozilla.com | udp |
| US | 1.1.1.1:53 | aus5.mozilla.org | udp |
| US | 1.1.1.1:53 | aus5.mozilla.org | udp |
| US | 1.1.1.1:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 1.1.1.1:53 | content-signature-chains.prod.autograph.services.mozaws.net | udp |
| US | 1.1.1.1:53 | content-signature-chains.prod.autograph.services.mozaws.net | udp |
| US | 34.160.144.191:443 | content-signature-chains.prod.autograph.services.mozaws.net | tcp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | recaptcha.net | udp |
| BE | 64.233.184.94:443 | recaptcha.net | udp |
| US | 1.1.1.1:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 1.1.1.1:53 | www.virustotal.com | udp |
| US | 1.1.1.1:53 | www.virustotal.com | udp |
| US | 1.1.1.1:53 | ghs-svc-https-c46.ghs-ssl.googlehosted.com | udp |
| US | 1.1.1.1:53 | ghs-svc-https-c46.ghs-ssl.googlehosted.com | udp |
| US | 1.1.1.1:53 | ghs-svc-https-c46.ghs-ssl.googlehosted.com | udp |
Files
/root/.cache/dconf/user
| MD5 | c4103f122d27677c9db144cae1394a66 |
| SHA1 | 1489f923c4dca729178b3e3233458550d8dddf29 |
| SHA256 | 96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7 |
| SHA512 | 5ea71dc6d0b4f57bf39aadd07c208c35f06cd2bac5fde210397f70de11d439c62ec1cdf3183758865fd387fcea0bada2f6c37a4a17851dd1d78fefe6f204ee54 |
/root/Downloads/Nyr55Q3N.sh.part
| MD5 | 6fdc025141c235838e396e1f3274a138 |
| SHA1 | d32ffb9d701fea25469b9cbaf14f04f1e89fc27c |
| SHA256 | 9c4b111ef0c0ccb23bbd1afc2c0620783ddc932e9ec3d6696c505b1ce4f25994 |
| SHA512 | e526c2453f55096e32ac9e0f496618bfb4393352cfe909937b75f601e237f6bc8c5074c2d2c3d851bd8fdab77394b8a5d0c4c73b5f66c86c2bce43ed89f12195 |
/root/Downloads/2NFIBGho.bmp.part
| MD5 | ff37343c299dc8d5530b7407dd594c8d |
| SHA1 | 7e526e35ffdeeb91e1b646f8d49c9a0a4f80885d |
| SHA256 | b0200b9f7c9f9fb9eab97717c091a0fd53a608d559050088fcaa18f7d7b1bb78 |
| SHA512 | d88871af5c7d952b42f5f22d455d551bcef316ded16b66026d54c2b0795db5a8de2ca512a906a63e01461d35e9b4d8e74cce33a4ebbc6702ccfa49448c255fce |
/tmp/tmpaddon
| MD5 | 30082ae40dc48af6343db2fd22cfc645 |
| SHA1 | 3eb577555ee638e8beb01173e8f29e172747a728 |
| SHA256 | 85d4b95f9b2075daee9b0e64bce8d9d7343d0dda10e6072d7f9485a68472ee76 |
| SHA512 | 53a58bfb4c8124ad4f7655b99bfdea290033a085e0796b19245b33b91c0948fdac9f0c3e817130b352493a65d9a7a0fc8a7c1eedc618cdaa2b4580734a11cd9c |
/root/Downloads/resZZTyRQ.F1nOT4KO.bmp.part
| MD5 | 101801960856b49c4428123011952c9d |
| SHA1 | e695874e3f36de610348def91431ce9d40013b84 |
| SHA256 | 23be596bc7d1832621fda9f5804a6c022ad436acb01c2e172cd3b98338734dfb |
| SHA512 | f9f0eed9a79fc9ae643452ac1680f8c6cb209e7ded21fde7aca1adabb573ec67e12ced3529e4b61fa6bb54778c8714f4691af1ded4711be5842c7e9e38f15e9d |
/tmp/flatpak-seccomp-Y5JTN2
| MD5 | 6329a7d4e4361fa39ed514f8be2ff9ec |
| SHA1 | fbcd9019ea592fafb28961c384b8847e0f64d6e8 |
| SHA256 | eb2fd18f927deec1fad9452265e5085689f24e925e71ee933aa46d8a57546c46 |
| SHA512 | 2fa5728ba700f350e2c44151b489febfab157aba4d75cb4d3c808c383c071cada82d75b16402237d8c158a019dc45ada56c2471313ebd97a253f7bbb655eafea |
/root/.cache/thumbnails/fail/gnome-thumbnail-factory/ae72ca3b3a5e25dee949419147dcbbbb.png.U69UN2
| MD5 | 645f7acacaa3539ec0e3a7a94967e56f |
| SHA1 | bf4f67e6c4d198d245168bae282d882ccf785293 |
| SHA256 | 6ab4da284a54130ceb376decc249e47db13c39cf036b2fdbe0892d660f951ba2 |
| SHA512 | 57fb5416c21484967288337fe19dbf874ddae98754dff352b407b24918eda776c00303d8e0b115fb7f3fa00f943b883b3817830950be47788896c9d91a4ab90c |
/root/.config/gedit/accels
| MD5 | 44ca9eff853cd7a8f9c1ba0bcf0c9064 |
| SHA1 | f09dcf877fcf2329996584d6b07b062c383283de |
| SHA256 | 6a1e573c0068dc87d4f0fbe6782d0a253dd60b9f37b7f6c5c4d6c72547f16c05 |
| SHA512 | 3e7ccb1086dbaf64b48a389fd247981f4e20c577f8466b75c84484ef8aa5befb4f71f87f05c5ade91b89f8a860a83144bc36eed6fbe0fa91d47cbbb2d2beeea6 |
/root/.local/share/gvfs-metadata/home-56821165.log.SZXZN2
| MD5 | 4d63038c59ddaa416050237ec5a228ab |
| SHA1 | 9ec4530499df320591c01f0d50469ef65672f312 |
| SHA256 | 7b7e5b5ae8e5ea5f6c14ae12c2440e88d5579af731ad6f4fee239fd623f6abdb |
| SHA512 | 98a1ee02605c9722e36ec09f09246354fbc055d4009e0074dd4beb9eb63839ed5e4b76d3143e48ce0e7b484d2a0ded0f2fabcd5da5849c3e124e231c05af2c23 |
/root/.bash_history
| MD5 | 43022a0fa34d1c6b89c0d15c23a55d5b |
| SHA1 | 5ae241415286275b6780c28ef50a69f445ea7e13 |
| SHA256 | fad8f24c896129923a07881a124cb6c909e24d4bc73952d423ea1cdb55cbdc8d |
| SHA512 | 341771f3532c7bfb0ab0eb8558cdb98713fd055eb18f1ef5ae1355f0b136b538508f78cbffea0cad68cb29cfd3b83e4dd02f920f28c92794d9eb180eed7b0069 |