Overview
overview
4Static
static
1URLScan
urlscan
1http://Blocky.games
windows10-2004-x64
1http://Blocky.games
windows10-1703-x64
1http://Blocky.games
windows7-x64
1http://Blocky.games
windows10-2004-x64
1http://Blocky.games
windows11-21h2-x64
1http://Blocky.games
android-9-x86
1http://Blocky.games
android-10-x64
1http://Blocky.games
android-11-x64
1http://Blocky.games
android-13-x64
1http://Blocky.games
android-9-x86
1http://Blocky.games
macos-10.15-amd64
4http://Blocky.games
macos-10.15-amd64
4http://Blocky.games
ubuntu-22.04-amd64
3http://Blocky.games
debian-12-armhf
http://Blocky.games
debian-12-mipsel
http://Blocky.games
debian-9-armhf
http://Blocky.games
debian-9-mips
http://Blocky.games
debian-9-mipsel
http://Blocky.games
ubuntu-18.04-amd64
3http://Blocky.games
ubuntu-20.04-amd64
4http://Blocky.games
ubuntu-22.04-amd64
3http://Blocky.games
ubuntu-24.04-amd64
4Analysis
-
max time kernel
1s -
max time network
733s -
platform
ubuntu-24.04_amd64 -
resource
ubuntu2404-amd64-20240523-en -
resource tags
arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system -
submitted
28-06-2024 11:25
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://Blocky.games
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
http://Blocky.games
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
http://Blocky.games
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
http://Blocky.games
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
http://Blocky.games
Resource
win11-20240508-en
Behavioral task
behavioral6
Sample
http://Blocky.games
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral7
Sample
http://Blocky.games
Resource
android-x64-20240624-en
Behavioral task
behavioral8
Sample
http://Blocky.games
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral9
Sample
http://Blocky.games
Resource
android-33-x64-arm64-20240624-en
Behavioral task
behavioral10
Sample
http://Blocky.games
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral11
Sample
http://Blocky.games
Resource
macos-20240611-en
Behavioral task
behavioral12
Sample
http://Blocky.games
Resource
macos-20240611-en
Behavioral task
behavioral13
Sample
http://Blocky.games
Resource
ubuntu2204-amd64-20240611-en
Behavioral task
behavioral14
Sample
http://Blocky.games
Resource
debian12-armhf-20240418-en
Behavioral task
behavioral15
Sample
http://Blocky.games
Resource
debian12-mipsel-20240418-en
Behavioral task
behavioral16
Sample
http://Blocky.games
Resource
debian9-armhf-20240418-en
Behavioral task
behavioral17
Sample
http://Blocky.games
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral18
Sample
http://Blocky.games
Resource
debian9-mipsel-20240418-en
Behavioral task
behavioral19
Sample
http://Blocky.games
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral20
Sample
http://Blocky.games
Resource
ubuntu2004-amd64-20240611-en
Behavioral task
behavioral21
Sample
http://Blocky.games
Resource
ubuntu2204-amd64-20240611-en
Behavioral task
behavioral22
Sample
http://Blocky.games
Resource
ubuntu2404-amd64-20240523-en
General
-
Target
http://Blocky.games
Malware Config
Signatures
-
Changes its process name 6 IoCs
Processes:
description ioc pid Changes the process name, possibly in an attempt to hide itself pool-spawner 2625 Changes the process name, possibly in an attempt to hide itself gmain 2626 Changes the process name, possibly in an attempt to hide itself dconf worker 2627 Changes the process name, possibly in an attempt to hide itself pool-spawner 2722 Changes the process name, possibly in an attempt to hide itself gmain 2723 Changes the process name, possibly in an attempt to hide itself dconf worker 2724 -
Enumerates kernel/hardware configuration 1 TTPs 44 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
Processes:
snap-confinefirefoxfirefoxsnap-seccompsnap-seccompdescription ioc process File opened for reading /sys/fs/bpf snap-confine File opened for reading /sys/kernel/security/apparmor/features/caps firefox File opened for reading /sys/kernel/security/apparmor/features/network firefox File opened for reading /sys/kernel/security/apparmor/features/policy firefox File opened for reading /sys/kernel/security/apparmor/features/network firefox File opened for reading /sys/kernel/security/apparmor/features/signal firefox File opened for reading /sys/module/apparmor/parameters/enabled snap-confine File opened for reading /sys/kernel/security/apparmor/features/policy firefox File opened for reading /sys/kernel/security/apparmor/features/dbus firefox File opened for reading /sys/kernel/security/apparmor/features/domain firefox File opened for reading /sys/kernel/security/apparmor/features/io_uring firefox File opened for reading /sys/kernel/security/apparmor/features/mount firefox File opened for reading /sys/kernel/security/apparmor/features firefox File opened for reading /sys/kernel/security/apparmor/features/file firefox File opened for reading /sys/kernel/security/apparmor/features/mount firefox File opened for reading /sys/kernel/security/apparmor/features/ptrace firefox File opened for reading /sys/kernel/security/apparmor/features/rlimit firefox File opened for reading /sys/kernel/security/apparmor/features/caps firefox File opened for reading /sys/kernel/security/apparmor/features/rlimit firefox File opened for reading /sys/fs/cgroup/user.slice/user-0.slice/[email protected]/app.slice/snap.firefox.firefox-7606528c-5bf2-4664-8743-f486cd3f538a.scope snap-confine File opened for reading /sys/kernel/security/apparmor/features/ptrace firefox File opened for reading /sys/kernel/security/apparmor/features/network_v8 firefox File opened for reading /sys/kernel/security/apparmor/features/io_uring firefox File opened for reading /sys/kernel/security/apparmor/features/ipc firefox File opened for reading /sys/kernel/security/apparmor/features/namespaces firefox File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size firefox File opened for reading /sys/kernel/security/apparmor/features/dbus firefox File opened for reading /sys/devices/pci0000:00/0000:00:02.0/drm/renderD128/uevent snap-confine File opened for reading /sys/devices/virtual/mem/full/uevent snap-confine File opened for reading /sys/devices/pci0000:00/0000:00:02.0/drm/card1/uevent snap-confine File opened for reading /sys/kernel/security/apparmor/features/signal firefox File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size snap-seccomp File opened for reading /sys/kernel/security/apparmor/features/ipc firefox File opened for reading /sys/kernel/security/apparmor/features/namespaces firefox File opened for reading /sys/kernel/security/apparmor/features/network_v8 firefox File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size firefox File opened for reading /sys/kernel/security/apparmor/features/domain firefox File opened for reading /sys/kernel/security/apparmor/features/file firefox File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size snap-seccomp File opened for reading /sys/devices/virtual/dma_heap/system/uevent snap-confine File opened for reading /sys/kernel/security/apparmor/features/query firefox File opened for reading /sys/kernel/security/apparmor/features firefox File opened for reading /sys/kernel/security/apparmor/features/query firefox File opened for reading /sys/devices/pci0000:00/0000:00:02.0/drm/card1/card1-Virtual-1/uevent snap-confine -
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
Processes:
gsettingsgrepgrepgrepgrepgrepgrepsnap-confinegrepgrepgrepgrepfirefoxgrepgrepgrepgrepsedgrepgsettingsfirefoxgrepgrepgrepsedgrepgrepgrepgrepgrepgrepgsettingsgsettingsgrepgrepsedgrepgrepgrepgrepgrepgsettingssedgrepgrepsedgrepgrepgrepgrepgrepdescription ioc process File opened for reading /proc/filesystems gsettings File opened for reading /proc/self/maps grep File opened for reading /proc/self/maps grep File opened for reading /proc/self/maps grep File opened for reading /proc/self/maps grep File opened for reading /proc/self/maps grep File opened for reading /proc/self/maps grep File opened for reading /proc/self/fd/12 snap-confine File opened for reading /proc/self/maps grep File opened for reading /proc/self/maps grep File opened for reading /proc/self/maps grep File opened for reading /proc/self/maps grep File opened for reading /proc/cmdline firefox File opened for reading /proc/2652/cgroup firefox File opened for reading /proc/self/maps grep File opened for reading /proc/self/maps grep File opened for reading /proc/self/maps grep File opened for reading /proc/self/ns/mnt snap-confine File opened for reading /proc/self/fd/13 snap-confine File opened for reading /proc/self/fd/11 snap-confine File opened for reading /proc/self/maps grep File opened for reading /proc/filesystems sed File opened for reading /proc/self/maps grep File opened for reading /proc/filesystems gsettings File opened for reading /proc/sys/kernel/seccomp/actions_avail firefox File opened for reading /proc/self/maps grep File opened for reading /proc/self/maps grep File opened for reading /proc/self/maps grep File opened for reading /proc/filesystems sed File opened for reading /proc/self/maps grep File opened for reading /proc/self/maps grep File opened for reading /proc/self/maps grep File opened for reading /proc/self/maps grep File opened for reading /proc/self/maps grep File opened for reading /proc/self/maps grep File opened for reading /proc/cgroups firefox File opened for reading /proc/sys/kernel/seccomp/actions_avail firefox File opened for reading /proc/self/fd/9 snap-confine File opened for reading /proc/filesystems gsettings File opened for reading /proc/filesystems gsettings File opened for reading /proc/self/maps grep File opened for reading /proc/self/maps grep File opened for reading /proc/filesystems sed File opened for reading /proc/self/fd/10 snap-confine File opened for reading /proc/self/maps grep File opened for reading /proc/self/maps grep File opened for reading /proc/self/maps grep File opened for reading /proc/self/maps grep File opened for reading /proc/self/maps grep File opened for reading /proc/2555/cgroup firefox File opened for reading /proc/filesystems gsettings File opened for reading /proc/filesystems sed File opened for reading /proc/self/maps grep File opened for reading /proc/self/maps grep File opened for reading /proc/self/mountinfo snap-confine File opened for reading /proc/filesystems sed File opened for reading /proc/sys/kernel/random/uuid firefox File opened for reading /proc/self/maps grep File opened for reading /proc/self/maps grep File opened for reading /proc/sys/kernel/random/uuid firefox File opened for reading /proc/self/maps grep File opened for reading /proc/self/maps grep File opened for reading /proc/self/maps grep File opened for reading /proc/self/cgroup snap-confine
Processes
-
/usr/bin/xdg-openxdg-open http://Blocky.games1⤵PID:2474
-
/usr/bin/dbus-senddbus-send --print-reply "--dest=org.freedesktop.DBus" /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager2⤵PID:2475
-
/usr/bin/xpropxprop -root _DT_SAVE_MODE2⤵PID:2481
-
/usr/bin/grepgrep " = \\\"xfce4\\\"\$"2⤵
- Reads runtime system information
PID:2482 -
/usr/bin/xpropxprop -root2⤵PID:2483
-
/usr/bin/grepgrep -i "^xfce_desktop_window"2⤵
- Reads runtime system information
PID:2484 -
/usr/bin/grepgrep -q "^Enlightenment"2⤵
- Reads runtime system information
PID:2486 -
/usr/bin/unameuname2⤵PID:2487
-
/usr/bin/grepgrep -q "^file://"2⤵
- Reads runtime system information
PID:2489 -
/usr/bin/egrepegrep -q "^[[:alpha:]+\\.\\-]+:"2⤵PID:2491
-
/usr/local/sbin/grepgrep -E -q "^[[:alpha:]+\\.\\-]+:"2⤵PID:2491
-
/usr/local/bin/grepgrep -E -q "^[[:alpha:]+\\.\\-]+:"2⤵PID:2491
-
/usr/sbin/grepgrep -E -q "^[[:alpha:]+\\.\\-]+:"2⤵PID:2491
-
/usr/bin/grepgrep -E -q "^[[:alpha:]+\\.\\-]+:"2⤵
- Reads runtime system information
PID:2491 -
/usr/bin/sedsed -n "s/\\(^[[:alnum:]+\\.-]*\\):.*\$/\\1/p"2⤵
- Reads runtime system information
PID:2494 -
/usr/bin/xdg-mimexdg-mime query default x-scheme-handler/http2⤵PID:2495
-
/usr/bin/dbus-senddbus-send --print-reply "--dest=org.freedesktop.DBus" /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager3⤵PID:2496
-
/usr/bin/xpropxprop -root _DT_SAVE_MODE3⤵PID:2501
-
/usr/bin/grepgrep " = \\\"xfce4\\\"\$"3⤵
- Reads runtime system information
PID:2502 -
/usr/bin/xpropxprop -root3⤵PID:2503
-
/usr/bin/grepgrep -i "^xfce_desktop_window"3⤵
- Reads runtime system information
PID:2504 -
/usr/bin/grepgrep -q "^Enlightenment"3⤵
- Reads runtime system information
PID:2506 -
/usr/bin/unameuname3⤵PID:2507
-
/usr/bin/sedsed "s/:/ /g"3⤵PID:2510
-
/usr/bin/grepgrep "x-scheme-handler/http=" /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache3⤵
- Reads runtime system information
PID:2512 -
/usr/bin/headhead -n 13⤵PID:2513
-
/usr/bin/cutcut -d "=" -f 23⤵PID:2514
-
/usr/bin/cutcut -d ";" -f 13⤵PID:2515
-
/usr/bin/grepgrep "x-scheme-handler/http=" /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache3⤵
- Reads runtime system information
PID:2517 -
/usr/bin/headhead -n 13⤵PID:2518
-
/usr/bin/cutcut -d "=" -f 23⤵PID:2519
-
/usr/bin/cutcut -d ";" -f 13⤵PID:2520
-
/usr/bin/grepgrep "x-scheme-handler/http=" /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache3⤵
- Reads runtime system information
PID:2522 -
/usr/bin/headhead -n 13⤵PID:2523
-
/usr/bin/cutcut -d "=" -f 23⤵PID:2524
-
/usr/bin/cutcut -d ";" -f 13⤵PID:2525
-
/usr/bin/grepgrep "x-scheme-handler/http=" /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache3⤵
- Reads runtime system information
PID:2527 -
/usr/bin/headhead -n 13⤵PID:2528
-
/usr/bin/cutcut -d "=" -f 23⤵PID:2529
-
/usr/bin/cutcut -d ";" -f 13⤵PID:2530
-
/usr/bin/grepgrep "x-scheme-handler/http=" /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache3⤵PID:2533
-
/usr/bin/headhead -n 13⤵PID:2534
-
/usr/bin/cutcut -d "=" -f 23⤵PID:2535
-
/usr/bin/cutcut -d ";" -f 13⤵PID:2536
-
/usr/bin/grepgrep "x-scheme-handler/http=" /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache3⤵PID:2540
-
/usr/bin/headhead -n 13⤵PID:2541
-
/usr/bin/cutcut -d "=" -f 23⤵PID:2542
-
/usr/bin/cutcut -d ";" -f 13⤵PID:2543
-
/usr/bin/sedsed "s/:/ /g"3⤵
- Reads runtime system information
PID:2546 -
/usr/bin/grepgrep -l "x-scheme-handler/http;" "/.local/share/applications/*.desktop"3⤵
- Reads runtime system information
PID:2548 -
/usr/bin/grepgrep -l "x-scheme-handler/http;" "/usr/local/share//applications/*.desktop"3⤵PID:2550
-
/usr/bin/grepgrep -l "x-scheme-handler/http;" /usr/share//applications/apport-gtk.desktop /usr/share//applications/bluetooth-sendto.desktop /usr/share//applications/display-im6.q16.desktop /usr/share//applications/gcr-prompter.desktop /usr/share//applications/gcr-viewer.desktop /usr/share//applications/geoclue-demo-agent.desktop /usr/share//applications/gkbd-keyboard-display.desktop /usr/share//applications/gnome-about-panel.desktop /usr/share//applications/gnome-applications-panel.desktop /usr/share//applications/gnome-background-panel.desktop /usr/share//applications/gnome-bluetooth-panel.desktop /usr/share//applications/gnome-color-panel.desktop /usr/share//applications/gnome-datetime-panel.desktop /usr/share//applications/gnome-disk-image-mounter.desktop /usr/share//applications/gnome-disk-image-writer.desktop /usr/share//applications/gnome-display-panel.desktop /usr/share//applications/gnome-initial-setup.desktop /usr/share//applications/gnome-keyboard-panel.desktop /usr/share//applications/gnome-language-selector.desktop /usr/share//applications/gnome-mouse-panel.desktop /usr/share//applications/gnome-multitasking-panel.desktop /usr/share//applications/gnome-network-panel.desktop /usr/share//applications/gnome-notifications-panel.desktop /usr/share//applications/gnome-online-accounts-panel.desktop /usr/share//applications/gnome-power-panel.desktop /usr/share//applications/gnome-printers-panel.desktop /usr/share//applications/gnome-privacy-panel.desktop /usr/share//applications/gnome-region-panel.desktop /usr/share//applications/gnome-search-panel.desktop /usr/share//applications/gnome-session-properties.desktop /usr/share//applications/gnome-sharing-panel.desktop /usr/share//applications/gnome-sound-panel.desktop /usr/share//applications/gnome-system-monitor-kde.desktop /usr/share//applications/gnome-system-panel.desktop /usr/share//applications/gnome-ubuntu-panel.desktop /usr/share//applications/gnome-universal-access-panel.desktop /usr/share//applications/gnome-users-panel.desktop /usr/share//applications/gnome-wacom-panel.desktop /usr/share//applications/gnome-wifi-panel.desktop /usr/share//applications/gnome-wwan-panel.desktop /usr/share//applications/hplj1020.desktop /usr/share//applications/ibus-setup-table.desktop /usr/share//applications/im-config.desktop /usr/share//applications/io.snapcraft.SessionAgent.desktop /usr/share//applications/libreoffice-calc.desktop /usr/share//applications/libreoffice-draw.desktop /usr/share//applications/libreoffice-impress.desktop /usr/share//applications/libreoffice-math.desktop /usr/share//applications/libreoffice-startcenter.desktop /usr/share//applications/libreoffice-writer.desktop /usr/share//applications/libreoffice-xsltfilter.desktop /usr/share//applications/nautilus-autorun-software.desktop /usr/share//applications/nm-applet.desktop /usr/share//applications/nm-connection-editor.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Emojier.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Extension.Gtk3.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Wayland.Gtk3.desktop /usr/share//applications/org.freedesktop.IBus.Setup.desktop /usr/share//applications/org.freedesktop.Xwayland.desktop /usr/share//applications/org.gnome.Calculator.desktop /usr/share//applications/org.gnome.Calendar.desktop /usr/share//applications/org.gnome.Characters.desktop /usr/share//applications/org.gnome.DejaDup.desktop /usr/share//applications/org.gnome.DiskUtility.desktop /usr/share//applications/org.gnome.Evince-previewer.desktop /usr/share//applications/org.gnome.Evince.desktop /usr/share//applications/org.gnome.Evolution-alarm-notify.desktop /usr/share//applications/org.gnome.FileRoller.desktop /usr/share//applications/org.gnome.Logs.desktop /usr/share//applications/org.gnome.Nautilus.desktop /usr/share//applications/org.gnome.OnlineAccounts.OAuth2.desktop /usr/share//applications/org.gnome.PowerStats.desktop /usr/share//applications/org.gnome.RemoteDesktop.Handover.desktop /usr/share//applications/org.gnome.Rhythmbox3.desktop /usr/share//applications/org.gnome.Rhythmbox3.device.desktop /usr/share//applications/org.gnome.Settings.desktop /usr/share//applications/org.gnome.Shell.Extensions.desktop /usr/share//applications/org.gnome.Shell.PortalHelper.desktop /usr/share//applications/org.gnome.Shell.desktop /usr/share//applications/org.gnome.Shotwell-Viewer.desktop /usr/share//applications/org.gnome.Shotwell.Auth.desktop /usr/share//applications/org.gnome.Shotwell.desktop /usr/share//applications/org.gnome.Snapshot.desktop /usr/share//applications/org.gnome.SystemMonitor.desktop /usr/share//applications/org.gnome.Tecla.desktop /usr/share//applications/org.gnome.Terminal.Preferences.desktop /usr/share//applications/org.gnome.Terminal.desktop /usr/share//applications/org.gnome.TextEditor.desktop /usr/share//applications/org.gnome.Totem.desktop /usr/share//applications/org.gnome.Zenity.desktop /usr/share//applications/org.gnome.baobab.desktop /usr/share//applications/org.gnome.clocks.desktop /usr/share//applications/org.gnome.eog.desktop /usr/share//applications/org.gnome.evolution-data-server.OAuth2-handler.desktop /usr/share//applications/org.gnome.font-viewer.desktop /usr/share//applications/org.gnome.seahorse.Application.desktop /usr/share//applications/org.remmina.Remmina-file.desktop /usr/share//applications/org.remmina.Remmina.desktop /usr/share//applications/python3.12.desktop /usr/share//applications/remmina-gnome.desktop /usr/share//applications/rygel.desktop /usr/share//applications/simple-scan.desktop /usr/share//applications/snap-handle-link.desktop /usr/share//applications/software-properties-drivers.desktop /usr/share//applications/software-properties-gtk.desktop /usr/share//applications/software-properties-livepatch.desktop /usr/share//applications/thunderbird.desktop /usr/share//applications/transmission-gtk.desktop /usr/share//applications/update-manager.desktop /usr/share//applications/usb-creator-gtk.desktop /usr/share//applications/xdg-desktop-portal-gnome.desktop /usr/share//applications/xdg-desktop-portal-gtk.desktop /usr/share//applications/yelp.desktop3⤵
- Reads runtime system information
PID:2552 -
/usr/bin/grepgrep -q "%s"2⤵PID:2554
-
/usr/bin/x-www-browserx-www-browser http://Blocky.games2⤵PID:2555
-
/usr/bin/xdg-settingsxdg-settings get default-web-browser3⤵PID:2556
-
/usr/bin/dbus-senddbus-send --print-reply "--dest=org.freedesktop.DBus" /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager4⤵PID:2557
-
/usr/bin/xpropxprop -root _DT_SAVE_MODE4⤵PID:2562
-
/usr/bin/grepgrep " = \\\"xfce4\\\"\$"4⤵
- Reads runtime system information
PID:2563 -
/usr/bin/xpropxprop -root4⤵PID:2564
-
/usr/bin/grepgrep -i "^xfce_desktop_window"4⤵PID:2565
-
/usr/bin/grepgrep -q "^Enlightenment"4⤵
- Reads runtime system information
PID:2567 -
/usr/bin/unameuname4⤵PID:2568
-
/usr/bin/xdg-mimexdg-mime query default x-scheme-handler/http4⤵PID:2569
-
/usr/bin/dbus-senddbus-send --print-reply "--dest=org.freedesktop.DBus" /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager5⤵PID:2570
-
/usr/bin/xpropxprop -root _DT_SAVE_MODE5⤵PID:2575
-
/usr/bin/grepgrep " = \\\"xfce4\\\"\$"5⤵
- Reads runtime system information
PID:2576 -
/usr/bin/xpropxprop -root5⤵PID:2577
-
/usr/bin/grepgrep -i "^xfce_desktop_window"5⤵
- Reads runtime system information
PID:2578 -
/usr/bin/grepgrep -q "^Enlightenment"5⤵
- Reads runtime system information
PID:2580 -
/usr/bin/unameuname5⤵PID:2581
-
/usr/bin/sedsed "s/:/ /g"5⤵PID:2584
-
/usr/bin/grepgrep "x-scheme-handler/http=" /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache5⤵PID:2586
-
/usr/bin/headhead -n 15⤵PID:2587
-
/usr/bin/cutcut -d "=" -f 25⤵PID:2588
-
/usr/bin/cutcut -d ";" -f 15⤵PID:2589
-
/usr/bin/grepgrep "x-scheme-handler/http=" /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache5⤵
- Reads runtime system information
PID:2591 -
/usr/bin/headhead -n 15⤵PID:2592
-
/usr/bin/cutcut -d "=" -f 25⤵PID:2593
-
/usr/bin/cutcut -d ";" -f 15⤵PID:2594
-
/usr/bin/grepgrep "x-scheme-handler/http=" /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache5⤵
- Reads runtime system information
PID:2596 -
/usr/bin/headhead -n 15⤵PID:2597
-
/usr/bin/cutcut -d "=" -f 25⤵PID:2598
-
/usr/bin/cutcut -d ";" -f 15⤵PID:2599
-
/usr/bin/grepgrep "x-scheme-handler/http=" /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache5⤵
- Reads runtime system information
PID:2601 -
/usr/bin/headhead -n 15⤵PID:2602
-
/usr/bin/cutcut -d "=" -f 25⤵PID:2603
-
/usr/bin/cutcut -d ";" -f 15⤵PID:2604
-
/usr/bin/grepgrep "x-scheme-handler/http=" /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache5⤵
- Reads runtime system information
PID:2606 -
/usr/bin/headhead -n 15⤵PID:2607
-
/usr/bin/cutcut -d "=" -f 25⤵PID:2608
-
/usr/bin/cutcut -d ";" -f 15⤵PID:2609
-
/usr/bin/grepgrep "x-scheme-handler/http=" /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache5⤵PID:2611
-
/usr/bin/headhead -n 15⤵PID:2612
-
/usr/bin/cutcut -d "=" -f 25⤵PID:2613
-
/usr/bin/cutcut -d ";" -f 15⤵PID:2614
-
/usr/bin/sedsed "s/:/ /g"5⤵
- Reads runtime system information
PID:2617 -
/usr/bin/grepgrep -l "x-scheme-handler/http;" "/.local/share/applications/*.desktop"5⤵
- Reads runtime system information
PID:2619 -
/usr/bin/grepgrep -l "x-scheme-handler/http;" "/usr/local/share//applications/*.desktop"5⤵PID:2621
-
/usr/bin/grepgrep -l "x-scheme-handler/http;" /usr/share//applications/apport-gtk.desktop /usr/share//applications/bluetooth-sendto.desktop /usr/share//applications/display-im6.q16.desktop /usr/share//applications/gcr-prompter.desktop /usr/share//applications/gcr-viewer.desktop /usr/share//applications/geoclue-demo-agent.desktop /usr/share//applications/gkbd-keyboard-display.desktop /usr/share//applications/gnome-about-panel.desktop /usr/share//applications/gnome-applications-panel.desktop /usr/share//applications/gnome-background-panel.desktop /usr/share//applications/gnome-bluetooth-panel.desktop /usr/share//applications/gnome-color-panel.desktop /usr/share//applications/gnome-datetime-panel.desktop /usr/share//applications/gnome-disk-image-mounter.desktop /usr/share//applications/gnome-disk-image-writer.desktop /usr/share//applications/gnome-display-panel.desktop /usr/share//applications/gnome-initial-setup.desktop /usr/share//applications/gnome-keyboard-panel.desktop /usr/share//applications/gnome-language-selector.desktop /usr/share//applications/gnome-mouse-panel.desktop /usr/share//applications/gnome-multitasking-panel.desktop /usr/share//applications/gnome-network-panel.desktop /usr/share//applications/gnome-notifications-panel.desktop /usr/share//applications/gnome-online-accounts-panel.desktop /usr/share//applications/gnome-power-panel.desktop /usr/share//applications/gnome-printers-panel.desktop /usr/share//applications/gnome-privacy-panel.desktop /usr/share//applications/gnome-region-panel.desktop /usr/share//applications/gnome-search-panel.desktop /usr/share//applications/gnome-session-properties.desktop /usr/share//applications/gnome-sharing-panel.desktop /usr/share//applications/gnome-sound-panel.desktop /usr/share//applications/gnome-system-monitor-kde.desktop /usr/share//applications/gnome-system-panel.desktop /usr/share//applications/gnome-ubuntu-panel.desktop /usr/share//applications/gnome-universal-access-panel.desktop /usr/share//applications/gnome-users-panel.desktop /usr/share//applications/gnome-wacom-panel.desktop /usr/share//applications/gnome-wifi-panel.desktop /usr/share//applications/gnome-wwan-panel.desktop /usr/share//applications/hplj1020.desktop /usr/share//applications/ibus-setup-table.desktop /usr/share//applications/im-config.desktop /usr/share//applications/io.snapcraft.SessionAgent.desktop /usr/share//applications/libreoffice-calc.desktop /usr/share//applications/libreoffice-draw.desktop /usr/share//applications/libreoffice-impress.desktop /usr/share//applications/libreoffice-math.desktop /usr/share//applications/libreoffice-startcenter.desktop /usr/share//applications/libreoffice-writer.desktop /usr/share//applications/libreoffice-xsltfilter.desktop /usr/share//applications/nautilus-autorun-software.desktop /usr/share//applications/nm-applet.desktop /usr/share//applications/nm-connection-editor.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Emojier.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Extension.Gtk3.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Wayland.Gtk3.desktop /usr/share//applications/org.freedesktop.IBus.Setup.desktop /usr/share//applications/org.freedesktop.Xwayland.desktop /usr/share//applications/org.gnome.Calculator.desktop /usr/share//applications/org.gnome.Calendar.desktop /usr/share//applications/org.gnome.Characters.desktop /usr/share//applications/org.gnome.DejaDup.desktop /usr/share//applications/org.gnome.DiskUtility.desktop /usr/share//applications/org.gnome.Evince-previewer.desktop /usr/share//applications/org.gnome.Evince.desktop /usr/share//applications/org.gnome.Evolution-alarm-notify.desktop /usr/share//applications/org.gnome.FileRoller.desktop /usr/share//applications/org.gnome.Logs.desktop /usr/share//applications/org.gnome.Nautilus.desktop /usr/share//applications/org.gnome.OnlineAccounts.OAuth2.desktop /usr/share//applications/org.gnome.PowerStats.desktop /usr/share//applications/org.gnome.RemoteDesktop.Handover.desktop /usr/share//applications/org.gnome.Rhythmbox3.desktop /usr/share//applications/org.gnome.Rhythmbox3.device.desktop /usr/share//applications/org.gnome.Settings.desktop /usr/share//applications/org.gnome.Shell.Extensions.desktop /usr/share//applications/org.gnome.Shell.PortalHelper.desktop /usr/share//applications/org.gnome.Shell.desktop /usr/share//applications/org.gnome.Shotwell-Viewer.desktop /usr/share//applications/org.gnome.Shotwell.Auth.desktop /usr/share//applications/org.gnome.Shotwell.desktop /usr/share//applications/org.gnome.Snapshot.desktop /usr/share//applications/org.gnome.SystemMonitor.desktop /usr/share//applications/org.gnome.Tecla.desktop /usr/share//applications/org.gnome.Terminal.Preferences.desktop /usr/share//applications/org.gnome.Terminal.desktop /usr/share//applications/org.gnome.TextEditor.desktop /usr/share//applications/org.gnome.Totem.desktop /usr/share//applications/org.gnome.Zenity.desktop /usr/share//applications/org.gnome.baobab.desktop /usr/share//applications/org.gnome.clocks.desktop /usr/share//applications/org.gnome.eog.desktop /usr/share//applications/org.gnome.evolution-data-server.OAuth2-handler.desktop /usr/share//applications/org.gnome.font-viewer.desktop /usr/share//applications/org.gnome.seahorse.Application.desktop /usr/share//applications/org.remmina.Remmina-file.desktop /usr/share//applications/org.remmina.Remmina.desktop /usr/share//applications/python3.12.desktop /usr/share//applications/remmina-gnome.desktop /usr/share//applications/rygel.desktop /usr/share//applications/simple-scan.desktop /usr/share//applications/snap-handle-link.desktop /usr/share//applications/software-properties-drivers.desktop /usr/share//applications/software-properties-gtk.desktop /usr/share//applications/software-properties-livepatch.desktop /usr/share//applications/thunderbird.desktop /usr/share//applications/transmission-gtk.desktop /usr/share//applications/update-manager.desktop /usr/share//applications/usb-creator-gtk.desktop /usr/share//applications/xdg-desktop-portal-gnome.desktop /usr/share//applications/xdg-desktop-portal-gtk.desktop /usr/share//applications/yelp.desktop5⤵
- Reads runtime system information
PID:2623 -
/usr/bin/gsettingsgsettings get org.gnome.shell favorite-apps3⤵PID:2624
-
/usr/bin/grepgrep -q "'firefox.desktop'"3⤵
- Reads runtime system information
PID:2629 -
/usr/bin/gsettingsgsettings get com.canonical.Unity.Launcher favorites3⤵
- Reads runtime system information
PID:2630 -
/usr/bin/grepgrep -q "'application://firefox.desktop'"3⤵PID:2632
-
/usr/bin/gsettingsgsettings get org.mate.panel object-id-list3⤵
- Reads runtime system information
PID:2633 -
/usr/bin/whichwhich qdbus3⤵PID:2634
-
/snap/bin/firefox/snap/bin/firefox http://Blocky.games2⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:2555 -
/usr/lib/snapd/snap-seccomp/usr/lib/snapd/snap-seccomp version-info3⤵
- Enumerates kernel/hardware configuration
PID:2638 -
/usr/lib/snapd/snap-confine/usr/lib/snapd/snap-confine --base core22 snap.firefox.firefox /usr/lib/snapd/snap-exec firefox http://Blocky.games2⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:2555 -
/usr/bin/grepgrep -q "%s"2⤵PID:2651
-
/usr/bin/firefoxfirefox http://Blocky.games2⤵PID:2652
-
/usr/bin/xdg-settingsxdg-settings get default-web-browser3⤵PID:2653
-
/usr/bin/dbus-senddbus-send --print-reply "--dest=org.freedesktop.DBus" /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager4⤵PID:2654
-
/usr/bin/xpropxprop -root _DT_SAVE_MODE4⤵PID:2659
-
/usr/bin/grepgrep " = \\\"xfce4\\\"\$"4⤵
- Reads runtime system information
PID:2660 -
/usr/bin/xpropxprop -root4⤵PID:2661
-
/usr/bin/grepgrep -i "^xfce_desktop_window"4⤵
- Reads runtime system information
PID:2662 -
/usr/bin/grepgrep -q "^Enlightenment"4⤵PID:2664
-
/usr/bin/unameuname4⤵PID:2665
-
/usr/bin/xdg-mimexdg-mime query default x-scheme-handler/http4⤵PID:2666
-
/usr/bin/dbus-senddbus-send --print-reply "--dest=org.freedesktop.DBus" /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager5⤵PID:2667
-
/usr/bin/xpropxprop -root _DT_SAVE_MODE5⤵PID:2672
-
/usr/bin/grepgrep " = \\\"xfce4\\\"\$"5⤵PID:2673
-
/usr/bin/xpropxprop -root5⤵PID:2674
-
/usr/bin/grepgrep -i "^xfce_desktop_window"5⤵
- Reads runtime system information
PID:2675 -
/usr/bin/grepgrep -q "^Enlightenment"5⤵
- Reads runtime system information
PID:2677 -
/usr/bin/unameuname5⤵PID:2678
-
/usr/bin/sedsed "s/:/ /g"5⤵
- Reads runtime system information
PID:2681 -
/usr/bin/grepgrep "x-scheme-handler/http=" /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache5⤵PID:2683
-
/usr/bin/headhead -n 15⤵PID:2684
-
/usr/bin/cutcut -d "=" -f 25⤵PID:2685
-
/usr/bin/cutcut -d ";" -f 15⤵PID:2686
-
/usr/bin/grepgrep "x-scheme-handler/http=" /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache5⤵
- Reads runtime system information
PID:2688 -
/usr/bin/headhead -n 15⤵PID:2689
-
/usr/bin/cutcut -d "=" -f 25⤵PID:2690
-
/usr/bin/cutcut -d ";" -f 15⤵PID:2691
-
/usr/bin/grepgrep "x-scheme-handler/http=" /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache5⤵
- Reads runtime system information
PID:2693 -
/usr/bin/headhead -n 15⤵PID:2694
-
/usr/bin/cutcut -d "=" -f 25⤵PID:2695
-
/usr/bin/cutcut -d ";" -f 15⤵PID:2696
-
/usr/bin/grepgrep "x-scheme-handler/http=" /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache5⤵PID:2698
-
/usr/bin/headhead -n 15⤵PID:2699
-
/usr/bin/cutcut -d "=" -f 25⤵PID:2700
-
/usr/bin/cutcut -d ";" -f 15⤵PID:2701
-
/usr/bin/grepgrep "x-scheme-handler/http=" /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache5⤵
- Reads runtime system information
PID:2703 -
/usr/bin/headhead -n 15⤵PID:2704
-
/usr/bin/cutcut -d "=" -f 25⤵PID:2705
-
/usr/bin/cutcut -d ";" -f 15⤵PID:2706
-
/usr/bin/grepgrep "x-scheme-handler/http=" /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache5⤵
- Reads runtime system information
PID:2708 -
/usr/bin/headhead -n 15⤵PID:2709
-
/usr/bin/cutcut -d "=" -f 25⤵PID:2710
-
/usr/bin/cutcut -d ";" -f 15⤵PID:2711
-
/usr/bin/sedsed "s/:/ /g"5⤵
- Reads runtime system information
PID:2714 -
/usr/bin/grepgrep -l "x-scheme-handler/http;" "/.local/share/applications/*.desktop"5⤵
- Reads runtime system information
PID:2716 -
/usr/bin/grepgrep -l "x-scheme-handler/http;" "/usr/local/share//applications/*.desktop"5⤵
- Reads runtime system information
PID:2718 -
/usr/bin/grepgrep -l "x-scheme-handler/http;" /usr/share//applications/apport-gtk.desktop /usr/share//applications/bluetooth-sendto.desktop /usr/share//applications/display-im6.q16.desktop /usr/share//applications/gcr-prompter.desktop /usr/share//applications/gcr-viewer.desktop /usr/share//applications/geoclue-demo-agent.desktop /usr/share//applications/gkbd-keyboard-display.desktop /usr/share//applications/gnome-about-panel.desktop /usr/share//applications/gnome-applications-panel.desktop /usr/share//applications/gnome-background-panel.desktop /usr/share//applications/gnome-bluetooth-panel.desktop /usr/share//applications/gnome-color-panel.desktop /usr/share//applications/gnome-datetime-panel.desktop /usr/share//applications/gnome-disk-image-mounter.desktop /usr/share//applications/gnome-disk-image-writer.desktop /usr/share//applications/gnome-display-panel.desktop /usr/share//applications/gnome-initial-setup.desktop /usr/share//applications/gnome-keyboard-panel.desktop /usr/share//applications/gnome-language-selector.desktop /usr/share//applications/gnome-mouse-panel.desktop /usr/share//applications/gnome-multitasking-panel.desktop /usr/share//applications/gnome-network-panel.desktop /usr/share//applications/gnome-notifications-panel.desktop /usr/share//applications/gnome-online-accounts-panel.desktop /usr/share//applications/gnome-power-panel.desktop /usr/share//applications/gnome-printers-panel.desktop /usr/share//applications/gnome-privacy-panel.desktop /usr/share//applications/gnome-region-panel.desktop /usr/share//applications/gnome-search-panel.desktop /usr/share//applications/gnome-session-properties.desktop /usr/share//applications/gnome-sharing-panel.desktop /usr/share//applications/gnome-sound-panel.desktop /usr/share//applications/gnome-system-monitor-kde.desktop /usr/share//applications/gnome-system-panel.desktop /usr/share//applications/gnome-ubuntu-panel.desktop /usr/share//applications/gnome-universal-access-panel.desktop /usr/share//applications/gnome-users-panel.desktop /usr/share//applications/gnome-wacom-panel.desktop /usr/share//applications/gnome-wifi-panel.desktop /usr/share//applications/gnome-wwan-panel.desktop /usr/share//applications/hplj1020.desktop /usr/share//applications/ibus-setup-table.desktop /usr/share//applications/im-config.desktop /usr/share//applications/io.snapcraft.SessionAgent.desktop /usr/share//applications/libreoffice-calc.desktop /usr/share//applications/libreoffice-draw.desktop /usr/share//applications/libreoffice-impress.desktop /usr/share//applications/libreoffice-math.desktop /usr/share//applications/libreoffice-startcenter.desktop /usr/share//applications/libreoffice-writer.desktop /usr/share//applications/libreoffice-xsltfilter.desktop /usr/share//applications/nautilus-autorun-software.desktop /usr/share//applications/nm-applet.desktop /usr/share//applications/nm-connection-editor.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Emojier.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Extension.Gtk3.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Wayland.Gtk3.desktop /usr/share//applications/org.freedesktop.IBus.Setup.desktop /usr/share//applications/org.freedesktop.Xwayland.desktop /usr/share//applications/org.gnome.Calculator.desktop /usr/share//applications/org.gnome.Calendar.desktop /usr/share//applications/org.gnome.Characters.desktop /usr/share//applications/org.gnome.DejaDup.desktop /usr/share//applications/org.gnome.DiskUtility.desktop /usr/share//applications/org.gnome.Evince-previewer.desktop /usr/share//applications/org.gnome.Evince.desktop /usr/share//applications/org.gnome.Evolution-alarm-notify.desktop /usr/share//applications/org.gnome.FileRoller.desktop /usr/share//applications/org.gnome.Logs.desktop /usr/share//applications/org.gnome.Nautilus.desktop /usr/share//applications/org.gnome.OnlineAccounts.OAuth2.desktop /usr/share//applications/org.gnome.PowerStats.desktop /usr/share//applications/org.gnome.RemoteDesktop.Handover.desktop /usr/share//applications/org.gnome.Rhythmbox3.desktop /usr/share//applications/org.gnome.Rhythmbox3.device.desktop /usr/share//applications/org.gnome.Settings.desktop /usr/share//applications/org.gnome.Shell.Extensions.desktop /usr/share//applications/org.gnome.Shell.PortalHelper.desktop /usr/share//applications/org.gnome.Shell.desktop /usr/share//applications/org.gnome.Shotwell-Viewer.desktop /usr/share//applications/org.gnome.Shotwell.Auth.desktop /usr/share//applications/org.gnome.Shotwell.desktop /usr/share//applications/org.gnome.Snapshot.desktop /usr/share//applications/org.gnome.SystemMonitor.desktop /usr/share//applications/org.gnome.Tecla.desktop /usr/share//applications/org.gnome.Terminal.Preferences.desktop /usr/share//applications/org.gnome.Terminal.desktop /usr/share//applications/org.gnome.TextEditor.desktop /usr/share//applications/org.gnome.Totem.desktop /usr/share//applications/org.gnome.Zenity.desktop /usr/share//applications/org.gnome.baobab.desktop /usr/share//applications/org.gnome.clocks.desktop /usr/share//applications/org.gnome.eog.desktop /usr/share//applications/org.gnome.evolution-data-server.OAuth2-handler.desktop /usr/share//applications/org.gnome.font-viewer.desktop /usr/share//applications/org.gnome.seahorse.Application.desktop /usr/share//applications/org.remmina.Remmina-file.desktop /usr/share//applications/org.remmina.Remmina.desktop /usr/share//applications/python3.12.desktop /usr/share//applications/remmina-gnome.desktop /usr/share//applications/rygel.desktop /usr/share//applications/simple-scan.desktop /usr/share//applications/snap-handle-link.desktop /usr/share//applications/software-properties-drivers.desktop /usr/share//applications/software-properties-gtk.desktop /usr/share//applications/software-properties-livepatch.desktop /usr/share//applications/thunderbird.desktop /usr/share//applications/transmission-gtk.desktop /usr/share//applications/update-manager.desktop /usr/share//applications/usb-creator-gtk.desktop /usr/share//applications/xdg-desktop-portal-gnome.desktop /usr/share//applications/xdg-desktop-portal-gtk.desktop /usr/share//applications/yelp.desktop5⤵PID:2720
-
/usr/bin/gsettingsgsettings get org.gnome.shell favorite-apps3⤵
- Reads runtime system information
PID:2721 -
/usr/bin/grepgrep -q "'firefox.desktop'"3⤵
- Reads runtime system information
PID:2726 -
/usr/bin/gsettingsgsettings get com.canonical.Unity.Launcher favorites3⤵
- Reads runtime system information
PID:2727 -
/usr/bin/grepgrep -q "'application://firefox.desktop'"3⤵
- Reads runtime system information
PID:2729 -
/usr/bin/gsettingsgsettings get org.mate.panel object-id-list3⤵
- Reads runtime system information
PID:2730 -
/usr/bin/whichwhich qdbus3⤵PID:2731
-
/snap/bin/firefox/snap/bin/firefox http://Blocky.games2⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:2652 -
/usr/lib/snapd/snap-seccomp/usr/lib/snapd/snap-seccomp version-info3⤵
- Enumerates kernel/hardware configuration
PID:2736 -
/usr/lib/snapd/snap-confine/usr/lib/snapd/snap-confine --base core22 snap.firefox.firefox /usr/lib/snapd/snap-exec firefox http://Blocky.games2⤵PID:2734
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
/run/snapd/ns/snap.firefox.fstabFilesize
40B
MD565408163d77c5bbcc5b17dc2e313c93e
SHA1b8891c89ce55f6c1bbe476fd4912a7af296ce79a
SHA256d86e32b299b19c1c03a025d8d5ed026cdf923fc9a1015439cde134b3d13d1fff
SHA512394e2394e44e38210817f5f02779f7b8253c3ff1b4aa816bce7a0b95e40f47094d01cb43ec5e7ec593404f5ddf6fc49bb4175eece231a3cee7c5295e0d9349a7