Analysis
-
max time kernel
20s -
max time network
640s -
platform
ubuntu-24.04_amd64 -
resource
ubuntu2404-amd64-20240523-en -
resource tags
arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system -
submitted
30-08-2024 22:12
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://www.mediafire.com/file/nix36lf9t48w2i4/setup_undertale_2.0.0.2.exe
Resource
win11-20240802-en
Behavioral task
behavioral2
Sample
http://www.mediafire.com/file/nix36lf9t48w2i4/setup_undertale_2.0.0.2.exe
Resource
ubuntu2404-amd64-20240523-en
General
-
Target
http://www.mediafire.com/file/nix36lf9t48w2i4/setup_undertale_2.0.0.2.exe
Malware Config
Signatures
-
Changes its process name 64 IoCs
description ioc pid Changes the process name, possibly in an attempt to hide itself pool-spawner 2602 Changes the process name, possibly in an attempt to hide itself gmain 2603 Changes the process name, possibly in an attempt to hide itself pool-spawner 2659 Changes the process name, possibly in an attempt to hide itself gmain 2660 Changes the process name, possibly in an attempt to hide itself glean.dispatche 2662 Changes the process name, possibly in an attempt to hide itself IPC I/O Parent 2664 Changes the process name, possibly in an attempt to hide itself IPC I/O Parent 2664 Changes the process name, possibly in an attempt to hide itself IPC I/O Parent 2664 Changes the process name, possibly in an attempt to hide itself Timer 2665 Changes the process name, possibly in an attempt to hide itself Timer 2665 Changes the process name, possibly in an attempt to hide itself Netlink Monitor 2666 Changes the process name, possibly in an attempt to hide itself Netlink Monitor 2666 Changes the process name, possibly in an attempt to hide itself Socket Thread 2667 Changes the process name, possibly in an attempt to hide itself Socket Thread 2667 Changes the process name, possibly in an attempt to hide itself IPDL Background 2668 Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 2669 Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 2669 Changes the process name, possibly in an attempt to hide itself IPDL Background 2668 Changes the process name, possibly in an attempt to hide itself HTML5 Parser 2670 Changes the process name, possibly in an attempt to hide itself HTML5 Parser 2670 Changes the process name, possibly in an attempt to hide itself pool-firefox 2671 Changes the process name, possibly in an attempt to hide itself pool-firefox 2672 Changes the process name, possibly in an attempt to hide itself gdbus 2673 Changes the process name, possibly in an attempt to hide itself JS Watchdog 2675 Changes the process name, possibly in an attempt to hide itself JS Watchdog 2675 Changes the process name, possibly in an attempt to hide itself BGReadURLs 2676 Changes the process name, possibly in an attempt to hide itself BGReadURLs 2676 Changes the process name, possibly in an attempt to hide itself Cache2 I/O 2677 Changes the process name, possibly in an attempt to hide itself Cookie 2678 Changes the process name, possibly in an attempt to hide itself Cookie 2678 Changes the process name, possibly in an attempt to hide itself StreamTrans #1 2689 Changes the process name, possibly in an attempt to hide itself StreamTrans #1 2689 Changes the process name, possibly in an attempt to hide itself TaskCon~ller #0 2692 Changes the process name, possibly in an attempt to hide itself TaskCon~ller #1 2693 Changes the process name, possibly in an attempt to hide itself BgIOThr~Pool #1 2694 Changes the process name, possibly in an attempt to hide itself BgIOThr~Pool #2 2695 Changes the process name, possibly in an attempt to hide itself BgIOThr~Pool #2 2695 Changes the process name, possibly in an attempt to hide itself BgIOThr~Pool #1 2694 Changes the process name, possibly in an attempt to hide itself StreamTrans #2 2696 Changes the process name, possibly in an attempt to hide itself StreamTrans #2 2696 Changes the process name, possibly in an attempt to hide itself StreamTrans #3 2697 Changes the process name, possibly in an attempt to hide itself StreamTrans #4 2698 Changes the process name, possibly in an attempt to hide itself StreamTrans #5 2699 Changes the process name, possibly in an attempt to hide itself StreamTrans #3 2697 Changes the process name, possibly in an attempt to hide itself StreamTrans #4 2698 Changes the process name, possibly in an attempt to hide itself StreamTrans #5 2699 Changes the process name, possibly in an attempt to hide itself StreamTrans #6 2700 Changes the process name, possibly in an attempt to hide itself StreamTrans #6 2700 Changes the process name, possibly in an attempt to hide itself StreamTrans #7 2701 Changes the process name, possibly in an attempt to hide itself StreamTrans #7 2701 Changes the process name, possibly in an attempt to hide itself StreamTrans #8 2702 Changes the process name, possibly in an attempt to hide itself StreamTrans #8 2702 Changes the process name, possibly in an attempt to hide itself StreamTrans #9 2703 Changes the process name, possibly in an attempt to hide itself StreamTrans #10 2704 Changes the process name, possibly in an attempt to hide itself StreamTrans #10 2704 Changes the process name, possibly in an attempt to hide itself StreamTrans #9 2703 Changes the process name, possibly in an attempt to hide itself StreamTrans #11 2705 Changes the process name, possibly in an attempt to hide itself StreamTrans #11 2705 Changes the process name, possibly in an attempt to hide itself StreamTrans #12 2706 Changes the process name, possibly in an attempt to hide itself StreamTrans #12 2706 Changes the process name, possibly in an attempt to hide itself StreamTrans #13 2707 Changes the process name, possibly in an attempt to hide itself StreamTrans #14 2708 Changes the process name, possibly in an attempt to hide itself StreamTrans #13 2707 Changes the process name, possibly in an attempt to hide itself StreamTrans #14 2708 -
Checks CPU configuration 1 TTPs 1 IoCs
Checks CPU information which indicate if the system is a virtual machine.
description ioc Process File opened for reading /proc/cpuinfo firefox -
Reads CPU attributes 1 TTPs 12 IoCs
description ioc Process File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/size firefox File opened for reading /sys/devices/system/cpu/present firefox File opened for reading /sys/devices/system/cpu/present firefox File opened for reading /sys/devices/system/cpu/present firefox File opened for reading /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq firefox File opened for reading /sys/devices/system/cpu/present firefox File opened for reading /sys/devices/system/cpu/present firefox File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/size firefox File opened for reading /sys/devices/system/cpu/present firefox File opened for reading /sys/devices/system/cpu/present firefox File opened for reading /sys/devices/system/cpu/present firefox File opened for reading /sys/devices/system/cpu/cpu0/cpu_capacity glxtest -
Enumerates kernel/hardware configuration 1 TTPs 64 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
description ioc Process File opened for reading /sys/module/apparmor/parameters/enabled dbus-daemon File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size snap-seccomp File opened for reading /sys/fs/cgroup/system.slice/boot.mount snap-confine File opened for reading /sys/fs/cgroup/system.slice/system-modprobe.slice snap-confine File opened for reading /sys/fs/cgroup/user.slice/user-0.slice/[email protected]/session.slice/org.gnome.SettingsDaemon.Power.service snap-confine File opened for reading /sys/bus/pci/devices/0000:00:05.0/vendor glxtest File opened for reading /sys/fs/cgroup/system.slice/systemd-logind.service snap-confine File opened for reading /sys/fs/cgroup/user.slice/user-0.slice/[email protected]/session.slice snap-confine File opened for reading /sys/bus/pci/devices/0000:00:00.0/device glxtest File opened for reading /sys/fs/cgroup/user.slice/user-0.slice/[email protected]/app.slice/gnome-session-monitor.service snap-confine File opened for reading /sys/devices/system/cpu firefox File opened for reading /sys/devices/system/cpu firefox File opened for reading /sys/fs/cgroup/user.slice/user-0.slice/[email protected]/session.slice/gvfs-metadata.service snap-confine File opened for reading /sys/devices/virtual/dma_heap/system/uevent snap-confine File opened for reading /sys/fs/cgroup/system.slice/dbus.service snap-confine File opened for reading /sys/fs/cgroup/system.slice/kerneloops.service snap-confine File opened for reading /sys/fs/cgroup/system.slice/agent.service snap-confine File opened for reading /sys/devices/pci0000:00/0000:00:02.0/drm/renderD128 firefox File opened for reading /sys/kernel/security/apparmor/features firefox File opened for reading /sys/fs/cgroup/system.slice/systemd-udevd.service/udev snap-confine File opened for reading /sys/devices/system/cpu firefox File opened for reading /sys/fs/cgroup/system.slice/accounts-daemon.service snap-confine File opened for reading /sys/fs/cgroup/system.slice/cron.service snap-confine File opened for reading /sys/fs/cgroup/user.slice/user-0.slice/[email protected]/session.slice/org.gnome.SettingsDaemon.ScreensaverProxy.service snap-confine File opened for reading /sys/devices/system/cpu firefox File opened for reading /sys/fs/cgroup/system.slice/snap-thunderbird-470.mount snap-confine File opened for reading /sys/fs/cgroup/system.slice/wpa_supplicant.service snap-confine File opened for reading /sys/fs/cgroup/user.slice/user-0.slice/[email protected]/background.slice snap-confine File opened for reading /sys/fs/cgroup/user.slice/user-0.slice/[email protected]/session.slice/gvfs-afc-volume-monitor.service snap-confine File opened for reading /sys/bus/pci/devices/0000:00:02.0/device glxtest File opened for reading /sys/devices/system/cpu firefox File opened for reading /sys/kernel/security/apparmor/features/network_v8 firefox File opened for reading /sys/fs/cgroup/system.slice/polkit.service snap-confine File opened for reading /sys/fs/cgroup/system.slice/ssh.socket snap-confine File opened for reading /sys/fs/cgroup/user.slice/user-0.slice snap-confine File opened for reading /sys/fs/cgroup/user.slice/user-0.slice/[email protected]/session.slice/org.gnome.SettingsDaemon.MediaKeys.service snap-confine File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size snapctl File opened for reading /sys/bus/pci/devices/0000:00:06.0/vendor glxtest File opened for reading /sys/devices/system/node/node0/meminfo firefox File opened for reading /sys/kernel/security/apparmor/features/caps firefox File opened for reading /sys/kernel/security/apparmor/features/domain firefox File opened for reading /sys/fs/cgroup/user.slice/user-0.slice/[email protected]/app.slice/app-gnome\x2dsession\x2dmanager.slice/[email protected] snap-confine File opened for reading /sys/fs/cgroup/user.slice/user-0.slice/[email protected]/session.slice/at-spi-dbus-bus.service snap-confine File opened for reading /sys/fs/cgroup/user.slice/user-0.slice/[email protected]/session.slice/org.gnome.SettingsDaemon.XSettings.service snap-confine File opened for reading /sys/bus/pci/devices/0000:00:02.0/vendor glxtest File opened for reading /sys/fs/cgroup/user.slice/user-0.slice/[email protected]/app.slice/app-org.gnome.Terminal.slice/vte-spawn-b4734e3b-affa-41aa-acb9-af45dfd5c0c3.scope snap-confine File opened for reading /sys/bus/pci/devices glxtest File opened for reading /sys/fs/cgroup/system.slice/avahi-daemon.service snap-confine File opened for reading /sys/fs/cgroup/system.slice/power-profiles-daemon.service snap-confine File opened for reading /sys/fs/cgroup/system.slice/snap-bare-5.mount snap-confine File opened for reading /sys/bus/pci/devices/0000:00:03.0/class glxtest File opened for reading /sys/fs/cgroup/system.slice/rtkit-daemon.service snap-confine File opened for reading /sys/fs/cgroup/user.slice/user-0.slice/[email protected]/app.slice/app-gnome\x2dsession\x2dmanager.slice snap-confine File opened for reading /sys/fs/cgroup/user.slice/user-0.slice/[email protected]/session.slice/org.gnome.SettingsDaemon.Housekeeping.service snap-confine File opened for reading /sys/fs/cgroup/user.slice/user-0.slice/[email protected]/app.slice/snap.firefox.firefox-d031047b-4f9a-43cf-a76b-ccffd7d401b1.scope/cpu.max firefox File opened for reading /sys/devices/pci0000:00/0000:00:02.0/drm/card1/card1-Virtual-1/uevent snap-confine File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size snapctl File opened for reading /sys/bus/pci/devices/0000:00:01.0/device glxtest File opened for reading /sys/devices/pci0000:00/0000:00:02.0/drm/card1/uevent snap-confine File opened for reading /sys/fs/cgroup/sys-kernel-config.mount snap-confine File opened for reading /sys/fs/cgroup/sys-kernel-debug.mount snap-confine File opened for reading /sys/fs/cgroup/system.slice/ModemManager.service snap-confine File opened for reading /sys/fs/cgroup/user.slice/user-0.slice/[email protected]/app.slice/dconf.service snap-confine File opened for reading /sys/fs/cgroup/user.slice/user-0.slice/[email protected]/session.slice/org.gnome.SettingsDaemon.Rfkill.service snap-confine -
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc Process File opened for reading /proc/self/fd/49 firefox File opened for reading /proc/self/fd/158 firefox File opened for reading /proc/self/maps firefox File opened for reading /proc/self/fd dbus-send File opened for reading /proc/2535/attr/apparmor/current snap-confine File opened for reading /proc/self/fd/42 firefox File opened for reading /proc/self/task/2845/stat firefox File opened for reading /proc/self/stat firefox File opened for reading /proc/self/task/2890/stat firefox File opened for reading /proc/self/fd dbus-send File opened for reading /proc/self/fd/47 firefox File opened for reading /proc/filesystems firefox File opened for reading /proc/self/maps grep File opened for reading /proc/self/maps grep File opened for reading /proc/self/mountinfo snap-confine File opened for reading /proc/self/fd/51 firefox File opened for reading /proc/self/stat firefox File opened for reading /proc/2460/cmdline dbus-daemon File opened for reading /proc/self/maps grep File opened for reading /proc/self/mountinfo firefox File opened for reading /proc/filesystems firefox File opened for reading /proc/filesystems sed File opened for reading /proc/filesystems firefox File opened for reading /proc/filesystems mkdir File opened for reading /proc/self/fd/44 firefox File opened for reading /proc/2830/smaps firefox File opened for reading /proc/2466/status dbus-daemon File opened for reading /proc/self/fd/10 snap-confine File opened for reading /proc/self/task/2902/stat firefox File opened for reading /proc/self/maps grep File opened for reading /proc/self/maps grep File opened for reading /proc/self/maps grep File opened for reading /proc/self/fd/71 firefox File opened for reading /proc/self/maps firefox File opened for reading /proc/self/maps firefox File opened for reading /proc/self/maps grep File opened for reading /proc/self/cgroup snap-confine File opened for reading /proc/self/cgroup firefox File opened for reading /proc/self/fd/55 firefox File opened for reading /proc/self/fd/93 firefox File opened for reading /proc/self/maps grep File opened for reading /proc/self/mountinfo firefox File opened for reading /proc/2535/cgroup firefox File opened for reading /proc/self/fd/57 firefox File opened for reading /proc/filesystems sed File opened for reading /proc/self/maps grep File opened for reading /proc/self/fd/30 firefox File opened for reading /proc/self/fd/41 firefox File opened for reading /proc/self/maps firefox File opened for reading /proc/self/fd/11 firefox File opened for reading /proc/self/maps grep File opened for reading /proc/filesystems sed File opened for reading /proc/filesystems firefox File opened for reading /proc/self/fd/9 snap-confine File opened for reading /proc/self/fd/11 snap-confine File opened for reading /proc/self/fd/33 firefox File opened for reading /proc/self/fd/81 firefox File opened for reading /proc/2816/statm firefox File opened for reading /proc/self/mountinfo firefox File opened for reading /proc/cmdline snap-exec File opened for reading /proc/self/fd/50 firefox File opened for reading /proc/self/task/2721/stat firefox File opened for reading /proc/self/stat firefox File opened for reading /proc/sys/kernel/cap_last_cap dbus-daemon -
Writes file to tmp directory 2 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/firefox/.parentlock firefox File opened for modification /tmp/mozilla-temp-713443461 firefox
Processes
-
/usr/bin/xdg-openxdg-open http://www.mediafire.com/file/nix36lf9t48w2i4/setup_undertale_2.0.0.2.exe1⤵PID:2459
-
/usr/bin/dbus-senddbus-send --print-reply "--dest=org.freedesktop.DBus" /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager2⤵PID:2460
-
/usr/bin/dbus-launchdbus-launch --autolaunch 36e6eb39a6fa405996e79cad2731865d --binary-syntax --close-stderr3⤵PID:2462
-
/usr/bin/dbus-daemon/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session4⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:2464
-
-
-
-
/usr/bin/xpropxprop -root _DT_SAVE_MODE2⤵PID:2467
-
-
/usr/bin/grepgrep " = \\\"xfce4\\\"\$"2⤵PID:2468
-
-
/usr/bin/xpropxprop -root2⤵PID:2469
-
-
/usr/bin/grepgrep -i "^xfce_desktop_window"2⤵PID:2470
-
-
/usr/bin/grepgrep -q "^Enlightenment"2⤵
- Reads runtime system information
PID:2472
-
-
/usr/bin/unameuname2⤵PID:2473
-
-
/usr/bin/grepgrep -q "^file://"2⤵
- Reads runtime system information
PID:2475
-
-
/usr/bin/egrepegrep -q "^[[:alpha:]+\\.\\-]+:"2⤵PID:2477
-
-
/usr/local/sbin/grepgrep -E -q "^[[:alpha:]+\\.\\-]+:"2⤵PID:2477
-
-
/usr/local/bin/grepgrep -E -q "^[[:alpha:]+\\.\\-]+:"2⤵PID:2477
-
-
/usr/sbin/grepgrep -E -q "^[[:alpha:]+\\.\\-]+:"2⤵PID:2477
-
-
/usr/bin/grepgrep -E -q "^[[:alpha:]+\\.\\-]+:"2⤵
- Reads runtime system information
PID:2477
-
-
/usr/bin/sedsed -n "s/\\(^[[:alnum:]+\\.-]*\\):.*\$/\\1/p"2⤵
- Reads runtime system information
PID:2480
-
-
/usr/bin/xdg-mimexdg-mime query default x-scheme-handler/http2⤵PID:2481
-
/usr/bin/dbus-senddbus-send --print-reply "--dest=org.freedesktop.DBus" /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager3⤵PID:2482
-
/usr/bin/dbus-launchdbus-launch --autolaunch 36e6eb39a6fa405996e79cad2731865d --binary-syntax --close-stderr4⤵PID:2483
-
-
-
/usr/bin/xpropxprop -root _DT_SAVE_MODE3⤵PID:2484
-
-
/usr/bin/grepgrep " = \\\"xfce4\\\"\$"3⤵
- Reads runtime system information
PID:2485
-
-
/usr/bin/xpropxprop -root3⤵PID:2486
-
-
/usr/bin/grepgrep -i "^xfce_desktop_window"3⤵PID:2487
-
-
/usr/bin/grepgrep -q "^Enlightenment"3⤵PID:2489
-
-
/usr/bin/unameuname3⤵PID:2490
-
-
/usr/bin/sedsed "s/:/ /g"3⤵PID:2493
-
-
/usr/bin/grepgrep "x-scheme-handler/http=" /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache3⤵PID:2495
-
-
/usr/bin/headhead -n 13⤵PID:2496
-
-
/usr/bin/cutcut -d "=" -f 23⤵PID:2497
-
-
/usr/bin/cutcut -d ";" -f 13⤵PID:2498
-
-
/usr/bin/grepgrep "x-scheme-handler/http=" /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache3⤵PID:2500
-
-
/usr/bin/headhead -n 13⤵PID:2501
-
-
/usr/bin/cutcut -d "=" -f 23⤵PID:2502
-
-
/usr/bin/cutcut -d ";" -f 13⤵PID:2503
-
-
/usr/bin/grepgrep "x-scheme-handler/http=" /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache3⤵PID:2505
-
-
/usr/bin/headhead -n 13⤵PID:2506
-
-
/usr/bin/cutcut -d "=" -f 23⤵PID:2507
-
-
/usr/bin/cutcut -d ";" -f 13⤵PID:2508
-
-
/usr/bin/grepgrep "x-scheme-handler/http=" /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache3⤵PID:2510
-
-
/usr/bin/headhead -n 13⤵PID:2511
-
-
/usr/bin/cutcut -d "=" -f 23⤵PID:2512
-
-
/usr/bin/cutcut -d ";" -f 13⤵PID:2513
-
-
/usr/bin/grepgrep "x-scheme-handler/http=" /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache3⤵
- Reads runtime system information
PID:2515
-
-
/usr/bin/headhead -n 13⤵PID:2516
-
-
/usr/bin/cutcut -d "=" -f 23⤵PID:2517
-
-
/usr/bin/cutcut -d ";" -f 13⤵PID:2518
-
-
/usr/bin/grepgrep "x-scheme-handler/http=" /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache3⤵PID:2520
-
-
/usr/bin/headhead -n 13⤵PID:2521
-
-
/usr/bin/cutcut -d "=" -f 23⤵PID:2522
-
-
/usr/bin/cutcut -d ";" -f 13⤵PID:2523
-
-
/usr/bin/sedsed "s/:/ /g"3⤵
- Reads runtime system information
PID:2526
-
-
/usr/bin/grepgrep -l "x-scheme-handler/http;" "/.local/share/applications/*.desktop"3⤵PID:2528
-
-
/usr/bin/grepgrep -l "x-scheme-handler/http;" "/usr/local/share//applications/*.desktop"3⤵PID:2530
-
-
/usr/bin/grepgrep -l "x-scheme-handler/http;" /usr/share//applications/apport-gtk.desktop /usr/share//applications/bluetooth-sendto.desktop /usr/share//applications/display-im6.q16.desktop /usr/share//applications/gcr-prompter.desktop /usr/share//applications/gcr-viewer.desktop /usr/share//applications/geoclue-demo-agent.desktop /usr/share//applications/gkbd-keyboard-display.desktop /usr/share//applications/gnome-about-panel.desktop /usr/share//applications/gnome-applications-panel.desktop /usr/share//applications/gnome-background-panel.desktop /usr/share//applications/gnome-bluetooth-panel.desktop /usr/share//applications/gnome-color-panel.desktop /usr/share//applications/gnome-datetime-panel.desktop /usr/share//applications/gnome-disk-image-mounter.desktop /usr/share//applications/gnome-disk-image-writer.desktop /usr/share//applications/gnome-display-panel.desktop /usr/share//applications/gnome-initial-setup.desktop /usr/share//applications/gnome-keyboard-panel.desktop /usr/share//applications/gnome-language-selector.desktop /usr/share//applications/gnome-mouse-panel.desktop /usr/share//applications/gnome-multitasking-panel.desktop /usr/share//applications/gnome-network-panel.desktop /usr/share//applications/gnome-notifications-panel.desktop /usr/share//applications/gnome-online-accounts-panel.desktop /usr/share//applications/gnome-power-panel.desktop /usr/share//applications/gnome-printers-panel.desktop /usr/share//applications/gnome-privacy-panel.desktop /usr/share//applications/gnome-region-panel.desktop /usr/share//applications/gnome-search-panel.desktop /usr/share//applications/gnome-session-properties.desktop /usr/share//applications/gnome-sharing-panel.desktop /usr/share//applications/gnome-sound-panel.desktop /usr/share//applications/gnome-system-monitor-kde.desktop /usr/share//applications/gnome-system-panel.desktop /usr/share//applications/gnome-ubuntu-panel.desktop /usr/share//applications/gnome-universal-access-panel.desktop /usr/share//applications/gnome-users-panel.desktop /usr/share//applications/gnome-wacom-panel.desktop /usr/share//applications/gnome-wifi-panel.desktop /usr/share//applications/gnome-wwan-panel.desktop /usr/share//applications/hplj1020.desktop /usr/share//applications/ibus-setup-table.desktop /usr/share//applications/im-config.desktop /usr/share//applications/io.snapcraft.SessionAgent.desktop /usr/share//applications/libreoffice-calc.desktop /usr/share//applications/libreoffice-draw.desktop /usr/share//applications/libreoffice-impress.desktop /usr/share//applications/libreoffice-math.desktop /usr/share//applications/libreoffice-startcenter.desktop /usr/share//applications/libreoffice-writer.desktop /usr/share//applications/libreoffice-xsltfilter.desktop /usr/share//applications/nautilus-autorun-software.desktop /usr/share//applications/nm-applet.desktop /usr/share//applications/nm-connection-editor.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Emojier.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Extension.Gtk3.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Wayland.Gtk3.desktop /usr/share//applications/org.freedesktop.IBus.Setup.desktop /usr/share//applications/org.freedesktop.Xwayland.desktop /usr/share//applications/org.gnome.Calculator.desktop /usr/share//applications/org.gnome.Calendar.desktop /usr/share//applications/org.gnome.Characters.desktop /usr/share//applications/org.gnome.DejaDup.desktop /usr/share//applications/org.gnome.DiskUtility.desktop /usr/share//applications/org.gnome.Evince-previewer.desktop /usr/share//applications/org.gnome.Evince.desktop /usr/share//applications/org.gnome.Evolution-alarm-notify.desktop /usr/share//applications/org.gnome.FileRoller.desktop /usr/share//applications/org.gnome.Logs.desktop /usr/share//applications/org.gnome.Nautilus.desktop /usr/share//applications/org.gnome.OnlineAccounts.OAuth2.desktop /usr/share//applications/org.gnome.PowerStats.desktop /usr/share//applications/org.gnome.RemoteDesktop.Handover.desktop /usr/share//applications/org.gnome.Rhythmbox3.desktop /usr/share//applications/org.gnome.Rhythmbox3.device.desktop /usr/share//applications/org.gnome.Settings.desktop /usr/share//applications/org.gnome.Shell.Extensions.desktop /usr/share//applications/org.gnome.Shell.PortalHelper.desktop /usr/share//applications/org.gnome.Shell.desktop /usr/share//applications/org.gnome.Shotwell-Viewer.desktop /usr/share//applications/org.gnome.Shotwell.Auth.desktop /usr/share//applications/org.gnome.Shotwell.desktop /usr/share//applications/org.gnome.Snapshot.desktop /usr/share//applications/org.gnome.SystemMonitor.desktop /usr/share//applications/org.gnome.Tecla.desktop /usr/share//applications/org.gnome.Terminal.Preferences.desktop /usr/share//applications/org.gnome.Terminal.desktop /usr/share//applications/org.gnome.TextEditor.desktop /usr/share//applications/org.gnome.Totem.desktop /usr/share//applications/org.gnome.Zenity.desktop /usr/share//applications/org.gnome.baobab.desktop /usr/share//applications/org.gnome.clocks.desktop /usr/share//applications/org.gnome.eog.desktop /usr/share//applications/org.gnome.evolution-data-server.OAuth2-handler.desktop /usr/share//applications/org.gnome.font-viewer.desktop /usr/share//applications/org.gnome.seahorse.Application.desktop /usr/share//applications/org.remmina.Remmina-file.desktop /usr/share//applications/org.remmina.Remmina.desktop /usr/share//applications/python3.12.desktop /usr/share//applications/remmina-gnome.desktop /usr/share//applications/rygel.desktop /usr/share//applications/simple-scan.desktop /usr/share//applications/snap-handle-link.desktop /usr/share//applications/software-properties-drivers.desktop /usr/share//applications/software-properties-gtk.desktop /usr/share//applications/software-properties-livepatch.desktop /usr/share//applications/thunderbird.desktop /usr/share//applications/transmission-gtk.desktop /usr/share//applications/update-manager.desktop /usr/share//applications/usb-creator-gtk.desktop /usr/share//applications/xdg-desktop-portal-gnome.desktop /usr/share//applications/xdg-desktop-portal-gtk.desktop /usr/share//applications/yelp.desktop3⤵PID:2532
-
-
-
/usr/bin/grepgrep -q "%s"2⤵PID:2534
-
-
/usr/bin/x-www-browserx-www-browser http://www.mediafire.com/file/nix36lf9t48w2i4/setup_undertale_2.0.0.2.exe2⤵PID:2535
-
/usr/bin/xdg-settingsxdg-settings get default-web-browser3⤵PID:2536
-
/usr/bin/dbus-senddbus-send --print-reply "--dest=org.freedesktop.DBus" /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager4⤵
- Reads runtime system information
PID:2537 -
/usr/bin/dbus-launchdbus-launch --autolaunch 36e6eb39a6fa405996e79cad2731865d --binary-syntax --close-stderr5⤵PID:2538
-
-
-
/usr/bin/xpropxprop -root _DT_SAVE_MODE4⤵PID:2539
-
-
/usr/bin/grepgrep " = \\\"xfce4\\\"\$"4⤵PID:2540
-
-
/usr/bin/xpropxprop -root4⤵PID:2541
-
-
/usr/bin/grepgrep -i "^xfce_desktop_window"4⤵PID:2542
-
-
/usr/bin/grepgrep -q "^Enlightenment"4⤵PID:2544
-
-
/usr/bin/unameuname4⤵PID:2545
-
-
/usr/bin/xdg-mimexdg-mime query default x-scheme-handler/http4⤵PID:2546
-
/usr/bin/dbus-senddbus-send --print-reply "--dest=org.freedesktop.DBus" /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager5⤵
- Reads runtime system information
PID:2547 -
/usr/bin/dbus-launchdbus-launch --autolaunch 36e6eb39a6fa405996e79cad2731865d --binary-syntax --close-stderr6⤵PID:2548
-
-
-
/usr/bin/xpropxprop -root _DT_SAVE_MODE5⤵PID:2549
-
-
/usr/bin/grepgrep " = \\\"xfce4\\\"\$"5⤵PID:2550
-
-
/usr/bin/xpropxprop -root5⤵PID:2551
-
-
/usr/bin/grepgrep -i "^xfce_desktop_window"5⤵PID:2552
-
-
/usr/bin/grepgrep -q "^Enlightenment"5⤵
- Reads runtime system information
PID:2555
-
-
/usr/bin/unameuname5⤵PID:2556
-
-
/usr/bin/sedsed "s/:/ /g"5⤵PID:2561
-
-
/usr/bin/grepgrep "x-scheme-handler/http=" /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache5⤵
- Reads runtime system information
PID:2563
-
-
/usr/bin/headhead -n 15⤵PID:2564
-
-
/usr/bin/cutcut -d "=" -f 25⤵PID:2565
-
-
/usr/bin/cutcut -d ";" -f 15⤵PID:2566
-
-
/usr/bin/grepgrep "x-scheme-handler/http=" /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache5⤵
- Reads runtime system information
PID:2568
-
-
/usr/bin/headhead -n 15⤵PID:2569
-
-
/usr/bin/cutcut -d "=" -f 25⤵PID:2570
-
-
/usr/bin/cutcut -d ";" -f 15⤵PID:2571
-
-
/usr/bin/headhead -n 15⤵PID:2574
-
-
/usr/bin/cutcut -d "=" -f 25⤵PID:2575
-
-
/usr/bin/grepgrep "x-scheme-handler/http=" /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache5⤵PID:2573
-
-
/usr/bin/cutcut -d ";" -f 15⤵PID:2576
-
-
/usr/bin/grepgrep "x-scheme-handler/http=" /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache5⤵
- Reads runtime system information
PID:2578
-
-
/usr/bin/headhead -n 15⤵PID:2579
-
-
/usr/bin/cutcut -d "=" -f 25⤵PID:2580
-
-
/usr/bin/cutcut -d ";" -f 15⤵PID:2581
-
-
/usr/bin/grepgrep "x-scheme-handler/http=" /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache5⤵PID:2583
-
-
/usr/bin/headhead -n 15⤵PID:2584
-
-
/usr/bin/cutcut -d "=" -f 25⤵PID:2585
-
-
/usr/bin/cutcut -d ";" -f 15⤵PID:2586
-
-
/usr/bin/grepgrep "x-scheme-handler/http=" /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache5⤵PID:2588
-
-
/usr/bin/headhead -n 15⤵PID:2589
-
-
/usr/bin/cutcut -d "=" -f 25⤵PID:2590
-
-
/usr/bin/cutcut -d ";" -f 15⤵PID:2591
-
-
/usr/bin/sedsed "s/:/ /g"5⤵
- Reads runtime system information
PID:2594
-
-
/usr/bin/grepgrep -l "x-scheme-handler/http;" "/.local/share/applications/*.desktop"5⤵
- Reads runtime system information
PID:2596
-
-
/usr/bin/grepgrep -l "x-scheme-handler/http;" "/usr/local/share//applications/*.desktop"5⤵PID:2598
-
-
/usr/bin/grepgrep -l "x-scheme-handler/http;" /usr/share//applications/apport-gtk.desktop /usr/share//applications/bluetooth-sendto.desktop /usr/share//applications/display-im6.q16.desktop /usr/share//applications/gcr-prompter.desktop /usr/share//applications/gcr-viewer.desktop /usr/share//applications/geoclue-demo-agent.desktop /usr/share//applications/gkbd-keyboard-display.desktop /usr/share//applications/gnome-about-panel.desktop /usr/share//applications/gnome-applications-panel.desktop /usr/share//applications/gnome-background-panel.desktop /usr/share//applications/gnome-bluetooth-panel.desktop /usr/share//applications/gnome-color-panel.desktop /usr/share//applications/gnome-datetime-panel.desktop /usr/share//applications/gnome-disk-image-mounter.desktop /usr/share//applications/gnome-disk-image-writer.desktop /usr/share//applications/gnome-display-panel.desktop /usr/share//applications/gnome-initial-setup.desktop /usr/share//applications/gnome-keyboard-panel.desktop /usr/share//applications/gnome-language-selector.desktop /usr/share//applications/gnome-mouse-panel.desktop /usr/share//applications/gnome-multitasking-panel.desktop /usr/share//applications/gnome-network-panel.desktop /usr/share//applications/gnome-notifications-panel.desktop /usr/share//applications/gnome-online-accounts-panel.desktop /usr/share//applications/gnome-power-panel.desktop /usr/share//applications/gnome-printers-panel.desktop /usr/share//applications/gnome-privacy-panel.desktop /usr/share//applications/gnome-region-panel.desktop /usr/share//applications/gnome-search-panel.desktop /usr/share//applications/gnome-session-properties.desktop /usr/share//applications/gnome-sharing-panel.desktop /usr/share//applications/gnome-sound-panel.desktop /usr/share//applications/gnome-system-monitor-kde.desktop /usr/share//applications/gnome-system-panel.desktop /usr/share//applications/gnome-ubuntu-panel.desktop /usr/share//applications/gnome-universal-access-panel.desktop /usr/share//applications/gnome-users-panel.desktop /usr/share//applications/gnome-wacom-panel.desktop /usr/share//applications/gnome-wifi-panel.desktop /usr/share//applications/gnome-wwan-panel.desktop /usr/share//applications/hplj1020.desktop /usr/share//applications/ibus-setup-table.desktop /usr/share//applications/im-config.desktop /usr/share//applications/io.snapcraft.SessionAgent.desktop /usr/share//applications/libreoffice-calc.desktop /usr/share//applications/libreoffice-draw.desktop /usr/share//applications/libreoffice-impress.desktop /usr/share//applications/libreoffice-math.desktop /usr/share//applications/libreoffice-startcenter.desktop /usr/share//applications/libreoffice-writer.desktop /usr/share//applications/libreoffice-xsltfilter.desktop /usr/share//applications/nautilus-autorun-software.desktop /usr/share//applications/nm-applet.desktop /usr/share//applications/nm-connection-editor.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Emojier.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Extension.Gtk3.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Wayland.Gtk3.desktop /usr/share//applications/org.freedesktop.IBus.Setup.desktop /usr/share//applications/org.freedesktop.Xwayland.desktop /usr/share//applications/org.gnome.Calculator.desktop /usr/share//applications/org.gnome.Calendar.desktop /usr/share//applications/org.gnome.Characters.desktop /usr/share//applications/org.gnome.DejaDup.desktop /usr/share//applications/org.gnome.DiskUtility.desktop /usr/share//applications/org.gnome.Evince-previewer.desktop /usr/share//applications/org.gnome.Evince.desktop /usr/share//applications/org.gnome.Evolution-alarm-notify.desktop /usr/share//applications/org.gnome.FileRoller.desktop /usr/share//applications/org.gnome.Logs.desktop /usr/share//applications/org.gnome.Nautilus.desktop /usr/share//applications/org.gnome.OnlineAccounts.OAuth2.desktop /usr/share//applications/org.gnome.PowerStats.desktop /usr/share//applications/org.gnome.RemoteDesktop.Handover.desktop /usr/share//applications/org.gnome.Rhythmbox3.desktop /usr/share//applications/org.gnome.Rhythmbox3.device.desktop /usr/share//applications/org.gnome.Settings.desktop /usr/share//applications/org.gnome.Shell.Extensions.desktop /usr/share//applications/org.gnome.Shell.PortalHelper.desktop /usr/share//applications/org.gnome.Shell.desktop /usr/share//applications/org.gnome.Shotwell-Viewer.desktop /usr/share//applications/org.gnome.Shotwell.Auth.desktop /usr/share//applications/org.gnome.Shotwell.desktop /usr/share//applications/org.gnome.Snapshot.desktop /usr/share//applications/org.gnome.SystemMonitor.desktop /usr/share//applications/org.gnome.Tecla.desktop /usr/share//applications/org.gnome.Terminal.Preferences.desktop /usr/share//applications/org.gnome.Terminal.desktop /usr/share//applications/org.gnome.TextEditor.desktop /usr/share//applications/org.gnome.Totem.desktop /usr/share//applications/org.gnome.Zenity.desktop /usr/share//applications/org.gnome.baobab.desktop /usr/share//applications/org.gnome.clocks.desktop /usr/share//applications/org.gnome.eog.desktop /usr/share//applications/org.gnome.evolution-data-server.OAuth2-handler.desktop /usr/share//applications/org.gnome.font-viewer.desktop /usr/share//applications/org.gnome.seahorse.Application.desktop /usr/share//applications/org.remmina.Remmina-file.desktop /usr/share//applications/org.remmina.Remmina.desktop /usr/share//applications/python3.12.desktop /usr/share//applications/remmina-gnome.desktop /usr/share//applications/rygel.desktop /usr/share//applications/simple-scan.desktop /usr/share//applications/snap-handle-link.desktop /usr/share//applications/software-properties-drivers.desktop /usr/share//applications/software-properties-gtk.desktop /usr/share//applications/software-properties-livepatch.desktop /usr/share//applications/thunderbird.desktop /usr/share//applications/transmission-gtk.desktop /usr/share//applications/update-manager.desktop /usr/share//applications/usb-creator-gtk.desktop /usr/share//applications/xdg-desktop-portal-gnome.desktop /usr/share//applications/xdg-desktop-portal-gtk.desktop /usr/share//applications/yelp.desktop5⤵PID:2600
-
-
-
-
/usr/bin/gsettingsgsettings get org.gnome.shell favorite-apps3⤵PID:2601
-
-
/usr/bin/grepgrep -q "'firefox.desktop'"3⤵PID:2606
-
-
/usr/bin/gsettingsgsettings get com.canonical.Unity.Launcher favorites3⤵PID:2607
-
-
/usr/bin/grepgrep -q "'application://firefox.desktop'"3⤵PID:2609
-
-
/usr/bin/gsettingsgsettings get org.mate.panel object-id-list3⤵PID:2610
-
-
/usr/bin/whichwhich qdbus3⤵PID:2611
-
-
-
/snap/bin/firefox/snap/bin/firefox http://www.mediafire.com/file/nix36lf9t48w2i4/setup_undertale_2.0.0.2.exe2⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:2535 -
/usr/lib/snapd/snap-seccomp/usr/lib/snapd/snap-seccomp version-info3⤵
- Enumerates kernel/hardware configuration
PID:2615
-
-
-
/usr/lib/snapd/snap-confine/usr/lib/snapd/snap-confine --base core22 snap.firefox.firefox /usr/lib/snapd/snap-exec firefox http://www.mediafire.com/file/nix36lf9t48w2i4/setup_undertale_2.0.0.2.exe2⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:2535
-
-
/usr/lib/snapd/snap-exec/usr/lib/snapd/snap-exec firefox http://www.mediafire.com/file/nix36lf9t48w2i4/setup_undertale_2.0.0.2.exe2⤵
- Reads runtime system information
PID:2535
-
-
/snap/firefox/4259/snap/command-chain/desktop-launch/snap/firefox/4259/snap/command-chain/desktop-launch /snap/firefox/4259/firefox.launcher http://www.mediafire.com/file/nix36lf9t48w2i4/setup_undertale_2.0.0.2.exe2⤵PID:2535
-
/usr/bin/datedate "+%s.%N"3⤵PID:2629
-
-
/usr/bin/chmodchmod 700 /root/snap/firefox/4259/.config3⤵PID:2630
-
-
/usr/bin/md5summd5sum3⤵PID:2632
-
-
/usr/bin/catcat /root/snap/firefox/4259/.config/user-dirs.dirs.md5sum3⤵PID:2633
-
-
/usr/bin/md5summd5sum3⤵PID:2635
-
-
/usr/bin/catcat /root/snap/firefox/4259/.config/user-dirs.locale.md5sum3⤵PID:2636
-
-
/usr/bin/grepgrep -qs "^\\s*confinement:\\s*classic\\s*" /snap/firefox/4259/meta/snap.yaml3⤵PID:2637
-
-
/usr/bin/snapctlsnapctl is-connected gnome-42-22043⤵
- Enumerates kernel/hardware configuration
PID:2638
-
-
/usr/bin/snapctlsnapctl is-connected gsettings3⤵PID:2641
-
-
/usr/bin/mkdirmkdir -p /run/user/0/snap.firefox -m 7003⤵
- Reads runtime system information
PID:2644
-
-
/usr/bin/realpathrealpath /root/snap/firefox/4259/.config3⤵PID:2645
-
-
/usr/bin/realpathrealpath /root/snap/firefox/common3⤵PID:2646
-
-
/usr/bin/mkdirmkdir -p /run/user/0/snap.firefox/dconf3⤵PID:2647
-
-
/usr/bin/lnln -sf ../../dconf/user /run/user/0/snap.firefox/dconf/user3⤵PID:2648
-
-
/usr/bin/rmrm -rf /root/snap/firefox/4259/.config/ibus/bus3⤵PID:2649
-
-
/usr/bin/lnln -sfn /root/.config/ibus/bus /root/snap/firefox/4259/.config/ibus3⤵PID:2650
-
-
-
/snap/firefox/4259/firefox.launcher/snap/firefox/4259/firefox.launcher http://www.mediafire.com/file/nix36lf9t48w2i4/setup_undertale_2.0.0.2.exe2⤵PID:2535
-
-
/snap/firefox/4259/usr/lib/firefox/firefox/snap/firefox/4259/usr/lib/firefox/firefox http://www.mediafire.com/file/nix36lf9t48w2i4/setup_undertale_2.0.0.2.exe2⤵
- Checks CPU configuration
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
- Writes file to tmp directory
PID:2535 -
/usr/bin/snapctl/usr/bin/snapctl is-connected3⤵
- Enumerates kernel/hardware configuration
PID:2653
-
-
/usr/bin/snapctl/usr/bin/snapctl is-connected gsettings3⤵PID:2656
-
-
/snap/firefox/4259/usr/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2661
-
-
/snap/firefox/4259/usr/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2661
-
-
/snap/firefox/4259/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2661
-
-
/snap/firefox/4259/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2661
-
-
/usr/local/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2661
-
-
/usr/local/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2661
-
-
/usr/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2661
-
-
/usr/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2661
-
-
/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2661
-
-
/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2661
-
-
/usr/games/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2661
-
-
/usr/local/games/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2661
-
-
/snap/firefox/4259/gnome-platform/usr/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2661
-
-
/snap/firefox/4259/usr/lib/firefox/glxtest/snap/firefox/4259/usr/lib/firefox/glxtest -f 123⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
PID:2663
-
-
/snap/firefox/4259/usr/lib/firefox/firefox/snap/firefox/4259/usr/lib/firefox/firefox -contentproc -parentBuildID 20240510023632 -prefsLen 20605 -prefMapSize 239489 -appDir /snap/firefox/4259/usr/lib/firefox/browser "{0ee6d978-b4be-4eac-8e27-62eecc1052d0}" 2535 true socket3⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:2718
-
-
/snap/firefox/4259/usr/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2729
-
-
/snap/firefox/4259/usr/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2729
-
-
/snap/firefox/4259/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2729
-
-
/snap/firefox/4259/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2729
-
-
/usr/local/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2729
-
-
/usr/local/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2729
-
-
/usr/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2729
-
-
/usr/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2729
-
-
/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2729
-
-
/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2729
-
-
/usr/games/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2729
-
-
/usr/local/games/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2729
-
-
/snap/firefox/4259/gnome-platform/usr/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2729
-
-
/snap/firefox/4259/usr/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2741
-
-
/snap/firefox/4259/usr/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2741
-
-
/snap/firefox/4259/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2741
-
-
/snap/firefox/4259/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2741
-
-
/usr/local/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2741
-
-
/usr/local/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2741
-
-
/usr/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2741
-
-
/usr/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2741
-
-
/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2741
-
-
/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2741
-
-
/usr/games/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2741
-
-
/usr/local/games/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2741
-
-
/snap/firefox/4259/gnome-platform/usr/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2741
-
-
/snap/firefox/4259/usr/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2752
-
-
/snap/firefox/4259/usr/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2752
-
-
/snap/firefox/4259/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2752
-
-
/snap/firefox/4259/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2752
-
-
/usr/local/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2752
-
-
/usr/local/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2752
-
-
/usr/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2752
-
-
/usr/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2752
-
-
/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2752
-
-
/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2752
-
-
/usr/games/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2752
-
-
/usr/local/games/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2752
-
-
/snap/firefox/4259/gnome-platform/usr/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2752
-
-
/snap/firefox/4259/usr/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2755
-
-
/snap/firefox/4259/usr/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2755
-
-
/snap/firefox/4259/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2755
-
-
/snap/firefox/4259/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2755
-
-
/usr/local/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2755
-
-
/usr/local/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2755
-
-
/usr/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2755
-
-
/usr/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2755
-
-
/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2755
-
-
/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2755
-
-
/usr/games/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2755
-
-
/usr/local/games/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2755
-
-
/snap/firefox/4259/gnome-platform/usr/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2755
-
-
/snap/firefox/4259/usr/lib/firefox/firefox/snap/firefox/4259/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 23762 -prefMapSize 239489 -jsInitLen 231800 -parentBuildID 20240510023632 -greomni /snap/firefox/4259/usr/lib/firefox/omni.ja -appomni /snap/firefox/4259/usr/lib/firefox/browser/omni.ja -appDir /snap/firefox/4259/usr/lib/firefox/browser "{2adb8fc3-495f-4b58-8c93-114a93e7b6a7}" 2535 true tab3⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:2761
-
-
/snap/firefox/4259/usr/lib/firefox/firefox/snap/firefox/4259/usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 23436 -prefMapSize 239489 -jsInitLen 231800 -parentBuildID 20240510023632 -greomni /snap/firefox/4259/usr/lib/firefox/omni.ja -appomni /snap/firefox/4259/usr/lib/firefox/browser/omni.ja -appDir /snap/firefox/4259/usr/lib/firefox/browser "{37874d0d-9155-4731-a25d-7066ab6e363a}" 2535 true tab3⤵
- Reads CPU attributes
- Reads runtime system information
PID:2773
-
-
/snap/firefox/4259/usr/sbin/xdg-settingsxdg-settings3⤵PID:2812
-
-
/snap/firefox/4259/usr/bin/xdg-settingsxdg-settings3⤵PID:2812
-
-
/snap/firefox/4259/sbin/xdg-settingsxdg-settings3⤵PID:2812
-
-
/snap/firefox/4259/bin/xdg-settingsxdg-settings3⤵PID:2812
-
-
/usr/local/sbin/xdg-settingsxdg-settings3⤵PID:2812
-
-
/usr/local/bin/xdg-settingsxdg-settings3⤵PID:2812
-
-
/usr/sbin/xdg-settingsxdg-settings3⤵PID:2812
-
-
/usr/bin/xdg-settingsxdg-settings check default-web-browser firefox.desktop3⤵PID:2812
-
/usr/bin/dbus-senddbus-send "--print-reply=literal" --session "--dest=io.snapcraft.Settings" /io/snapcraft/Settings io.snapcraft.Settings.Check string:default-web-browser string:firefox.desktop4⤵PID:2813
-
/usr/bin/dbus-launchdbus-launch --autolaunch 36e6eb39a6fa405996e79cad2731865d --binary-syntax --close-stderr5⤵PID:2815
-
-
/snap/firefox/4259/usr/sbin/dbus-launchdbus-launch --autolaunch 36e6eb39a6fa405996e79cad2731865d --binary-syntax --close-stderr5⤵PID:2815
-
-
/snap/firefox/4259/usr/bin/dbus-launchdbus-launch --autolaunch 36e6eb39a6fa405996e79cad2731865d --binary-syntax --close-stderr5⤵PID:2815
-
-
/snap/firefox/4259/sbin/dbus-launchdbus-launch --autolaunch 36e6eb39a6fa405996e79cad2731865d --binary-syntax --close-stderr5⤵PID:2815
-
-
/snap/firefox/4259/bin/dbus-launchdbus-launch --autolaunch 36e6eb39a6fa405996e79cad2731865d --binary-syntax --close-stderr5⤵PID:2815
-
-
/usr/local/sbin/dbus-launchdbus-launch --autolaunch 36e6eb39a6fa405996e79cad2731865d --binary-syntax --close-stderr5⤵PID:2815
-
-
/usr/local/bin/dbus-launchdbus-launch --autolaunch 36e6eb39a6fa405996e79cad2731865d --binary-syntax --close-stderr5⤵PID:2815
-
-
/usr/sbin/dbus-launchdbus-launch --autolaunch 36e6eb39a6fa405996e79cad2731865d --binary-syntax --close-stderr5⤵PID:2815
-
-
/usr/bin/dbus-launchdbus-launch --autolaunch 36e6eb39a6fa405996e79cad2731865d --binary-syntax --close-stderr5⤵PID:2815
-
-
/sbin/dbus-launchdbus-launch --autolaunch 36e6eb39a6fa405996e79cad2731865d --binary-syntax --close-stderr5⤵PID:2815
-
-
/bin/dbus-launchdbus-launch --autolaunch 36e6eb39a6fa405996e79cad2731865d --binary-syntax --close-stderr5⤵PID:2815
-
-
/usr/games/dbus-launchdbus-launch --autolaunch 36e6eb39a6fa405996e79cad2731865d --binary-syntax --close-stderr5⤵PID:2815
-
-
/usr/local/games/dbus-launchdbus-launch --autolaunch 36e6eb39a6fa405996e79cad2731865d --binary-syntax --close-stderr5⤵PID:2815
-
-
/snap/firefox/4259/gnome-platform/usr/bin/dbus-launchdbus-launch --autolaunch 36e6eb39a6fa405996e79cad2731865d --binary-syntax --close-stderr5⤵PID:2815
-
-
-
/usr/bin/cutcut -b4-4⤵PID:2814
-
-
-
/snap/firefox/4259/usr/lib/firefox/firefox/snap/firefox/4259/usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 23785 -prefMapSize 239489 -jsInitLen 231800 -parentBuildID 20240510023632 -greomni /snap/firefox/4259/usr/lib/firefox/omni.ja -appomni /snap/firefox/4259/usr/lib/firefox/browser/omni.ja -appDir /snap/firefox/4259/usr/lib/firefox/browser "{3e607a14-0f7c-495d-8790-31592d69a4c3}" 2535 true tab3⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:2816
-
-
/snap/firefox/4259/usr/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2819
-
-
/snap/firefox/4259/usr/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2819
-
-
/snap/firefox/4259/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2819
-
-
/snap/firefox/4259/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2819
-
-
/usr/local/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2819
-
-
/usr/local/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2819
-
-
/usr/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2819
-
-
/usr/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2819
-
-
/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2819
-
-
/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2819
-
-
/usr/games/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2819
-
-
/usr/local/games/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2819
-
-
/snap/firefox/4259/gnome-platform/usr/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2819
-
-
/snap/firefox/4259/usr/lib/firefox/firefox/snap/firefox/4259/usr/lib/firefox/firefox -contentproc -childID 4 -isForBrowser -prefsLen 29782 -prefMapSize 239489 -jsInitLen 231800 -parentBuildID 20240510023632 -greomni /snap/firefox/4259/usr/lib/firefox/omni.ja -appomni /snap/firefox/4259/usr/lib/firefox/browser/omni.ja -appDir /snap/firefox/4259/usr/lib/firefox/browser "{53eabdc8-bcdc-4ae0-9c25-cd447d6559db}" 2535 true tab3⤵
- Reads CPU attributes
- Reads runtime system information
PID:2830
-
-
/snap/firefox/4259/usr/lib/firefox/firefox/snap/firefox/4259/usr/lib/firefox/firefox -contentproc -parentBuildID 20240510023632 -sandboxingKind 0 -prefsLen 30728 -prefMapSize 239489 -appDir /snap/firefox/4259/usr/lib/firefox/browser "{8ec7c394-0bde-4121-a9a3-e8d2bbcf1443}" 2535 true utility3⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:2889
-
-
/snap/firefox/4259/usr/lib/firefox/firefox/snap/firefox/4259/usr/lib/firefox/firefox -contentproc -parentBuildID 20240510023632 -prefsLen 30728 -prefMapSize 239489 -appDir /snap/firefox/4259/usr/lib/firefox/browser "{de56749e-f78e-4a06-a43d-55a32229810a}" 2535 true rdd3⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:2900
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5B
MD5a35a052cd1bf3054da63c05fdea2a9d5
SHA188cd8062fd44a38bc3fcf14f403f45d404e46207
SHA256941d2d55dca52da5a5177f48dfe4ee3e353f7544d5186b34edf72cc3b6290ad8
SHA512fece354b93257d3bb79a406fbad40a5ecb9608b2a2ce14ca3bbc3c76c0506089273665e9e05a2df5036483a869bc5eb9ec17dc420b8e8e38ac963dc1269f24d8
-
Filesize
40B
MD565408163d77c5bbcc5b17dc2e313c93e
SHA1b8891c89ce55f6c1bbe476fd4912a7af296ce79a
SHA256d86e32b299b19c1c03a025d8d5ed026cdf923fc9a1015439cde134b3d13d1fff
SHA512394e2394e44e38210817f5f02779f7b8253c3ff1b4aa816bce7a0b95e40f47094d01cb43ec5e7ec593404f5ddf6fc49bb4175eece231a3cee7c5295e0d9349a7
-
Filesize
53KB
MD5d3b8a4bef831c1af5a8e73baf4e17321
SHA19003cd9615181c5206884a70b15007f445bb787f
SHA256c1420ba137b0818c9b9441c16ee8117a0496da9a14fab1196f3af52cfd84c189
SHA512774811259cfa34e21c3dc3453359d26909868dff52997d39017a3e1d6b1c941504ee1a78fbbb0797b5de05f7a0472e3188e61f19a67c8b7dd5be34943d2b27ed
-
Filesize
22B
MD5c8a656e0f7f0ab827ac5660e607ebf5c
SHA16e9e07995163d959573ce09500bd81ba768e16a5
SHA25633bef3e80216bc82b2a8c8cd5c4b3f1f8aba46829cd0b9870b224b4b30e5dc47
SHA512817d7a1eca70645a70328fe8eaa1c2dc48c82bb996e343e4359747ddf04a8fc19ef698057e9fd3af9e333cfb8b724f8a664b1777a55929b1ebf2dc6ccda60556
-
Filesize
32KB
MD59aa6c29eb5b9deda17d825a13a9931ca
SHA149da7b0d2608beab34011cdc2e8ba8d7cab5f364
SHA2562788501fc094beab0b9d6212feb53b7c53898e6cf0d34cd9fe1d1a4a2a6963b5
SHA51299cbc886a70069ea491adfd617f6fb6f4745021ee48bad21f2a9fcab09e28542a36c8cd4892fa79be798fb2c6c38cd6905e20a38bd61a6f0f4f7c8d7db6a5630