Analysis
-
max time kernel
88s -
max time network
152s -
platform
ubuntu-24.04_amd64 -
resource
ubuntu2404-amd64-20240523-en -
resource tags
arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system -
submitted
21/10/2024, 14:09
Static task
static1
URLScan task
urlscan1
Malware Config
Signatures
-
Reads AppArmor ptrace settings 1 TTPs 1 IoCs
Discovery of allowed ptrace capabilities by AppArmor.
description ioc Process File opened for reading /sys/kernel/security/apparmor/features/ptrace firefox -
Changes its process name 64 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself pool-spawner 2960 gsettings Changes the process name, possibly in an attempt to hide itself gmain 2961 gsettings Changes the process name, possibly in an attempt to hide itself dconf worker 2962 gsettings Changes the process name, possibly in an attempt to hide itself pool-spawner 3020 firefox Changes the process name, possibly in an attempt to hide itself gmain 3021 firefox Changes the process name, possibly in an attempt to hide itself glean.dispatche 3023 firefox Changes the process name, possibly in an attempt to hide itself IPC I/O Parent 3025 firefox Changes the process name, possibly in an attempt to hide itself IPC I/O Parent 3025 firefox Changes the process name, possibly in an attempt to hide itself IPC I/O Parent 3025 firefox Changes the process name, possibly in an attempt to hide itself Timer 3026 firefox Changes the process name, possibly in an attempt to hide itself Timer 3026 firefox Changes the process name, possibly in an attempt to hide itself Netlink Monitor 3027 firefox Changes the process name, possibly in an attempt to hide itself Netlink Monitor 3027 firefox Changes the process name, possibly in an attempt to hide itself Socket Thread 3028 firefox Changes the process name, possibly in an attempt to hide itself Socket Thread 3028 firefox Changes the process name, possibly in an attempt to hide itself IPDL Background 3029 firefox Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 3030 firefox Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 3030 firefox Changes the process name, possibly in an attempt to hide itself IPDL Background 3029 firefox Changes the process name, possibly in an attempt to hide itself HTML5 Parser 3031 firefox Changes the process name, possibly in an attempt to hide itself HTML5 Parser 3031 firefox Changes the process name, possibly in an attempt to hide itself pool-firefox 3032 firefox Changes the process name, possibly in an attempt to hide itself pool-firefox 3033 firefox Changes the process name, possibly in an attempt to hide itself gdbus 3035 firefox Changes the process name, possibly in an attempt to hide itself JS Watchdog 3036 firefox Changes the process name, possibly in an attempt to hide itself JS Watchdog 3036 firefox Changes the process name, possibly in an attempt to hide itself BGReadURLs 3037 firefox Changes the process name, possibly in an attempt to hide itself BGReadURLs 3037 firefox Changes the process name, possibly in an attempt to hide itself Cache2 I/O 3038 firefox Changes the process name, possibly in an attempt to hide itself Cookie 3039 firefox Changes the process name, possibly in an attempt to hide itself Cookie 3039 firefox Changes the process name, possibly in an attempt to hide itself StreamTrans #1 3040 firefox Changes the process name, possibly in an attempt to hide itself StreamTrans #1 3040 firefox Changes the process name, possibly in an attempt to hide itself TaskCon~ller #0 3041 firefox Changes the process name, possibly in an attempt to hide itself TaskCon~ller #1 3042 firefox Changes the process name, possibly in an attempt to hide itself BgIOThr~Pool #1 3043 firefox Changes the process name, possibly in an attempt to hide itself BgIOThr~Pool #1 3043 firefox Changes the process name, possibly in an attempt to hide itself BgIOThr~Pool #2 3044 firefox Changes the process name, possibly in an attempt to hide itself BgIOThr~Pool #2 3044 firefox Changes the process name, possibly in an attempt to hide itself StreamTrans #2 3045 firefox Changes the process name, possibly in an attempt to hide itself StreamTrans #2 3045 firefox Changes the process name, possibly in an attempt to hide itself StreamTrans #3 3046 firefox Changes the process name, possibly in an attempt to hide itself StreamTrans #3 3046 firefox Changes the process name, possibly in an attempt to hide itself StreamTrans #4 3047 firefox Changes the process name, possibly in an attempt to hide itself StreamTrans #5 3048 firefox Changes the process name, possibly in an attempt to hide itself StreamTrans #5 3048 firefox Changes the process name, possibly in an attempt to hide itself StreamTrans #4 3047 firefox Changes the process name, possibly in an attempt to hide itself glxtest:disk$0 3049 glxtest Changes the process name, possibly in an attempt to hide itself QuotaManager IO 3050 firefox Changes the process name, possibly in an attempt to hide itself QuotaManager IO 3050 firefox Changes the process name, possibly in an attempt to hide itself IndexedDB #1 3051 firefox Changes the process name, possibly in an attempt to hide itself IndexedDB #1 3051 firefox Changes the process name, possibly in an attempt to hide itself Breakpad Server 3052 firefox Changes the process name, possibly in an attempt to hide itself SandboxReporter 3053 firefox Changes the process name, possibly in an attempt to hide itself SandboxReporter 3053 firefox Changes the process name, possibly in an attempt to hide itself IPC Launch 3054 firefox Changes the process name, possibly in an attempt to hide itself IPC Launch 3054 firefox Changes the process name, possibly in an attempt to hide itself 3055 firefox Changes the process name, possibly in an attempt to hide itself DOM Worker 3056 firefox Changes the process name, possibly in an attempt to hide itself DOM Worker 3056 firefox Changes the process name, possibly in an attempt to hide itself 3057 firefox Changes the process name, possibly in an attempt to hide itself MainThread 3055 firefox Changes the process name, possibly in an attempt to hide itself IPC I/O Child 3059 firefox Changes the process name, possibly in an attempt to hide itself IPC I/O Child 3059 firefox -
Checks CPU configuration 1 TTPs 1 IoCs
Checks CPU information which indicate if the system is a virtual machine.
description ioc Process File opened for reading /proc/cpuinfo firefox -
Reads CPU attributes 1 TTPs 13 IoCs
description ioc Process File opened for reading /sys/devices/system/cpu/present firefox File opened for reading /sys/devices/system/cpu/present firefox File opened for reading /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq firefox File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/size firefox File opened for reading /sys/devices/system/cpu/cpu0/cpu_capacity firefox File opened for reading /sys/devices/system/cpu/present firefox File opened for reading /sys/devices/system/cpu/present firefox File opened for reading /sys/devices/system/cpu/cpu0/cpu_capacity glxtest File opened for reading /sys/devices/system/cpu/present firefox File opened for reading /sys/devices/system/cpu/present firefox File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/size firefox File opened for reading /sys/devices/system/cpu/present firefox File opened for reading /sys/devices/system/cpu/present firefox -
Enumerates kernel/hardware configuration 1 TTPs 64 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
description ioc Process File opened for reading /sys/kernel/security/apparmor/features/ipc firefox File opened for reading /sys/fs/cgroup/system.slice/system-serial\x2dgetty.slice/[email protected] snap-confine File opened for reading /sys/fs/cgroup/system.slice/system-systemd\x2dfsck.slice snap-confine File opened for reading /sys/fs/cgroup/user.slice/user-0.slice/[email protected]/app.slice/gnome-session-monitor.service snap-confine File opened for reading /sys/fs/cgroup/user.slice/user-0.slice/[email protected]/session.slice snap-confine File opened for reading /sys/fs/cgroup/user.slice/user-0.slice/[email protected]/session.slice/xdg-document-portal.service snap-confine File opened for reading /sys/devices/system/cpu firefox File opened for reading /sys/fs/cgroup/system.slice/system-getty.slice snap-confine File opened for reading /sys/fs/cgroup/system.slice/systemd-udevd.service/udev snap-confine File opened for reading /sys/fs/cgroup/system.slice/udisks2.service snap-confine File opened for reading /sys/fs/cgroup/user.slice/user-0.slice/[email protected]/app.slice/app-gnome\x2dsession\x2dmanager.slice/[email protected] snap-confine File opened for reading /sys/fs/cgroup/user.slice/user-0.slice/[email protected]/session.slice/dbus.service snap-confine File opened for reading /sys/fs/cgroup/user.slice/user-0.slice/[email protected]/session.slice/org.gnome.SettingsDaemon.Datetime.service snap-confine File opened for reading /sys/fs/cgroup/user.slice/user-0.slice/[email protected]/app.slice/evolution-calendar-factory.service snap-confine File opened for reading /sys/kernel/security/apparmor/features firefox File opened for reading /sys/devices/pci0000:00/0000:00:02.0/drm/renderD128/uevent snap-confine File opened for reading /sys/fs/cgroup/system.slice/kerneloops.service snap-confine File opened for reading /sys/fs/cgroup/system.slice/rtkit-daemon.service snap-confine File opened for reading /sys/fs/cgroup/system.slice/system-modprobe.slice snap-confine File opened for reading /sys/fs/cgroup/user.slice/user-0.slice/[email protected]/app.slice/app-org.gnome.Terminal.slice snap-confine File opened for reading /sys/fs/cgroup/user.slice/user-0.slice/[email protected]/app.slice/dconf.service snap-confine File opened for reading /sys/bus/pci/devices/0000:00:05.0/device glxtest File opened for reading /sys/fs/cgroup/system.slice/unattended-upgrades.service snap-confine File opened for reading /sys/fs/cgroup/system.slice/upower.service snap-confine File opened for reading /sys/fs/cgroup/user.slice/user-0.slice/[email protected]/session.slice/at-spi-dbus-bus.service snap-confine File opened for reading /sys/bus/pci/devices/0000:00:01.3/class glxtest File opened for reading /sys/fs/cgroup/sys-kernel-tracing.mount snap-confine File opened for reading /sys/fs/cgroup/system.slice/accounts-daemon.service snap-confine File opened for reading /sys/fs/cgroup/system.slice/system-serial\x2dgetty.slice snap-confine File opened for reading /sys/fs/cgroup/user.slice/user-0.slice/[email protected] snap-confine File opened for reading /sys/fs/cgroup/user.slice/user-0.slice/[email protected]/session.slice/org.gnome.SettingsDaemon.Wacom.service snap-confine File opened for reading /sys/bus/pci/devices/0000:00:00.0/vendor glxtest File opened for reading /sys/bus/pci/devices/0000:00:00.0/device glxtest File opened for reading /sys/fs/cgroup/system.slice/boot.mount snap-confine File opened for reading /sys/fs/cgroup/system.slice/snap-core22-1380.mount snap-confine File opened for reading /sys/fs/cgroup/user.slice/user-0.slice/[email protected]/session.slice/org.gnome.SettingsDaemon.A11ySettings.service snap-confine File opened for reading /sys/fs/cgroup/user.slice/user-0.slice/[email protected]/session.slice/org.gnome.SettingsDaemon.MediaKeys.service snap-confine File opened for reading /sys/bus/pci/devices/0000:00:02.0/class glxtest File opened for reading /sys/bus/pci/devices/0000:00:06.0/vendor glxtest File opened for reading /sys/fs/cgroup/user.slice/user-0.slice/[email protected]/app.slice/snap.firefox.firefox-4c6f6ac9-3311-4164-ae9e-893747dedd79.scope/cpu.max firefox File opened for reading /sys/devices/system/cpu firefox File opened for reading /sys/fs/cgroup snap-confine File opened for reading /sys/fs/cgroup/system.slice snap-confine File opened for reading /sys/fs/cgroup/system.slice/snapd.socket snap-confine File opened for reading /sys/fs/cgroup/system.slice/swap.img.swap snap-confine File opened for reading /sys/fs/cgroup/system.slice/systemd-networkd.service snap-confine File opened for reading /sys/fs/cgroup/user.slice/user-0.slice/[email protected]/app.slice/dbus.socket snap-confine File opened for reading /sys/fs/cgroup/user.slice/user-0.slice/[email protected]/app.slice/gnome-keyring-daemon.service snap-confine File opened for reading /sys/bus/pci/devices/0000:00:02.0/vendor glxtest File opened for reading /sys/kernel/security/apparmor/features/io_uring firefox File opened for reading /sys/devices/virtual/mem/full/uevent snap-confine File opened for reading /sys/fs/cgroup/sys-kernel-config.mount snap-confine File opened for reading /sys/fs/cgroup/user.slice/user-0.slice/[email protected]/background.slice snap-confine File opened for reading /sys/fs/cgroup/user.slice/user-0.slice/[email protected]/session.slice/gvfs-gphoto2-volume-monitor.service snap-confine File opened for reading /sys/fs/cgroup/user.slice/user-0.slice/[email protected]/session.slice/org.gnome.SettingsDaemon.Rfkill.service snap-confine File opened for reading /sys/fs/cgroup/user.slice/user-0.slice/[email protected]/session.slice/xdg-permission-store.service snap-confine File opened for reading /sys/devices/pci0000:00/0000:00:02.0 firefox File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size snap-confine File opened for reading /sys/fs/cgroup/system.slice/multipathd.service snap-confine File opened for reading /sys/fs/cgroup/system.slice/systemd-udevd.service snap-confine File opened for reading /sys/fs/cgroup/user.slice snap-confine File opened for reading /sys/fs/cgroup/user.slice/user-0.slice/[email protected]/app.slice/xdg-desktop-portal-gtk.service snap-confine File opened for reading /sys/fs/cgroup/user.slice/user-0.slice/[email protected]/session.slice/org.gnome.SettingsDaemon.PrintNotifications.service snap-confine File opened for reading /sys/bus/pci/devices/0000:00:04.0/device glxtest -
description ioc Process File opened for reading /proc/self/maps grep File opened for reading /proc/self/fd/50 firefox File opened for reading /proc/self/task/3151/stat firefox File opened for reading /proc/self/maps firefox File opened for reading /proc/self/cgroup firefox File opened for reading /proc/self/stat firefox File opened for reading /proc/self/maps grep File opened for reading /proc/self/maps grep File opened for reading /proc/1/ns/mnt snap-confine File opened for reading /proc/3316/smaps firefox File opened for reading /proc/self/fd/104 firefox File opened for reading /proc/self/maps grep File opened for reading /proc/self/maps grep File opened for reading /proc/self/maps grep File opened for reading /proc/filesystems mkdir File opened for reading /proc/self/fd/52 firefox File opened for reading /proc/self/cgroup firefox File opened for reading /proc/filesystems sed File opened for reading /proc/self/maps grep File opened for reading /proc/self/task/3011/stat firefox File opened for reading /proc/self/cgroup firefox File opened for reading /proc/self/maps grep File opened for reading /proc/self/maps grep File opened for reading /proc/cmdline snap-exec File opened for reading /proc/self/maps firefox File opened for reading /proc/self/fd/53 firefox File opened for reading /proc/self/fd/56 firefox File opened for reading /proc/3186/smaps firefox File opened for reading /proc/self/maps grep File opened for reading /proc/filesystems mkdir File opened for reading /proc/self/fd/106 firefox File opened for reading /proc/self/task/3506/stat firefox File opened for reading /proc/self/maps grep File opened for reading /proc/sys/kernel/random/uuid firefox File opened for reading /proc/2896/cgroup firefox File opened for reading /proc/filesystems firefox File opened for reading /proc/self/maps grep File opened for reading /proc/self/fd/46 firefox File opened for reading /proc/self/maps firefox File opened for reading /proc/3141/statm firefox File opened for reading /proc/filesystems firefox File opened for reading /proc/self/task/3319/stat firefox File opened for reading /proc/filesystems gsettings File opened for reading /proc/filesystems gsettings File opened for reading /proc/2896/attr/apparmor/current snap-confine File opened for reading /proc/self/fd/13 snap-confine File opened for reading /proc/cmdline snap-confine File opened for reading /proc/self/fd/43 firefox File opened for reading /proc/self/maps grep File opened for reading /proc/filesystems glxtest File opened for reading /proc/self/maps grep File opened for reading /proc/filesystems sed File opened for reading /proc/filesystems gsettings File opened for reading /proc/self/mounts firefox File opened for reading /proc/self/mountinfo snap-confine File opened for reading /proc/self/fd/11 snap-confine File opened for reading /proc/self/mountinfo firefox File opened for reading /proc/self/mountinfo firefox File opened for reading /proc/sys/kernel/cap_last_cap dbus-daemon File opened for reading /proc/self/maps grep File opened for reading /proc/cmdline firefox File opened for reading /proc/self/fd/47 firefox File opened for reading /proc/self/cgroup firefox File opened for reading /proc/filesystems firefox -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/firefox/.parentlock firefox
Processes
-
/usr/bin/xdg-openxdg-open https://soundcloud.com/theburns-sc1⤵PID:2817
-
/usr/bin/dbus-senddbus-send --print-reply "--dest=org.freedesktop.DBus" /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager2⤵PID:2818
-
/usr/bin/dbus-launchdbus-launch --autolaunch 36e6eb39a6fa405996e79cad2731865d --binary-syntax --close-stderr3⤵PID:2820
-
/usr/bin/dbus-daemon/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session4⤵
- Reads runtime system information
PID:2822
-
-
-
-
/usr/bin/xpropxprop -root _DT_SAVE_MODE2⤵PID:2825
-
-
/usr/bin/grepgrep " = \\\"xfce4\\\"\$"2⤵PID:2826
-
-
/usr/bin/xpropxprop -root2⤵PID:2827
-
-
/usr/bin/grepgrep -i "^xfce_desktop_window"2⤵PID:2828
-
-
/usr/bin/grepgrep -q "^Enlightenment"2⤵PID:2830
-
-
/usr/bin/unameuname2⤵PID:2831
-
-
/usr/bin/grepgrep -q "^file://"2⤵PID:2833
-
-
/usr/bin/egrepegrep -q "^[[:alpha:]+\\.\\-]+:"2⤵PID:2835
-
-
/usr/local/sbin/grepgrep -E -q "^[[:alpha:]+\\.\\-]+:"2⤵PID:2835
-
-
/usr/local/bin/grepgrep -E -q "^[[:alpha:]+\\.\\-]+:"2⤵PID:2835
-
-
/usr/sbin/grepgrep -E -q "^[[:alpha:]+\\.\\-]+:"2⤵PID:2835
-
-
/usr/bin/grepgrep -E -q "^[[:alpha:]+\\.\\-]+:"2⤵PID:2835
-
-
/usr/bin/sedsed -n "s/\\(^[[:alnum:]+\\.-]*\\):.*\$/\\1/p"2⤵PID:2838
-
-
/usr/bin/xdg-mimexdg-mime query default x-scheme-handler/https2⤵PID:2839
-
/usr/bin/dbus-senddbus-send --print-reply "--dest=org.freedesktop.DBus" /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager3⤵PID:2840
-
/usr/bin/dbus-launchdbus-launch --autolaunch 36e6eb39a6fa405996e79cad2731865d --binary-syntax --close-stderr4⤵PID:2841
-
-
-
/usr/bin/xpropxprop -root _DT_SAVE_MODE3⤵PID:2842
-
-
/usr/bin/grepgrep " = \\\"xfce4\\\"\$"3⤵
- Reads runtime system information
PID:2843
-
-
/usr/bin/xpropxprop -root3⤵PID:2844
-
-
/usr/bin/grepgrep -i "^xfce_desktop_window"3⤵PID:2845
-
-
/usr/bin/grepgrep -q "^Enlightenment"3⤵PID:2847
-
-
/usr/bin/unameuname3⤵PID:2848
-
-
/usr/bin/sedsed "s/:/ /g"3⤵
- Reads runtime system information
PID:2851
-
-
/usr/bin/grepgrep "x-scheme-handler/https=" /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache3⤵PID:2853
-
-
/usr/bin/headhead -n 13⤵PID:2854
-
-
/usr/bin/cutcut -d "=" -f 23⤵PID:2855
-
-
/usr/bin/cutcut -d ";" -f 13⤵PID:2856
-
-
/usr/bin/grepgrep "x-scheme-handler/https=" /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache3⤵
- Reads runtime system information
PID:2858
-
-
/usr/bin/headhead -n 13⤵PID:2859
-
-
/usr/bin/cutcut -d "=" -f 23⤵PID:2860
-
-
/usr/bin/cutcut -d ";" -f 13⤵PID:2861
-
-
/usr/bin/grepgrep "x-scheme-handler/https=" /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache3⤵PID:2863
-
-
/usr/bin/headhead -n 13⤵PID:2864
-
-
/usr/bin/cutcut -d "=" -f 23⤵PID:2865
-
-
/usr/bin/cutcut -d ";" -f 13⤵PID:2866
-
-
/usr/bin/grepgrep "x-scheme-handler/https=" /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache3⤵
- Reads runtime system information
PID:2868
-
-
/usr/bin/headhead -n 13⤵PID:2869
-
-
/usr/bin/cutcut -d "=" -f 23⤵PID:2870
-
-
/usr/bin/cutcut -d ";" -f 13⤵PID:2871
-
-
/usr/bin/grepgrep "x-scheme-handler/https=" /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache3⤵PID:2873
-
-
/usr/bin/headhead -n 13⤵PID:2874
-
-
/usr/bin/cutcut -d "=" -f 23⤵PID:2875
-
-
/usr/bin/cutcut -d ";" -f 13⤵PID:2876
-
-
/usr/bin/grepgrep "x-scheme-handler/https=" /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache3⤵PID:2878
-
-
/usr/bin/headhead -n 13⤵PID:2879
-
-
/usr/bin/cutcut -d "=" -f 23⤵PID:2880
-
-
/usr/bin/cutcut -d ";" -f 13⤵PID:2881
-
-
/usr/bin/sedsed "s/:/ /g"3⤵PID:2885
-
-
/usr/bin/grepgrep -l "x-scheme-handler/https;" "/.local/share/applications/*.desktop"3⤵
- Reads runtime system information
PID:2887
-
-
/usr/bin/grepgrep -l "x-scheme-handler/https;" "/usr/local/share//applications/*.desktop"3⤵
- Reads runtime system information
PID:2889
-
-
/usr/bin/grepgrep -l "x-scheme-handler/https;" /usr/share//applications/apport-gtk.desktop /usr/share//applications/bluetooth-sendto.desktop /usr/share//applications/display-im6.q16.desktop /usr/share//applications/gcr-prompter.desktop /usr/share//applications/gcr-viewer.desktop /usr/share//applications/geoclue-demo-agent.desktop /usr/share//applications/gkbd-keyboard-display.desktop /usr/share//applications/gnome-about-panel.desktop /usr/share//applications/gnome-applications-panel.desktop /usr/share//applications/gnome-background-panel.desktop /usr/share//applications/gnome-bluetooth-panel.desktop /usr/share//applications/gnome-color-panel.desktop /usr/share//applications/gnome-datetime-panel.desktop /usr/share//applications/gnome-disk-image-mounter.desktop /usr/share//applications/gnome-disk-image-writer.desktop /usr/share//applications/gnome-display-panel.desktop /usr/share//applications/gnome-initial-setup.desktop /usr/share//applications/gnome-keyboard-panel.desktop /usr/share//applications/gnome-language-selector.desktop /usr/share//applications/gnome-mouse-panel.desktop /usr/share//applications/gnome-multitasking-panel.desktop /usr/share//applications/gnome-network-panel.desktop /usr/share//applications/gnome-notifications-panel.desktop /usr/share//applications/gnome-online-accounts-panel.desktop /usr/share//applications/gnome-power-panel.desktop /usr/share//applications/gnome-printers-panel.desktop /usr/share//applications/gnome-privacy-panel.desktop /usr/share//applications/gnome-region-panel.desktop /usr/share//applications/gnome-search-panel.desktop /usr/share//applications/gnome-session-properties.desktop /usr/share//applications/gnome-sharing-panel.desktop /usr/share//applications/gnome-sound-panel.desktop /usr/share//applications/gnome-system-monitor-kde.desktop /usr/share//applications/gnome-system-panel.desktop /usr/share//applications/gnome-ubuntu-panel.desktop /usr/share//applications/gnome-universal-access-panel.desktop /usr/share//applications/gnome-users-panel.desktop /usr/share//applications/gnome-wacom-panel.desktop /usr/share//applications/gnome-wifi-panel.desktop /usr/share//applications/gnome-wwan-panel.desktop /usr/share//applications/hplj1020.desktop /usr/share//applications/ibus-setup-table.desktop /usr/share//applications/im-config.desktop /usr/share//applications/io.snapcraft.SessionAgent.desktop /usr/share//applications/libreoffice-calc.desktop /usr/share//applications/libreoffice-draw.desktop /usr/share//applications/libreoffice-impress.desktop /usr/share//applications/libreoffice-math.desktop /usr/share//applications/libreoffice-startcenter.desktop /usr/share//applications/libreoffice-writer.desktop /usr/share//applications/libreoffice-xsltfilter.desktop /usr/share//applications/nautilus-autorun-software.desktop /usr/share//applications/nm-applet.desktop /usr/share//applications/nm-connection-editor.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Emojier.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Extension.Gtk3.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Wayland.Gtk3.desktop /usr/share//applications/org.freedesktop.IBus.Setup.desktop /usr/share//applications/org.freedesktop.Xwayland.desktop /usr/share//applications/org.gnome.Calculator.desktop /usr/share//applications/org.gnome.Calendar.desktop /usr/share//applications/org.gnome.Characters.desktop /usr/share//applications/org.gnome.DejaDup.desktop /usr/share//applications/org.gnome.DiskUtility.desktop /usr/share//applications/org.gnome.Evince-previewer.desktop /usr/share//applications/org.gnome.Evince.desktop /usr/share//applications/org.gnome.Evolution-alarm-notify.desktop /usr/share//applications/org.gnome.FileRoller.desktop /usr/share//applications/org.gnome.Logs.desktop /usr/share//applications/org.gnome.Nautilus.desktop /usr/share//applications/org.gnome.OnlineAccounts.OAuth2.desktop /usr/share//applications/org.gnome.PowerStats.desktop /usr/share//applications/org.gnome.RemoteDesktop.Handover.desktop /usr/share//applications/org.gnome.Rhythmbox3.desktop /usr/share//applications/org.gnome.Rhythmbox3.device.desktop /usr/share//applications/org.gnome.Settings.desktop /usr/share//applications/org.gnome.Shell.Extensions.desktop /usr/share//applications/org.gnome.Shell.PortalHelper.desktop /usr/share//applications/org.gnome.Shell.desktop /usr/share//applications/org.gnome.Shotwell-Viewer.desktop /usr/share//applications/org.gnome.Shotwell.Auth.desktop /usr/share//applications/org.gnome.Shotwell.desktop /usr/share//applications/org.gnome.Snapshot.desktop /usr/share//applications/org.gnome.SystemMonitor.desktop /usr/share//applications/org.gnome.Tecla.desktop /usr/share//applications/org.gnome.Terminal.Preferences.desktop /usr/share//applications/org.gnome.Terminal.desktop /usr/share//applications/org.gnome.TextEditor.desktop /usr/share//applications/org.gnome.Totem.desktop /usr/share//applications/org.gnome.Zenity.desktop /usr/share//applications/org.gnome.baobab.desktop /usr/share//applications/org.gnome.clocks.desktop /usr/share//applications/org.gnome.eog.desktop /usr/share//applications/org.gnome.evolution-data-server.OAuth2-handler.desktop /usr/share//applications/org.gnome.font-viewer.desktop /usr/share//applications/org.gnome.seahorse.Application.desktop /usr/share//applications/org.remmina.Remmina-file.desktop /usr/share//applications/org.remmina.Remmina.desktop /usr/share//applications/python3.12.desktop /usr/share//applications/remmina-gnome.desktop /usr/share//applications/rygel.desktop /usr/share//applications/simple-scan.desktop /usr/share//applications/snap-handle-link.desktop /usr/share//applications/software-properties-drivers.desktop /usr/share//applications/software-properties-gtk.desktop /usr/share//applications/software-properties-livepatch.desktop /usr/share//applications/thunderbird.desktop /usr/share//applications/transmission-gtk.desktop /usr/share//applications/update-manager.desktop /usr/share//applications/usb-creator-gtk.desktop /usr/share//applications/xdg-desktop-portal-gnome.desktop /usr/share//applications/xdg-desktop-portal-gtk.desktop /usr/share//applications/yelp.desktop3⤵
- Reads runtime system information
PID:2893
-
-
-
/usr/bin/grepgrep -q "%s"2⤵PID:2895
-
-
/usr/bin/x-www-browserx-www-browser https://soundcloud.com/theburns-sc2⤵PID:2896
-
/usr/bin/xdg-settingsxdg-settings get default-web-browser3⤵PID:2897
-
/usr/bin/dbus-senddbus-send --print-reply "--dest=org.freedesktop.DBus" /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager4⤵PID:2898
-
/usr/bin/dbus-launchdbus-launch --autolaunch 36e6eb39a6fa405996e79cad2731865d --binary-syntax --close-stderr5⤵PID:2899
-
-
-
/usr/bin/xpropxprop -root _DT_SAVE_MODE4⤵PID:2900
-
-
/usr/bin/grepgrep " = \\\"xfce4\\\"\$"4⤵
- Reads runtime system information
PID:2901
-
-
/usr/bin/xpropxprop -root4⤵PID:2902
-
-
/usr/bin/grepgrep -i "^xfce_desktop_window"4⤵PID:2903
-
-
/usr/bin/grepgrep -q "^Enlightenment"4⤵PID:2905
-
-
/usr/bin/unameuname4⤵PID:2906
-
-
/usr/bin/xdg-mimexdg-mime query default x-scheme-handler/http4⤵PID:2907
-
/usr/bin/dbus-senddbus-send --print-reply "--dest=org.freedesktop.DBus" /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager5⤵PID:2908
-
/usr/bin/dbus-launchdbus-launch --autolaunch 36e6eb39a6fa405996e79cad2731865d --binary-syntax --close-stderr6⤵PID:2909
-
-
-
/usr/bin/xpropxprop -root _DT_SAVE_MODE5⤵PID:2910
-
-
/usr/bin/grepgrep " = \\\"xfce4\\\"\$"5⤵
- Reads runtime system information
PID:2911
-
-
/usr/bin/grepgrep -i "^xfce_desktop_window"5⤵
- Reads runtime system information
PID:2913
-
-
/usr/bin/xpropxprop -root5⤵PID:2912
-
-
/usr/bin/grepgrep -q "^Enlightenment"5⤵PID:2915
-
-
/usr/bin/unameuname5⤵PID:2916
-
-
/usr/bin/sedsed "s/:/ /g"5⤵
- Reads runtime system information
PID:2919
-
-
/usr/bin/headhead -n 15⤵PID:2922
-
-
/usr/bin/grepgrep "x-scheme-handler/http=" /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache5⤵
- Reads runtime system information
PID:2921
-
-
/usr/bin/cutcut -d "=" -f 25⤵PID:2923
-
-
/usr/bin/cutcut -d ";" -f 15⤵PID:2924
-
-
/usr/bin/grepgrep "x-scheme-handler/http=" /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache5⤵
- Reads runtime system information
PID:2926
-
-
/usr/bin/headhead -n 15⤵PID:2927
-
-
/usr/bin/cutcut -d "=" -f 25⤵PID:2928
-
-
/usr/bin/cutcut -d ";" -f 15⤵PID:2929
-
-
/usr/bin/grepgrep "x-scheme-handler/http=" /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache5⤵
- Reads runtime system information
PID:2931
-
-
/usr/bin/headhead -n 15⤵PID:2932
-
-
/usr/bin/cutcut -d "=" -f 25⤵PID:2933
-
-
/usr/bin/cutcut -d ";" -f 15⤵PID:2934
-
-
/usr/bin/grepgrep "x-scheme-handler/http=" /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache5⤵PID:2936
-
-
/usr/bin/headhead -n 15⤵PID:2937
-
-
/usr/bin/cutcut -d "=" -f 25⤵PID:2938
-
-
/usr/bin/cutcut -d ";" -f 15⤵PID:2939
-
-
/usr/bin/grepgrep "x-scheme-handler/http=" /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache5⤵PID:2941
-
-
/usr/bin/headhead -n 15⤵PID:2942
-
-
/usr/bin/cutcut -d "=" -f 25⤵PID:2943
-
-
/usr/bin/cutcut -d ";" -f 15⤵PID:2944
-
-
/usr/bin/grepgrep "x-scheme-handler/http=" /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache5⤵PID:2946
-
-
/usr/bin/headhead -n 15⤵PID:2947
-
-
/usr/bin/cutcut -d "=" -f 25⤵PID:2948
-
-
/usr/bin/cutcut -d ";" -f 15⤵PID:2949
-
-
/usr/bin/sedsed "s/:/ /g"5⤵PID:2952
-
-
/usr/bin/grepgrep -l "x-scheme-handler/http;" "/.local/share/applications/*.desktop"5⤵
- Reads runtime system information
PID:2954
-
-
/usr/bin/grepgrep -l "x-scheme-handler/http;" "/usr/local/share//applications/*.desktop"5⤵PID:2956
-
-
/usr/bin/grepgrep -l "x-scheme-handler/http;" /usr/share//applications/apport-gtk.desktop /usr/share//applications/bluetooth-sendto.desktop /usr/share//applications/display-im6.q16.desktop /usr/share//applications/gcr-prompter.desktop /usr/share//applications/gcr-viewer.desktop /usr/share//applications/geoclue-demo-agent.desktop /usr/share//applications/gkbd-keyboard-display.desktop /usr/share//applications/gnome-about-panel.desktop /usr/share//applications/gnome-applications-panel.desktop /usr/share//applications/gnome-background-panel.desktop /usr/share//applications/gnome-bluetooth-panel.desktop /usr/share//applications/gnome-color-panel.desktop /usr/share//applications/gnome-datetime-panel.desktop /usr/share//applications/gnome-disk-image-mounter.desktop /usr/share//applications/gnome-disk-image-writer.desktop /usr/share//applications/gnome-display-panel.desktop /usr/share//applications/gnome-initial-setup.desktop /usr/share//applications/gnome-keyboard-panel.desktop /usr/share//applications/gnome-language-selector.desktop /usr/share//applications/gnome-mouse-panel.desktop /usr/share//applications/gnome-multitasking-panel.desktop /usr/share//applications/gnome-network-panel.desktop /usr/share//applications/gnome-notifications-panel.desktop /usr/share//applications/gnome-online-accounts-panel.desktop /usr/share//applications/gnome-power-panel.desktop /usr/share//applications/gnome-printers-panel.desktop /usr/share//applications/gnome-privacy-panel.desktop /usr/share//applications/gnome-region-panel.desktop /usr/share//applications/gnome-search-panel.desktop /usr/share//applications/gnome-session-properties.desktop /usr/share//applications/gnome-sharing-panel.desktop /usr/share//applications/gnome-sound-panel.desktop /usr/share//applications/gnome-system-monitor-kde.desktop /usr/share//applications/gnome-system-panel.desktop /usr/share//applications/gnome-ubuntu-panel.desktop /usr/share//applications/gnome-universal-access-panel.desktop /usr/share//applications/gnome-users-panel.desktop /usr/share//applications/gnome-wacom-panel.desktop /usr/share//applications/gnome-wifi-panel.desktop /usr/share//applications/gnome-wwan-panel.desktop /usr/share//applications/hplj1020.desktop /usr/share//applications/ibus-setup-table.desktop /usr/share//applications/im-config.desktop /usr/share//applications/io.snapcraft.SessionAgent.desktop /usr/share//applications/libreoffice-calc.desktop /usr/share//applications/libreoffice-draw.desktop /usr/share//applications/libreoffice-impress.desktop /usr/share//applications/libreoffice-math.desktop /usr/share//applications/libreoffice-startcenter.desktop /usr/share//applications/libreoffice-writer.desktop /usr/share//applications/libreoffice-xsltfilter.desktop /usr/share//applications/nautilus-autorun-software.desktop /usr/share//applications/nm-applet.desktop /usr/share//applications/nm-connection-editor.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Emojier.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Extension.Gtk3.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Wayland.Gtk3.desktop /usr/share//applications/org.freedesktop.IBus.Setup.desktop /usr/share//applications/org.freedesktop.Xwayland.desktop /usr/share//applications/org.gnome.Calculator.desktop /usr/share//applications/org.gnome.Calendar.desktop /usr/share//applications/org.gnome.Characters.desktop /usr/share//applications/org.gnome.DejaDup.desktop /usr/share//applications/org.gnome.DiskUtility.desktop /usr/share//applications/org.gnome.Evince-previewer.desktop /usr/share//applications/org.gnome.Evince.desktop /usr/share//applications/org.gnome.Evolution-alarm-notify.desktop /usr/share//applications/org.gnome.FileRoller.desktop /usr/share//applications/org.gnome.Logs.desktop /usr/share//applications/org.gnome.Nautilus.desktop /usr/share//applications/org.gnome.OnlineAccounts.OAuth2.desktop /usr/share//applications/org.gnome.PowerStats.desktop /usr/share//applications/org.gnome.RemoteDesktop.Handover.desktop /usr/share//applications/org.gnome.Rhythmbox3.desktop /usr/share//applications/org.gnome.Rhythmbox3.device.desktop /usr/share//applications/org.gnome.Settings.desktop /usr/share//applications/org.gnome.Shell.Extensions.desktop /usr/share//applications/org.gnome.Shell.PortalHelper.desktop /usr/share//applications/org.gnome.Shell.desktop /usr/share//applications/org.gnome.Shotwell-Viewer.desktop /usr/share//applications/org.gnome.Shotwell.Auth.desktop /usr/share//applications/org.gnome.Shotwell.desktop /usr/share//applications/org.gnome.Snapshot.desktop /usr/share//applications/org.gnome.SystemMonitor.desktop /usr/share//applications/org.gnome.Tecla.desktop /usr/share//applications/org.gnome.Terminal.Preferences.desktop /usr/share//applications/org.gnome.Terminal.desktop /usr/share//applications/org.gnome.TextEditor.desktop /usr/share//applications/org.gnome.Totem.desktop /usr/share//applications/org.gnome.Zenity.desktop /usr/share//applications/org.gnome.baobab.desktop /usr/share//applications/org.gnome.clocks.desktop /usr/share//applications/org.gnome.eog.desktop /usr/share//applications/org.gnome.evolution-data-server.OAuth2-handler.desktop /usr/share//applications/org.gnome.font-viewer.desktop /usr/share//applications/org.gnome.seahorse.Application.desktop /usr/share//applications/org.remmina.Remmina-file.desktop /usr/share//applications/org.remmina.Remmina.desktop /usr/share//applications/python3.12.desktop /usr/share//applications/remmina-gnome.desktop /usr/share//applications/rygel.desktop /usr/share//applications/simple-scan.desktop /usr/share//applications/snap-handle-link.desktop /usr/share//applications/software-properties-drivers.desktop /usr/share//applications/software-properties-gtk.desktop /usr/share//applications/software-properties-livepatch.desktop /usr/share//applications/thunderbird.desktop /usr/share//applications/transmission-gtk.desktop /usr/share//applications/update-manager.desktop /usr/share//applications/usb-creator-gtk.desktop /usr/share//applications/xdg-desktop-portal-gnome.desktop /usr/share//applications/xdg-desktop-portal-gtk.desktop /usr/share//applications/yelp.desktop5⤵PID:2958
-
-
-
-
/usr/bin/gsettingsgsettings get org.gnome.shell favorite-apps3⤵
- Changes its process name
- Reads runtime system information
PID:2959
-
-
/usr/bin/grepgrep -q "'firefox.desktop'"3⤵PID:2964
-
-
/usr/bin/gsettingsgsettings get com.canonical.Unity.Launcher favorites3⤵
- Reads runtime system information
PID:2965
-
-
/usr/bin/grepgrep -q "'application://firefox.desktop'"3⤵
- Reads runtime system information
PID:2967
-
-
/usr/bin/gsettingsgsettings get org.mate.panel object-id-list3⤵
- Reads runtime system information
PID:2968
-
-
/usr/bin/whichwhich qdbus3⤵PID:2969
-
-
-
/snap/bin/firefox/snap/bin/firefox https://soundcloud.com/theburns-sc2⤵
- Reads AppArmor ptrace settings
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:2896 -
/usr/lib/snapd/snap-seccomp/usr/lib/snapd/snap-seccomp version-info3⤵PID:2974
-
-
-
/usr/lib/snapd/snap-confine/usr/lib/snapd/snap-confine --base core22 snap.firefox.firefox /usr/lib/snapd/snap-exec firefox https://soundcloud.com/theburns-sc2⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:2896
-
-
/usr/lib/snapd/snap-exec/usr/lib/snapd/snap-exec firefox https://soundcloud.com/theburns-sc2⤵
- Reads runtime system information
PID:2896
-
-
/snap/firefox/4259/snap/command-chain/desktop-launch/snap/firefox/4259/snap/command-chain/desktop-launch /snap/firefox/4259/firefox.launcher https://soundcloud.com/theburns-sc2⤵PID:2896
-
/usr/bin/datedate "+%s.%N"3⤵PID:2989
-
-
/usr/bin/chmodchmod 700 /root/snap/firefox/4259/.config3⤵PID:2990
-
-
/usr/bin/md5summd5sum3⤵PID:2992
-
-
/usr/bin/catcat /root/snap/firefox/4259/.config/user-dirs.dirs.md5sum3⤵PID:2993
-
-
/usr/bin/md5summd5sum3⤵PID:2995
-
-
/usr/bin/catcat /root/snap/firefox/4259/.config/user-dirs.locale.md5sum3⤵PID:2996
-
-
/usr/bin/grepgrep -qs "^\\s*confinement:\\s*classic\\s*" /snap/firefox/4259/meta/snap.yaml3⤵
- Reads runtime system information
PID:2997
-
-
/usr/bin/snapctlsnapctl is-connected gnome-42-22043⤵PID:2998
-
-
/usr/bin/snapctlsnapctl is-connected gsettings3⤵PID:3001
-
-
/usr/bin/mkdirmkdir -p /run/user/0/snap.firefox -m 7003⤵
- Reads runtime system information
PID:3004
-
-
/usr/bin/realpathrealpath /root/snap/firefox/4259/.config3⤵PID:3005
-
-
/usr/bin/realpathrealpath /root/snap/firefox/common3⤵PID:3006
-
-
/usr/bin/mkdirmkdir -p /run/user/0/snap.firefox/dconf3⤵
- Reads runtime system information
PID:3007
-
-
/usr/bin/lnln -sf ../../dconf/user /run/user/0/snap.firefox/dconf/user3⤵PID:3008
-
-
/usr/bin/rmrm -rf /root/snap/firefox/4259/.config/ibus/bus3⤵PID:3009
-
-
/usr/bin/lnln -sfn /root/.config/ibus/bus /root/snap/firefox/4259/.config/ibus3⤵PID:3010
-
-
-
/snap/firefox/4259/firefox.launcher/snap/firefox/4259/firefox.launcher https://soundcloud.com/theburns-sc2⤵PID:2896
-
-
/snap/firefox/4259/usr/lib/firefox/firefox/snap/firefox/4259/usr/lib/firefox/firefox https://soundcloud.com/theburns-sc2⤵
- Changes its process name
- Checks CPU configuration
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
- Writes file to tmp directory
PID:2896 -
/usr/bin/snapctl/usr/bin/snapctl is-connected3⤵PID:3013
-
-
/usr/bin/snapctl/usr/bin/snapctl is-connected gsettings3⤵PID:3017
-
-
/snap/firefox/4259/usr/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3022
-
-
/snap/firefox/4259/usr/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3022
-
-
/snap/firefox/4259/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3022
-
-
/snap/firefox/4259/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3022
-
-
/usr/local/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3022
-
-
/usr/local/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3022
-
-
/usr/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3022
-
-
/usr/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3022
-
-
/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3022
-
-
/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3022
-
-
/usr/games/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3022
-
-
/usr/local/games/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3022
-
-
/snap/firefox/4259/gnome-platform/usr/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3022
-
-
/snap/firefox/4259/usr/lib/firefox/glxtest/snap/firefox/4259/usr/lib/firefox/glxtest -f 123⤵
- Changes its process name
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:3024
-
-
/snap/firefox/4259/usr/lib/firefox/firefox/snap/firefox/4259/usr/lib/firefox/firefox -contentproc -parentBuildID 20240510023632 -prefsLen 20605 -prefMapSize 239489 -appDir /snap/firefox/4259/usr/lib/firefox/browser "{c942af3e-b8af-44e2-abb0-9b5590e70749}" 2896 true socket3⤵
- Changes its process name
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:3055
-
-
/snap/firefox/4259/usr/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3066
-
-
/snap/firefox/4259/usr/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3066
-
-
/snap/firefox/4259/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3066
-
-
/snap/firefox/4259/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3066
-
-
/usr/local/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3066
-
-
/usr/local/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3066
-
-
/usr/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3066
-
-
/usr/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3066
-
-
/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3066
-
-
/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3066
-
-
/usr/games/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3066
-
-
/usr/local/games/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3066
-
-
/snap/firefox/4259/gnome-platform/usr/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3066
-
-
/snap/firefox/4259/usr/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3118
-
-
/snap/firefox/4259/usr/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3118
-
-
/snap/firefox/4259/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3118
-
-
/snap/firefox/4259/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3118
-
-
/usr/local/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3118
-
-
/usr/local/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3118
-
-
/usr/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3118
-
-
/usr/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3118
-
-
/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3118
-
-
/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3118
-
-
/usr/games/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3118
-
-
/usr/local/games/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3118
-
-
/snap/firefox/4259/gnome-platform/usr/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3118
-
-
/snap/firefox/4259/usr/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3128
-
-
/snap/firefox/4259/usr/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3128
-
-
/snap/firefox/4259/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3128
-
-
/snap/firefox/4259/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3128
-
-
/usr/local/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3128
-
-
/usr/local/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3128
-
-
/usr/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3128
-
-
/usr/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3128
-
-
/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3128
-
-
/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3128
-
-
/usr/games/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3128
-
-
/usr/local/games/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3128
-
-
/snap/firefox/4259/gnome-platform/usr/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3128
-
-
/snap/firefox/4259/usr/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3133
-
-
/snap/firefox/4259/usr/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3133
-
-
/snap/firefox/4259/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3133
-
-
/snap/firefox/4259/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3133
-
-
/usr/local/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3133
-
-
/usr/local/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3133
-
-
/usr/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3133
-
-
/usr/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3133
-
-
/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3133
-
-
/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3133
-
-
/usr/games/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3133
-
-
/usr/local/games/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3133
-
-
/snap/firefox/4259/gnome-platform/usr/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3133
-
-
/snap/firefox/4259/usr/lib/firefox/firefox/snap/firefox/4259/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 23219 -prefMapSize 239489 -jsInitLen 231800 -parentBuildID 20240510023632 -greomni /snap/firefox/4259/usr/lib/firefox/omni.ja -appomni /snap/firefox/4259/usr/lib/firefox/browser/omni.ja -appDir /snap/firefox/4259/usr/lib/firefox/browser "{5cae0c2b-6af3-4646-91d6-ab2d69e22e31}" 2896 true tab3⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:3141
-
-
/snap/firefox/4259/usr/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3171
-
-
/snap/firefox/4259/usr/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3171
-
-
/snap/firefox/4259/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3171
-
-
/snap/firefox/4259/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3171
-
-
/usr/local/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3171
-
-
/usr/local/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3171
-
-
/usr/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3171
-
-
/usr/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3171
-
-
/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3171
-
-
/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3171
-
-
/usr/games/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3171
-
-
/usr/local/games/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3171
-
-
/snap/firefox/4259/gnome-platform/usr/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:3171
-
-
/snap/firefox/4259/usr/sbin/xdg-settingsxdg-settings3⤵PID:3185
-
-
/snap/firefox/4259/usr/bin/xdg-settingsxdg-settings3⤵PID:3185
-
-
/snap/firefox/4259/sbin/xdg-settingsxdg-settings3⤵PID:3185
-
-
/snap/firefox/4259/bin/xdg-settingsxdg-settings3⤵PID:3185
-
-
/usr/local/sbin/xdg-settingsxdg-settings3⤵PID:3185
-
-
/usr/local/bin/xdg-settingsxdg-settings3⤵PID:3185
-
-
/usr/sbin/xdg-settingsxdg-settings3⤵PID:3185
-
-
/usr/bin/xdg-settingsxdg-settings3⤵PID:3185
-
-
/snap/firefox/4259/usr/lib/firefox/firefox/snap/firefox/4259/usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 23613 -prefMapSize 239489 -jsInitLen 231800 -parentBuildID 20240510023632 -greomni /snap/firefox/4259/usr/lib/firefox/omni.ja -appomni /snap/firefox/4259/usr/lib/firefox/browser/omni.ja -appDir /snap/firefox/4259/usr/lib/firefox/browser "{e3ec9da3-0a15-4a4f-8cab-3df383c93ae4}" 2896 true tab3⤵
- Reads CPU attributes
- Reads runtime system information
PID:3186
-
-
/snap/firefox/4259/usr/lib/firefox/firefox/snap/firefox/4259/usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 29272 -prefMapSize 239489 -jsInitLen 231800 -parentBuildID 20240510023632 -greomni /snap/firefox/4259/usr/lib/firefox/omni.ja -appomni /snap/firefox/4259/usr/lib/firefox/browser/omni.ja -appDir /snap/firefox/4259/usr/lib/firefox/browser "{b0f9852f-53ef-424f-99ba-fec45229817d}" 2896 true tab3⤵
- Reads CPU attributes
- Reads runtime system information
PID:3235
-
-
/snap/firefox/4259/usr/lib/firefox/firefox/snap/firefox/4259/usr/lib/firefox/firefox -contentproc -childID 4 -isForBrowser -prefsLen 30098 -prefMapSize 239489 -jsInitLen 231800 -parentBuildID 20240510023632 -greomni /snap/firefox/4259/usr/lib/firefox/omni.ja -appomni /snap/firefox/4259/usr/lib/firefox/browser/omni.ja -appDir /snap/firefox/4259/usr/lib/firefox/browser "{2ca208c7-f32d-429d-a738-66924f1b3ef6}" 2896 true tab3⤵
- Reads CPU attributes
- Reads runtime system information
PID:3316
-
-
/snap/firefox/4259/usr/lib/firefox/firefox/snap/firefox/4259/usr/lib/firefox/firefox -contentproc -parentBuildID 20240510023632 -sandboxingKind 0 -prefsLen 30750 -prefMapSize 239489 -appDir /snap/firefox/4259/usr/lib/firefox/browser "{ecba8aca-2716-44ac-9704-fd956fa9c3dd}" 2896 true utility3⤵
- Reads CPU attributes
PID:3357
-
-
/snap/firefox/4259/usr/lib/firefox/firefox/snap/firefox/4259/usr/lib/firefox/firefox -contentproc -parentBuildID 20240510023632 -prefsLen 30750 -prefMapSize 239489 -appDir /snap/firefox/4259/usr/lib/firefox/browser "{34da50a5-e220-4db6-9213-303fc0fb5153}" 2896 true rdd3⤵
- Reads CPU attributes
- Reads runtime system information
PID:3356
-
-
/snap/firefox/4259/usr/lib/firefox/firefox/snap/firefox/4259/usr/lib/firefox/firefox -contentproc -childID 5 -isForBrowser -prefsLen 29256 -prefMapSize 239489 -jsInitLen 231800 -parentBuildID 20240510023632 -greomni /snap/firefox/4259/usr/lib/firefox/omni.ja -appomni /snap/firefox/4259/usr/lib/firefox/browser/omni.ja -appDir /snap/firefox/4259/usr/lib/firefox/browser "{98a94998-7ce5-49cc-a898-b49225c48afc}" 2896 true tab3⤵
- Reads runtime system information
PID:3479
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5B
MD50888005ab2e130f401cf82343ee8fc74
SHA1f8bef4542e1fe71aa903e8374bd17ee227811233
SHA25647cac0af4d38b1c5bd491246cee7496fa018296f005bd0a2734c0929e2ad65cc
SHA5129184f10e8a4fc6a942462261d1b8bdcaccb6f3a44abee38d40c7dfe3068b2a2d47bfd1d3089b45d10b50ca7c5d6095596e92f1389617af421cd826609b7d9d79
-
Filesize
1KB
MD59466c5a28a2ffb844c9b3a0dc460e396
SHA13755d1ef5e85f29235ccf0161fd4cb501e89e7e0
SHA256188ed7ee228d46d8d4c25f256e0ca14c4b5086d091127bd117624fc23e6e22e6
SHA512a8ed68e19126fe5669bffecaa81c741eb64667983bae11009bf6c97a4f1e59bebaf2269d3d86b0ade259f180c91bd76a47ea7913630cfa6f9a0f92a22bba68c0
-
Filesize
40B
MD565408163d77c5bbcc5b17dc2e313c93e
SHA1b8891c89ce55f6c1bbe476fd4912a7af296ce79a
SHA256d86e32b299b19c1c03a025d8d5ed026cdf923fc9a1015439cde134b3d13d1fff
SHA512394e2394e44e38210817f5f02779f7b8253c3ff1b4aa816bce7a0b95e40f47094d01cb43ec5e7ec593404f5ddf6fc49bb4175eece231a3cee7c5295e0d9349a7
-
Filesize
53KB
MD5d3b8a4bef831c1af5a8e73baf4e17321
SHA19003cd9615181c5206884a70b15007f445bb787f
SHA256c1420ba137b0818c9b9441c16ee8117a0496da9a14fab1196f3af52cfd84c189
SHA512774811259cfa34e21c3dc3453359d26909868dff52997d39017a3e1d6b1c941504ee1a78fbbb0797b5de05f7a0472e3188e61f19a67c8b7dd5be34943d2b27ed
-
Filesize
22B
MD5c8a656e0f7f0ab827ac5660e607ebf5c
SHA16e9e07995163d959573ce09500bd81ba768e16a5
SHA25633bef3e80216bc82b2a8c8cd5c4b3f1f8aba46829cd0b9870b224b4b30e5dc47
SHA512817d7a1eca70645a70328fe8eaa1c2dc48c82bb996e343e4359747ddf04a8fc19ef698057e9fd3af9e333cfb8b724f8a664b1777a55929b1ebf2dc6ccda60556
-
Filesize
2B
MD5c4103f122d27677c9db144cae1394a66
SHA11489f923c4dca729178b3e3233458550d8dddf29
SHA25696a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7
SHA5125ea71dc6d0b4f57bf39aadd07c208c35f06cd2bac5fde210397f70de11d439c62ec1cdf3183758865fd387fcea0bada2f6c37a4a17851dd1d78fefe6f204ee54