Overview
overview
6Static
static
1URLScan
urlscan
1http://google.com
windows10-ltsc 2021-x64
4http://google.com
android-10-x64
1http://google.com
android-11-x64
1http://google.com
android-13-x64
1http://google.com
android-9-x86
1http://google.com
macos-10.15-amd64
4http://google.com
debian-12-armhf
http://google.com
debian-12-mipsel
http://google.com
debian-9-armhf
http://google.com
debian-9-mips
http://google.com
debian-9-mipsel
http://google.com
ubuntu-18.04-amd64
3http://google.com
ubuntu-20.04-amd64
4http://google.com
ubuntu-22.04-amd64
3http://google.com
ubuntu-24.04-amd64
6Analysis
-
max time kernel
5s -
max time network
0s -
platform
ubuntu-24.04_amd64 -
resource
ubuntu2404-amd64-20240523-en -
resource tags
arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system -
submitted
27/10/2024, 16:00
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://google.com
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral2
Sample
http://google.com
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
http://google.com
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral4
Sample
http://google.com
Resource
android-33-x64-arm64-20240624-en
Behavioral task
behavioral5
Sample
http://google.com
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral6
Sample
http://google.com
Resource
macos-20240711.1-en
Behavioral task
behavioral7
Sample
http://google.com
Resource
debian12-armhf-20240221-en
Behavioral task
behavioral8
Sample
http://google.com
Resource
debian12-mipsel-20240221-en
Behavioral task
behavioral9
Sample
http://google.com
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral10
Sample
http://google.com
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral11
Sample
http://google.com
Resource
debian9-mipsel-20240611-en
Behavioral task
behavioral12
Sample
http://google.com
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral13
Sample
http://google.com
Resource
ubuntu2004-amd64-20240611-en
Behavioral task
behavioral14
Sample
http://google.com
Resource
ubuntu2204-amd64-20240611-en
Behavioral task
behavioral15
Sample
http://google.com
Resource
ubuntu2404-amd64-20240523-en
General
-
Target
http://google.com
Malware Config
Signatures
-
Reads AppArmor ptrace settings 1 TTPs 1 IoCs
Discovery of allowed ptrace capabilities by AppArmor.
description ioc Process File opened for reading /sys/kernel/security/apparmor/features/ptrace firefox -
Changes its process name 64 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself pool-spawner 2586 gsettings Changes the process name, possibly in an attempt to hide itself gmain 2587 gsettings Changes the process name, possibly in an attempt to hide itself dconf worker 2588 gsettings Changes the process name, possibly in an attempt to hide itself pool-spawner 2644 firefox Changes the process name, possibly in an attempt to hide itself gmain 2645 firefox Changes the process name, possibly in an attempt to hide itself glean.dispatche 2647 firefox Changes the process name, possibly in an attempt to hide itself IPC I/O Parent 2649 firefox Changes the process name, possibly in an attempt to hide itself IPC I/O Parent 2649 firefox Changes the process name, possibly in an attempt to hide itself IPC I/O Parent 2649 firefox Changes the process name, possibly in an attempt to hide itself Timer 2650 firefox Changes the process name, possibly in an attempt to hide itself Timer 2650 firefox Changes the process name, possibly in an attempt to hide itself Netlink Monitor 2651 firefox Changes the process name, possibly in an attempt to hide itself Socket Thread 2652 firefox Changes the process name, possibly in an attempt to hide itself Netlink Monitor 2651 firefox Changes the process name, possibly in an attempt to hide itself Socket Thread 2652 firefox Changes the process name, possibly in an attempt to hide itself IPDL Background 2653 firefox Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 2654 firefox Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 2654 firefox Changes the process name, possibly in an attempt to hide itself IPDL Background 2653 firefox Changes the process name, possibly in an attempt to hide itself HTML5 Parser 2655 firefox Changes the process name, possibly in an attempt to hide itself HTML5 Parser 2655 firefox Changes the process name, possibly in an attempt to hide itself pool-firefox 2656 firefox Changes the process name, possibly in an attempt to hide itself pool-firefox 2657 firefox Changes the process name, possibly in an attempt to hide itself gdbus 2659 firefox Changes the process name, possibly in an attempt to hide itself JS Watchdog 2660 firefox Changes the process name, possibly in an attempt to hide itself JS Watchdog 2660 firefox Changes the process name, possibly in an attempt to hide itself BGReadURLs 2661 firefox Changes the process name, possibly in an attempt to hide itself BGReadURLs 2661 firefox Changes the process name, possibly in an attempt to hide itself Cache2 I/O 2662 firefox Changes the process name, possibly in an attempt to hide itself Cookie 2663 firefox Changes the process name, possibly in an attempt to hide itself Cookie 2663 firefox Changes the process name, possibly in an attempt to hide itself StreamTrans #1 2664 firefox Changes the process name, possibly in an attempt to hide itself StreamTrans #1 2664 firefox Changes the process name, possibly in an attempt to hide itself TaskCon~ller #0 2665 firefox Changes the process name, possibly in an attempt to hide itself TaskCon~ller #1 2666 firefox Changes the process name, possibly in an attempt to hide itself Worker Launcher 2667 firefox Changes the process name, possibly in an attempt to hide itself Worker Launcher 2667 firefox Changes the process name, possibly in an attempt to hide itself BgIOThr~Pool #1 2668 firefox Changes the process name, possibly in an attempt to hide itself BgIOThr~Pool #1 2668 firefox Changes the process name, possibly in an attempt to hide itself glxtest:disk$0 2670 glxtest Changes the process name, possibly in an attempt to hide itself [pango] FcInit 2682 firefox Changes the process name, possibly in an attempt to hide itself pool-firefox 2695 firefox Changes the process name, possibly in an attempt to hide itself Softwar~cThread 2696 firefox Changes the process name, possibly in an attempt to hide itself Softwar~cThread 2696 firefox Changes the process name, possibly in an attempt to hide itself Softwar~cThread 2696 firefox Changes the process name, possibly in an attempt to hide itself Renderer 2697 firefox Changes the process name, possibly in an attempt to hide itself Renderer 2697 firefox Changes the process name, possibly in an attempt to hide itself WRWorker#0 2698 firefox Changes the process name, possibly in an attempt to hide itself WRWorkerLP#0 2699 firefox Changes the process name, possibly in an attempt to hide itself Compositor 2700 firefox Changes the process name, possibly in an attempt to hide itself Compositor 2700 firefox Changes the process name, possibly in an attempt to hide itself CanvasRenderer 2701 firefox Changes the process name, possibly in an attempt to hide itself WRWorker#0 2698 firefox Changes the process name, possibly in an attempt to hide itself CanvasRenderer 2701 firefox Changes the process name, possibly in an attempt to hide itself WRWorkerLP#0 2699 firefox Changes the process name, possibly in an attempt to hide itself ImageIO 2702 firefox Changes the process name, possibly in an attempt to hide itself ImageIO 2702 firefox Changes the process name, possibly in an attempt to hide itself QuotaManager IO 2703 firefox Changes the process name, possibly in an attempt to hide itself QuotaManager IO 2703 firefox Changes the process name, possibly in an attempt to hide itself Permission 2704 firefox Changes the process name, possibly in an attempt to hide itself Permission 2704 firefox Changes the process name, possibly in an attempt to hide itself Breakpad Server 2705 firefox Changes the process name, possibly in an attempt to hide itself SandboxReporter 2706 firefox Changes the process name, possibly in an attempt to hide itself IPC Launch 2707 firefox -
Reads CPU attributes 1 TTPs 2 IoCs
description ioc Process File opened for reading /sys/devices/system/cpu/present firefox File opened for reading /sys/devices/system/cpu/cpu0/cpu_capacity glxtest -
Enumerates kernel/hardware configuration 1 TTPs 64 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
description ioc Process File opened for reading /sys/kernel/security/apparmor/features/file firefox File opened for reading /sys/fs/cgroup/system.slice/gdm.service snap-confine File opened for reading /sys/fs/cgroup/system.slice/wpa_supplicant.service snap-confine File opened for reading /sys/fs/cgroup/user.slice/user-0.slice/[email protected]/session.slice/org.gnome.SettingsDaemon.XSettings.service snap-confine File opened for reading /sys/bus/pci/devices/0000:00:05.0/device glxtest File opened for reading /sys/bus/pci/devices/0000:00:03.0/device glxtest File opened for reading /sys/bus/pci/devices/0000:00:00.0/vendor glxtest File opened for reading /sys/kernel/security/apparmor/features firefox File opened for reading /sys/devices/virtual/mem/full/uevent snap-confine File opened for reading /sys/fs/cgroup/user.slice/user-0.slice/[email protected]/app.slice/app-gnome\x2dsession\x2dmanager.slice/[email protected] snap-confine File opened for reading /sys/fs/cgroup/user.slice/user-0.slice/[email protected]/session.slice/gvfs-gphoto2-volume-monitor.service snap-confine File opened for reading /sys/fs/cgroup/system.slice/accounts-daemon.service snap-confine File opened for reading /sys/fs/cgroup/system.slice/anacron.service snap-confine File opened for reading /sys/fs/cgroup/system.slice/cups.service snap-confine File opened for reading /sys/bus/pci/devices/0000:00:05.0/vendor glxtest File opened for reading /sys/fs/cgroup/system.slice/system-serial\x2dgetty.slice snap-confine File opened for reading /sys/fs/cgroup/user.slice/user-0.slice/[email protected]/app.slice snap-confine File opened for reading /sys/fs/cgroup/user.slice/user-0.slice/[email protected]/app.slice/app-gnome\x2dsession\x2dmanager.slice snap-confine File opened for reading /sys/fs/cgroup/user.slice/user-0.slice/[email protected]/app.slice/dconf.service snap-confine File opened for reading /sys/kernel/security/apparmor/features/dbus firefox File opened for reading /sys/devices/virtual/dma_heap/system/uevent snap-confine File opened for reading /sys/fs/cgroup/init.scope snap-confine File opened for reading /sys/fs/cgroup/system.slice snap-confine File opened for reading /sys/fs/cgroup/user.slice/user-0.slice/[email protected]/session.slice/org.gnome.SettingsDaemon.Rfkill.service snap-confine File opened for reading /sys/fs/cgroup/user.slice/user-0.slice/[email protected]/session.slice/xdg-permission-store.service snap-confine File opened for reading /sys/bus/pci/devices/0000:00:02.0/vendor glxtest File opened for reading /sys/fs/cgroup/user.slice/user-0.slice/[email protected]/session.slice/org.gnome.SettingsDaemon.Sound.service snap-confine File opened for reading /sys/fs/cgroup/user.slice/user-0.slice/[email protected]/session.slice/[email protected] snap-confine File opened for reading /sys/fs/cgroup/sys-kernel-debug.mount snap-confine File opened for reading /sys/fs/cgroup/system.slice/kerneloops.service snap-confine File opened for reading /sys/fs/cgroup/system.slice/systemd-resolved.service snap-confine File opened for reading /sys/fs/cgroup/system.slice/upower.service snap-confine File opened for reading /sys/fs/cgroup/user.slice/user-0.slice/[email protected]/app.slice/evolution-calendar-factory.service snap-confine File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size snap-exec File opened for reading /sys/bus/pci/devices/0000:00:00.0/device glxtest File opened for reading /sys/bus/pci/devices/0000:00:01.0/class glxtest File opened for reading /sys/fs/bpf snap-confine File opened for reading /sys/fs/cgroup/system.slice/rtkit-daemon.service snap-confine File opened for reading /sys/fs/cgroup/system.slice/unattended-upgrades.service snap-confine File opened for reading /sys/fs/cgroup/user.slice/user-0.slice/[email protected]/app.slice/app-org.gnome.Terminal.slice snap-confine File opened for reading /sys/fs/cgroup/system.slice/ssh.socket snap-confine File opened for reading /sys/bus/pci/devices/0000:00:04.0/vendor glxtest File opened for reading /sys/bus/pci/devices/0000:00:01.0/vendor glxtest File opened for reading /sys/fs/cgroup/system.slice/colord.service snap-confine File opened for reading /sys/fs/cgroup/system.slice/cups-browsed.service snap-confine File opened for reading /sys/fs/cgroup/system.slice/snap-core22-1380.mount snap-confine File opened for reading /sys/bus/pci/devices/0000:00:01.3/vendor glxtest File opened for reading /sys/fs/cgroup/system.slice/switcheroo-control.service snap-confine File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size snapctl File opened for reading /sys/bus/pci/devices/0000:00:06.0/vendor glxtest File opened for reading /sys/devices/system/cpu firefox File opened for reading /sys/kernel/security/apparmor/features/policy firefox File opened for reading /sys/fs/cgroup/system.slice/multipathd.service snap-confine File opened for reading /sys/fs/cgroup/system.slice/power-profiles-daemon.service snap-confine File opened for reading /sys/fs/cgroup/system.slice/snapd.service snap-confine File opened for reading /sys/fs/cgroup/system.slice/system-modprobe.slice snap-confine File opened for reading /sys/fs/cgroup/system.slice/systemd-networkd.service snap-confine File opened for reading /sys/bus/pci/devices/0000:00:02.0/class glxtest File opened for reading /sys/bus/pci/devices/0000:00:01.3/device glxtest File opened for reading /sys/bus/pci/devices/0000:00:02.0/device glxtest File opened for reading /sys/kernel/security/apparmor/features/domain firefox File opened for reading /sys/kernel/security/apparmor/features/namespaces firefox File opened for reading /sys/fs/cgroup/system.slice/system-serial\x2dgetty.slice/[email protected] snap-confine File opened for reading /sys/fs/cgroup/user.slice/user-0.slice/[email protected]/app.slice/gcr-ssh-agent.service snap-confine -
description ioc Process File opened for reading /proc/self/maps grep File opened for reading /proc/self/fd dbus-send File opened for reading /proc/self/maps grep File opened for reading /proc/filesystems sed File opened for reading /proc/self/ns/mnt snap-confine File opened for reading /proc/filesystems firefox File opened for reading /proc/filesystems glxtest File opened for reading /proc/self/maps grep File opened for reading /proc/self/maps grep File opened for reading /proc/self/fd dbus-send File opened for reading /proc/self/maps grep File opened for reading /proc/self/maps grep File opened for reading /proc/filesystems gsettings File opened for reading /proc/self/maps grep File opened for reading /proc/self/stat firefox File opened for reading /proc/self/maps firefox File opened for reading /proc/self/maps grep File opened for reading /proc/self/maps grep File opened for reading /proc/self/maps grep File opened for reading /proc/self/fd/10 snap-confine File opened for reading /proc/self/task/2715/stat firefox File opened for reading /proc/self/maps grep File opened for reading /proc/self/fd/13 snap-confine File opened for reading /proc/self/fd/11 snap-confine File opened for reading /proc/2521/cmdline dbus-daemon File opened for reading /proc/self/maps grep File opened for reading /proc/cmdline snap-exec File opened for reading /proc/filesystems firefox File opened for reading /proc/2466/cmdline dbus-daemon File opened for reading /proc/self/maps grep File opened for reading /proc/cgroups firefox File opened for reading /proc/cmdline firefox File opened for reading /proc/sys/kernel/random/uuid firefox File opened for reading /proc/self/mountinfo firefox File opened for reading /proc/2445/cmdline dbus-daemon File opened for reading /proc/self/maps grep File opened for reading /proc/filesystems sed File opened for reading /proc/self/mountinfo firefox File opened for reading /proc/2519/cgroup firefox File opened for reading /proc/self/fd/9 snap-confine File opened for reading /proc/self/maps grep File opened for reading /proc/filesystems mkdir File opened for reading /proc/filesystems mkdir File opened for reading /proc/self/fd/37 firefox File opened for reading /proc/self/maps grep File opened for reading /proc/self/maps grep File opened for reading /proc/self/maps grep File opened for reading /proc/self/maps grep File opened for reading /proc/self/maps grep File opened for reading /proc/self/stat firefox File opened for reading /proc/self/maps grep File opened for reading /proc/cmdline snap-confine File opened for reading /proc/filesystems dbus-daemon File opened for reading /proc/filesystems sed File opened for reading /proc/self/maps grep File opened for reading /proc/filesystems sed File opened for reading /proc/filesystems gsettings File opened for reading /proc/self/fd/12 snap-confine File opened for reading /proc/self/cgroup firefox File opened for reading /proc/self/fd/11 firefox File opened for reading /proc/2450/attr/apparmor/current dbus-daemon File opened for reading /proc/self/maps grep File opened for reading /proc/self/maps grep File opened for reading /proc/self/maps grep -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/firefox/.parentlock firefox
Processes
-
/usr/bin/xdg-openxdg-open http://google.com1⤵PID:2443
-
/usr/bin/dbus-senddbus-send --print-reply "--dest=org.freedesktop.DBus" /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager2⤵PID:2445
-
/usr/bin/dbus-launchdbus-launch --autolaunch 36e6eb39a6fa405996e79cad2731865d --binary-syntax --close-stderr3⤵PID:2446
-
/usr/bin/dbus-daemon/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session4⤵
- Reads runtime system information
PID:2448
-
-
-
-
/usr/bin/xpropxprop -root _DT_SAVE_MODE2⤵PID:2451
-
-
/usr/bin/grepgrep " = \\\"xfce4\\\"\$"2⤵PID:2452
-
-
/usr/bin/xpropxprop -root2⤵PID:2453
-
-
/usr/bin/grepgrep -i "^xfce_desktop_window"2⤵
- Reads runtime system information
PID:2454
-
-
/usr/bin/grepgrep -q "^Enlightenment"2⤵
- Reads runtime system information
PID:2456
-
-
/usr/bin/unameuname2⤵PID:2457
-
-
/usr/bin/grepgrep -q "^file://"2⤵
- Reads runtime system information
PID:2459
-
-
/usr/bin/egrepegrep -q "^[[:alpha:]+\\.\\-]+:"2⤵PID:2461
-
-
/usr/local/sbin/grepgrep -E -q "^[[:alpha:]+\\.\\-]+:"2⤵PID:2461
-
-
/usr/local/bin/grepgrep -E -q "^[[:alpha:]+\\.\\-]+:"2⤵PID:2461
-
-
/usr/sbin/grepgrep -E -q "^[[:alpha:]+\\.\\-]+:"2⤵PID:2461
-
-
/usr/bin/grepgrep -E -q "^[[:alpha:]+\\.\\-]+:"2⤵
- Reads runtime system information
PID:2461
-
-
/usr/bin/sedsed -n "s/\\(^[[:alnum:]+\\.-]*\\):.*\$/\\1/p"2⤵
- Reads runtime system information
PID:2464
-
-
/usr/bin/xdg-mimexdg-mime query default x-scheme-handler/http2⤵PID:2465
-
/usr/bin/dbus-senddbus-send --print-reply "--dest=org.freedesktop.DBus" /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager3⤵PID:2466
-
/usr/bin/dbus-launchdbus-launch --autolaunch 36e6eb39a6fa405996e79cad2731865d --binary-syntax --close-stderr4⤵PID:2467
-
-
-
/usr/bin/xpropxprop -root _DT_SAVE_MODE3⤵PID:2468
-
-
/usr/bin/grepgrep " = \\\"xfce4\\\"\$"3⤵
- Reads runtime system information
PID:2469
-
-
/usr/bin/xpropxprop -root3⤵PID:2470
-
-
/usr/bin/grepgrep -i "^xfce_desktop_window"3⤵
- Reads runtime system information
PID:2471
-
-
/usr/bin/grepgrep -q "^Enlightenment"3⤵
- Reads runtime system information
PID:2473
-
-
/usr/bin/unameuname3⤵PID:2474
-
-
/usr/bin/sedsed "s/:/ /g"3⤵
- Reads runtime system information
PID:2477
-
-
/usr/bin/grepgrep "x-scheme-handler/http=" /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache3⤵
- Reads runtime system information
PID:2479
-
-
/usr/bin/headhead -n 13⤵PID:2480
-
-
/usr/bin/cutcut -d "=" -f 23⤵PID:2481
-
-
/usr/bin/cutcut -d ";" -f 13⤵PID:2482
-
-
/usr/bin/grepgrep "x-scheme-handler/http=" /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache3⤵
- Reads runtime system information
PID:2484
-
-
/usr/bin/headhead -n 13⤵PID:2485
-
-
/usr/bin/cutcut -d "=" -f 23⤵PID:2486
-
-
/usr/bin/cutcut -d ";" -f 13⤵PID:2487
-
-
/usr/bin/grepgrep "x-scheme-handler/http=" /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache3⤵
- Reads runtime system information
PID:2489
-
-
/usr/bin/headhead -n 13⤵PID:2490
-
-
/usr/bin/cutcut -d "=" -f 23⤵PID:2491
-
-
/usr/bin/cutcut -d ";" -f 13⤵PID:2492
-
-
/usr/bin/grepgrep "x-scheme-handler/http=" /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache3⤵
- Reads runtime system information
PID:2494
-
-
/usr/bin/headhead -n 13⤵PID:2495
-
-
/usr/bin/cutcut -d "=" -f 23⤵PID:2496
-
-
/usr/bin/cutcut -d ";" -f 13⤵PID:2497
-
-
/usr/bin/grepgrep "x-scheme-handler/http=" /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache3⤵
- Reads runtime system information
PID:2499
-
-
/usr/bin/headhead -n 13⤵PID:2500
-
-
/usr/bin/cutcut -d "=" -f 23⤵PID:2501
-
-
/usr/bin/cutcut -d ";" -f 13⤵PID:2502
-
-
/usr/bin/grepgrep "x-scheme-handler/http=" /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache3⤵
- Reads runtime system information
PID:2504
-
-
/usr/bin/headhead -n 13⤵PID:2505
-
-
/usr/bin/cutcut -d "=" -f 23⤵PID:2506
-
-
/usr/bin/cutcut -d ";" -f 13⤵PID:2507
-
-
/usr/bin/sedsed "s/:/ /g"3⤵
- Reads runtime system information
PID:2510
-
-
/usr/bin/grepgrep -l "x-scheme-handler/http;" "/.local/share/applications/*.desktop"3⤵PID:2512
-
-
/usr/bin/grepgrep -l "x-scheme-handler/http;" "/usr/local/share//applications/*.desktop"3⤵
- Reads runtime system information
PID:2514
-
-
/usr/bin/grepgrep -l "x-scheme-handler/http;" /usr/share//applications/apport-gtk.desktop /usr/share//applications/bluetooth-sendto.desktop /usr/share//applications/display-im6.q16.desktop /usr/share//applications/gcr-prompter.desktop /usr/share//applications/gcr-viewer.desktop /usr/share//applications/geoclue-demo-agent.desktop /usr/share//applications/gkbd-keyboard-display.desktop /usr/share//applications/gnome-about-panel.desktop /usr/share//applications/gnome-applications-panel.desktop /usr/share//applications/gnome-background-panel.desktop /usr/share//applications/gnome-bluetooth-panel.desktop /usr/share//applications/gnome-color-panel.desktop /usr/share//applications/gnome-datetime-panel.desktop /usr/share//applications/gnome-disk-image-mounter.desktop /usr/share//applications/gnome-disk-image-writer.desktop /usr/share//applications/gnome-display-panel.desktop /usr/share//applications/gnome-initial-setup.desktop /usr/share//applications/gnome-keyboard-panel.desktop /usr/share//applications/gnome-language-selector.desktop /usr/share//applications/gnome-mouse-panel.desktop /usr/share//applications/gnome-multitasking-panel.desktop /usr/share//applications/gnome-network-panel.desktop /usr/share//applications/gnome-notifications-panel.desktop /usr/share//applications/gnome-online-accounts-panel.desktop /usr/share//applications/gnome-power-panel.desktop /usr/share//applications/gnome-printers-panel.desktop /usr/share//applications/gnome-privacy-panel.desktop /usr/share//applications/gnome-region-panel.desktop /usr/share//applications/gnome-search-panel.desktop /usr/share//applications/gnome-session-properties.desktop /usr/share//applications/gnome-sharing-panel.desktop /usr/share//applications/gnome-sound-panel.desktop /usr/share//applications/gnome-system-monitor-kde.desktop /usr/share//applications/gnome-system-panel.desktop /usr/share//applications/gnome-ubuntu-panel.desktop /usr/share//applications/gnome-universal-access-panel.desktop /usr/share//applications/gnome-users-panel.desktop /usr/share//applications/gnome-wacom-panel.desktop /usr/share//applications/gnome-wifi-panel.desktop /usr/share//applications/gnome-wwan-panel.desktop /usr/share//applications/hplj1020.desktop /usr/share//applications/ibus-setup-table.desktop /usr/share//applications/im-config.desktop /usr/share//applications/io.snapcraft.SessionAgent.desktop /usr/share//applications/libreoffice-calc.desktop /usr/share//applications/libreoffice-draw.desktop /usr/share//applications/libreoffice-impress.desktop /usr/share//applications/libreoffice-math.desktop /usr/share//applications/libreoffice-startcenter.desktop /usr/share//applications/libreoffice-writer.desktop /usr/share//applications/libreoffice-xsltfilter.desktop /usr/share//applications/nautilus-autorun-software.desktop /usr/share//applications/nm-applet.desktop /usr/share//applications/nm-connection-editor.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Emojier.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Extension.Gtk3.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Wayland.Gtk3.desktop /usr/share//applications/org.freedesktop.IBus.Setup.desktop /usr/share//applications/org.freedesktop.Xwayland.desktop /usr/share//applications/org.gnome.Calculator.desktop /usr/share//applications/org.gnome.Calendar.desktop /usr/share//applications/org.gnome.Characters.desktop /usr/share//applications/org.gnome.DejaDup.desktop /usr/share//applications/org.gnome.DiskUtility.desktop /usr/share//applications/org.gnome.Evince-previewer.desktop /usr/share//applications/org.gnome.Evince.desktop /usr/share//applications/org.gnome.Evolution-alarm-notify.desktop /usr/share//applications/org.gnome.FileRoller.desktop /usr/share//applications/org.gnome.Logs.desktop /usr/share//applications/org.gnome.Nautilus.desktop /usr/share//applications/org.gnome.OnlineAccounts.OAuth2.desktop /usr/share//applications/org.gnome.PowerStats.desktop /usr/share//applications/org.gnome.RemoteDesktop.Handover.desktop /usr/share//applications/org.gnome.Rhythmbox3.desktop /usr/share//applications/org.gnome.Rhythmbox3.device.desktop /usr/share//applications/org.gnome.Settings.desktop /usr/share//applications/org.gnome.Shell.Extensions.desktop /usr/share//applications/org.gnome.Shell.PortalHelper.desktop /usr/share//applications/org.gnome.Shell.desktop /usr/share//applications/org.gnome.Shotwell-Viewer.desktop /usr/share//applications/org.gnome.Shotwell.Auth.desktop /usr/share//applications/org.gnome.Shotwell.desktop /usr/share//applications/org.gnome.Snapshot.desktop /usr/share//applications/org.gnome.SystemMonitor.desktop /usr/share//applications/org.gnome.Tecla.desktop /usr/share//applications/org.gnome.Terminal.Preferences.desktop /usr/share//applications/org.gnome.Terminal.desktop /usr/share//applications/org.gnome.TextEditor.desktop /usr/share//applications/org.gnome.Totem.desktop /usr/share//applications/org.gnome.Zenity.desktop /usr/share//applications/org.gnome.baobab.desktop /usr/share//applications/org.gnome.clocks.desktop /usr/share//applications/org.gnome.eog.desktop /usr/share//applications/org.gnome.evolution-data-server.OAuth2-handler.desktop /usr/share//applications/org.gnome.font-viewer.desktop /usr/share//applications/org.gnome.seahorse.Application.desktop /usr/share//applications/org.remmina.Remmina-file.desktop /usr/share//applications/org.remmina.Remmina.desktop /usr/share//applications/python3.12.desktop /usr/share//applications/remmina-gnome.desktop /usr/share//applications/rygel.desktop /usr/share//applications/simple-scan.desktop /usr/share//applications/snap-handle-link.desktop /usr/share//applications/software-properties-drivers.desktop /usr/share//applications/software-properties-gtk.desktop /usr/share//applications/software-properties-livepatch.desktop /usr/share//applications/thunderbird.desktop /usr/share//applications/transmission-gtk.desktop /usr/share//applications/update-manager.desktop /usr/share//applications/usb-creator-gtk.desktop /usr/share//applications/xdg-desktop-portal-gnome.desktop /usr/share//applications/xdg-desktop-portal-gtk.desktop /usr/share//applications/yelp.desktop3⤵
- Reads runtime system information
PID:2516
-
-
-
/usr/bin/grepgrep -q "%s"2⤵
- Reads runtime system information
PID:2518
-
-
/usr/bin/x-www-browserx-www-browser http://google.com2⤵PID:2519
-
/usr/bin/xdg-settingsxdg-settings get default-web-browser3⤵PID:2520
-
/usr/bin/dbus-senddbus-send --print-reply "--dest=org.freedesktop.DBus" /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager4⤵
- Reads runtime system information
PID:2521 -
/usr/bin/dbus-launchdbus-launch --autolaunch 36e6eb39a6fa405996e79cad2731865d --binary-syntax --close-stderr5⤵PID:2522
-
-
-
/usr/bin/xpropxprop -root _DT_SAVE_MODE4⤵PID:2523
-
-
/usr/bin/grepgrep " = \\\"xfce4\\\"\$"4⤵PID:2524
-
-
/usr/bin/xpropxprop -root4⤵PID:2525
-
-
/usr/bin/grepgrep -i "^xfce_desktop_window"4⤵
- Reads runtime system information
PID:2526
-
-
/usr/bin/grepgrep -q "^Enlightenment"4⤵PID:2528
-
-
/usr/bin/unameuname4⤵PID:2529
-
-
/usr/bin/xdg-mimexdg-mime query default x-scheme-handler/http4⤵PID:2530
-
/usr/bin/dbus-senddbus-send --print-reply "--dest=org.freedesktop.DBus" /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager5⤵
- Reads runtime system information
PID:2531 -
/usr/bin/dbus-launchdbus-launch --autolaunch 36e6eb39a6fa405996e79cad2731865d --binary-syntax --close-stderr6⤵PID:2532
-
-
-
/usr/bin/xpropxprop -root _DT_SAVE_MODE5⤵PID:2533
-
-
/usr/bin/grepgrep " = \\\"xfce4\\\"\$"5⤵PID:2534
-
-
/usr/bin/xpropxprop -root5⤵PID:2535
-
-
/usr/bin/grepgrep -i "^xfce_desktop_window"5⤵
- Reads runtime system information
PID:2536
-
-
/usr/bin/grepgrep -q "^Enlightenment"5⤵
- Reads runtime system information
PID:2538
-
-
/usr/bin/unameuname5⤵PID:2539
-
-
/usr/bin/sedsed "s/:/ /g"5⤵PID:2542
-
-
/usr/bin/grepgrep "x-scheme-handler/http=" /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache5⤵PID:2544
-
-
/usr/bin/headhead -n 15⤵PID:2545
-
-
/usr/bin/cutcut -d "=" -f 25⤵PID:2546
-
-
/usr/bin/cutcut -d ";" -f 15⤵PID:2547
-
-
/usr/bin/grepgrep "x-scheme-handler/http=" /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache5⤵PID:2549
-
-
/usr/bin/headhead -n 15⤵PID:2550
-
-
/usr/bin/cutcut -d "=" -f 25⤵PID:2551
-
-
/usr/bin/cutcut -d ";" -f 15⤵PID:2552
-
-
/usr/bin/headhead -n 15⤵PID:2556
-
-
/usr/bin/cutcut -d "=" -f 25⤵PID:2557
-
-
/usr/bin/grepgrep "x-scheme-handler/http=" /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache5⤵PID:2555
-
-
/usr/bin/cutcut -d ";" -f 15⤵PID:2558
-
-
/usr/bin/grepgrep "x-scheme-handler/http=" /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache5⤵
- Reads runtime system information
PID:2562
-
-
/usr/bin/headhead -n 15⤵PID:2563
-
-
/usr/bin/cutcut -d "=" -f 25⤵PID:2564
-
-
/usr/bin/cutcut -d ";" -f 15⤵PID:2565
-
-
/usr/bin/grepgrep "x-scheme-handler/http=" /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache5⤵PID:2567
-
-
/usr/bin/headhead -n 15⤵PID:2568
-
-
/usr/bin/cutcut -d "=" -f 25⤵PID:2569
-
-
/usr/bin/cutcut -d ";" -f 15⤵PID:2570
-
-
/usr/bin/grepgrep "x-scheme-handler/http=" /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache5⤵PID:2572
-
-
/usr/bin/headhead -n 15⤵PID:2573
-
-
/usr/bin/cutcut -d "=" -f 25⤵PID:2574
-
-
/usr/bin/cutcut -d ";" -f 15⤵PID:2575
-
-
/usr/bin/sedsed "s/:/ /g"5⤵
- Reads runtime system information
PID:2578
-
-
/usr/bin/grepgrep -l "x-scheme-handler/http;" "/.local/share/applications/*.desktop"5⤵
- Reads runtime system information
PID:2580
-
-
/usr/bin/grepgrep -l "x-scheme-handler/http;" "/usr/local/share//applications/*.desktop"5⤵
- Reads runtime system information
PID:2582
-
-
/usr/bin/grepgrep -l "x-scheme-handler/http;" /usr/share//applications/apport-gtk.desktop /usr/share//applications/bluetooth-sendto.desktop /usr/share//applications/display-im6.q16.desktop /usr/share//applications/gcr-prompter.desktop /usr/share//applications/gcr-viewer.desktop /usr/share//applications/geoclue-demo-agent.desktop /usr/share//applications/gkbd-keyboard-display.desktop /usr/share//applications/gnome-about-panel.desktop /usr/share//applications/gnome-applications-panel.desktop /usr/share//applications/gnome-background-panel.desktop /usr/share//applications/gnome-bluetooth-panel.desktop /usr/share//applications/gnome-color-panel.desktop /usr/share//applications/gnome-datetime-panel.desktop /usr/share//applications/gnome-disk-image-mounter.desktop /usr/share//applications/gnome-disk-image-writer.desktop /usr/share//applications/gnome-display-panel.desktop /usr/share//applications/gnome-initial-setup.desktop /usr/share//applications/gnome-keyboard-panel.desktop /usr/share//applications/gnome-language-selector.desktop /usr/share//applications/gnome-mouse-panel.desktop /usr/share//applications/gnome-multitasking-panel.desktop /usr/share//applications/gnome-network-panel.desktop /usr/share//applications/gnome-notifications-panel.desktop /usr/share//applications/gnome-online-accounts-panel.desktop /usr/share//applications/gnome-power-panel.desktop /usr/share//applications/gnome-printers-panel.desktop /usr/share//applications/gnome-privacy-panel.desktop /usr/share//applications/gnome-region-panel.desktop /usr/share//applications/gnome-search-panel.desktop /usr/share//applications/gnome-session-properties.desktop /usr/share//applications/gnome-sharing-panel.desktop /usr/share//applications/gnome-sound-panel.desktop /usr/share//applications/gnome-system-monitor-kde.desktop /usr/share//applications/gnome-system-panel.desktop /usr/share//applications/gnome-ubuntu-panel.desktop /usr/share//applications/gnome-universal-access-panel.desktop /usr/share//applications/gnome-users-panel.desktop /usr/share//applications/gnome-wacom-panel.desktop /usr/share//applications/gnome-wifi-panel.desktop /usr/share//applications/gnome-wwan-panel.desktop /usr/share//applications/hplj1020.desktop /usr/share//applications/ibus-setup-table.desktop /usr/share//applications/im-config.desktop /usr/share//applications/io.snapcraft.SessionAgent.desktop /usr/share//applications/libreoffice-calc.desktop /usr/share//applications/libreoffice-draw.desktop /usr/share//applications/libreoffice-impress.desktop /usr/share//applications/libreoffice-math.desktop /usr/share//applications/libreoffice-startcenter.desktop /usr/share//applications/libreoffice-writer.desktop /usr/share//applications/libreoffice-xsltfilter.desktop /usr/share//applications/nautilus-autorun-software.desktop /usr/share//applications/nm-applet.desktop /usr/share//applications/nm-connection-editor.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Emojier.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Extension.Gtk3.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Wayland.Gtk3.desktop /usr/share//applications/org.freedesktop.IBus.Setup.desktop /usr/share//applications/org.freedesktop.Xwayland.desktop /usr/share//applications/org.gnome.Calculator.desktop /usr/share//applications/org.gnome.Calendar.desktop /usr/share//applications/org.gnome.Characters.desktop /usr/share//applications/org.gnome.DejaDup.desktop /usr/share//applications/org.gnome.DiskUtility.desktop /usr/share//applications/org.gnome.Evince-previewer.desktop /usr/share//applications/org.gnome.Evince.desktop /usr/share//applications/org.gnome.Evolution-alarm-notify.desktop /usr/share//applications/org.gnome.FileRoller.desktop /usr/share//applications/org.gnome.Logs.desktop /usr/share//applications/org.gnome.Nautilus.desktop /usr/share//applications/org.gnome.OnlineAccounts.OAuth2.desktop /usr/share//applications/org.gnome.PowerStats.desktop /usr/share//applications/org.gnome.RemoteDesktop.Handover.desktop /usr/share//applications/org.gnome.Rhythmbox3.desktop /usr/share//applications/org.gnome.Rhythmbox3.device.desktop /usr/share//applications/org.gnome.Settings.desktop /usr/share//applications/org.gnome.Shell.Extensions.desktop /usr/share//applications/org.gnome.Shell.PortalHelper.desktop /usr/share//applications/org.gnome.Shell.desktop /usr/share//applications/org.gnome.Shotwell-Viewer.desktop /usr/share//applications/org.gnome.Shotwell.Auth.desktop /usr/share//applications/org.gnome.Shotwell.desktop /usr/share//applications/org.gnome.Snapshot.desktop /usr/share//applications/org.gnome.SystemMonitor.desktop /usr/share//applications/org.gnome.Tecla.desktop /usr/share//applications/org.gnome.Terminal.Preferences.desktop /usr/share//applications/org.gnome.Terminal.desktop /usr/share//applications/org.gnome.TextEditor.desktop /usr/share//applications/org.gnome.Totem.desktop /usr/share//applications/org.gnome.Zenity.desktop /usr/share//applications/org.gnome.baobab.desktop /usr/share//applications/org.gnome.clocks.desktop /usr/share//applications/org.gnome.eog.desktop /usr/share//applications/org.gnome.evolution-data-server.OAuth2-handler.desktop /usr/share//applications/org.gnome.font-viewer.desktop /usr/share//applications/org.gnome.seahorse.Application.desktop /usr/share//applications/org.remmina.Remmina-file.desktop /usr/share//applications/org.remmina.Remmina.desktop /usr/share//applications/python3.12.desktop /usr/share//applications/remmina-gnome.desktop /usr/share//applications/rygel.desktop /usr/share//applications/simple-scan.desktop /usr/share//applications/snap-handle-link.desktop /usr/share//applications/software-properties-drivers.desktop /usr/share//applications/software-properties-gtk.desktop /usr/share//applications/software-properties-livepatch.desktop /usr/share//applications/thunderbird.desktop /usr/share//applications/transmission-gtk.desktop /usr/share//applications/update-manager.desktop /usr/share//applications/usb-creator-gtk.desktop /usr/share//applications/xdg-desktop-portal-gnome.desktop /usr/share//applications/xdg-desktop-portal-gtk.desktop /usr/share//applications/yelp.desktop5⤵PID:2584
-
-
-
-
/usr/bin/gsettingsgsettings get org.gnome.shell favorite-apps3⤵
- Changes its process name
- Reads runtime system information
PID:2585
-
-
/usr/bin/grepgrep -q "'firefox.desktop'"3⤵
- Reads runtime system information
PID:2590
-
-
/usr/bin/gsettingsgsettings get com.canonical.Unity.Launcher favorites3⤵
- Reads runtime system information
PID:2591
-
-
/usr/bin/grepgrep -q "'application://firefox.desktop'"3⤵
- Reads runtime system information
PID:2593
-
-
/usr/bin/gsettingsgsettings get org.mate.panel object-id-list3⤵PID:2594
-
-
/usr/bin/whichwhich qdbus3⤵PID:2595
-
-
-
/snap/bin/firefox/snap/bin/firefox http://google.com2⤵
- Reads AppArmor ptrace settings
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:2519 -
/usr/lib/snapd/snap-seccomp/usr/lib/snapd/snap-seccomp version-info3⤵PID:2599
-
-
-
/usr/lib/snapd/snap-confine/usr/lib/snapd/snap-confine --base core22 snap.firefox.firefox /usr/lib/snapd/snap-exec firefox http://google.com2⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:2519
-
-
/usr/lib/snapd/snap-exec/usr/lib/snapd/snap-exec firefox http://google.com2⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:2519
-
-
/snap/firefox/4259/snap/command-chain/desktop-launch/snap/firefox/4259/snap/command-chain/desktop-launch /snap/firefox/4259/firefox.launcher http://google.com2⤵PID:2519
-
/usr/bin/datedate "+%s.%N"3⤵PID:2614
-
-
/usr/bin/chmodchmod 700 /root/snap/firefox/4259/.config3⤵PID:2615
-
-
/usr/bin/md5summd5sum3⤵PID:2617
-
-
/usr/bin/catcat /root/snap/firefox/4259/.config/user-dirs.dirs.md5sum3⤵PID:2618
-
-
/usr/bin/md5summd5sum3⤵PID:2620
-
-
/usr/bin/catcat /root/snap/firefox/4259/.config/user-dirs.locale.md5sum3⤵PID:2621
-
-
/usr/bin/grepgrep -qs "^\\s*confinement:\\s*classic\\s*" /snap/firefox/4259/meta/snap.yaml3⤵
- Reads runtime system information
PID:2622
-
-
/usr/bin/snapctlsnapctl is-connected gnome-42-22043⤵PID:2623
-
-
/usr/bin/snapctlsnapctl is-connected gsettings3⤵PID:2626
-
-
/usr/bin/mkdirmkdir -p /run/user/0/snap.firefox -m 7003⤵
- Reads runtime system information
PID:2629
-
-
/usr/bin/realpathrealpath /root/snap/firefox/4259/.config3⤵PID:2630
-
-
/usr/bin/realpathrealpath /root/snap/firefox/common3⤵PID:2631
-
-
/usr/bin/mkdirmkdir -p /run/user/0/snap.firefox/dconf3⤵
- Reads runtime system information
PID:2632
-
-
/usr/bin/lnln -sf ../../dconf/user /run/user/0/snap.firefox/dconf/user3⤵PID:2633
-
-
/usr/bin/rmrm -rf /root/snap/firefox/4259/.config/ibus/bus3⤵PID:2634
-
-
/usr/bin/lnln -sfn /root/.config/ibus/bus /root/snap/firefox/4259/.config/ibus3⤵PID:2635
-
-
-
/snap/firefox/4259/firefox.launcher/snap/firefox/4259/firefox.launcher http://google.com2⤵PID:2519
-
-
/snap/firefox/4259/usr/lib/firefox/firefox/snap/firefox/4259/usr/lib/firefox/firefox http://google.com2⤵
- Changes its process name
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
- Writes file to tmp directory
PID:2519 -
/usr/bin/snapctl/usr/bin/snapctl is-connected3⤵PID:2638
-
-
/usr/bin/snapctl/usr/bin/snapctl is-connected gsettings3⤵
- Enumerates kernel/hardware configuration
PID:2641
-
-
/snap/firefox/4259/usr/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2646
-
-
/snap/firefox/4259/usr/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2646
-
-
/snap/firefox/4259/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2646
-
-
/snap/firefox/4259/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2646
-
-
/usr/local/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2646
-
-
/usr/local/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2646
-
-
/usr/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2646
-
-
/usr/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2646
-
-
/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2646
-
-
/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2646
-
-
/usr/games/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2646
-
-
/usr/local/games/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2646
-
-
/snap/firefox/4259/gnome-platform/usr/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2646
-
-
/snap/firefox/4259/usr/lib/firefox/glxtest/snap/firefox/4259/usr/lib/firefox/glxtest -f 123⤵
- Changes its process name
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:2648
-
-
/snap/firefox/4259/usr/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2669
-
-
/snap/firefox/4259/usr/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2669
-
-
/snap/firefox/4259/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2669
-
-
/snap/firefox/4259/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2669
-
-
/usr/local/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2669
-
-
/usr/local/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2669
-
-
/usr/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2669
-
-
/usr/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2669
-
-
/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2669
-
-
/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2669
-
-
/usr/games/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2669
-
-
/usr/local/games/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2669
-
-
/snap/firefox/4259/gnome-platform/usr/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2669
-
-
/snap/firefox/4259/usr/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2694
-
-
/snap/firefox/4259/usr/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2694
-
-
/snap/firefox/4259/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2694
-
-
/snap/firefox/4259/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2694
-
-
/usr/local/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2694
-
-
/usr/local/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2694
-
-
/usr/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2694
-
-
/usr/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2694
-
-
/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2694
-
-
/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2694
-
-
/usr/games/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2694
-
-
/usr/local/games/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2694
-
-
/snap/firefox/4259/gnome-platform/usr/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2694
-
-
/snap/firefox/4259/usr/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2709
-
-
/snap/firefox/4259/usr/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2709
-
-
/snap/firefox/4259/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2709
-
-
/snap/firefox/4259/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2709
-
-
/usr/local/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2709
-
-
/usr/local/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2709
-
-
/usr/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2709
-
-
/usr/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2709
-
-
/sbin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2709
-
-
/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2709
-
-
/usr/games/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2709
-
-
/usr/local/games/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2709
-
-
/snap/firefox/4259/gnome-platform/usr/bin/dbus-launchdbus-launch "--autolaunch=36e6eb39a6fa405996e79cad2731865d" --binary-syntax --close-stderr3⤵PID:2709
-
-
/snap/firefox/4259/usr/lib/firefox/firefox/snap/firefox/4259/usr/lib/firefox/firefox -contentproc -parentBuildID 20240510023632 -prefsLen 20957 -prefMapSize 241450 -appDir /snap/firefox/4259/usr/lib/firefox/browser "{c16eeb57-7aa3-4806-83f9-a6c324bf92c1}" 2519 true socket3⤵
- Reads runtime system information
PID:2708
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5B
MD542f71314150c91f06a74a42443585ff2
SHA11de9d2a25681fe9c507befdc41af303dfb4a5b5e
SHA256a63c7ec1d2560ea5d9ae89b488b6b4ffcebdaaa1a0325f79a1d70ceafbe44c4c
SHA512c0f7c24035bfde58a68a234e415a843011121bb987153a0c4c0289d11f2e2665102447f00d0148f3cec8cc61d95b1bf02474dbcba33fc2f16b092761d011f0d4
-
Filesize
40B
MD565408163d77c5bbcc5b17dc2e313c93e
SHA1b8891c89ce55f6c1bbe476fd4912a7af296ce79a
SHA256d86e32b299b19c1c03a025d8d5ed026cdf923fc9a1015439cde134b3d13d1fff
SHA512394e2394e44e38210817f5f02779f7b8253c3ff1b4aa816bce7a0b95e40f47094d01cb43ec5e7ec593404f5ddf6fc49bb4175eece231a3cee7c5295e0d9349a7
-
Filesize
53KB
MD5d3b8a4bef831c1af5a8e73baf4e17321
SHA19003cd9615181c5206884a70b15007f445bb787f
SHA256c1420ba137b0818c9b9441c16ee8117a0496da9a14fab1196f3af52cfd84c189
SHA512774811259cfa34e21c3dc3453359d26909868dff52997d39017a3e1d6b1c941504ee1a78fbbb0797b5de05f7a0472e3188e61f19a67c8b7dd5be34943d2b27ed
-
Filesize
22B
MD5c8a656e0f7f0ab827ac5660e607ebf5c
SHA16e9e07995163d959573ce09500bd81ba768e16a5
SHA25633bef3e80216bc82b2a8c8cd5c4b3f1f8aba46829cd0b9870b224b4b30e5dc47
SHA512817d7a1eca70645a70328fe8eaa1c2dc48c82bb996e343e4359747ddf04a8fc19ef698057e9fd3af9e333cfb8b724f8a664b1777a55929b1ebf2dc6ccda60556