Analysis
-
max time kernel
1799s -
max time network
1678s -
platform
ubuntu-20.04_amd64 -
resource
ubuntu2004-amd64-20240611-en -
resource tags
-
submitted
21-06-2024 17:05
General
-
Target
https://www.googleadservices.com/pagead/aclk?sa=L&ai=C5fh6mrJ1Zo2xF5fjhcIPvO2CqQv6g8fBeOenq4_xErCQHxABIABgu6a7g9AKggEXY2EtcHViLTYyMTk4MTE3NDcwNDkzNzGgAZbJ6MspqQL8Qvyp4uyxPqgDBMgDCqoEpQNP0OpES14WF4uKxzzumcP9ibcB7Nbsgi06l_7FyeW321yBpR6jkt2Cwi2S6gyEHQD4seP9m9uwjPj9qFPc6PboktS2tLqCALR5nxUqyWAiavojX4j0in0Yi1rLGRdy_OGbcOa55MVYcgFGVNiOIzK8HmC617F5r2rpXrfGisWO_5ANhNPKMMvsDuKJFGA81DLtWDn9HowiOB9c6uIdp3DeLVI9OBG-W9xR5L0incK4Tjc5XJB0GfpG5Efu-SiD-nSEO1_FYGaT1C4DTmerYPRgsFPnClgjiRy56nCYMQUjVFEuWW8qcA0CCd_ZDx-IEbC1NWI8kcj7kfv8tjHP4-ZOL1Ge4b7L5zDbFhKKIzeB148MvCOt7CmCst987pDD66HoMb3rKqbBA64CyUyMSnuSibLUeSjLzdb1KjeZxiBN52z7W4BRaW4PpxNGIwnkma2s7jlM63tMjX1b8iyPQ7t5Nr4OBlEkP_WvnVXWt9_5cS8X2Boa8iDnb76mNqzrguHGK0krcHj18HkqKBvop6lwdBPYlHr7lwVkmnp9tweR8it4QA0qkgUKCBNoAni-_ODXBKAGboAHloG5qwSIBwGQBwKoB-u2sQKoB_mxsQKoB4C6sQKoB-edsQKoB-idsQKoB-q3sQKoB6e1sQKoB--1sQKoB_C1sQKoB4KqsQKoB4QIqAeo0huoB7YHqAex3BuoB6SasQKoB5GfsQKoB-aasQKoB_i_sQKoB7CbsQKoB66xsQKoB-a8sQKoB6aqsQKoB-a3sQKoB8q6sQKoB-zAsQKoB_2ysQKoB_e4sQKoB_i4sQKoB_SZsQKoB_i_sQKoB4HGG6gH_K-xAqgHq8UbqAfmnbECqAe3obECqAfetbECuAgB0gguCICAgJAEEAIYWjICoAQ6Do_QgICAgASAwICAgKABSNmg0jVQFFjI1ZDklu2GA_IIH2NhLXl0LWhvc3QtcHViLTU2MDgwOTAyNzE1ODMzNzOaCSRodHRwczovL3NlaWJlcnNwYWNlLm9yZy9pbnNpZGUtb3V0LTKxCf1Yzn-XGkPFyAkAyAmKApgLAaELGz8IO5ScZj-6C1UIARAFGAQgCCgBMAZAAUgAWAFgAGgAcAGIAQCYAQGiASgKGyAD2rgEFTITOhEKDygwSP_wr4OlBpgZAbggAXAB0AEBqAIFwAICqAEB2AEBgAIBiAIG0AsSmg0BEqoNAkdCuBP___________8BsBQBwBWBgIBA0BUB2BUBmBYB4hYCCAGAFwGKFxgIAxgBIAEoATABOAFAAUgBUAFYAWACcAGgFwGpF-c9WT_R9m0MuhcEKAAwAA&num=1&cid=CAESD-D2U58Q2mOJPm1V_vhIvw&sig=AOD64_25N5X5Cw7ZGKQ4qu4x4yM7QoeOvA&ms=%5BCLICK_MS%5D&adurl=https://seiberspace.org/inside-out-2%3Futm_content%3Dtarget10%26utm_device%3Ddesktop&nb=8&nx=%5BNX%5D&ny=%5BNY%5D&dim=%5BDIM%5D
Score
4/10
Malware Config
Signatures
-
Changes its process name 64 IoCs
-
Checks CPU configuration 1 TTPs 1 IoCs
Checks CPU information which indicate if the system is a virtual machine.
-
Reads CPU attributes 1 TTPs 25 IoCs
-
Enumerates kernel/hardware configuration 1 TTPs 64 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory 2 IoCs
Malware often drops required files in the /tmp directory.
Processes
-
/usr/bin/xdg-openxdg-open "https://www.googleadservices.com/pagead/aclk?sa=L&ai=C5fh6mrJ1Zo2xF5fjhcIPvO2CqQv6g8fBeOenq4_xErCQHxABIABgu6a7g9AKggEXY2EtcHViLTYyMTk4MTE3NDcwNDkzNzGgAZbJ6MspqQL8Qvyp4uyxPqgDBMgDCqoEpQNP0OpES14WF4uKxzzumcP9ibcB7Nbsgi06l_7FyeW321yBpR6jkt2Cwi2S6gyEHQD4seP9m9uwjPj9qFPc6PboktS2tLqCALR5nxUqyWAiavojX4j0in0Yi1rLGRdy_OGbcOa55MVYcgFGVNiOIzK8HmC617F5r2rpXrfGisWO_5ANhNPKMMvsDuKJFGA81DLtWDn9HowiOB9c6uIdp3DeLVI9OBG-W9xR5L0incK4Tjc5XJB0GfpG5Efu-SiD-nSEO1_FYGaT1C4DTmerYPRgsFPnClgjiRy56nCYMQUjVFEuWW8qcA0CCd_ZDx-IEbC1NWI8kcj7kfv8tjHP4-ZOL1Ge4b7L5zDbFhKKIzeB148MvCOt7CmCst987pDD66HoMb3rKqbBA64CyUyMSnuSibLUeSjLzdb1KjeZxiBN52z7W4BRaW4PpxNGIwnkma2s7jlM63tMjX1b8iyPQ7t5Nr4OBlEkP_WvnVXWt9_5cS8X2Boa8iDnb76mNqzrguHGK0krcHj18HkqKBvop6lwdBPYlHr7lwVkmnp9tweR8it4QA0qkgUKCBNoAni-_ODXBKAGboAHloG5qwSIBwGQBwKoB-u2sQKoB_mxsQKoB4C6sQKoB-edsQKoB-idsQKoB-q3sQKoB6e1sQKoB--1sQKoB_C1sQKoB4KqsQKoB4QIqAeo0huoB7YHqAex3BuoB6SasQKoB5GfsQKoB-aasQKoB_i_sQKoB7CbsQKoB66xsQKoB-a8sQKoB6aqsQKoB-a3sQKoB8q6sQKoB-zAsQKoB_2ysQKoB_e4sQKoB_i4sQKoB_SZsQKoB_i_sQKoB4HGG6gH_K-xAqgHq8UbqAfmnbECqAe3obECqAfetbECuAgB0gguCICAgJAEEAIYWjICoAQ6Do_QgICAgASAwICAgKABSNmg0jVQFFjI1ZDklu2GA_IIH2NhLXl0LWhvc3QtcHViLTU2MDgwOTAyNzE1ODMzNzOaCSRodHRwczovL3NlaWJlcnNwYWNlLm9yZy9pbnNpZGUtb3V0LTKxCf1Yzn-XGkPFyAkAyAmKApgLAaELGz8IO5ScZj-6C1UIARAFGAQgCCgBMAZAAUgAWAFgAGgAcAGIAQCYAQGiASgKGyAD2rgEFTITOhEKDygwSP_wr4OlBpgZAbggAXAB0AEBqAIFwAICqAEB2AEBgAIBiAIG0AsSmg0BEqoNAkdCuBP___________8BsBQBwBWBgIBA0BUB2BUBmBYB4hYCCAGAFwGKFxgIAxgBIAEoATABOAFAAUgBUAFYAWACcAGgFwGpF-c9WT_R9m0MuhcEKAAwAA&num=1&cid=CAESD-D2U58Q2mOJPm1V_vhIvw&sig=AOD64_25N5X5Cw7ZGKQ4qu4x4yM7QoeOvA&ms=%5BCLICK_MS%5D&adurl=https://seiberspace.org/inside-out-2%3Futm_content%3Dtarget10%26utm_device%3Ddesktop&nb=8&nx=%5BNX%5D&ny=%5BNY%5D&dim=%5BDIM%5D"1⤵
-
/usr/bin/dbus-senddbus-send --print-reply "--dest=org.freedesktop.DBus" /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager2⤵
-
/usr/bin/dbus-launchdbus-launch --autolaunch 4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr3⤵
-
/usr/bin/dbus-daemon/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session4⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
-
/usr/libexec/xdg-desktop-portal/usr/libexec/xdg-desktop-portal5⤵
- Reads runtime system information
-
/usr/libexec/xdg-document-portal/usr/libexec/xdg-document-portal5⤵
-
/usr/libexec/xdg-permission-store/usr/libexec/xdg-permission-store5⤵
-
/usr/libexec/xdg-desktop-portal-gtk/usr/libexec/xdg-desktop-portal-gtk5⤵
-
/usr/libexec/gvfsd/usr/libexec/gvfsd5⤵
-
/usr/libexec/gvfsd-trash/usr/libexec/gvfsd-trash --spawner :1.8 /org/gtk/gvfs/exec_spaw/06⤵
-
/usr/libexec/dconf-service/usr/libexec/dconf-service5⤵
- Reads runtime system information
-
/usr/bin/nautilus/usr/bin/nautilus --gapplication-service5⤵
- Reads CPU attributes
- Reads runtime system information
-
/usr/bin/gnome-keyring-daemon/usr/bin/gnome-keyring-daemon --start --foreground "--components=secrets"5⤵
- Reads runtime system information
-
/usr/libexec/gvfs-udisks2-volume-monitor/usr/libexec/gvfs-udisks2-volume-monitor5⤵
- Reads runtime system information
-
/usr/libexec/gvfs-afc-volume-monitor/usr/libexec/gvfs-afc-volume-monitor5⤵
-
/usr/libexec/gvfs-mtp-volume-monitor/usr/libexec/gvfs-mtp-volume-monitor5⤵
- Enumerates kernel/hardware configuration
-
/usr/libexec/gvfs-gphoto2-volume-monitor/usr/libexec/gvfs-gphoto2-volume-monitor5⤵
- Enumerates kernel/hardware configuration
-
/usr/libexec/gvfs-goa-volume-monitor/usr/libexec/gvfs-goa-volume-monitor5⤵
- Reads runtime system information
-
/usr/libexec/goa-daemon/usr/libexec/goa-daemon5⤵
-
/usr/libexec/goa-identity-service/usr/libexec/goa-identity-service5⤵
-
/usr/bin/grepgrep " = \\\"xfce4\\\"\$"2⤵
-
/usr/bin/xpropxprop -root _DT_SAVE_MODE2⤵
-
/usr/bin/grepgrep -i "^xfce_desktop_window"2⤵
-
/usr/bin/xpropxprop -root2⤵
-
/usr/bin/grepgrep -q "^Enlightenment"2⤵
-
/usr/bin/unameuname2⤵
-
/usr/bin/grepgrep -q "^file://"2⤵
-
/usr/bin/egrepegrep -q "^[[:alpha:]+\\.\\-]+:"2⤵
-
/usr/local/sbin/grepgrep -E -q "^[[:alpha:]+\\.\\-]+:"2⤵
-
/usr/local/bin/grepgrep -E -q "^[[:alpha:]+\\.\\-]+:"2⤵
-
/usr/sbin/grepgrep -E -q "^[[:alpha:]+\\.\\-]+:"2⤵
-
/usr/bin/grepgrep -E -q "^[[:alpha:]+\\.\\-]+:"2⤵
-
/usr/bin/sedsed -n "s/\\(^[[:alnum:]+\\.-]*\\):.*\$/\\1/p"2⤵
-
/usr/bin/xdg-mimexdg-mime query default x-scheme-handler/https2⤵
-
/usr/bin/dbus-senddbus-send --print-reply "--dest=org.freedesktop.DBus" /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager3⤵
- Reads runtime system information
-
/usr/bin/dbus-launchdbus-launch --autolaunch 4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr4⤵
-
/usr/bin/grepgrep " = \\\"xfce4\\\"\$"3⤵
-
/usr/bin/xpropxprop -root _DT_SAVE_MODE3⤵
-
/usr/bin/grepgrep -i "^xfce_desktop_window"3⤵
-
/usr/bin/xpropxprop -root3⤵
-
/usr/bin/grepgrep -q "^Enlightenment"3⤵
-
/usr/bin/unameuname3⤵
-
/usr/bin/sedsed "s/:/ /g"3⤵
-
/usr/bin/cutcut -d ";" -f 13⤵
-
/usr/bin/cutcut -d "=" -f 23⤵
-
/usr/bin/headhead -n 13⤵
-
/usr/bin/grepgrep "x-scheme-handler/https=" /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache3⤵
-
/usr/bin/cutcut -d ";" -f 13⤵
-
/usr/bin/cutcut -d "=" -f 23⤵
-
/usr/bin/headhead -n 13⤵
-
/usr/bin/grepgrep "x-scheme-handler/https=" /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache3⤵
-
/usr/bin/cutcut -d ";" -f 13⤵
-
/usr/bin/cutcut -d "=" -f 23⤵
-
/usr/bin/headhead -n 13⤵
-
/usr/bin/grepgrep "x-scheme-handler/https=" /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache3⤵
-
/usr/bin/cutcut -d ";" -f 13⤵
-
/usr/bin/cutcut -d "=" -f 23⤵
-
/usr/bin/headhead -n 13⤵
-
/usr/bin/grepgrep "x-scheme-handler/https=" /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache3⤵
-
/usr/bin/cutcut -d ";" -f 13⤵
-
/usr/bin/cutcut -d "=" -f 23⤵
-
/usr/bin/headhead -n 13⤵
-
/usr/bin/grepgrep "x-scheme-handler/https=" /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache3⤵
-
/usr/bin/sedsed "s/:/ /g"2⤵
-
/usr/bin/sedsed -e "s|-|/|"2⤵
- Reads runtime system information
-
/usr/bin/sedsed -e "s|-|/|"2⤵
-
/usr/bin/cutcut "-d=" -f 2-2⤵
-
/usr/bin/whichwhich firefox2⤵
-
/usr/bin/cutcut "-d=" -f 2-2⤵
-
/usr/bin/cutcut "-d=" -f 2-2⤵
-
/usr/bin/cutcut "-d=" -f 2-2⤵
-
/usr/bin/firefox/usr/bin/firefox "https://www.googleadservices.com/pagead/aclk?sa=L&ai=C5fh6mrJ1Zo2xF5fjhcIPvO2CqQv6g8fBeOenq4_xErCQHxABIABgu6a7g9AKggEXY2EtcHViLTYyMTk4MTE3NDcwNDkzNzGgAZbJ6MspqQL8Qvyp4uyxPqgDBMgDCqoEpQNP0OpES14WF4uKxzzumcP9ibcB7Nbsgi06l_7FyeW321yBpR6jkt2Cwi2S6gyEHQD4seP9m9uwjPj9qFPc6PboktS2tLqCALR5nxUqyWAiavojX4j0in0Yi1rLGRdy_OGbcOa55MVYcgFGVNiOIzK8HmC617F5r2rpXrfGisWO_5ANhNPKMMvsDuKJFGA81DLtWDn9HowiOB9c6uIdp3DeLVI9OBG-W9xR5L0incK4Tjc5XJB0GfpG5Efu-SiD-nSEO1_FYGaT1C4DTmerYPRgsFPnClgjiRy56nCYMQUjVFEuWW8qcA0CCd_ZDx-IEbC1NWI8kcj7kfv8tjHP4-ZOL1Ge4b7L5zDbFhKKIzeB148MvCOt7CmCst987pDD66HoMb3rKqbBA64CyUyMSnuSibLUeSjLzdb1KjeZxiBN52z7W4BRaW4PpxNGIwnkma2s7jlM63tMjX1b8iyPQ7t5Nr4OBlEkP_WvnVXWt9_5cS8X2Boa8iDnb76mNqzrguHGK0krcHj18HkqKBvop6lwdBPYlHr7lwVkmnp9tweR8it4QA0qkgUKCBNoAni-_ODXBKAGboAHloG5qwSIBwGQBwKoB-u2sQKoB_mxsQKoB4C6sQKoB-edsQKoB-idsQKoB-q3sQKoB6e1sQKoB--1sQKoB_C1sQKoB4KqsQKoB4QIqAeo0huoB7YHqAex3BuoB6SasQKoB5GfsQKoB-aasQKoB_i_sQKoB7CbsQKoB66xsQKoB-a8sQKoB6aqsQKoB-a3sQKoB8q6sQKoB-zAsQKoB_2ysQKoB_e4sQKoB_i4sQKoB_SZsQKoB_i_sQKoB4HGG6gH_K-xAqgHq8UbqAfmnbECqAe3obECqAfetbECuAgB0gguCICAgJAEEAIYWjICoAQ6Do_QgICAgASAwICAgKABSNmg0jVQFFjI1ZDklu2GA_IIH2NhLXl0LWhvc3QtcHViLTU2MDgwOTAyNzE1ODMzNzOaCSRodHRwczovL3NlaWJlcnNwYWNlLm9yZy9pbnNpZGUtb3V0LTKxCf1Yzn-XGkPFyAkAyAmKApgLAaELGz8IO5ScZj-6C1UIARAFGAQgCCgBMAZAAUgAWAFgAGgAcAGIAQCYAQGiASgKGyAD2rgEFTITOhEKDygwSP_wr4OlBpgZAbggAXAB0AEBqAIFwAICqAEB2AEBgAIBiAIG0AsSmg0BEqoNAkdCuBP___________8BsBQBwBWBgIBA0BUB2BUBmBYB4hYCCAGAFwGKFxgIAxgBIAEoATABOAFAAUgBUAFYAWACcAGgFwGpF-c9WT_R9m0MuhcEKAAwAA&num=1&cid=CAESD-D2U58Q2mOJPm1V_vhIvw&sig=AOD64_25N5X5Cw7ZGKQ4qu4x4yM7QoeOvA&ms=%5BCLICK_MS%5D&adurl=https://seiberspace.org/inside-out-2%3Futm_content%3Dtarget10%26utm_device%3Ddesktop&nb=8&nx=%5BNX%5D&ny=%5BNY%5D&dim=%5BDIM%5D"2⤵
-
/usr/bin/whichwhich /usr/bin/firefox3⤵
-
/usr/lib/firefox/firefox/usr/lib/firefox/firefox "https://www.googleadservices.com/pagead/aclk?sa=L&ai=C5fh6mrJ1Zo2xF5fjhcIPvO2CqQv6g8fBeOenq4_xErCQHxABIABgu6a7g9AKggEXY2EtcHViLTYyMTk4MTE3NDcwNDkzNzGgAZbJ6MspqQL8Qvyp4uyxPqgDBMgDCqoEpQNP0OpES14WF4uKxzzumcP9ibcB7Nbsgi06l_7FyeW321yBpR6jkt2Cwi2S6gyEHQD4seP9m9uwjPj9qFPc6PboktS2tLqCALR5nxUqyWAiavojX4j0in0Yi1rLGRdy_OGbcOa55MVYcgFGVNiOIzK8HmC617F5r2rpXrfGisWO_5ANhNPKMMvsDuKJFGA81DLtWDn9HowiOB9c6uIdp3DeLVI9OBG-W9xR5L0incK4Tjc5XJB0GfpG5Efu-SiD-nSEO1_FYGaT1C4DTmerYPRgsFPnClgjiRy56nCYMQUjVFEuWW8qcA0CCd_ZDx-IEbC1NWI8kcj7kfv8tjHP4-ZOL1Ge4b7L5zDbFhKKIzeB148MvCOt7CmCst987pDD66HoMb3rKqbBA64CyUyMSnuSibLUeSjLzdb1KjeZxiBN52z7W4BRaW4PpxNGIwnkma2s7jlM63tMjX1b8iyPQ7t5Nr4OBlEkP_WvnVXWt9_5cS8X2Boa8iDnb76mNqzrguHGK0krcHj18HkqKBvop6lwdBPYlHr7lwVkmnp9tweR8it4QA0qkgUKCBNoAni-_ODXBKAGboAHloG5qwSIBwGQBwKoB-u2sQKoB_mxsQKoB4C6sQKoB-edsQKoB-idsQKoB-q3sQKoB6e1sQKoB--1sQKoB_C1sQKoB4KqsQKoB4QIqAeo0huoB7YHqAex3BuoB6SasQKoB5GfsQKoB-aasQKoB_i_sQKoB7CbsQKoB66xsQKoB-a8sQKoB6aqsQKoB-a3sQKoB8q6sQKoB-zAsQKoB_2ysQKoB_e4sQKoB_i4sQKoB_SZsQKoB_i_sQKoB4HGG6gH_K-xAqgHq8UbqAfmnbECqAe3obECqAfetbECuAgB0gguCICAgJAEEAIYWjICoAQ6Do_QgICAgASAwICAgKABSNmg0jVQFFjI1ZDklu2GA_IIH2NhLXl0LWhvc3QtcHViLTU2MDgwOTAyNzE1ODMzNzOaCSRodHRwczovL3NlaWJlcnNwYWNlLm9yZy9pbnNpZGUtb3V0LTKxCf1Yzn-XGkPFyAkAyAmKApgLAaELGz8IO5ScZj-6C1UIARAFGAQgCCgBMAZAAUgAWAFgAGgAcAGIAQCYAQGiASgKGyAD2rgEFTITOhEKDygwSP_wr4OlBpgZAbggAXAB0AEBqAIFwAICqAEB2AEBgAIBiAIG0AsSmg0BEqoNAkdCuBP___________8BsBQBwBWBgIBA0BUB2BUBmBYB4hYCCAGAFwGKFxgIAxgBIAEoATABOAFAAUgBUAFYAWACcAGgFwGpF-c9WT_R9m0MuhcEKAAwAA&num=1&cid=CAESD-D2U58Q2mOJPm1V_vhIvw&sig=AOD64_25N5X5Cw7ZGKQ4qu4x4yM7QoeOvA&ms=%5BCLICK_MS%5D&adurl=https://seiberspace.org/inside-out-2%3Futm_content%3Dtarget10%26utm_device%3Ddesktop&nb=8&nx=%5BNX%5D&ny=%5BNY%5D&dim=%5BDIM%5D"2⤵
- Checks CPU configuration
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
- Writes file to tmp directory
-
/usr/local/sbin/dbus-launchdbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr3⤵
-
/usr/local/bin/dbus-launchdbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr3⤵
-
/usr/sbin/dbus-launchdbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr3⤵
-
/usr/bin/dbus-launchdbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr3⤵
-
/usr/lib/firefox/glxtest/usr/lib/firefox/glxtest -f 133⤵
- Enumerates kernel/hardware configuration
-
/usr/bin/lsb_release/usr/bin/lsb_release -idrc3⤵
-
/usr/local/sbin/dbus-launchdbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr3⤵
-
/usr/local/bin/dbus-launchdbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr3⤵
-
/usr/sbin/dbus-launchdbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr3⤵
-
/usr/bin/dbus-launchdbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr3⤵
-
/usr/lib/firefox/firefox/usr/lib/firefox/firefox -contentproc -parentBuildID 20240108143603 -prefsLen 20597 -prefMapSize 234760 -appDir /usr/lib/firefox/browser "{d15e337b-6be5-4624-8f54-4dcf711f8176}" 1506 true socket3⤵
- Reads CPU attributes
- Reads runtime system information
-
/usr/lib/firefox/firefox/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 20227 -prefMapSize 234760 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{caf3e165-4552-45dc-8306-f538a91d31bc}" 1506 true tab3⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
-
/usr/lib/firefox/firefox/usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 26696 -prefMapSize 234760 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{73ba0840-9abe-4575-acee-fcc6eff3adb7}" 1506 true tab3⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
-
/usr/lib/firefox/firefox/usr/lib/firefox/firefox -contentproc -parentBuildID 20240108143603 -sandboxingKind 0 -prefsLen 29438 -prefMapSize 234760 -appDir /usr/lib/firefox/browser "{cc1b1aa4-37c3-4359-a77c-ec99cd8ea00b}" 1506 true utility3⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
-
/usr/lib/firefox/firefox/usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 25736 -prefMapSize 234760 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{942ec28e-4506-4091-ac20-d77f5d1d1b4e}" 1506 true tab3⤵
- Reads CPU attributes
- Reads runtime system information
-
/usr/lib/firefox/firefox/usr/lib/firefox/firefox -contentproc -childID 4 -isForBrowser -prefsLen 25736 -prefMapSize 234760 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{405b1b30-2972-4e1b-b603-5e03de95bab8}" 1506 true tab3⤵
- Reads CPU attributes
- Reads runtime system information
-
/usr/lib/firefox/firefox/usr/lib/firefox/firefox -contentproc -childID 5 -isForBrowser -prefsLen 25736 -prefMapSize 234760 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{875dfb36-f540-445c-849f-ca4851444519}" 1506 true tab3⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
-
/usr/lib/firefox/firefox/usr/lib/firefox/firefox -contentproc -childID 6 -isForBrowser -prefsLen 25736 -prefMapSize 234760 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{7b0d5240-8449-41fe-9289-263529def6d0}" 1506 true tab3⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
-
/usr/lib/firefox/firefox/usr/lib/firefox/firefox -contentproc -childID 7 -isForBrowser -prefsLen 25879 -prefMapSize 234760 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{6fbc18b4-168d-479c-a84a-33ab756db815}" 1506 true tab3⤵
- Reads CPU attributes
- Reads runtime system information
-
/usr/bin/speech-dispatcher/usr/bin/speech-dispatcher --spawn --communication-method unix_socket --socket-path /root/.cache/speech-dispatcher/speechd.sock3⤵
-
/bin/shsh -c "type espeak > /dev/null 2>&1"4⤵
-
/bin/shsh -c "type mbrola > /dev/null 2>&1"4⤵
-
/bin/shsh -c "type espeak > /dev/null 2>&1"4⤵
-
/bin/shsh -c "type espeak-ng > /dev/null 2>&1"4⤵
-
/bin/shsh -c "type mbrola > /dev/null 2>&1"4⤵
-
/bin/shsh -c "type curl > /dev/null 2>&1"4⤵
-
/bin/shsh -c "type epos-say > /dev/null 2>&1"4⤵
-
/bin/shsh -c "type say > /dev/null 2>&1"4⤵
-
/bin/shsh -c "type pico2wave > /dev/null 2>&1"4⤵
-
/bin/shsh -c "type llia_phon > /dev/null 2>&1"4⤵
-
/bin/shsh -c "type mbrola > /dev/null 2>&1"4⤵
-
/bin/shsh -c "type /opt/swift/bin/swift > /dev/null 2>&1"4⤵
-
/usr/lib/speech-dispatcher-modules/sd_espeak-ng/usr/lib/speech-dispatcher-modules/sd_espeak-ng /etc/speech-dispatcher/modules/espeak-ng.conf4⤵
-
/usr/lib/speech-dispatcher-modules/sd_generic/usr/lib/speech-dispatcher-modules/sd_generic /etc/speech-dispatcher/modules/mary-generic.conf4⤵
-
/usr/lib/speech-dispatcher-modules/sd_dummy/usr/lib/speech-dispatcher-modules/sd_dummy /etc/speech-dispatcher/modules/dummy.conf4⤵
-
/usr/lib/firefox/firefox/usr/lib/firefox/firefox -contentproc -childID 8 -isForBrowser -prefsLen 25879 -prefMapSize 234760 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{45916866-1f66-4cd9-90be-29f5dadf91f4}" 1506 true tab3⤵
- Reads CPU attributes
- Reads runtime system information
-
/usr/lib/firefox/firefox/usr/lib/firefox/firefox -contentproc -childID 9 -isForBrowser -prefsLen 25879 -prefMapSize 234760 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{a8bb585a-687d-414d-908d-9244d8505b64}" 1506 true tab3⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
-
/usr/lib/firefox/firefox/usr/lib/firefox/firefox -contentproc -childID 10 -isForBrowser -prefsLen 25879 -prefMapSize 234760 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{1e89b76d-a970-48cb-bb9d-591d1cab7209}" 1506 true tab3⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
-
/usr/lib/firefox/firefox/usr/lib/firefox/firefox -contentproc -childID 11 -isForBrowser -prefsLen 25879 -prefMapSize 234760 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{5948724a-7ccd-42a5-9289-44afd226796d}" 1506 true tab3⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
-
/usr/lib/firefox/firefox/usr/lib/firefox/firefox -contentproc -childID 12 -isForBrowser -prefsLen 25879 -prefMapSize 234760 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{661109b3-df93-4606-9724-9463abe0cbe2}" 1506 true tab3⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
-
/usr/lib/firefox/firefox/usr/lib/firefox/firefox -contentproc -childID 13 -isForBrowser -prefsLen 25879 -prefMapSize 234760 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{eb77e954-d330-4e9e-9a9d-9ad32a0bb0e8}" 1506 true tab3⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
-
/usr/lib/firefox/firefox/usr/lib/firefox/firefox -contentproc -parentBuildID 20240108143603 -prefsLen 32999 -prefMapSize 234760 -appDir /usr/lib/firefox/browser "{e93e01c7-762c-4081-bec5-76ebe8aed331}" 1506 true rdd3⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
-
/usr/lib/firefox/firefox/usr/lib/firefox/firefox -contentproc -childID 14 -isForBrowser -prefsLen 28649 -prefMapSize 234760 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{0643b36d-4862-45db-bde4-7fc198e53177}" 1506 true tab3⤵
- Reads CPU attributes
- Reads runtime system information
-
/usr/lib/firefox/firefox/usr/lib/firefox/firefox -contentproc -childID 15 -isForBrowser -prefsLen 28649 -prefMapSize 234760 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{f41d4d2d-6302-46eb-a250-1ff15d9432b8}" 1506 true tab3⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
-
/usr/lib/firefox/firefox/usr/lib/firefox/firefox -contentproc -childID 16 -isForBrowser -prefsLen 28773 -prefMapSize 234760 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{247cf46e-2a53-4add-888a-60202ebea512}" 1506 true tab3⤵
- Reads CPU attributes
- Reads runtime system information
-
/usr/lib/firefox/firefox/usr/lib/firefox/firefox -contentproc -childID 17 -isForBrowser -prefsLen 28773 -prefMapSize 234760 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{a19b048a-0486-4406-ac94-b48bfe1e7b51}" 1506 true tab3⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
-
/usr/libexec/gvfsd-fuse/usr/libexec/gvfsd-fuse /root/.cache/gvfs -f -o big_writes1⤵
- Reads runtime system information
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
/root/.cache/speech-dispatcher/log/dummy.logFilesize
129B
MD5b2b3a649e7e18f578a7d885627764958
SHA19581944e1dd494b74896964a2b2db251428849be
SHA2564d0663e7c2b22f2942d0e8eb992e7cce6350a01bde90d941a4fb1fab1e65065a
SHA512db150cd21eeea03ae2a4e0a1325f3f5d60343d08de349cb27e1da0a51402301b6271ede58f69377dc0d337e9db1071d5921a4d26f81427b74d361959d2c823e7
-
/root/.cache/speech-dispatcher/log/espeak-ng.logFilesize
52B
MD5ef84f4e65f11da983c74a7bb8edb00e4
SHA16a6b59b99ceba44216cfa42e5be6a1d641615ded
SHA256f56bc2309418b8e3f485b18fa4cc2a641912f03a08e3555387faa6fb925ca547
SHA51285019f18beeea67e60030755b3181fc3305eaade197200bd37a956dab9c4aea9ca0006f350c9def753c2036ddf851822733e9a050829b563624e9fec52fe784d
-
/root/.cache/speech-dispatcher/log/mary-generic.logFilesize
151B
MD57b92a4d1d104620c17b8b007b82f4ea6
SHA1fd86d4191806d10aa33baa3f47d2251dbacf461e
SHA2567a0cea6035a30a623000fec0b0b03f597049663dcf103bb47af898a2e5db4966
SHA51264620869fc6c85c667f7543c5fecc6771756bf2d429295a2c6f3397deab885e373ed2542625de8e67ce696bc506c300c43a14ccb482f628b17e869cb07f0e2d2
-
/root/.cache/speech-dispatcher/log/speech-dispatcher.logFilesize
3KB
MD51950936bcfcf13afd63194bb1c67a25a
SHA18bebbb2fa48b76028312314c1e51a55934014808
SHA256bead681f58799432447053c314cdbd483f146e9ea8749b0e2702696c9a73c18d
SHA5120405a7d1284b9f4ec2ed826cdbec9b0ef4ba4cedc0e64bba6377fd38832a97ef2e119d7e81dfc7d476dec3bd18bda979a43627516349399be61f7bccb9830874
-
/root/.cache/speech-dispatcher/pid/speech-dispatcher.pidFilesize
5B
MD51dda3427e83fac7e788dd2ba20d7f0c4
SHA1eb633b8dbdd1d81c1f2a38357995d6afa4648c7e
SHA256d1f64cd7e77264ac50318660fee2f1dcb3024efe306c3d301be3f3c69ab55409
SHA5129c19bf840e26729f2936da69d29be75dddb0408415c89b824eefe2560c6c3fcf48b8218203640f57c8d42bddc5eff615bbd413800523698ce647330f7a6caad3
-
/tmp/tmpaddonFilesize
569KB
MD530082ae40dc48af6343db2fd22cfc645
SHA13eb577555ee638e8beb01173e8f29e172747a728
SHA25685d4b95f9b2075daee9b0e64bce8d9d7343d0dda10e6072d7f9485a68472ee76
SHA51253a58bfb4c8124ad4f7655b99bfdea290033a085e0796b19245b33b91c0948fdac9f0c3e817130b352493a65d9a7a0fc8a7c1eedc618cdaa2b4580734a11cd9c