Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
x86_64.elf

Overview

General Information

Sample name:x86_64.elf
Analysis ID:1581683
MD5:255eb9f619666700048a69e9d7e7a80c
SHA1:204cc9266eff9757b586d45c340b7bd68ea0fdc3
SHA256:4521b5372c64be9aa69f1ab539f7966239e4e194b7f48304f9a1def5bd18d011
Tags:elfuser-abuse_ch
Infos:

Detection

Gafgyt
Score:96
Range:0 - 100
Whitelisted:false

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sample tries to kill a massive number of system processes
Yara detected Gafgyt
Connects to many ports of the same IP (likely port scanning)
Executes the "iptables" command to insert, remove and/or manipulate rules
Machine Learning detection for sample
Reads system files that contain records of logged in users
Sample reads /proc/mounts (often used for finding a writable filesystem)
Sample tries to kill multiple processes (SIGKILL)
Creates hidden files and/or directories
Deletes log files
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Executes commands using a shell command-line interpreter
Executes the "grep" command used to find patterns in files or piped streams
Executes the "iptables" command used for managing IP filtering and manipulation
Executes the "kill" or "pkill" command typically used to terminate processes
Executes the "rm" command used to delete files or directories
HTTP GET or POST without a user agent
Reads CPU information from /sys indicative of miner or evasive malware
Reads system information from the proc file system
Reads system version information
Reads the 'hosts' file potentially containing internal network hosts
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample has stripped symbol table
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Sample tries to set the executable flag
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match

Classification

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1581683
Start date and time:2024-12-28 16:06:05 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 9s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:x86_64.elf
Detection:MAL
Classification:mal96.spre.troj.linELF@0/45@30/0

Warnings

  • Connection to analysis system has been lost, crash info: Unknown
  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
  • VT rate limit hit for: SECURE-NETWORK-REBIRTHLTD.RU

Runtime Messages

Command:/tmp/x86_64.elf
PID:6236
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
listening dn0
Standard Error:

Process Tree

  • system is lnxubuntu20
  • dash New Fork (PID: 6217, Parent: 4339)
  • rm (PID: 6217, Parent: 4339, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.sR00XSrcUF /tmp/tmp.2TBPewtrKJ /tmp/tmp.TPf1wIeDb3
  • dash New Fork (PID: 6218, Parent: 4339)
  • cat (PID: 6218, Parent: 4339, MD5: 7e9d213e404ad3bb82e4ebb2e1f2c1b3) Arguments: cat /tmp/tmp.sR00XSrcUF
  • dash New Fork (PID: 6219, Parent: 4339)
  • head (PID: 6219, Parent: 4339, MD5: fd96a67145172477dd57131396fc9608) Arguments: head -n 10
  • dash New Fork (PID: 6220, Parent: 4339)
  • tr (PID: 6220, Parent: 4339, MD5: fbd1402dd9f72d8ebfff00ce7c3a7bb5) Arguments: tr -d \\000-\\011\\013\\014\\016-\\037
  • dash New Fork (PID: 6221, Parent: 4339)
  • cut (PID: 6221, Parent: 4339, MD5: d8ed0ea8f22c0de0f8692d4d9f1759d3) Arguments: cut -c -80
  • dash New Fork (PID: 6222, Parent: 4339)
  • cat (PID: 6222, Parent: 4339, MD5: 7e9d213e404ad3bb82e4ebb2e1f2c1b3) Arguments: cat /tmp/tmp.sR00XSrcUF
  • dash New Fork (PID: 6223, Parent: 4339)
  • head (PID: 6223, Parent: 4339, MD5: fd96a67145172477dd57131396fc9608) Arguments: head -n 10
  • dash New Fork (PID: 6224, Parent: 4339)
  • tr (PID: 6224, Parent: 4339, MD5: fbd1402dd9f72d8ebfff00ce7c3a7bb5) Arguments: tr -d \\000-\\011\\013\\014\\016-\\037
  • dash New Fork (PID: 6225, Parent: 4339)
  • cut (PID: 6225, Parent: 4339, MD5: d8ed0ea8f22c0de0f8692d4d9f1759d3) Arguments: cut -c -80
  • dash New Fork (PID: 6226, Parent: 4339)
  • rm (PID: 6226, Parent: 4339, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.sR00XSrcUF /tmp/tmp.2TBPewtrKJ /tmp/tmp.TPf1wIeDb3
  • x86_64.elf (PID: 6236, Parent: 6151, MD5: 255eb9f619666700048a69e9d7e7a80c) Arguments: /tmp/x86_64.elf
    • x86_64.elf New Fork (PID: 6237, Parent: 6236)
      • x86_64.elf New Fork (PID: 6386, Parent: 6237)
        • sh (PID: 6387, Parent: 6386, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"
          • sh New Fork (PID: 6388, Parent: 6387)
          • iptables (PID: 6388, Parent: 6387, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
        • sh (PID: 6393, Parent: 6386, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "/bin/busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"
          • sh New Fork (PID: 6394, Parent: 6393)
          • busybox (PID: 6394, Parent: 6393, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: /bin/busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
        • sh (PID: 6395, Parent: 6386, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "/bin/iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"
          • sh New Fork (PID: 6396, Parent: 6395)
        • sh (PID: 6397, Parent: 6386, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "/usr/bin/iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"
          • sh New Fork (PID: 6398, Parent: 6397)
        • sh (PID: 6399, Parent: 6386, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"
          • sh New Fork (PID: 6401, Parent: 6399)
          • busybox (PID: 6401, Parent: 6399, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
  • systemd New Fork (PID: 6240, Parent: 1)
  • journalctl (PID: 6240, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --smart-relinquish-var
  • systemd New Fork (PID: 6257, Parent: 1)
  • dbus-daemon (PID: 6257, Parent: 1, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
  • gdm3 New Fork (PID: 6275, Parent: 1320)
  • Default (PID: 6275, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 6279, Parent: 1320)
  • Default (PID: 6279, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • systemd New Fork (PID: 6280, Parent: 1)
  • rsyslogd (PID: 6280, Parent: 1, MD5: 0b8087fc907c42eb3c81a691db258e33) Arguments: /usr/sbin/rsyslogd -n -iNONE
  • systemd New Fork (PID: 6281, Parent: 1860)
  • pulseaudio (PID: 6281, Parent: 1860, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal
  • gdm3 New Fork (PID: 6282, Parent: 1320)
  • Default (PID: 6282, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • systemd New Fork (PID: 6283, Parent: 1)
  • systemd-journald (PID: 6283, Parent: 1, MD5: 474667ece6cecb5e04c6eb897a1d0d9e) Arguments: /lib/systemd/systemd-journald
  • fusermount (PID: 6284, Parent: 2038, MD5: 576a1b135c82bdcbc97a91acea900566) Arguments: fusermount -u -q -z -- /run/user/1000/gvfs
  • systemd New Fork (PID: 6297, Parent: 1)
  • rtkit-daemon (PID: 6297, Parent: 1, MD5: df0cacf1db4ec95ac70f5b6e06b8ffd7) Arguments: /usr/libexec/rtkit-daemon
  • systemd New Fork (PID: 6300, Parent: 1)
  • systemd-logind (PID: 6300, Parent: 1, MD5: 8dd58a1b4c12f7a1d5fe3ce18b2aaeef) Arguments: /lib/systemd/systemd-logind
  • systemd New Fork (PID: 6360, Parent: 1)
  • polkitd (PID: 6360, Parent: 1, MD5: 8efc9b4b5b524210ad2ea1954a9d0e69) Arguments: /usr/lib/policykit-1/polkitd --no-debug
  • systemd New Fork (PID: 6364, Parent: 1)
  • gpu-manager (PID: 6364, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log
    • sh (PID: 6365, Parent: 6364, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 6366, Parent: 6365)
      • grep (PID: 6366, Parent: 6365, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 6369, Parent: 6364, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 6370, Parent: 6369)
      • grep (PID: 6370, Parent: 6369, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 6371, Parent: 6364, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 6372, Parent: 6371)
      • grep (PID: 6372, Parent: 6371, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 6373, Parent: 6364, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 6374, Parent: 6373)
      • grep (PID: 6374, Parent: 6373, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 6375, Parent: 6364, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 6378, Parent: 6375)
      • grep (PID: 6378, Parent: 6375, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 6379, Parent: 6364, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 6380, Parent: 6379)
      • grep (PID: 6380, Parent: 6379, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 6381, Parent: 6364, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 6382, Parent: 6381)
      • grep (PID: 6382, Parent: 6381, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 6383, Parent: 6364, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 6384, Parent: 6383)
      • grep (PID: 6384, Parent: 6383, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
  • systemd New Fork (PID: 6368, Parent: 1)
  • agetty (PID: 6368, Parent: 1, MD5: 3a374724ba7e863768139bdd60ca36f7) Arguments: /sbin/agetty -o "-p -- \\u" --noclear tty2 linux
  • systemd New Fork (PID: 6402, Parent: 1)
  • generate-config (PID: 6402, Parent: 1, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/gdm/generate-config
    • pkill (PID: 6403, Parent: 6402, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill --signal HUP --uid gdm dconf-service
  • systemd New Fork (PID: 6404, Parent: 1)
  • journalctl (PID: 6404, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --flush
  • systemd New Fork (PID: 6410, Parent: 1)
  • gdm-wait-for-drm (PID: 6410, Parent: 1, MD5: 82043ba752c6930b4e6aaea2f7747545) Arguments: /usr/lib/gdm3/gdm-wait-for-drm
  • systemd New Fork (PID: 6415, Parent: 1)
  • gdm3 (PID: 6415, Parent: 1, MD5: 2492e2d8d34f9377e3e530a61a15674f) Arguments: /usr/sbin/gdm3
    • gdm3 New Fork (PID: 6418, Parent: 6415)
    • plymouth (PID: 6418, Parent: 6415, MD5: 87003efd8dad470042f5e75360a8f49f) Arguments: plymouth --ping
    • gdm3 New Fork (PID: 6428, Parent: 6415)
    • gdm-session-worker (PID: 6428, Parent: 6415, MD5: 692243754bd9f38fe9bd7e230b5c060a) Arguments: "gdm-session-worker [pam/gdm-launch-environment]"
      • gdm-wayland-session (PID: 6434, Parent: 6428, MD5: d3def63cf1e83f7fb8a0f13b1744ff7c) Arguments: /usr/lib/gdm3/gdm-wayland-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"
        • dbus-daemon (PID: 6436, Parent: 6434, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: dbus-daemon --print-address 3 --session
          • dbus-daemon New Fork (PID: 6438, Parent: 6436)
            • false (PID: 6439, Parent: 6438, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
        • dbus-run-session (PID: 6440, Parent: 6434, MD5: 245f3ef6a268850b33b0225a8753b7f4) Arguments: dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart
          • dbus-daemon (PID: 6441, Parent: 6440, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: dbus-daemon --nofork --print-address 4 --session
    • gdm3 New Fork (PID: 6442, Parent: 6415)
    • Default (PID: 6442, Parent: 6415, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
    • gdm3 New Fork (PID: 6443, Parent: 6415)
    • Default (PID: 6443, Parent: 6415, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • systemd New Fork (PID: 6419, Parent: 1)
  • accounts-daemon (PID: 6419, Parent: 1, MD5: 01a899e3fb5e7e434bea1290255a1f30) Arguments: /usr/lib/accountsservice/accounts-daemon
    • language-validate (PID: 6423, Parent: 6419, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/language-tools/language-validate en_US.UTF-8
      • language-options (PID: 6424, Parent: 6423, MD5: 16a21f464119ea7fad1d3660de963637) Arguments: /usr/share/language-tools/language-options
        • sh (PID: 6425, Parent: 6424, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "locale -a | grep -F .utf8 "
          • sh New Fork (PID: 6426, Parent: 6425)
          • locale (PID: 6426, Parent: 6425, MD5: c72a78792469db86d91369c9057f20d2) Arguments: locale -a
          • sh New Fork (PID: 6427, Parent: 6425)
          • grep (PID: 6427, Parent: 6425, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -F .utf8
  • systemd New Fork (PID: 6469, Parent: 1860)
  • dbus-daemon (PID: 6469, Parent: 1860, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
  • systemd New Fork (PID: 6472, Parent: 1860)
  • pulseaudio (PID: 6472, Parent: 1860, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Bashlite, GafgytBashlite is a malware family which infects Linux systems in order to launch distributed denial-of-service attacks (DDoS). Originally it was also known under the name Bashdoor, but this term now refers to the exploit method used by the malware. It has been used to launch attacks of up to 400 Gbps.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.bashlite

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
x86_64.elfJoeSecurity_GafgytYara detected GafgytJoe Security
    x86_64.elfLinux_Trojan_Gafgyt_9e9530a7unknownunknown
    • 0x11420:$a: F6 48 63 FF B8 36 00 00 00 0F 05 48 3D 00 F0 FF FF 48 89 C3
    x86_64.elfLinux_Trojan_Gafgyt_807911a2unknownunknown
    • 0x11c97:$a: FE 48 39 F3 0F 94 C2 48 83 F9 FF 0F 94 C0 84 D0 74 16 4B 8D
    x86_64.elfLinux_Trojan_Gafgyt_d4227dbfunknownunknown
    • 0xe086:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
    • 0x13bdc:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
    x86_64.elfLinux_Trojan_Gafgyt_d996d335unknownunknown
    • 0x15976:$a: D0 EB 0F 40 38 37 75 04 48 89 F8 C3 49 FF C8 48 FF C7 4D 85 C0
    Click to see the 6 entries

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    6236.1.0000000000400000.000000000041f000.r-x.sdmpJoeSecurity_GafgytYara detected GafgytJoe Security
      6238.1.0000000000400000.000000000041f000.r-x.sdmpJoeSecurity_GafgytYara detected GafgytJoe Security
        6236.1.0000000000400000.000000000041f000.r-x.sdmpLinux_Trojan_Gafgyt_9e9530a7unknownunknown
        • 0x11420:$a: F6 48 63 FF B8 36 00 00 00 0F 05 48 3D 00 F0 FF FF 48 89 C3
        6236.1.0000000000400000.000000000041f000.r-x.sdmpLinux_Trojan_Gafgyt_807911a2unknownunknown
        • 0x11c97:$a: FE 48 39 F3 0F 94 C2 48 83 F9 FF 0F 94 C0 84 D0 74 16 4B 8D
        6236.1.0000000000400000.000000000041f000.r-x.sdmpLinux_Trojan_Gafgyt_d4227dbfunknownunknown
        • 0xe086:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
        • 0x13bdc:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
        Click to see the 28 entries

        Suricata Signatures

        No Suricata rule has matched

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Multi AV Scanner detection for submitted file
        Source: x86_64.elfReversingLabs: Detection: 23%
        Machine Learning detection for sample
        Source: x86_64.elfJoe Sandbox ML: detected
        Source: /usr/bin/pulseaudio (PID: 6281)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
        Source: /usr/bin/pkill (PID: 6403)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
        Source: /usr/bin/pulseaudio (PID: 6472)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior

        Networking

        barindex
        Connects to many ports of the same IP (likely port scanning)
        Source: global trafficTCP traffic: 83.222.191.146 ports 35342,2,3,4,5,2222
        Executes the "iptables" command to insert, remove and/or manipulate rules
        Source: /bin/sh (PID: 6388)Iptables executable using switch for changing the iptables rules: /usr/sbin/iptables -> iptables -A INPUT -p tcp --dport 26721 -j ACCEPTJump to behavior
        Source: global trafficTCP traffic: 192.168.2.23:52630 -> 83.222.191.146:35342
        Source: /bin/sh (PID: 6388)Iptables executable: /usr/sbin/iptables -> iptables -A INPUT -p tcp --dport 26721 -j ACCEPTJump to behavior
        Source: global trafficHTTP traffic detected: POST /9aadafe2051348cd32033e1cad68f0a5fe46fba3240ac1e6e42158f31b8a1371790c09baf3996b4979fe8e533446c7dedf30f654c68b25357334c66911dc6a9e HTTP/1.1Host: daisy.ubuntu.comAccept: */*Content-Type: application/octet-streamX-Whoopsie-Version: 0.2.69ubuntu0.3Content-Length: 164887Expect: 100-continue
        Source: /usr/sbin/rsyslogd (PID: 6280)Reads hosts file: /etc/hostsJump to behavior
        Source: /tmp/x86_64.elf (PID: 6236)Socket: 127.0.0.1:8345Jump to behavior
        Source: /tmp/x86_64.elf (PID: 6386)Socket: 0.0.0.0:26721Jump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)Socket: unknown address familyJump to behavior
        Source: /usr/sbin/gdm3 (PID: 6415)Socket: unknown address familyJump to behavior
        Source: /usr/bin/dbus-daemon (PID: 6436)Socket: unknown address familyJump to behavior
        Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
        Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
        Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
        Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
        Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
        Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
        Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 81.169.136.222
        Source: unknownUDP traffic detected without corresponding DNS query: 51.254.162.59
        Source: unknownUDP traffic detected without corresponding DNS query: 51.254.162.59
        Source: unknownUDP traffic detected without corresponding DNS query: 51.254.162.59
        Source: unknownUDP traffic detected without corresponding DNS query: 51.254.162.59
        Source: unknownUDP traffic detected without corresponding DNS query: 51.254.162.59
        Source: unknownUDP traffic detected without corresponding DNS query: 51.254.162.59
        Source: unknownUDP traffic detected without corresponding DNS query: 51.254.162.59
        Source: unknownUDP traffic detected without corresponding DNS query: 51.254.162.59
        Source: unknownUDP traffic detected without corresponding DNS query: 51.254.162.59
        Source: unknownUDP traffic detected without corresponding DNS query: 51.254.162.59
        Source: unknownUDP traffic detected without corresponding DNS query: 91.217.137.37
        Source: unknownUDP traffic detected without corresponding DNS query: 91.217.137.37
        Source: unknownUDP traffic detected without corresponding DNS query: 91.217.137.37
        Source: unknownUDP traffic detected without corresponding DNS query: 91.217.137.37
        Source: unknownUDP traffic detected without corresponding DNS query: 91.217.137.37
        Source: unknownUDP traffic detected without corresponding DNS query: 81.169.136.222
        Source: unknownUDP traffic detected without corresponding DNS query: 91.217.137.37
        Source: unknownUDP traffic detected without corresponding DNS query: 91.217.137.37
        Source: unknownUDP traffic detected without corresponding DNS query: 91.217.137.37
        Source: unknownUDP traffic detected without corresponding DNS query: 91.217.137.37
        Source: unknownUDP traffic detected without corresponding DNS query: 91.217.137.37
        Source: unknownUDP traffic detected without corresponding DNS query: 194.36.144.87
        Source: unknownUDP traffic detected without corresponding DNS query: 134.195.4.2
        Source: unknownUDP traffic detected without corresponding DNS query: 134.195.4.2
        Source: global trafficDNS traffic detected: DNS query: daisy.ubuntu.com
        Source: global trafficDNS traffic detected: DNS query: secure-network-rebirthltd.ru
        Source: unknownHTTP traffic detected: POST /9aadafe2051348cd32033e1cad68f0a5fe46fba3240ac1e6e42158f31b8a1371790c09baf3996b4979fe8e533446c7dedf30f654c68b25357334c66911dc6a9e HTTP/1.1Host: daisy.ubuntu.comAccept: */*Content-Type: application/octet-streamX-Whoopsie-Version: 0.2.69ubuntu0.3Content-Length: 164887Expect: 100-continue
        Source: syslog.47.drString found in binary or memory: https://www.rsyslog.com
        Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 53070 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53070
        Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
        Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
        Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
        Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
        Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d0c57a2e Author: unknown
        Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
        Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
        Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
        Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown
        Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
        Source: 6236.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
        Source: 6236.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
        Source: 6236.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
        Source: 6236.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
        Source: 6236.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d0c57a2e Author: unknown
        Source: 6236.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
        Source: 6238.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
        Source: 6238.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
        Source: 6238.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
        Source: 6238.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
        Source: 6238.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d0c57a2e Author: unknown
        Source: 6238.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
        Source: 6238.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
        Source: 6238.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
        Source: 6238.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown
        Source: 6238.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
        Source: 6236.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
        Source: 6236.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
        Source: 6236.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown
        Source: 6236.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
        Source: 6239.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
        Source: 6239.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
        Source: 6239.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
        Source: 6239.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
        Source: 6239.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d0c57a2e Author: unknown
        Source: 6239.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
        Source: 6239.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
        Source: 6239.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
        Source: 6239.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown
        Source: 6239.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
        Sample tries to kill a massive number of system processes
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 1 (init), result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 2, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 3, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 4, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 6, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 9, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 10, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 11, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 12, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 13, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 14, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 15, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 16, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 17, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 18, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 20, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 21, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 22, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 23, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 24, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 25, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 26, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 27, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 28, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 29, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 30, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 35, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 77, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 78, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 79, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 80, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 81, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 82, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 83, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 84, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 85, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 88, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 89, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 91, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 92, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 93, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 94, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 95, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 96, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 97, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 98, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 99, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 100, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 101, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 102, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 103, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 104, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 105, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 106, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 107, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 108, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 109, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 110, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 111, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 112, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 113, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 114, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 115, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 116, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 117, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 118, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 119, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 120, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 121, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 122, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 123, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 124, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 125, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 126, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 127, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 128, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 130, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 132, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 141, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 144, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 157, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 201, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 202, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 203, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 204, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 205, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 206, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 207, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 208, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 209, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 210, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 211, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 212, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 213, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 214, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 215, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 216, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 217, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 218, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 219, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 220, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 221, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 222, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 223, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 224, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 225, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 226, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 227, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 228, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 229, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 230, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 231, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 232, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 233, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 234, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 235, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 236, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 237, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 243, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 248, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 249, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 250, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 251, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 252, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 253, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 254, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 255, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 256, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 257, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 258, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 259, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 260, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 261, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 262, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 263, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 264, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 265, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 266, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 267, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 269, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 270, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 272, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 274, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 278, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 281, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 286, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 322, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 324, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 326, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 327, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 328, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 333, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 346, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 379, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 419, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 420, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 491, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 517, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 654, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 655, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 656, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 657, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 658, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 667, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 670, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 674, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 675, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 676, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 677, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 720, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 721, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 759, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 761, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 772, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 774, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 777, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 785, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 788, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 789, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 793, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 796, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 797, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 799, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 800, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 801, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 847, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 884, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 896, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 904, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 910, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 912, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 918, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent to PID below 1000: pid: 936, result: successfulJump to behavior
        Sample tries to kill multiple processes (SIGKILL)
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 1 (init), result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 2, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 3, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 4, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 6, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 9, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 10, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 11, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 12, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 13, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 14, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 15, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 16, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 17, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 18, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 20, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 21, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 22, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 23, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 24, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 25, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 26, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 27, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 28, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 29, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 30, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 35, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 77, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 78, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 79, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 80, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 81, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 82, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 83, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 84, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 85, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 88, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 89, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 91, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 92, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 93, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 94, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 95, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 96, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 97, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 98, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 99, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 100, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 101, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 102, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 103, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 104, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 105, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 106, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 107, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 108, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 109, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 110, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 111, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 112, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 113, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 114, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 115, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 116, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 117, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 118, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 119, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 120, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 121, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 122, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 123, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 124, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 125, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 126, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 127, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 128, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 130, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 132, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 141, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 144, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 157, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 201, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 202, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 203, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 204, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 205, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 206, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 207, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 208, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 209, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 210, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 211, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 212, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 213, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 214, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 215, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 216, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 217, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 218, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 219, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 220, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 221, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 222, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 223, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 224, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 225, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 226, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 227, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 228, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 229, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 230, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 231, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 232, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 233, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 234, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 235, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 236, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 237, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 243, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 248, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 249, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 250, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 251, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 252, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 253, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 254, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 255, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 256, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 257, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 258, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 259, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 260, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 261, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 262, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 263, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 264, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 265, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 266, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 267, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 269, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 270, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 272, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 274, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 278, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 281, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 286, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 322, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 324, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 326, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 327, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 328, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 333, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 346, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 379, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 419, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 420, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 491, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 517, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 654, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 655, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 656, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 657, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 658, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 667, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 670, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 674, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 675, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 676, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 677, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 720, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 721, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 759, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 761, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 772, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 774, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 777, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 785, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 788, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 789, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 793, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 796, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 797, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 799, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 800, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 801, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 847, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 884, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 896, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 904, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 910, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 912, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 918, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 936, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 1207, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 1320, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 1334, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 1335, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 1344, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 1349, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 1389, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 1463, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 1465, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 1475, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 1476, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 1477, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 1489, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 1494, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 1532, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 1576, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 1579, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 1582, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 1586, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 1594, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 1599, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 1601, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 1612, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 1860, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 1872, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 1886, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 1983, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 2009, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 2014, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 2018, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 2033, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 2038, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 2048, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 2128, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 2180, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 2208, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 2281, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 2285, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 2289, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 2294, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 2302, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 2307, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 2746, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 2749, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 2761, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 2882, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 3021, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 3088, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 4391, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 4443, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 4444, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 4445, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 4446, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 4477, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 4481, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 4508, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 6054, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 6173, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 6180, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 6208, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 6209, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 6238, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 6239, result: unknownJump to behavior
        Source: Initial sampleString containing 'busybox' found: /bin/busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
        Source: Initial sampleString containing 'busybox' found: busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
        Source: Initial sampleString containing 'busybox' found: Asetsockoptbindlisten1.1.1.1hi im here, i thinkbindtoipconnectpoll/bin/busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT/bin/iptables -A INPUT -p tcp --dport 26721 -j ACCEPT/usr/bin/iptables -A INPUT -p tcp --dport 26721 -j ACCEPTbusybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT/proc/net/tcp/proc/0
        Source: ELF static info symbol of initial sample.symtab present: no
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 1 (init), result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 2, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 3, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 4, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 6, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 9, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 10, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 11, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 12, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 13, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 14, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 15, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 16, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 17, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 18, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 20, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 21, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 22, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 23, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 24, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 25, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 26, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 27, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 28, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 29, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 30, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 35, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 77, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 78, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 79, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 80, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 81, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 82, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 83, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 84, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 85, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 88, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 89, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 91, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 92, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 93, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 94, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 95, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 96, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 97, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 98, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 99, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 100, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 101, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 102, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 103, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 104, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 105, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 106, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 107, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 108, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 109, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 110, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 111, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 112, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 113, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 114, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 115, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 116, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 117, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 118, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 119, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 120, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 121, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 122, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 123, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 124, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 125, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 126, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 127, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 128, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 130, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 132, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 141, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 144, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 157, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 201, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 202, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 203, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 204, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 205, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 206, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 207, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 208, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 209, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 210, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 211, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 212, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 213, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 214, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 215, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 216, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 217, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 218, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 219, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 220, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 221, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 222, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 223, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 224, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 225, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 226, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 227, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 228, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 229, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 230, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 231, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 232, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 233, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 234, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 235, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 236, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 237, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 243, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 248, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 249, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 250, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 251, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 252, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 253, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 254, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 255, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 256, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 257, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 258, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 259, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 260, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 261, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 262, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 263, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 264, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 265, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 266, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 267, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 269, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 270, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 272, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 274, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 278, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 281, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 286, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 322, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 324, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 326, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 327, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 328, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 333, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 346, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 379, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 419, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 420, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 491, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 517, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 654, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 655, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 656, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 657, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 658, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 667, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 670, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 674, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 675, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 676, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 677, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 720, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 721, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 759, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 761, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 772, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 774, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 777, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 785, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 788, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 789, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 793, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 796, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 797, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 799, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 800, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 801, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 847, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 884, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 896, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 904, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 910, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 912, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 918, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 936, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 1207, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 1320, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 1334, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 1335, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 1344, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 1349, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 1389, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 1463, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 1465, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 1475, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 1476, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 1477, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 1489, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 1494, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 1532, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 1576, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 1579, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 1582, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 1586, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 1594, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 1599, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 1601, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 1612, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 1860, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 1872, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 1886, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 1983, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 2009, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 2014, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 2018, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 2033, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 2038, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 2048, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 2128, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 2180, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 2208, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 2281, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 2285, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 2289, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 2294, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 2302, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 2307, result: no such processJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 2746, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 2749, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 2761, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 2882, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 3021, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 3088, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 4391, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 4443, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 4444, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 4445, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 4446, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 4477, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 4481, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 4508, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 6054, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 6173, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 6180, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 6208, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 6209, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 6238, result: successfulJump to behavior
        Source: /tmp/x86_64.elf (PID: 6239)SIGKILL sent: pid: 6239, result: unknownJump to behavior
        Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
        Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
        Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
        Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
        Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d0c57a2e os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ee7d3a33575ed3aa7431489a8fb18bf30cfd5d6c776066ab2a27f93303124b6, id = d0c57a2e-c10c-436c-be13-50a269326cf2, last_modified = 2021-09-16
        Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
        Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
        Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
        Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16
        Source: x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
        Source: 6236.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
        Source: 6236.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
        Source: 6236.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
        Source: 6236.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
        Source: 6236.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d0c57a2e os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ee7d3a33575ed3aa7431489a8fb18bf30cfd5d6c776066ab2a27f93303124b6, id = d0c57a2e-c10c-436c-be13-50a269326cf2, last_modified = 2021-09-16
        Source: 6236.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
        Source: 6238.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
        Source: 6238.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
        Source: 6238.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
        Source: 6238.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
        Source: 6238.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d0c57a2e os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ee7d3a33575ed3aa7431489a8fb18bf30cfd5d6c776066ab2a27f93303124b6, id = d0c57a2e-c10c-436c-be13-50a269326cf2, last_modified = 2021-09-16
        Source: 6238.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
        Source: 6238.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
        Source: 6238.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
        Source: 6238.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16
        Source: 6238.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
        Source: 6236.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
        Source: 6236.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
        Source: 6236.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16
        Source: 6236.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
        Source: 6239.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
        Source: 6239.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
        Source: 6239.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
        Source: 6239.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
        Source: 6239.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d0c57a2e os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ee7d3a33575ed3aa7431489a8fb18bf30cfd5d6c776066ab2a27f93303124b6, id = d0c57a2e-c10c-436c-be13-50a269326cf2, last_modified = 2021-09-16
        Source: 6239.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
        Source: 6239.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
        Source: 6239.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
        Source: 6239.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16
        Source: 6239.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
        Source: classification engineClassification label: mal96.spre.troj.linELF@0/45@30/0

        Persistence and Installation Behavior

        barindex
        Executes the "iptables" command to insert, remove and/or manipulate rules
        Source: /bin/sh (PID: 6388)Iptables executable using switch for changing the iptables rules: /usr/sbin/iptables -> iptables -A INPUT -p tcp --dport 26721 -j ACCEPTJump to behavior
        Sample reads /proc/mounts (often used for finding a writable filesystem)
        Source: /usr/bin/dbus-daemon (PID: 6257)File: /proc/6257/mountsJump to behavior
        Source: /bin/fusermount (PID: 6284)File: /proc/6284/mountsJump to behavior
        Source: /usr/bin/dbus-daemon (PID: 6436)File: /proc/6436/mountsJump to behavior
        Source: /usr/bin/dbus-daemon (PID: 6469)File: /proc/6469/mountsJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File: /run/systemd/journal/streams/.#9:75996HrwROiJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File: /run/systemd/journal/streams/.#9:76008QIkdBjJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File: /run/systemd/journal/streams/.#9:760151v7MbhJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File: /run/systemd/journal/streams/.#9:76022nOpU3hJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File: /run/systemd/journal/streams/.#9:76023VAOdakJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File: /run/systemd/journal/streams/.#9:76032iVB0QjJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File: /run/systemd/journal/streams/.#9:76033LJmSegJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File: /run/systemd/journal/streams/.#9:76034dR7P2fJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File: /run/systemd/journal/streams/.#9:76035hVG0ciJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File: /run/systemd/journal/streams/.#9:76036inF7TiJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File: /run/systemd/journal/streams/.#9:76150Kmm8OhJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File: /run/systemd/journal/streams/.#9:762474t88niJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File: /run/systemd/journal/streams/.#9:763496y4IwjJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File: /run/systemd/journal/streams/.#9:763614KIGJiJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File: /run/systemd/journal/streams/.#9:76410S7EGlhJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File: /run/systemd/journal/streams/.#9:76412ZGsXKiJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File: /run/systemd/journal/streams/.#9:76449nzRaygJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File: /run/systemd/journal/streams/.#9:76451TlJb5fJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File: /run/systemd/journal/streams/.#9:77307YkT7DjJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File: /run/systemd/journal/streams/.#9:77320mSLztiJump to behavior
        Source: /lib/systemd/systemd-logind (PID: 6300)Directory: <invalid fd (18)>/..Jump to behavior
        Source: /lib/systemd/systemd-logind (PID: 6300)Directory: <invalid fd (17)>/..Jump to behavior
        Source: /lib/systemd/systemd-logind (PID: 6300)File: /run/systemd/seats/.#seat0DfJfOyJump to behavior
        Source: /lib/systemd/systemd-logind (PID: 6300)File: /run/systemd/users/.#127w90FsBJump to behavior
        Source: /lib/systemd/systemd-logind (PID: 6300)File: /run/systemd/users/.#127A12c5yJump to behavior
        Source: /lib/systemd/systemd-logind (PID: 6300)File: /run/systemd/seats/.#seat07OcPUBJump to behavior
        Source: /lib/systemd/systemd-logind (PID: 6300)File: /run/systemd/users/.#127sYZehAJump to behavior
        Source: /lib/systemd/systemd-logind (PID: 6300)File: /run/systemd/users/.#127lf0vXBJump to behavior
        Source: /lib/systemd/systemd-logind (PID: 6300)File: /run/systemd/users/.#1270M1PzyJump to behavior
        Source: /usr/lib/policykit-1/polkitd (PID: 6360)Directory: /root/.cacheJump to behavior
        Source: /usr/lib/gdm3/gdm-wayland-session (PID: 6434)Directory: /var/lib/gdm3/.cacheJump to behavior
        Source: /usr/lib/accountsservice/accounts-daemon (PID: 6419)Directory: /var/lib/gdm3/.pam_environmentJump to behavior
        Source: /usr/lib/accountsservice/accounts-daemon (PID: 6419)Directory: /root/.cacheJump to behavior
        Source: /usr/bin/dbus-daemon (PID: 6257)File opened: /proc/6472/cmdlineJump to behavior
        Source: /usr/bin/dbus-daemon (PID: 6257)File opened: /proc/6472/cmdlineJump to behavior
        Source: /usr/bin/dbus-daemon (PID: 6257)File opened: /proc/6297/cmdlineJump to behavior
        Source: /usr/bin/dbus-daemon (PID: 6257)File opened: /proc/6300/cmdlineJump to behavior
        Source: /usr/bin/dbus-daemon (PID: 6257)File opened: /proc/6277/cmdlineJump to behavior
        Source: /usr/bin/dbus-daemon (PID: 6257)File opened: /proc/6277/cmdlineJump to behavior
        Source: /usr/bin/dbus-daemon (PID: 6257)File opened: /proc/6434/cmdlineJump to behavior
        Source: /usr/bin/dbus-daemon (PID: 6257)File opened: /proc/6257/statusJump to behavior
        Source: /usr/bin/dbus-daemon (PID: 6257)File opened: /proc/6257/attr/currentJump to behavior
        Source: /usr/bin/dbus-daemon (PID: 6257)File opened: /proc/6281/cmdlineJump to behavior
        Source: /usr/bin/dbus-daemon (PID: 6257)File opened: /proc/6281/cmdlineJump to behavior
        Source: /usr/bin/dbus-daemon (PID: 6257)File opened: /proc/6281/cmdlineJump to behavior
        Source: /usr/bin/dbus-daemon (PID: 6257)File opened: /proc/6360/cmdlineJump to behavior
        Source: /usr/bin/dbus-daemon (PID: 6257)File opened: /proc/1/cmdlineJump to behavior
        Source: /usr/bin/dbus-daemon (PID: 6257)File opened: /proc/6415/cmdlineJump to behavior
        Source: /usr/bin/dbus-daemon (PID: 6257)File opened: /proc/6428/cmdlineJump to behavior
        Source: /usr/bin/dbus-daemon (PID: 6257)File opened: /proc/6428/cmdlineJump to behavior
        Source: /usr/bin/dbus-daemon (PID: 6257)File opened: /proc/6419/cmdlineJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/6472/commJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/6472/cmdlineJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/6472/statusJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/6472/attr/currentJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/6472/sessionidJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/6472/loginuidJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/6472/cgroupJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/6277/commJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/6277/cmdlineJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/6277/statusJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/6277/attr/currentJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/6277/sessionidJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/6277/loginuidJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/6277/cgroupJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/6277/statusJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/6277/commJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/6277/cmdlineJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/6277/attr/currentJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/6277/sessionidJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/6277/loginuidJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/6277/cgroupJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/6434/commJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/6434/cmdlineJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/6434/statusJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/6434/attr/currentJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/6434/sessionidJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/6434/loginuidJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/6434/cgroupJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/2078/commJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/2078/cmdlineJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/2078/statusJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/2078/attr/currentJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/2078/sessionidJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/2078/loginuidJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/2078/cgroupJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/2033/commJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/2033/cmdlineJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/2033/statusJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/2033/attr/currentJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/2033/sessionidJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/2033/loginuidJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/2033/cgroupJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/2077/commJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/2077/cmdlineJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/2077/statusJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/2077/attr/currentJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/2077/sessionidJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/2077/loginuidJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/2077/cgroupJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/2074/commJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/2074/cmdlineJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/2074/statusJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/2074/attr/currentJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/2074/sessionidJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/2074/loginuidJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/2074/cgroupJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/2028/commJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/2028/cmdlineJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/2028/statusJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/2028/attr/currentJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/2028/sessionidJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/2028/loginuidJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/2028/cgroupJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/2302/commJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/2302/cmdlineJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/2302/statusJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/2302/attr/currentJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/2302/sessionidJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/2302/loginuidJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/2302/cgroupJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/1532/commJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/1532/cmdlineJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/1532/statusJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/1532/attr/currentJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/1532/sessionidJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/1532/loginuidJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/1532/cgroupJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/1334/commJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/1334/cmdlineJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/1334/statusJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/1334/attr/currentJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/1334/sessionidJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/1334/loginuidJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/1334/cgroupJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/1334/commJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/1334/cmdlineJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/1334/statusJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/1334/attr/currentJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/1334/sessionidJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/1334/loginuidJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)File opened: /proc/1334/cgroupJump to behavior
        Source: /tmp/x86_64.elf (PID: 6387)Shell command executed: sh -c "iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"Jump to behavior
        Source: /tmp/x86_64.elf (PID: 6393)Shell command executed: sh -c "/bin/busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"Jump to behavior
        Source: /tmp/x86_64.elf (PID: 6395)Shell command executed: sh -c "/bin/iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"Jump to behavior
        Source: /tmp/x86_64.elf (PID: 6397)Shell command executed: sh -c "/usr/bin/iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"Jump to behavior
        Source: /tmp/x86_64.elf (PID: 6399)Shell command executed: sh -c "busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"Jump to behavior
        Source: /usr/bin/gpu-manager (PID: 6365)Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"Jump to behavior
        Source: /usr/bin/gpu-manager (PID: 6369)Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"Jump to behavior
        Source: /usr/bin/gpu-manager (PID: 6371)Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"Jump to behavior
        Source: /usr/bin/gpu-manager (PID: 6373)Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"Jump to behavior
        Source: /usr/bin/gpu-manager (PID: 6375)Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"Jump to behavior
        Source: /usr/bin/gpu-manager (PID: 6379)Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"Jump to behavior
        Source: /usr/bin/gpu-manager (PID: 6381)Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"Jump to behavior
        Source: /usr/bin/gpu-manager (PID: 6383)Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"Jump to behavior
        Source: /usr/share/language-tools/language-options (PID: 6425)Shell command executed: sh -c "locale -a | grep -F .utf8 "Jump to behavior
        Source: /bin/sh (PID: 6366)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.confJump to behavior
        Source: /bin/sh (PID: 6370)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.confJump to behavior
        Source: /bin/sh (PID: 6372)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.confJump to behavior
        Source: /bin/sh (PID: 6374)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.confJump to behavior
        Source: /bin/sh (PID: 6378)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.confJump to behavior
        Source: /bin/sh (PID: 6380)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.confJump to behavior
        Source: /bin/sh (PID: 6382)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.confJump to behavior
        Source: /bin/sh (PID: 6384)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.confJump to behavior
        Source: /bin/sh (PID: 6427)Grep executable: /usr/bin/grep -> grep -F .utf8Jump to behavior
        Source: /bin/sh (PID: 6388)Iptables executable: /usr/sbin/iptables -> iptables -A INPUT -p tcp --dport 26721 -j ACCEPTJump to behavior
        Source: /usr/share/gdm/generate-config (PID: 6403)Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-serviceJump to behavior
        Source: /usr/bin/dash (PID: 6217)Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.sR00XSrcUF /tmp/tmp.2TBPewtrKJ /tmp/tmp.TPf1wIeDb3Jump to behavior
        Source: /usr/bin/dash (PID: 6226)Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.sR00XSrcUF /tmp/tmp.2TBPewtrKJ /tmp/tmp.TPf1wIeDb3Jump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)Reads from proc file: /proc/meminfoJump to behavior
        Source: /sbin/agetty (PID: 6368)Reads version info: /etc/issueJump to behavior
        Source: /usr/sbin/gdm3 (PID: 6415)File: /var/run/gdm3 (bits: - usr: -x grp: x all: rwx)Jump to behavior
        Source: /usr/sbin/gdm3 (PID: 6415)File: /var/log/gdm3 (bits: - usr: -x grp: x all: rwx)Jump to behavior
        Source: /usr/lib/accountsservice/accounts-daemon (PID: 6419)File: /var/lib/AccountsService/icons (bits: - usr: rx grp: rwx all: rwx)Jump to behavior
        Source: /usr/lib/accountsservice/accounts-daemon (PID: 6419)File: /var/lib/AccountsService/users (bits: - usr: - grp: - all: rwx)Jump to behavior
        Source: /usr/sbin/rsyslogd (PID: 6280)Log file created: /var/log/kern.logJump to dropped file
        Source: /usr/sbin/rsyslogd (PID: 6280)Log file created: /var/log/auth.logJump to dropped file
        Source: /usr/bin/gpu-manager (PID: 6364)Log file created: /var/log/gpu-manager.logJump to dropped file
        Source: /usr/bin/gpu-manager (PID: 6364)Truncated file: /var/log/gpu-manager.logJump to behavior
        Source: /usr/bin/pulseaudio (PID: 6281)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
        Source: /usr/bin/pkill (PID: 6403)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
        Source: /usr/bin/pulseaudio (PID: 6472)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
        Source: /bin/busybox (PID: 6394)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/bin/busybox (PID: 6401)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/sbin/rsyslogd (PID: 6280)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/bin/pulseaudio (PID: 6281)Queries kernel information via 'uname': Jump to behavior
        Source: /lib/systemd/systemd-journald (PID: 6283)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/bin/gpu-manager (PID: 6364)Queries kernel information via 'uname': Jump to behavior
        Source: /sbin/agetty (PID: 6368)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/lib/gdm3/gdm-session-worker (PID: 6428)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/bin/pulseaudio (PID: 6472)Queries kernel information via 'uname': Jump to behavior
        Source: kern.log.47.drBinary or memory string: Dec 28 09:06:50 galassia kernel: [ 414.551079] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 12/12/2018
        Source: kern.log.47.drBinary or memory string: Dec 28 09:06:50 galassia kernel: [ 414.551063] Modules linked in: monitor(OE) md4 cmac cifs libarc4 fscache libdes vmw_vsock_vmci_transport vsock binfmt_misc dm_multipath scsi_dh_rdac scsi_dh_emc scsi_dh_alua vmw_balloon joydev input_leds serio_raw vmw_vmci sch_fq_codel drm parport_pc ppdev lp parport ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel crypto_simd cryptd glue_helper psmouse ahci mptspi vmxnet3 scsi_transport_spi mptscsih libahci mptbase

        Language, Device and Operating System Detection

        barindex
        Reads system files that contain records of logged in users
        Source: /usr/lib/accountsservice/accounts-daemon (PID: 6419)Logged in records file read: /var/log/wtmpJump to behavior

        Stealing of Sensitive Information

        barindex
        Yara detected Gafgyt
        Source: Yara matchFile source: x86_64.elf, type: SAMPLE
        Source: Yara matchFile source: 6236.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 6238.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 6239.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY

        Remote Access Functionality

        barindex
        Yara detected Gafgyt
        Source: Yara matchFile source: x86_64.elf, type: SAMPLE
        Source: Yara matchFile source: 6236.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 6238.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 6239.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity Information1
        Scripting        		Valid AccountsWindows Management Instrumentation1
        Scripting        		Path Interception1
        File and Directory Permissions Modification        		1
        OS Credential Dumping        		11
        Security Software Discovery        		Remote ServicesData from Local System1
        Encrypted Channel        		Exfiltration Over Other Network Medium2
        Service Stop
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
        Disable or Modify Tools        		LSASS Memory1
        System Owner/User Discovery        		Remote Desktop ProtocolData from Removable Media1
        Non-Standard Port        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
        Hidden Files and Directories        		Security Account Manager1
        System Network Configuration Discovery        		SMB/Windows Admin SharesData from Network Shared Drive2
        Non-Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
        Indicator Removal        		NTDS11
        File and Directory Discovery        		Distributed Component Object ModelInput Capture3
        Application Layer Protocol        		Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
        File Deletion        		LSA Secrets3
        System Information Discovery        		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

        Malware Configuration

        No configs have been found

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Number of created Files
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1581683 Sample: x86_64.elf Startdate: 28/12/2024 Architecture: LINUX Score: 96 97 SECURE-NETWORK-REBIRTHLTD.RU 2->97 99 SECURE-NETWORK-REBIRTHLTD.RU 83.222.191.146, 2222, 35342, 52630 NET1-ASBG Bulgaria 2->99 101 6 other IPs or domains 2->101 107 Malicious sample detected (through community Yara rule) 2->107 109 Multi AV Scanner detection for submitted file 2->109 111 Yara detected Gafgyt 2->111 113 2 other signatures 2->113 11 dash rm x86_64.elf 2->11         started        13 systemd gdm3 2->13         started        15 systemd gpu-manager 2->15         started        17 28 other processes 2->17 signatures3 process4 file5 21 x86_64.elf 11->21         started        23 gdm3 gdm-session-worker 13->23         started        35 3 other processes 13->35 25 gpu-manager sh 15->25         started        27 gpu-manager sh 15->27         started        29 gpu-manager sh 15->29         started        37 5 other processes 15->37 95 /var/log/wtmp, data 17->95 dropped 103 Sample reads /proc/mounts (often used for finding a writable filesystem) 17->103 105 Reads system files that contain records of logged in users 17->105 31 accounts-daemon language-validate 17->31         started        33 generate-config pkill 17->33         started        signatures6 process7 process8 39 x86_64.elf 21->39         started        41 x86_64.elf 21->41         started        43 gdm-session-worker gdm-wayland-session 23->43         started        45 sh grep 25->45         started        47 sh grep 27->47         started        49 sh grep 29->49         started        51 language-validate language-options 31->51         started        53 sh grep 37->53         started        55 4 other processes 37->55 process9 57 x86_64.elf sh 39->57         started        59 x86_64.elf sh 39->59         started        61 x86_64.elf sh 39->61         started        72 2 other processes 39->72 63 x86_64.elf 41->63         started        66 gdm-wayland-session dbus-daemon 43->66         started        68 gdm-wayland-session dbus-run-session 43->68         started        70 language-options sh 51->70         started        signatures10 74 sh iptables 57->74         started        77 sh busybox 59->77         started        79 sh busybox 61->79         started        117 Sample tries to kill a massive number of system processes 63->117 119 Sample tries to kill multiple processes (SIGKILL) 63->119 121 Sample reads /proc/mounts (often used for finding a writable filesystem) 66->121 81 dbus-daemon 66->81         started        83 dbus-run-session dbus-daemon 68->83         started        85 sh locale 70->85         started        87 sh grep 70->87         started        89 sh 72->89         started        91 sh 72->91         started        process11 signatures12 115 Executes the "iptables" command to insert, remove and/or manipulate rules 74->115 93 dbus-daemon false 81->93         started        process13

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        x86_64.elf24%ReversingLabsLinux.Backdoor.Mirai
        x86_64.elf100%Joe Sandbox ML

        Dropped Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        No Antivirus matches

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        daisy.ubuntu.com
        		162.213.35.24
        		truefalse
          		high
          secure-network-rebirthltd.ru
          		83.222.191.146
          		truefalse
            		high
            SECURE-NETWORK-REBIRTHLTD.RU
            		83.222.191.146
            		truetrue
              		unknown

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              https://daisy.ubuntu.com/9aadafe2051348cd32033e1cad68f0a5fe46fba3240ac1e6e42158f31b8a1371790c09baf3996b4979fe8e533446c7dedf30f654c68b25357334c66911dc6a9efalse
                		high

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                https://www.rsyslog.comsyslog.47.drfalse
                  		high

                  World Map of Contacted IPs

                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs

                  Public IPs

                  IPDomainCountryFlagASNASN NameMalicious
                  162.213.35.25
                  		unknownUnited States
                  		41231CANONICAL-ASGBfalse
                  83.222.191.146
                  		secure-network-rebirthltd.ruBulgaria
                  		43561NET1-ASBGfalse
                  109.202.202.202
                  		unknownSwitzerland
                  		13030INIT7CHfalse
                  91.189.91.43
                  		unknownUnited Kingdom
                  		41231CANONICAL-ASGBfalse
                  91.189.91.42
                  		unknownUnited Kingdom
                  		41231CANONICAL-ASGBfalse

                  Joe Sandbox View / Context

                  IPs

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  162.213.35.25Aqua.m68k.elfGet hashmaliciousUnknownBrowse
                    wiewa64.elfGet hashmaliciousMiraiBrowse
                      wrjkngh4.elfGet hashmaliciousMiraiBrowse
                        vwkjebwi686.elfGet hashmaliciousMiraiBrowse
                          dwhdbg.elfGet hashmaliciousMiraiBrowse
                            Aqua.arm7.elfGet hashmaliciousMiraiBrowse
                              wnbw86.elfGet hashmaliciousMiraiBrowse
                                Aqua.x86_64.elfGet hashmaliciousMiraiBrowse
                                  Aqua.arm5.elfGet hashmaliciousMiraiBrowse
                                    Aqua.m68k.elfGet hashmaliciousMiraiBrowse
                                      83.222.191.146arm5.elfGet hashmaliciousGafgytBrowse
                                        mpsl.elfGet hashmaliciousGafgytBrowse
                                          arm4.elfGet hashmaliciousGafgytBrowse
                                            mips.elfGet hashmaliciousGafgytBrowse
                                              arm4.elfGet hashmaliciousGafgytBrowse
                                                arm7.elfGet hashmaliciousUnknownBrowse
                                                  x86_64.elfGet hashmaliciousGafgytBrowse
                                                    arm5.elfGet hashmaliciousGafgytBrowse
                                                      mpsl.elfGet hashmaliciousGafgytBrowse
                                                        109.202.202.202kpLwzBouH4.elfGet hashmaliciousUnknownBrowse
                                                        • ch.archive.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_92.0%2bbuild3-0ubuntu0.20.04.1_amd64.deb
                                                        91.189.91.43arm5.elfGet hashmaliciousGafgytBrowse
                                                          arm6.elfGet hashmaliciousGafgytBrowse
                                                            arm4.elfGet hashmaliciousGafgytBrowse
                                                              yakuza.sh.elfGet hashmaliciousMiraiBrowse
                                                                yakuza.sparc.elfGet hashmaliciousMiraiBrowse
                                                                  yakuza.arm4.elfGet hashmaliciousMiraiBrowse
                                                                    yakuza.mipsel.elfGet hashmaliciousMiraiBrowse
                                                                      yakuza.arm7.elfGet hashmaliciousMiraiBrowse
                                                                        yakuza.ppc.elfGet hashmaliciousMiraiBrowse
                                                                          most-mips.elfGet hashmaliciousMiraiBrowse

                                                                            Domains

                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                            daisy.ubuntu.comyakuza.arm6.elfGet hashmaliciousMiraiBrowse
                                                                            • 162.213.35.25
                                                                            yakuza.x86.elfGet hashmaliciousMiraiBrowse
                                                                            • 162.213.35.24
                                                                            yakuza.m68k.elfGet hashmaliciousMiraiBrowse
                                                                            • 162.213.35.24
                                                                            yakuza.i586.elfGet hashmaliciousMiraiBrowse
                                                                            • 162.213.35.24
                                                                            yakuza.i686.elfGet hashmaliciousMiraiBrowse
                                                                            • 162.213.35.24
                                                                            arm6.elfGet hashmaliciousGafgytBrowse
                                                                            • 162.213.35.24
                                                                            45.200.149.186-boatnet.arm-2024-12-28T01_23_00.elfGet hashmaliciousMiraiBrowse
                                                                            • 162.213.35.24
                                                                            byte.x86.elfGet hashmaliciousMirai, OkiruBrowse
                                                                            • 162.213.35.25
                                                                            byte.ppc.elfGet hashmaliciousMirai, OkiruBrowse
                                                                            • 162.213.35.24
                                                                            109.176.30.237-boatnet.mpsl-2024-12-27T20_20_43.elfGet hashmaliciousMiraiBrowse
                                                                            • 162.213.35.24
                                                                            secure-network-rebirthltd.ruarm5.elfGet hashmaliciousGafgytBrowse
                                                                            • 83.222.191.146
                                                                            mpsl.elfGet hashmaliciousGafgytBrowse
                                                                            • 83.222.191.146
                                                                            arm4.elfGet hashmaliciousGafgytBrowse
                                                                            • 83.222.191.146
                                                                            mips.elfGet hashmaliciousGafgytBrowse
                                                                            • 83.222.191.146
                                                                            arm4.elfGet hashmaliciousGafgytBrowse
                                                                            • 83.222.191.146
                                                                            arm7.elfGet hashmaliciousUnknownBrowse
                                                                            • 83.222.191.146
                                                                            mpsl.elfGet hashmaliciousGafgytBrowse
                                                                            • 83.222.191.146
                                                                            SECURE-NETWORK-REBIRTHLTD.RUarm5.elfGet hashmaliciousGafgytBrowse
                                                                            • 83.222.191.146
                                                                            mpsl.elfGet hashmaliciousGafgytBrowse
                                                                            • 83.222.191.146
                                                                            arm4.elfGet hashmaliciousGafgytBrowse
                                                                            • 83.222.191.146
                                                                            mips.elfGet hashmaliciousGafgytBrowse
                                                                            • 83.222.191.146
                                                                            arm4.elfGet hashmaliciousGafgytBrowse
                                                                            • 83.222.191.146
                                                                            arm7.elfGet hashmaliciousUnknownBrowse
                                                                            • 83.222.191.146
                                                                            mpsl.elfGet hashmaliciousGafgytBrowse
                                                                            • 83.222.191.146

                                                                            ASNs

                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                            CANONICAL-ASGBarm5.elfGet hashmaliciousGafgytBrowse
                                                                            • 91.189.91.42
                                                                            yakuza.m68k.elfGet hashmaliciousMiraiBrowse
                                                                            • 185.125.190.26
                                                                            mpsl.elfGet hashmaliciousGafgytBrowse
                                                                            • 185.125.190.26
                                                                            yakuza.i586.elfGet hashmaliciousMiraiBrowse
                                                                            • 185.125.190.26
                                                                            arm6.elfGet hashmaliciousGafgytBrowse
                                                                            • 91.189.91.42
                                                                            arm4.elfGet hashmaliciousGafgytBrowse
                                                                            • 91.189.91.42
                                                                            yakuza.sh.elfGet hashmaliciousMiraiBrowse
                                                                            • 91.189.91.42
                                                                            yakuza.sparc.elfGet hashmaliciousMiraiBrowse
                                                                            • 91.189.91.42
                                                                            yakuza.arm4.elfGet hashmaliciousMiraiBrowse
                                                                            • 91.189.91.42
                                                                            yakuza.mipsel.elfGet hashmaliciousMiraiBrowse
                                                                            • 91.189.91.42
                                                                            INIT7CHarm5.elfGet hashmaliciousGafgytBrowse
                                                                            • 109.202.202.202
                                                                            arm6.elfGet hashmaliciousGafgytBrowse
                                                                            • 109.202.202.202
                                                                            arm4.elfGet hashmaliciousGafgytBrowse
                                                                            • 109.202.202.202
                                                                            yakuza.sh.elfGet hashmaliciousMiraiBrowse
                                                                            • 109.202.202.202
                                                                            yakuza.sparc.elfGet hashmaliciousMiraiBrowse
                                                                            • 109.202.202.202
                                                                            yakuza.arm4.elfGet hashmaliciousMiraiBrowse
                                                                            • 109.202.202.202
                                                                            yakuza.mipsel.elfGet hashmaliciousMiraiBrowse
                                                                            • 109.202.202.202
                                                                            yakuza.arm7.elfGet hashmaliciousMiraiBrowse
                                                                            • 109.202.202.202
                                                                            yakuza.ppc.elfGet hashmaliciousMiraiBrowse
                                                                            • 109.202.202.202
                                                                            most-mips.elfGet hashmaliciousMiraiBrowse
                                                                            • 109.202.202.202
                                                                            CANONICAL-ASGBarm5.elfGet hashmaliciousGafgytBrowse
                                                                            • 91.189.91.42
                                                                            yakuza.m68k.elfGet hashmaliciousMiraiBrowse
                                                                            • 185.125.190.26
                                                                            mpsl.elfGet hashmaliciousGafgytBrowse
                                                                            • 185.125.190.26
                                                                            yakuza.i586.elfGet hashmaliciousMiraiBrowse
                                                                            • 185.125.190.26
                                                                            arm6.elfGet hashmaliciousGafgytBrowse
                                                                            • 91.189.91.42
                                                                            arm4.elfGet hashmaliciousGafgytBrowse
                                                                            • 91.189.91.42
                                                                            yakuza.sh.elfGet hashmaliciousMiraiBrowse
                                                                            • 91.189.91.42
                                                                            yakuza.sparc.elfGet hashmaliciousMiraiBrowse
                                                                            • 91.189.91.42
                                                                            yakuza.arm4.elfGet hashmaliciousMiraiBrowse
                                                                            • 91.189.91.42
                                                                            yakuza.mipsel.elfGet hashmaliciousMiraiBrowse
                                                                            • 91.189.91.42
                                                                            NET1-ASBGarm5.elfGet hashmaliciousGafgytBrowse
                                                                            • 83.222.191.146
                                                                            mpsl.elfGet hashmaliciousGafgytBrowse
                                                                            • 83.222.191.146
                                                                            arm4.elfGet hashmaliciousGafgytBrowse
                                                                            • 83.222.191.146
                                                                            mips.elfGet hashmaliciousGafgytBrowse
                                                                            • 83.222.191.146
                                                                            arm4.elfGet hashmaliciousGafgytBrowse
                                                                            • 83.222.191.146
                                                                            arm7.elfGet hashmaliciousUnknownBrowse
                                                                            • 83.222.191.146
                                                                            x86_64.elfGet hashmaliciousGafgytBrowse
                                                                            • 83.222.191.146
                                                                            arm5.elfGet hashmaliciousGafgytBrowse
                                                                            • 83.222.191.146
                                                                            mpsl.elfGet hashmaliciousGafgytBrowse
                                                                            • 83.222.191.146
                                                                            putty.exeGet hashmaliciousSmokeLoaderBrowse
                                                                            • 94.156.177.51

                                                                            JA3 Fingerprints

                                                                            No context

                                                                            Dropped Files

                                                                            No context

                                                                            Created / dropped Files

                                                                            /home/saturnino/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-sink

                                                                            Download File
                                                                            Process:/usr/bin/pulseaudio
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):10
                                                                            Entropy (8bit):2.9219280948873623
                                                                            Encrypted:false
                                                                            SSDEEP:3:5bkPn:pkP
                                                                            MD5:FF001A15CE15CF062A3704CEA2991B5F
                                                                            SHA1:B06F6855F376C3245B82212AC73ADED55DFE5DEF
                                                                            SHA-256:C54830B41ECFA1B6FBDC30397188DDA86B7B200E62AEAC21AE694A6192DCC38A
                                                                            SHA-512:65EBF7C31F6F65713CE01B38A112E97D0AE64A6BD1DA40CE4C1B998F10CD3912EE1A48BB2B279B24493062118AAB3B8753742E2AF28E56A31A7AAB27DE80E7BF
                                                                            Malicious:false
                                                                            Reputation:moderate, very likely benign file
                                                                            Preview:auto_null.

                                                                            /home/saturnino/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-source

                                                                            Download File
                                                                            Process:/usr/bin/pulseaudio
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):18
                                                                            Entropy (8bit):3.4613201402110088
                                                                            Encrypted:false
                                                                            SSDEEP:3:5bkrIZsXvn:pkckv
                                                                            MD5:28FE6435F34B3367707BB1C5D5F6B430
                                                                            SHA1:EB8FE2D16BD6BBCCE106C94E4D284543B2573CF6
                                                                            SHA-256:721A37C69E555799B41D308849E8F8125441883AB021B723FED90A9B744F36C0
                                                                            SHA-512:6B6AB7C0979629D0FEF6BE47C5C6BCC367EDD0AAE3FC973F4DE2FD5F0A819C89E7656DB65D453B1B5398E54012B27EDFE02894AD87A7E0AF3A9C5F2EB24A9919
                                                                            Malicious:false
                                                                            Reputation:moderate, very likely benign file
                                                                            Preview:auto_null.monitor.

                                                                            /proc/6439/oom_score_adj

                                                                            Download File
                                                                            Process:/usr/bin/dbus-daemon
                                                                            File Type:very short file (no magic)
                                                                            Category:dropped
                                                                            Size (bytes):1
                                                                            Entropy (8bit):0.0
                                                                            Encrypted:false
                                                                            SSDEEP:3:V:V
                                                                            MD5:CFCD208495D565EF66E7DFF9F98764DA
                                                                            SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                                                                            SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                                                                            SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                                                                            Malicious:false
                                                                            Reputation:high, very likely benign file
                                                                            Preview:0

                                                                            /run/gdm3.pid

                                                                            Download File
                                                                            Process:/usr/sbin/gdm3
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):5
                                                                            Entropy (8bit):2.321928094887362
                                                                            Encrypted:false
                                                                            SSDEEP:3:/:/
                                                                            MD5:2C3FC6532DA881CF8062A54DAA76DE73
                                                                            SHA1:F3EED625D08572C488C39CF865934F6929DA8AB5
                                                                            SHA-256:2BE5390DBD5BCF633B65EC9CB4F9F78857DBFD53463AC0C1D58247D76578F491
                                                                            SHA-512:03C2E4F9E7481292F8881D87533DA66B05BC703BA13EB54B8C4D65125C5BEB5CF499A5B75217971C23701E5B3EE614CCCE9ABC91E8482290701A58667862211F
                                                                            Malicious:false
                                                                            Reputation:low
                                                                            Preview:6415.

                                                                            /run/systemd/journal/streams/.#9:75996HrwROi

                                                                            Download File
                                                                            Process:/lib/systemd/systemd-journald
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):223
                                                                            Entropy (8bit):5.4864548466494085
                                                                            Encrypted:false
                                                                            SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxm6K3Vaz+95THhg2jsv:SbFuFyLVIg1BG+f+M6K4+/j22ji4s
                                                                            MD5:978E163EBDB078EA0B1422E7DDF4D905
                                                                            SHA1:27B287874D353720B86E126CC77A55561357C7E4
                                                                            SHA-256:4437E53F409BE3AEBD7A67BEEB7340629B8E34262B6BCB28AE54E4650A620EB0
                                                                            SHA-512:C25F0AFEE68E81A7AFAD0B66320F35A4E2EA197EFD0BD35B294FD4DF5D7A2999220FE6A0049CCBBCCE4F85DF228C872A0C368EC33E5CE9E436A1B9443D0D8BE5
                                                                            Malicious:false
                                                                            Reputation:low
                                                                            Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=016440364c574e7eaed31e1902e964d5.IDENTIFIER=journalctl.UNIT=systemd-journal-flush.service.

                                                                            /run/systemd/journal/streams/.#9:76008QIkdBj

                                                                            Download File
                                                                            Process:/lib/systemd/systemd-journald
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):207
                                                                            Entropy (8bit):5.414434812291064
                                                                            Encrypted:false
                                                                            SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxm7XDzrR2jhEUCuqjsc:SbFuFyLVIg1BG+f+MzF2uQqjosQu
                                                                            MD5:D5BAAAA9EE6522DDED49110DCCCAA6EE
                                                                            SHA1:A566CEE1DCCF1C7CD53BA97E9E5B9337A1523DFD
                                                                            SHA-256:32157E6670385842F6B8440AD4FDF6029F49FDFB9375849F80B4282930025A92
                                                                            SHA-512:038727EE1385B4B8EC2625CEE30ECCD9F1807B3C1F58F9A7CB0FFC1A7B835C768361FFC94FC98688FE6B739DD96070194F07BBE686E3F67A17935F405A6E2EA8
                                                                            Malicious:false
                                                                            Reputation:low
                                                                            Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=1ce26d5a8c214de5882578a077ef1f55.IDENTIFIER=dbus-daemon.UNIT=dbus.service.

                                                                            /run/systemd/journal/streams/.#9:760151v7Mbh

                                                                            Download File
                                                                            Process:/lib/systemd/systemd-journald
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):208
                                                                            Entropy (8bit):5.389461455657177
                                                                            Encrypted:false
                                                                            SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxmp4/gbshnCAyg2jsmM:SbFuFyLVIg1BG+f+MqY4kLg2jdCLKzK
                                                                            MD5:C6FA17546B36105A9C8B070468F56A10
                                                                            SHA1:5F263654E72BBBCAB5FC9440827EC5D06B671D49
                                                                            SHA-256:23E1B144B2B36116084CE3EB2FD5C2367B7AEA59C1F20CF921941F7ED495D04D
                                                                            SHA-512:D9762AE651797C1FA34598482DC2128EB9DFE5B549DD9AC08C0CAEAA38BDF684323D2AC7D024515308A3FFBDC876077884289AEAE8694C3FA0A79DEF0DB395D6
                                                                            Malicious:false
                                                                            Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=ca4a377209f44b08982b6bb666ce87b7.IDENTIFIER=whoopsie.UNIT=whoopsie.service.

                                                                            /run/systemd/journal/streams/.#9:76022nOpU3h

                                                                            Download File
                                                                            Process:/lib/systemd/systemd-journald
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):188
                                                                            Entropy (8bit):5.360018203093052
                                                                            Encrypted:false
                                                                            SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxm/bXBS+KpMc0hTjshQ:SbFuFyLVIg1BG+f+MY8c0jtWL0
                                                                            MD5:3E51CADA699DA66B1C4131EA9BD50E08
                                                                            SHA1:2A0D80C3C34B4818E63877D2096FDAC0DF76E12E
                                                                            SHA-256:DACE663E4650C1E2AB6CDBC48167C7162F6F11931F10FC7907493165AFC97D7E
                                                                            SHA-512:0A26F79B9C992206A2763B9D6C19B1CB5DDD4401DE4CA64DB0CC3087B66886B6C1179F5B8FD2129FB87CEB8ED42B17C8BC2DF74088F52D20A1BC90FF1992BC96
                                                                            Malicious:false
                                                                            Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=5392d7ee667b4a01ad2cb81ae4e9a8f9.IDENTIFIER=pulseaudio.

                                                                            /run/systemd/journal/streams/.#9:76023VAOdak

                                                                            Download File
                                                                            Process:/lib/systemd/systemd-journald
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):216
                                                                            Entropy (8bit):5.458372627356696
                                                                            Encrypted:false
                                                                            SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxmzIDDLtNniWXM0uqja:SbFuFyLVIg1BG+f+MMDD3ndM0uqjNE
                                                                            MD5:9F97CF3C9203BB2B6462C90A5D3CF018
                                                                            SHA1:BFF5E1EF7A41DA63295480547C4B3149ECD9F717
                                                                            SHA-256:A7881E3D49982DFE0C3B85937BD21DBF84013095EA4216F01B2A28C4D90A18C2
                                                                            SHA-512:0119D7787D98F7EF9995DDD078842E4A9986D6A9EF4A5E6A2F975A1FF6B4EA3C3CD4462E94C1B8EDE8BC534EFE0666C5722CE1B14A8D0AA6E0A86EB4DBB760CF
                                                                            Malicious:false
                                                                            Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=96a53f6bbfcc4239bf71eb32830383e5.IDENTIFIER=rtkit-daemon.UNIT=rtkit-daemon.service.

                                                                            /run/systemd/journal/streams/.#9:76032iVB0Qj

                                                                            Download File
                                                                            Process:/lib/systemd/systemd-journald
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):220
                                                                            Entropy (8bit):5.505176729522569
                                                                            Encrypted:false
                                                                            SSDEEP:6:SbFuFyLVIg1BG+f+MoQs6WvZjZcHcljX+:qgFq6g10+f+MobmAu
                                                                            MD5:2CC7751A78E8DE9DEE771000A771DABA
                                                                            SHA1:320B845C766AE019C6A006FD3EB6AFEA79CD4388
                                                                            SHA-256:CCECD38BDECAA316EDF6F119AFE9588A6F7CA6A6DFEF554014EEFD3FE21A84E8
                                                                            SHA-512:3B4F9E4CCC2D38D237D53BAF6A67DFB80443FBBB1F3DC1FE87717F3AE5E8692FD4E0AB2D0F15229F3FDF35BFBE9FC2EF007878586702783F52857DCF8E8D36BA
                                                                            Malicious:false
                                                                            Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=b947f93273ff4aa5b8fe8b5828392a0c.IDENTIFIER=systemd-logind.UNIT=systemd-logind.service.

                                                                            /run/systemd/journal/streams/.#9:76033LJmSeg

                                                                            Download File
                                                                            Process:/lib/systemd/systemd-journald
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):205
                                                                            Entropy (8bit):5.398192642978615
                                                                            Encrypted:false
                                                                            SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxm4AahxXH7zcKls2ls4:SbFuFyLVIg1BG+f+M4vX7zD8jbVC
                                                                            MD5:36AC9E5815D2765B52904D59E06F7669
                                                                            SHA1:F19AE0D2855BE7604E5F98C1DE3D2B100046D872
                                                                            SHA-256:49EAE39E55A938D00346A0E301B9EA47085EAD8AE426309CBCA2C13AA2A76253
                                                                            SHA-512:81F1E5E4F1B7B5E016B66DB49E4CC32750D005EE71E7D477AD55B3A197BE7EFD3F39A2849A780786D6970547842219CDF6CBA160218DC96187FD5C52800308EC
                                                                            Malicious:false
                                                                            Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=2e591afde9ef43a2bb7c44094017b77c.IDENTIFIER=polkitd.UNIT=polkit.service.

                                                                            /run/systemd/journal/streams/.#9:76034dR7P2f

                                                                            Download File
                                                                            Process:/lib/systemd/systemd-journald
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):208
                                                                            Entropy (8bit):5.429195410015306
                                                                            Encrypted:false
                                                                            SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxm9HVXmoBYHcBwGFlsS:SbFuFyLVIg1BG+f+MfBOcBpF2jLkGq
                                                                            MD5:AF226F421B5AF135501EDE0958F6814D
                                                                            SHA1:1B005770B7524EB808712471FAD586B5538F4934
                                                                            SHA-256:CB25D4CCDB673AFF1A46447F1D572FB873B8CAA53A4FDBFE9413D886DE5B9208
                                                                            SHA-512:00195F46C0132B37A9E4591CB073DC8C6BBF4B68E3C6BA84E3F515A26D781A07194C73F6EF97FD8800076801BAE67403819F0F5A2219F6A3717DFB2749DE4DFD
                                                                            Malicious:false
                                                                            Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=791590c7d6bc49fcb11352d652a9d7fa.IDENTIFIER=agetty.UNIT=getty@tty2.service.

                                                                            /run/systemd/journal/streams/.#9:76035hVG0ci

                                                                            Download File
                                                                            Process:/lib/systemd/systemd-journald
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):210
                                                                            Entropy (8bit):5.437044683981279
                                                                            Encrypted:false
                                                                            SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLCHh6KV+h6CQzuxmuokHH4dFerZjs2ALAXA:SbFuFyLVIg1BAf+MuoOwujNALyAZD
                                                                            MD5:A2F7E8D7F766B57390BF60E614052FB3
                                                                            SHA1:42FCB65E2E2A42C283D17A447E925A7DD398537D
                                                                            SHA-256:4BF701AB472E4C4357D833648E2F5FE57D1CE0BAE4E7F4F94631B5CA25AFA2A2
                                                                            SHA-512:EB1B3A801BB34F4D9924DA68B4FD643D80B11A558F19AC8983785CF742111275AFE5D1AEB9D706A3E8B5616DB3E4794D00A127E472571DB2496AB2B81AF088E6
                                                                            Malicious:false
                                                                            Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=1.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=ddc8eddbc2104f0785d3283db30693b4.IDENTIFIER=generate-config.UNIT=gdm.service.

                                                                            /run/systemd/journal/streams/.#9:76036inF7Ti

                                                                            Download File
                                                                            Process:/lib/systemd/systemd-journald
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):223
                                                                            Entropy (8bit):5.550953879699913
                                                                            Encrypted:false
                                                                            SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxmugTGEuQBJ/T1uqjsv:SbFuFyLVIg1BG+f+MugTSQBJ/TQqji4s
                                                                            MD5:5B40BD016361EB77010429432F9ED992
                                                                            SHA1:7C5FAD8CC794D57B4FC504D48FCFCAF04E716CD9
                                                                            SHA-256:3AF936C35686A0B15D29AD2A898DA219EDFB59D0D27942462A3624B0CCBA0D7A
                                                                            SHA-512:D09D15FED1295D3DACEE7435A2D460C61F6D07BFCC0977A4DD456C0204B97FB64C40AF289D2F136508E964EF8E0B1BDA190264781AEF4BD39E3A77BFE6BB5F9D
                                                                            Malicious:false
                                                                            Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=dbe6cc467fd2479f8032c5d599d94647.IDENTIFIER=journalctl.UNIT=systemd-journal-flush.service.

                                                                            /run/systemd/journal/streams/.#9:76150Kmm8Oh

                                                                            Download File
                                                                            Process:/lib/systemd/systemd-journald
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):228
                                                                            Entropy (8bit):5.447026884924944
                                                                            Encrypted:false
                                                                            SSDEEP:6:SbFuFyLVIg1BG+f+Mu8Z0Ri2jdCt/rRMtq:qgFq6g10+f+MeRpCDL
                                                                            MD5:D8BB8AD09DD3CBB5B8A9F3F6E713EE7A
                                                                            SHA1:9530FAD356BAE1FA53AEE00342ED2DD1B10B35EF
                                                                            SHA-256:92F433B4E196778B10F31A0ABD8ACB729136D9B45A6889D57B92B653FDF94FDA
                                                                            SHA-512:4E922B8BB2EA36BDF81E86BCE9F4380A63AC45D7E64D95795329E21E4EA063E67ACD21C1966B7A6C41CCECD3A7277C25367A137E6517FDA4D860990AF8336B09
                                                                            Malicious:false
                                                                            Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=df6e2929310e4762a732698bd4ade6b4.IDENTIFIER=whoopsie-upload-all.UNIT=apport-autoreport.service.

                                                                            /run/systemd/journal/streams/.#9:762474t88ni

                                                                            Download File
                                                                            Process:/lib/systemd/systemd-journald
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):211
                                                                            Entropy (8bit):5.471139472656014
                                                                            Encrypted:false
                                                                            SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLCHh6KV+h6CQzuxmzyuWPXOsjs2BbQIeXGu:SbFuFyLVIg1BAf+MmvDjNdQIeXD
                                                                            MD5:758F1DE1AA67AC8DD1BECEAB08F39FF4
                                                                            SHA1:77A689BE2F1035EA2EA8C112BC4A4369C0870F98
                                                                            SHA-256:7A9DCEB727E55A4871188425CF1BC747280158EB8225D1D1811A9C0CBE0E0CEE
                                                                            SHA-512:293EF2AA8F508F34FC940AB6A81364C389E1B671165EF69EC8E650BB74CC3C8BB95824E08F2F54E10411195C19D8659FABA2DFAFED43D0A5783B2A446959179E
                                                                            Malicious:false
                                                                            Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=1.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=9270491ba3f2495f9a5a9b316794c06a.IDENTIFIER=gdm-wait-for-drm.UNIT=gdm.service.

                                                                            /run/systemd/journal/streams/.#9:763496y4Iwj

                                                                            Download File
                                                                            Process:/lib/systemd/systemd-journald
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):199
                                                                            Entropy (8bit):5.374122074700537
                                                                            Encrypted:false
                                                                            SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLCHh6KV+h6CQzuxm9aHGQV6uGBVPRwxsjsa:SbFuFyLVIg1BAf+M4mQcPUqjNTZD
                                                                            MD5:993D9AD1B9EC568E4227B0C06569A7B9
                                                                            SHA1:2C31692FCB63F600E896BD622C2CAE74A4D44A6D
                                                                            SHA-256:14F8A5410B4BC4A44613B07017968D0F98AC4FACA600EE9FF87F6832F211662D
                                                                            SHA-512:1A1E2D5C889AE6B754B57035CF1CD500F1546EAAD40D6899BB81F9ED1F161629659A8FA00834C5F03B6D28EDFD247F5DE7F05F7F5B30A28770099CA9E4BBC69D
                                                                            Malicious:false
                                                                            Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=1.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=7f5a1093bc504c559ac2c07cd0b0fd41.IDENTIFIER=gdm3.UNIT=gdm.service.

                                                                            /run/systemd/journal/streams/.#9:763614KIGJi

                                                                            Download File
                                                                            Process:/lib/systemd/systemd-journald
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):222
                                                                            Entropy (8bit):5.445072424908977
                                                                            Encrypted:false
                                                                            SSDEEP:6:SbFuFyLVIg1BG+f+M8osXVQ8Xx1RqjLTTIWTIL:qgFq6g10+f+M8ZX68h6EWEL
                                                                            MD5:618DE59D482E0C22CBDF2339DC4A998F
                                                                            SHA1:1C783D30F7C904DEC88C4B2D55F7A906D085E917
                                                                            SHA-256:84D109524663287B5DDEB14FA8315641F9161860768E83B52CF08FC6F51B9589
                                                                            SHA-512:479DFD81852FA57CFA583046664FE4EDF19C74A9DDC1CCF26D07D26BA8300EBB18FA5F15C927B4CE3EBFE7EA21E2D10F6AEC390A66D46E08111294F239B0D4A3
                                                                            Malicious:false
                                                                            Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=6a7d7089278f4e50827c511261929d05.IDENTIFIER=accounts-daemon.UNIT=accounts-daemon.service.

                                                                            /run/systemd/journal/streams/.#9:76410S7EGlh

                                                                            Download File
                                                                            Process:/lib/systemd/systemd-journald
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):195
                                                                            Entropy (8bit):5.445187988542476
                                                                            Encrypted:false
                                                                            SSDEEP:3:SbFVVmFyinKMsPOdvP69ms947z+h6SnLAqC+h6KV+h6CQzuxm9ERByM9DcrF0jsz:SbFuFyLVK6g7/+BG+f+MOny3rF0jNq
                                                                            MD5:1F52340C95B655EB091C98F9CA631DBB
                                                                            SHA1:283AACBB3B285EF3A4886E40DC4F153C6FC6B2E1
                                                                            SHA-256:C6C157E91A095ED75AFB6D8197D7748FEEDEEF8A5B75C1ED3CF9EFF59E7F5271
                                                                            SHA-512:0F673D3EF7A07D95D7B66D1211887ABE8D8BD1F6099BF59DEFF4FD8C6F91DFA183FF53A4E81433E94563B81D22E94A1B59A07A85BC1301CA886386870AC174D8
                                                                            Malicious:false
                                                                            Preview:# This is private data. Do not parse.PRIORITY=6.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=78c4d4cb317b43f5b8f51b7570d9dbf5.IDENTIFIER=gdm-session-worker.

                                                                            /run/systemd/journal/streams/.#9:76412ZGsXKi

                                                                            Download File
                                                                            Process:/lib/systemd/systemd-journald
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):195
                                                                            Entropy (8bit):5.372333419227876
                                                                            Encrypted:false
                                                                            SSDEEP:3:SbFVVmFyinKMsPOfvP69ms947z+h6SnLAqC+h6KV+h6CQzuxmppdXC0oRn0FmssH:SbFuFyLVI6g7/+BG+f+Mjo+/jNq
                                                                            MD5:D6F5F5E5FA0964808973B4743E142A82
                                                                            SHA1:73CC8A816623287D5417A8D51900C0B1D3A1ACE2
                                                                            SHA-256:67BF47417A9CB6BFF56AF70F5F05F5C799DAA75F342ECAC5C17718A6BB89FF47
                                                                            SHA-512:2437AED3A5729E9848DB9F6CA76B47E9C63FE1B5E8B6C4231D3AED310EC57973C1A02C7DCFA97EFAE5929AB2BB5DD6B8A0E054A585A92651A85ED46F23CCD105
                                                                            Malicious:false
                                                                            Preview:# This is private data. Do not parse.PRIORITY=4.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=cae824b1b14744d4a877577040c67bd6.IDENTIFIER=gdm-session-worker.

                                                                            /run/systemd/journal/streams/.#9:76449nzRayg

                                                                            Download File
                                                                            Process:/lib/systemd/systemd-journald
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):210
                                                                            Entropy (8bit):5.517416139399143
                                                                            Encrypted:false
                                                                            SSDEEP:6:SbFuFyLVK6g7/+BG+f+MWDFVZjFQMzKaBu:qgFqo6g7/+0+f+MWp5Tmh
                                                                            MD5:C31B5AD74B5CBB70A58C03455232F6A5
                                                                            SHA1:4BA524626E5534D0F73E015F8AA4A8BABF827ABC
                                                                            SHA-256:1985D38D2671EC9ED5D3FBB24428428549E819CA5C24E828188A0925D911F924
                                                                            SHA-512:6C61DBEE3921B67D13E44588ADB6E869BFA24E7433EFC112D18B3D5415A948B68380260E1E8693FC11E2CEC2D0DB8B31AB854D89EA424D213592CBD064FCCB94
                                                                            Malicious:false
                                                                            Preview:# This is private data. Do not parse.PRIORITY=6.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=9d1c5c171dd24990afa5d31641487c10.IDENTIFIER=/usr/lib/gdm3/gdm-wayland-session.

                                                                            /run/systemd/journal/streams/.#9:76451TlJb5f

                                                                            Download File
                                                                            Process:/lib/systemd/systemd-journald
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):210
                                                                            Entropy (8bit):5.513821437007888
                                                                            Encrypted:false
                                                                            SSDEEP:6:SbFuFyLVI6g7/+BG+f+M+3PzS2jFQMzKaBu:qgFqdg7/+0+f+MemETmh
                                                                            MD5:590469F6580E8B26EB3DB13C73590788
                                                                            SHA1:F71BC17B92C8BA0C9E3F7E3947D2CA1536672846
                                                                            SHA-256:F25B71DEC7355E192A8590671437DCB2D5EC68161BE0E64DC32E1CF51881DDDE
                                                                            SHA-512:1A445A30406C98E39F81980CA535FEB7AF2F1EA55419C6D0CB257002A0BCC1657F39E09459B987DF62780E13E5DFC92958481D23E1B7F34BD05C22E4A274CBE7
                                                                            Malicious:false
                                                                            Preview:# This is private data. Do not parse.PRIORITY=4.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=312d76cd83c04bc3b6591b016bbc5900.IDENTIFIER=/usr/lib/gdm3/gdm-wayland-session.

                                                                            /run/systemd/journal/streams/.#9:77307YkT7Dj

                                                                            Download File
                                                                            Process:/lib/systemd/systemd-journald
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):189
                                                                            Entropy (8bit):5.391402276716052
                                                                            Encrypted:false
                                                                            SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxm/l9zofTBSSHSSWky4:SbFuFyLVIg1BG+f+Md9oBSSBWPYTjoa
                                                                            MD5:85FA9F3F2EF94BA9618A3BF1175DF029
                                                                            SHA1:109C59413C931BD512EF0313E24A300EF15777FF
                                                                            SHA-256:9E6B3C2F24AD853A05CF2BECA3A6D388B03B821E05671EBC5EFDB7C0602BFFCD
                                                                            SHA-512:24E3B50D4AB23E2BEACB50ED81AB82E638A18FF4BF038A47FC8C0249D5C925D068F34292CCF25D703662B10BA4A0557A21945C82286496EF21E9108E1127CEA7
                                                                            Malicious:false
                                                                            Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=586fb8bfd4a84947ac6d77b77396bc9c.IDENTIFIER=dbus-daemon.

                                                                            /run/systemd/journal/streams/.#9:77320mSLzti

                                                                            Download File
                                                                            Process:/lib/systemd/systemd-journald
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):188
                                                                            Entropy (8bit):5.374894434380976
                                                                            Encrypted:false
                                                                            SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxmsGY4QUBQAWG9nU2lm:SbFuFyLVIg1BG+f+MsGpQvzc2jtWL0
                                                                            MD5:D6D53E3DA7E581245D9ADEC438C55B7A
                                                                            SHA1:77BA275C973BBC2CE4149600EE17C324A3E7B7D2
                                                                            SHA-256:42BA84A2AC190E71754197386F446544565F98FA182D49BCFA1894FD61CD5CD8
                                                                            SHA-512:D6E8B58D37790F580EFFBBED5F45479772177DD6DFF93B0E604434F71285ED25586C46D6BE137282A1763CE0D7EF2DA6D8E5301FBCF3CA0DE535B4AECAB76CF4
                                                                            Malicious:false
                                                                            Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=f0887fed4c6a4a699e72458a23ca14db.IDENTIFIER=pulseaudio.

                                                                            /run/systemd/seats/.#seat07OcPUB

                                                                            Download File
                                                                            Process:/lib/systemd/systemd-logind
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):116
                                                                            Entropy (8bit):4.957035419463244
                                                                            Encrypted:false
                                                                            SSDEEP:3:SbFVVmFyinKMsuH47rLg205vmLUbr+ugKQ2KwshcXSv:SbFuFyLwH47Pg20ggWunQ2rNXc
                                                                            MD5:66D114877B3B4DB3BDD8A3AD4F5E7421
                                                                            SHA1:62E0CB0F51E0E3F97BE251CB917968DFF69ED344
                                                                            SHA-256:A922628916A7DDBE2BAA33F421C82250527EA3C28E429749353A1C75C0C18860
                                                                            SHA-512:5651247FA236DCF020A3C8456E4A9A74A85C5B9B3CCE94A3CF8F85FD4D66465C9F97DF7A1822E6CA4553C02BE149F3021D58DCC0C8CB6DCF37F915BD0A158187
                                                                            Malicious:false
                                                                            Preview:# This is private data. Do not parse..IS_SEAT0=1.CAN_MULTI_SESSION=1.CAN_TTY=1.CAN_GRAPHICAL=0.SESSIONS=c1.UIDS=127.

                                                                            /run/systemd/seats/.#seat0DfJfOy

                                                                            Download File
                                                                            Process:/lib/systemd/systemd-logind
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):95
                                                                            Entropy (8bit):4.921230646592726
                                                                            Encrypted:false
                                                                            SSDEEP:3:SbFVVmFyinKMsuH47rLg205vmLUbr+v:SbFuFyLwH47Pg20ggWv
                                                                            MD5:BE58CCABC942125F5E27AF6EB1BA2F88
                                                                            SHA1:07C20F55E36EE48869B223B8FC4DBC227C7353AC
                                                                            SHA-256:551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
                                                                            SHA-512:E5A270995FDE80530927E0BACD3BF76EE820C968AABD55D2E34579326F388AFD6DE7FB8C5D54F69D3F6AC30A5B587FD3B0456FC60326E7DF4F45789A900D046C
                                                                            Malicious:false
                                                                            Preview:# This is private data. Do not parse..IS_SEAT0=1.CAN_MULTI_SESSION=1.CAN_TTY=1.CAN_GRAPHICAL=0.

                                                                            /run/systemd/users/.#1270M1Pzy

                                                                            Download File
                                                                            Process:/lib/systemd/systemd-logind
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):223
                                                                            Entropy (8bit):5.486761295461982
                                                                            Encrypted:false
                                                                            SSDEEP:6:SbFuFyL3BVgdL87ynAir/0Ixff68CgCSbOt65:qgFq30dABibBAgCWOI5
                                                                            MD5:F449C74EB6AD41EFF1240C1B19BE9FC0
                                                                            SHA1:38EEC51A279236BD8DCDBA5ACD116C0D3AE34812
                                                                            SHA-256:EE8B59E402E28C4886C4703E2D8FF82D7D96DA829B7A04322945386BC790E18C
                                                                            SHA-512:E4DB20ADE779A29C0E722E5622451036920B3608D33D81DC0DD8D26D4738A3627745065F3F68827C2163472DBDA51DF7479A6B793DDA7BED9358C4F2F351634D
                                                                            Malicious:false
                                                                            Preview:# This is private data. Do not parse..NAME=gdm.STATE=closing.STOPPING=yes.RUNTIME=/run/user/127.SERVICE_JOB=/org/freedesktop/systemd1/job/12349.REALTIME=1735398434690887.MONOTONIC=439626696.LAST_SESSION_TIMESTAMP=439709618.

                                                                            /run/systemd/users/.#127A12c5y

                                                                            Download File
                                                                            Process:/lib/systemd/systemd-logind
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):282
                                                                            Entropy (8bit):5.323938653202264
                                                                            Encrypted:false
                                                                            SSDEEP:6:SbFuFyL3BVgVuR257iesnAir/0Ixff6NEJgCSb12thQc2pb02/g2p9rwB:qgFq30VuR8L/ibBEEJgCW8thQHtPYq9M
                                                                            MD5:F054B7BE2C9145D410A87EEED4373CD1
                                                                            SHA1:87989956D271EF7F2D9F62814648BB28848865E2
                                                                            SHA-256:9C3F2AF651375A91D64C8908243142BE4C877DE6376752D675AE34C9E7AB29BE
                                                                            SHA-512:97C0D8FBFB34A87D871E71434B242C4CD4070ED68D9C6FE526A94DB645B3A0D99C2750138869D6B098EFD0352BF0F59A8196334964353D10945CC1475976CAB8
                                                                            Malicious:false
                                                                            Preview:# This is private data. Do not parse..NAME=gdm.STATE=opening.STOPPING=no.RUNTIME=/run/user/127.SERVICE_JOB=/org/freedesktop/systemd1/job/12287.REALTIME=1735398434690887.MONOTONIC=439626696.SESSIONS=c1.SEATS=seat0.ACTIVE_SESSIONS=.ONLINE_SESSIONS=c1.ACTIVE_SEATS=.ONLINE_SEATS=seat0.

                                                                            /run/systemd/users/.#127lf0vXB

                                                                            Download File
                                                                            Process:/lib/systemd/systemd-logind
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):174
                                                                            Entropy (8bit):5.330373994718349
                                                                            Encrypted:false
                                                                            SSDEEP:3:SbFVVmFyinKMs5BuSgdNR2sKiYiesnAv/XSHxJgAeQtSve4CkTO206qodea:SbFuFyL3BVgdL87iesnAiRJgCSbOt65
                                                                            MD5:221F217CADBBFC10BAB048066EAAA46A
                                                                            SHA1:B2F1C3D395DE3F5EE28B1E9A453460B51E578829
                                                                            SHA-256:1E822A5EF975D1871E9217488296E661156FBAEC457CC5ED2E1FCDC0745779E1
                                                                            SHA-512:1BF371E9EAC4FFBFAB6D7FABFC3015543E01D57814A64CF35C39BE95B51F3F9D7689475A3CEB6658DC32122456DBA1913E7E32EB8CBDAC3124C273285CD43D6C
                                                                            Malicious:false
                                                                            Preview:# This is private data. Do not parse..NAME=gdm.STATE=closing.STOPPING=no.RUNTIME=/run/user/127.REALTIME=1735398434690887.MONOTONIC=439626696.LAST_SESSION_TIMESTAMP=439709618.

                                                                            /run/systemd/users/.#127sYZehA

                                                                            Download File
                                                                            Process:/lib/systemd/systemd-logind
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):282
                                                                            Entropy (8bit):5.323938653202264
                                                                            Encrypted:false
                                                                            SSDEEP:6:SbFuFyL3BVgVuR257iesnAir/0Ixff6NEJgCSb12thQc2pb02/g2p9rwB:qgFq30VuR8L/ibBEEJgCW8thQHtPYq9M
                                                                            MD5:F054B7BE2C9145D410A87EEED4373CD1
                                                                            SHA1:87989956D271EF7F2D9F62814648BB28848865E2
                                                                            SHA-256:9C3F2AF651375A91D64C8908243142BE4C877DE6376752D675AE34C9E7AB29BE
                                                                            SHA-512:97C0D8FBFB34A87D871E71434B242C4CD4070ED68D9C6FE526A94DB645B3A0D99C2750138869D6B098EFD0352BF0F59A8196334964353D10945CC1475976CAB8
                                                                            Malicious:false
                                                                            Preview:# This is private data. Do not parse..NAME=gdm.STATE=opening.STOPPING=no.RUNTIME=/run/user/127.SERVICE_JOB=/org/freedesktop/systemd1/job/12287.REALTIME=1735398434690887.MONOTONIC=439626696.SESSIONS=c1.SEATS=seat0.ACTIVE_SESSIONS=.ONLINE_SESSIONS=c1.ACTIVE_SEATS=.ONLINE_SEATS=seat0.

                                                                            /run/systemd/users/.#127w90FsB

                                                                            Download File
                                                                            Process:/lib/systemd/systemd-logind
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):188
                                                                            Entropy (8bit):4.928997328913428
                                                                            Encrypted:false
                                                                            SSDEEP:3:SbFVVmFyinKMs5BuSgVuMI2sKiYiesnAv/XS12K2hwEY8mTQ2pJi22sQ2KkmD2pi:SbFuFyL3BVgVuR257iesnAi12thQc2p4
                                                                            MD5:065A3AD1A34A9903F536410ECA748105
                                                                            SHA1:21CD684DF60D569FA96EEEB66A0819EAC1B2B1A4
                                                                            SHA-256:E80554BF0FF4E32C61D4FA3054F8EFB27A26F1C37C91AE4EA94445C400693941
                                                                            SHA-512:DB3C42E893640BAEE9F0001BDE6E93ED40CC33198AC2B47328F577D3C71E2C2E986AAAFEF5BD8ADBC639B5C24ADF715D87034AE24B697331FF6FEC5962630064
                                                                            Malicious:false
                                                                            Preview:# This is private data. Do not parse..NAME=gdm.STATE=opening.STOPPING=no.RUNTIME=/run/user/127.SESSIONS=c1.SEATS=seat0.ACTIVE_SESSIONS=.ONLINE_SESSIONS=c1.ACTIVE_SEATS=.ONLINE_SEATS=seat0.

                                                                            /run/user/1000/pulse/pid

                                                                            Download File
                                                                            Process:/usr/bin/pulseaudio
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):5
                                                                            Entropy (8bit):2.321928094887362
                                                                            Encrypted:false
                                                                            SSDEEP:3:s:s
                                                                            MD5:36920578F5EFD6C5F54AFBCAE4694A1E
                                                                            SHA1:94D1B02B8457EE631D9F848AC73EA17C82E410F7
                                                                            SHA-256:9640860F81DF1E12F2768F7310B12614468C5F8EE8F24F5C9457B45D79F9F778
                                                                            SHA-512:D3ED1004E0C66F2CD8D468FCC6174FD72DDC2F19917F844D18B1454077F5C07BA412997C408107976DEC8FEE4BDAD6FADD1671F81CB6578E897FDFA6504C308D
                                                                            Malicious:false
                                                                            Preview:6472.

                                                                            /run/utmp

                                                                            Download File
                                                                            Process:/sbin/agetty
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):384
                                                                            Entropy (8bit):0.6775035134351415
                                                                            Encrypted:false
                                                                            SSDEEP:3:5CsXlXEWtl/vl+b2/:d+yl8b2
                                                                            MD5:EF5F44D542A0A588FA32270CEF206170
                                                                            SHA1:4913F782E70E4161A008269E06D13F592F73AB80
                                                                            SHA-256:DEC4C223E7651E2476EA2F9755C98CE489F78551467D1052D25413CBBFD0BAD2
                                                                            SHA-512:069EBEB81AC36D4797ECE6AADFC3869FBBB7322F5D73BE2BF9E61444A765ABEDBAFC5F37873585511064B0B94C87CF44CFD3C5CBC001DDB49F9E846090A69E31
                                                                            Malicious:false
                                                                            Preview:........tty2.tty2.......................tty2LOGIN.....................................................................................................................................................................................................................................................................................................pg........................................

                                                                            /var/lib/AccountsService/users/gdm.7G3OZ2

                                                                            Download File
                                                                            Process:/usr/lib/accountsservice/accounts-daemon
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):61
                                                                            Entropy (8bit):4.66214589518167
                                                                            Encrypted:false
                                                                            SSDEEP:3:urzMQvNT+PzKLrAan4R8AKn:gzMQIzKLrAa4M
                                                                            MD5:542BA3FB41206AE43928AF1C5E61FEBC
                                                                            SHA1:F56F574DAF50D609526B36B5B54FDD59EA4D6A26
                                                                            SHA-256:730D9509D4EAA7266829A8F5A8CFEBA6BBDDD5873FC2BD580AD464F4A237E11A
                                                                            SHA-512:D774B8F191A5C65228D1B3CA1181701CFCD07A3D91C5571B0DDF32AD3E241C2D7BDFC0697AB97DC10441EF9CDC8AEE5B19BC34E13E5C8B0B91AD06EEF42F5AEA
                                                                            Malicious:false
                                                                            Preview:[User].XSession=.Icon=/var/lib/gdm3/.face.SystemAccount=true.

                                                                            /var/lib/ubuntu-drivers-common/last_gfx_boot

                                                                            Download File
                                                                            Process:/usr/bin/gpu-manager
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):25
                                                                            Entropy (8bit):2.7550849518197795
                                                                            Encrypted:false
                                                                            SSDEEP:3:JoT/V9fDVbn:M/V3n
                                                                            MD5:078760523943E160756979906B85FB5E
                                                                            SHA1:0962643266F4C5537F7D125046F28F21D6DD0C89
                                                                            SHA-256:048416AC7A9A99690B8B53718CD39F32F637B55CC8DD8E67E58E5AEF060DD41C
                                                                            SHA-512:DEFAAE8F8B54C61A716A0B0B4884358FEB8EB44DFEA01AAA5A687FDA7182792B7DEBB34AA840672EB3B40EB59FD0186749E08E47D181786C7FAA8C8F73F0104D
                                                                            Malicious:false
                                                                            Preview:15ad:0405;0000:00:0f:0;1.

                                                                            /var/log/auth.log

                                                                            Download File
                                                                            Process:/usr/sbin/rsyslogd
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):2318
                                                                            Entropy (8bit):4.889474550613872
                                                                            Encrypted:false
                                                                            SSDEEP:24:LnA/x5wtFdpA/x5xtFd9Z4BPZeasYGsg/gcgapAvWA2+Va0pYroJrGFrCQurCQU:Lnmx5cpmx5vZekxEvHfVlYrOrOrCnrCn
                                                                            MD5:23464E43A9A236C7B1B0F47C271B64A2
                                                                            SHA1:AF6C842FDE1811526C69B10BC831A6B5A7C94C01
                                                                            SHA-256:8C72848803507D6EB6642B6262E55144646B8FABD69ABCE19AF645B8566CBAC4
                                                                            SHA-512:47BBBF54130837AB67312FCED1E5342AFD1B07576F42C30DF3E08F71C8D46EADE0D47A7A09A47740625C13061033788A682EDDF8F52F8B4AFB49716813BB42C5
                                                                            Malicious:false
                                                                            Preview:Dec 28 09:07:00 galassia gdm-launch-environment]: pam_unix(gdm-launch-environment:session): session closed for user gdm.Dec 28 09:07:00 galassia systemd-logind[797]: Failed to abandon session scope, ignoring: Transport endpoint is not connected.Dec 28 09:07:00 galassia systemd-logind[797]: Session 2 logged out. Waiting for processes to exit..Dec 28 09:07:00 galassia systemd-logind[797]: Failed to abandon session scope, ignoring: Transport endpoint is not connected.Dec 28 09:07:00 galassia systemd-logind[797]: Session c2 logged out. Waiting for processes to exit..Dec 28 09:07:01 galassia systemd-logind[6300]: Failed to add user by file name 127, ignoring: Invalid argument.Dec 28 09:07:01 galassia systemd-logind[6300]: Failed to add user by file name 1000, ignoring: Invalid argument.Dec 28 09:07:01 galassia systemd-logind[6300]: User enumeration failed: Invalid argument.Dec 28 09:07:01 galassia systemd-logind[6300]: User of session c2 not known..Dec 28 09:07:01 galassia systemd-logind[63

                                                                            /var/log/gpu-manager.log

                                                                            Download File
                                                                            Process:/usr/bin/gpu-manager
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):1371
                                                                            Entropy (8bit):4.8296848499188485
                                                                            Encrypted:false
                                                                            SSDEEP:24:wPXXX9uV6BNu3WDF3GF3XFFxFFed2uk2HUvJlfWkpPpx7uvvAdow9555cJz:wPXXXe6vejpeC2HUR5WkpPpcvAdow95O
                                                                            MD5:3AF77E630DA00B3BE24F4E8AA5D78B13
                                                                            SHA1:BCF2D99E002F6DE2413A183227B011CFBEF5673D
                                                                            SHA-256:EB1CBBA20845237B4409274D693FEAE13F835274DA3337B7A9D14F4D7FDF9DEA
                                                                            SHA-512:8524B1E8A761F962B32F396812099B9B0B2DCF3C9FCA8605424753CFCFF4DC67EDC5EE1D8C91B9C0ED7FAE6BB1E752898B8D514B7C421D1839D6FEDA609C593C
                                                                            Malicious:false
                                                                            Preview:log_file: /var/log/gpu-manager.log.last_boot_file: /var/lib/ubuntu-drivers-common/last_gfx_boot.new_boot_file: /var/lib/ubuntu-drivers-common/last_gfx_boot.can't access /run/u-d-c-nvidia-was-loaded file.can't get module info via kmodcan't access /opt/amdgpu-pro/bin/amdgpu-pro-px.Looking for nvidia modules in /lib/modules/5.4.0-72-generic/kernel.Looking for nvidia modules in /lib/modules/5.4.0-72-generic/updates/dkms.Looking for amdgpu modules in /lib/modules/5.4.0-72-generic/kernel.Looking for amdgpu modules in /lib/modules/5.4.0-72-generic/updates/dkms.Is nvidia loaded? no.Was nvidia unloaded? no.Is nvidia blacklisted? no.Is intel loaded? no.Is radeon loaded? no.Is radeon blacklisted? no.Is amdgpu loaded? no.Is amdgpu blacklisted? no.Is amdgpu versioned? no.Is amdgpu pro stack? no.Is nouveau loaded? no.Is nouveau blacklisted? no.Is nvidia kernel module available? no.Is amdgpu kernel module available? no.Vendor/Device Id: 15ad:405.BusID "PCI:0@0:15:0".Is boot vga? yes.Error: can't acce

                                                                            /var/log/journal/ee49dfd4fa47433baee88884e2d7de7c/system.journal

                                                                            Download File
                                                                            Process:/lib/systemd/systemd-journald
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):240
                                                                            Entropy (8bit):1.4226312153993532
                                                                            Encrypted:false
                                                                            SSDEEP:3:F31HlBtUkH7XLtUkH:F3xCM77CM
                                                                            MD5:70D4534928E749AB98607872D8771A5D
                                                                            SHA1:64112F20449D58A1856C82A64ED4BC3845E22F70
                                                                            SHA-256:3F4B752C78C5B7954D9099C8FB7B8866AA48293697C81149A7F56A3B0FCFEA46
                                                                            SHA-512:D0FC91D6DF97D413C27272BFDF07B0F95D17457B61B784BF3BC9AB67C16FAF52FFEFD50A29BAE0439632E8EFC5065D1E75423E0E88E878B0B675EDE76E47FD7D
                                                                            Malicious:false
                                                                            Preview:LPKSHHRH................c.H.;O.......\................................c.H.;O.......\........................................................................................................................................................

                                                                            /var/log/journal/ee49dfd4fa47433baee88884e2d7de7c/user-1000.journal

                                                                            Download File
                                                                            Process:/lib/systemd/systemd-journald
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):240
                                                                            Entropy (8bit):1.4595260194504922
                                                                            Encrypted:false
                                                                            SSDEEP:3:F31Hlyep3X/aep3:F3J5
                                                                            MD5:AA558D9969FDED5883200F28B9EBF260
                                                                            SHA1:FC63441E22B6B48966A7ADC696D43F7C89E0674A
                                                                            SHA-256:59F6783C43E93CEA2897A67351A85CF1DB901039ED521949167A83FF760AE592
                                                                            SHA-512:699F317359DC715BB299E8F012783B87D978C93DEE88E847B92CD5E0868FCFA05FF6E0DBDF0222C5696E4B74428EEDCD1FC92A8D2414A367D62BC69C4125CDF4
                                                                            Malicious:false
                                                                            Preview:LPKSHHRH................x..7..F..>0....................................x..7..F..>0............................................................................................................................................................

                                                                            /var/log/kern.log

                                                                            Download File
                                                                            Process:/usr/sbin/rsyslogd
                                                                            File Type:ASCII text, with very long lines (641)
                                                                            Category:dropped
                                                                            Size (bytes):14179
                                                                            Entropy (8bit):4.968599672721014
                                                                            Encrypted:false
                                                                            SSDEEP:192:ybVa+n7ayNjWo5XaPJ6jtr80VXbmS492AFu6uuruJxdDOtmLB6HTRJQudBSuSDuh:IN7T5tZ/KpIG1MO0XTO2EaTnU
                                                                            MD5:12F7E1AECCD5E7607B67F2069833A4E4
                                                                            SHA1:A55701BE87156EC8325DEA7DB13C6E066E55B9EF
                                                                            SHA-256:2041B9E8BE52F98EF10A52ADDB8D81451F6F480D465D90F99312FE4E7E6613AD
                                                                            SHA-512:8F4443C1E9C360612111F3928BF65FC15D58543F537329E339B32AA91BEF74A0D61C925425B288FDE1768C12D2AD162C6DE6E6616CF956C37B3B354BF54468CE
                                                                            Malicious:false
                                                                            Preview:Dec 28 09:06:50 galassia kernel: [ 413.692045] blocking signal 9: 6239 -> 797.Dec 28 09:06:50 galassia kernel: [ 413.820532] blocking signal 9: 6239 -> 936.Dec 28 09:06:50 galassia kernel: [ 413.831910] blocking signal 9: 6239 -> 1320.Dec 28 09:06:50 galassia kernel: [ 413.862357] blocking signal 9: 6239 -> 1334.Dec 28 09:06:50 galassia kernel: [ 413.885694] blocking signal 9: 6239 -> 1335.Dec 28 09:06:50 galassia kernel: [ 414.223308] blocking signal 9: 6239 -> 1860.Dec 28 09:06:50 galassia kernel: [ 414.239836] blocking signal 9: 6239 -> 1872.Dec 28 09:06:50 galassia kernel: [ 414.258636] blocking signal 9: 6239 -> 1983.Dec 28 09:06:50 galassia kernel: [ 414.315504] blocking signal 9: 6239 -> 2048.Dec 28 09:06:50 galassia kernel: [ 414.551044] ------------[ cut here ]------------.Dec 28 09:06:50 galassia kernel: [ 414.551045] kernel_write_unchecked failed with: -512.Dec 28 09:06:50 galassia kernel: [ 414.551062] WARNING: CPU: 1 PID: 6238 at /root/joeboxdriver/monitor/sysc

                                                                            /var/log/syslog

                                                                            Download File
                                                                            Process:/usr/sbin/rsyslogd
                                                                            File Type:ASCII text, with very long lines (641)
                                                                            Category:dropped
                                                                            Size (bytes):48029
                                                                            Entropy (8bit):5.0992688690620644
                                                                            Encrypted:false
                                                                            SSDEEP:768:5rWcS22UQm6UQmS9UQm/2j7XqzDIIZlDqUoOtOmSwNfr/ddDPZ6OiUKw8mHdxr7v:5rHY9Eqe
                                                                            MD5:94BC94617D436304DAFC4FF15BDF7CA1
                                                                            SHA1:38AADF17DD773DF4B8F1509864AECDD39D917206
                                                                            SHA-256:1E9CB3666CD67E80CC8AFC4AEC06F7F4CD9ADB4DFE6A89C60B8D83C7C4F68B97
                                                                            SHA-512:975DAE02F593A6A27D9B0B35B852BF97994DEF6537784520DA74A81CECD5CF83B2FF2E757911D79DB691928DFC4BDE7EA3FF808D88A600B5D882663D70121A65
                                                                            Malicious:false
                                                                            Preview:Dec 28 09:06:50 galassia kernel: [ 413.672661] systemd[1]: rsyslog.service: Main process exited, code=killed, status=9/KILL.Dec 28 09:06:50 galassia kernel: [ 413.672732] systemd[1]: rsyslog.service: Failed with result 'signal'..Dec 28 09:06:50 galassia kernel: [ 413.692045] blocking signal 9: 6239 -> 797.Dec 28 09:06:50 galassia kernel: [ 413.737395] systemd[1]: session-c2.scope: Succeeded..Dec 28 09:06:50 galassia kernel: [ 413.820532] blocking signal 9: 6239 -> 936.Dec 28 09:06:50 galassia kernel: [ 413.831910] blocking signal 9: 6239 -> 1320.Dec 28 09:06:50 galassia kernel: [ 413.862357] blocking signal 9: 6239 -> 1334.Dec 28 09:06:50 galassia kernel: [ 413.885694] blocking signal 9: 6239 -> 1335.Dec 28 09:06:50 galassia kernel: [ 413.901642] systemd[1]: rsyslog.service: Scheduled restart job, restart counter is at 1..Dec 28 09:06:50 galassia kernel: [ 413.901651] systemd[1]: Stopped System Logging Service..Dec 28 09:06:50 galassia kernel: [ 413.902731] systemd[1]: Start

                                                                            /var/log/wtmp

                                                                            Download File
                                                                            Process:/sbin/agetty
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):384
                                                                            Entropy (8bit):0.6775035134351415
                                                                            Encrypted:false
                                                                            SSDEEP:3:5CsXlXEWtl/vl+b2/:d+yl8b2
                                                                            MD5:EF5F44D542A0A588FA32270CEF206170
                                                                            SHA1:4913F782E70E4161A008269E06D13F592F73AB80
                                                                            SHA-256:DEC4C223E7651E2476EA2F9755C98CE489F78551467D1052D25413CBBFD0BAD2
                                                                            SHA-512:069EBEB81AC36D4797ECE6AADFC3869FBBB7322F5D73BE2BF9E61444A765ABEDBAFC5F37873585511064B0B94C87CF44CFD3C5CBC001DDB49F9E846090A69E31
                                                                            Malicious:true
                                                                            Preview:........tty2.tty2.......................tty2LOGIN.....................................................................................................................................................................................................................................................................................................pg........................................

                                                                            Static File Info

                                                                            General

                                                                            File type:ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, stripped
                                                                            Entropy (8bit):5.374027966703291
                                                                            TrID:
                                                                            • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                                                                            File name:x86_64.elf
                                                                            File size:160'968 bytes
                                                                            MD5:255eb9f619666700048a69e9d7e7a80c
                                                                            SHA1:204cc9266eff9757b586d45c340b7bd68ea0fdc3
                                                                            SHA256:4521b5372c64be9aa69f1ab539f7966239e4e194b7f48304f9a1def5bd18d011
                                                                            SHA512:e2c974b350467d684fc13635fa0b8f2e2c74afd001cc4c41ad5a170133a5fbd9b1f3cbe0a27a8dd97ef490c364fb5c030612df4761bae5a34c198dabba1fbdfe
                                                                            SSDEEP:3072:QwCQaIRyveOfuHLLKEhm/NRtecMw5inMbZ12mwAYKcZd4W:QwJaI8vYJhmVawYne1TyYW
                                                                            TLSH:28F34B1AF0C084FEC899C1744B9BF537D972F41D5234B26F67D4AA661F8EE205B6DA00
                                                                            File Content Preview:.ELF..............>.......@.....@.......Hr..........@.8...@.......................@.......@...............................................Q.......Q.............................Q.td....................................................H...._........H........

                                                                            Static ELF Info

                                                                            ELF header

                                                                            Class:ELF64
                                                                            Data:2's complement, little endian
                                                                            Version:1 (current)
                                                                            Machine:Advanced Micro Devices X86-64
                                                                            Version Number:0x1
                                                                            Type:EXEC (Executable file)
                                                                            OS/ABI:UNIX - System V
                                                                            ABI Version:0
                                                                            Entry Point Address:0x400194
                                                                            Flags:0x0
                                                                            ELF Header Size:64
                                                                            Program Header Offset:64
                                                                            Program Header Size:56
                                                                            Number of Program Headers:3
                                                                            Section Header Offset:160328
                                                                            Section Header Size:64
                                                                            Number of Section Headers:10
                                                                            Header String Table Index:9

                                                                            Sections

                                                                            NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                                                                            NULL0x00x00x00x00x0000
                                                                            .initPROGBITS0x4000e80xe80x130x00x6AX001
                                                                            .textPROGBITS0x4001000x1000x1b2c60x00x6AX0016
                                                                            .finiPROGBITS0x41b3c60x1b3c60xe0x00x6AX001
                                                                            .rodataPROGBITS0x41b3e00x1b3e00x30a00x00x2A0032
                                                                            .ctorsPROGBITS0x51e4880x1e4880x180x00x3WA008
                                                                            .dtorsPROGBITS0x51e4a00x1e4a00x100x00x3WA008
                                                                            .dataPROGBITS0x51e4c00x1e4c00x8d480x00x3WA0032
                                                                            .bssNOBITS0x5272200x272080x73800x00x3WA0032
                                                                            .shstrtabSTRTAB0x00x272080x3e0x00x0001

                                                                            Program Segments

                                                                            TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                                                            LOAD0x00x4000000x4000000x1e4800x1e4806.36300x5R E0x100000.init .text .fini .rodata
                                                                            LOAD0x1e4880x51e4880x51e4880x8d800x101180.20240x6RW 0x100000.ctors .dtors .data .bss
                                                                            GNU_STACK0x00x00x00x00x00.00000x6RW 0x8

                                                                            Network Behavior

                                                                            Network Port Distribution

                                                                            TCP Packets

                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                            Dec 28, 2024 16:06:50.918818951 CET43928443192.168.2.2391.189.91.42
                                                                            Dec 28, 2024 16:06:53.982062101 CET53070443192.168.2.23162.213.35.25
                                                                            Dec 28, 2024 16:06:53.982153893 CET44353070162.213.35.25192.168.2.23
                                                                            Dec 28, 2024 16:06:53.982224941 CET53070443192.168.2.23162.213.35.25
                                                                            Dec 28, 2024 16:06:56.550038099 CET42836443192.168.2.2391.189.91.43
                                                                            Dec 28, 2024 16:06:58.085833073 CET4251680192.168.2.23109.202.202.202
                                                                            Dec 28, 2024 16:06:58.248426914 CET5263035342192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:06:58.368067980 CET353425263083.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:06:58.368120909 CET5263035342192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:06:58.368171930 CET5263035342192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:06:58.488059998 CET353425263083.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:06:58.488106012 CET5263035342192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:06:58.607736111 CET353425263083.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:06:58.742027044 CET53070443192.168.2.23162.213.35.25
                                                                            Dec 28, 2024 16:06:58.742058992 CET44353070162.213.35.25192.168.2.23
                                                                            Dec 28, 2024 16:06:59.201484919 CET577702222192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:06:59.321218014 CET22225777083.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:06:59.321279049 CET577702222192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:06:59.322609901 CET577702222192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:06:59.322609901 CET577702222192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:06:59.442295074 CET22225777083.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:06:59.484622955 CET22225777083.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:07:00.211071014 CET353425263083.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:07:00.211148977 CET5263035342192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:07:00.211306095 CET353425263083.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:07:00.211370945 CET5263035342192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:07:00.219105005 CET44353070162.213.35.25192.168.2.23
                                                                            Dec 28, 2024 16:07:00.219178915 CET53070443192.168.2.23162.213.35.25
                                                                            Dec 28, 2024 16:07:00.219405890 CET53070443192.168.2.23162.213.35.25
                                                                            Dec 28, 2024 16:07:00.219429016 CET44353070162.213.35.25192.168.2.23
                                                                            Dec 28, 2024 16:07:00.219633102 CET53070443192.168.2.23162.213.35.25
                                                                            Dec 28, 2024 16:07:00.219674110 CET44353070162.213.35.25192.168.2.23
                                                                            Dec 28, 2024 16:07:00.219741106 CET44353070162.213.35.25192.168.2.23
                                                                            Dec 28, 2024 16:07:00.219784021 CET53070443192.168.2.23162.213.35.25
                                                                            Dec 28, 2024 16:07:00.219799042 CET44353070162.213.35.25192.168.2.23
                                                                            Dec 28, 2024 16:07:00.219839096 CET53070443192.168.2.23162.213.35.25
                                                                            Dec 28, 2024 16:07:00.220151901 CET53070443192.168.2.23162.213.35.25
                                                                            Dec 28, 2024 16:07:00.267328024 CET44353070162.213.35.25192.168.2.23
                                                                            Dec 28, 2024 16:07:00.331824064 CET353425263083.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:07:00.781733036 CET44353070162.213.35.25192.168.2.23
                                                                            Dec 28, 2024 16:07:00.781795979 CET53070443192.168.2.23162.213.35.25
                                                                            Dec 28, 2024 16:07:00.781894922 CET53070443192.168.2.23162.213.35.25
                                                                            Dec 28, 2024 16:07:00.781894922 CET53070443192.168.2.23162.213.35.25
                                                                            Dec 28, 2024 16:07:00.781894922 CET53070443192.168.2.23162.213.35.25
                                                                            Dec 28, 2024 16:07:00.781950951 CET44353070162.213.35.25192.168.2.23
                                                                            Dec 28, 2024 16:07:00.781976938 CET53070443192.168.2.23162.213.35.25
                                                                            Dec 28, 2024 16:07:00.781980991 CET44353070162.213.35.25192.168.2.23
                                                                            Dec 28, 2024 16:07:00.781991005 CET44353070162.213.35.25192.168.2.23
                                                                            Dec 28, 2024 16:07:00.782007933 CET53070443192.168.2.23162.213.35.25
                                                                            Dec 28, 2024 16:07:00.782007933 CET53070443192.168.2.23162.213.35.25
                                                                            Dec 28, 2024 16:07:00.782023907 CET44353070162.213.35.25192.168.2.23
                                                                            Dec 28, 2024 16:07:00.782053947 CET44353070162.213.35.25192.168.2.23
                                                                            Dec 28, 2024 16:07:00.782103062 CET53070443192.168.2.23162.213.35.25
                                                                            Dec 28, 2024 16:07:00.782103062 CET53070443192.168.2.23162.213.35.25
                                                                            Dec 28, 2024 16:07:00.782119989 CET44353070162.213.35.25192.168.2.23
                                                                            Dec 28, 2024 16:07:00.782140970 CET44353070162.213.35.25192.168.2.23
                                                                            Dec 28, 2024 16:07:00.782186985 CET53070443192.168.2.23162.213.35.25
                                                                            Dec 28, 2024 16:07:00.782186985 CET53070443192.168.2.23162.213.35.25
                                                                            Dec 28, 2024 16:07:00.782186985 CET53070443192.168.2.23162.213.35.25
                                                                            Dec 28, 2024 16:07:00.782186985 CET53070443192.168.2.23162.213.35.25
                                                                            Dec 28, 2024 16:07:00.782186985 CET53070443192.168.2.23162.213.35.25
                                                                            Dec 28, 2024 16:07:00.782210112 CET44353070162.213.35.25192.168.2.23
                                                                            Dec 28, 2024 16:07:00.782229900 CET44353070162.213.35.25192.168.2.23
                                                                            Dec 28, 2024 16:07:00.782237053 CET53070443192.168.2.23162.213.35.25
                                                                            Dec 28, 2024 16:07:00.782239914 CET44353070162.213.35.25192.168.2.23
                                                                            Dec 28, 2024 16:07:00.782253027 CET44353070162.213.35.25192.168.2.23
                                                                            Dec 28, 2024 16:07:00.782299042 CET53070443192.168.2.23162.213.35.25
                                                                            Dec 28, 2024 16:07:00.782299995 CET53070443192.168.2.23162.213.35.25
                                                                            Dec 28, 2024 16:07:00.782299995 CET53070443192.168.2.23162.213.35.25
                                                                            Dec 28, 2024 16:07:00.782299995 CET53070443192.168.2.23162.213.35.25
                                                                            Dec 28, 2024 16:07:00.782321930 CET44353070162.213.35.25192.168.2.23
                                                                            Dec 28, 2024 16:07:00.782327890 CET53070443192.168.2.23162.213.35.25
                                                                            Dec 28, 2024 16:07:00.782330036 CET44353070162.213.35.25192.168.2.23
                                                                            Dec 28, 2024 16:07:00.782344103 CET44353070162.213.35.25192.168.2.23
                                                                            Dec 28, 2024 16:07:00.782397032 CET53070443192.168.2.23162.213.35.25
                                                                            Dec 28, 2024 16:07:00.782397032 CET53070443192.168.2.23162.213.35.25
                                                                            Dec 28, 2024 16:07:00.782413960 CET44353070162.213.35.25192.168.2.23
                                                                            Dec 28, 2024 16:07:00.782444954 CET44353070162.213.35.25192.168.2.23
                                                                            Dec 28, 2024 16:07:00.782470942 CET53070443192.168.2.23162.213.35.25
                                                                            Dec 28, 2024 16:07:00.782483101 CET44353070162.213.35.25192.168.2.23
                                                                            Dec 28, 2024 16:07:00.782514095 CET53070443192.168.2.23162.213.35.25
                                                                            Dec 28, 2024 16:07:00.782514095 CET53070443192.168.2.23162.213.35.25
                                                                            Dec 28, 2024 16:07:00.782531023 CET44353070162.213.35.25192.168.2.23
                                                                            Dec 28, 2024 16:07:00.782558918 CET44353070162.213.35.25192.168.2.23
                                                                            Dec 28, 2024 16:07:00.782563925 CET53070443192.168.2.23162.213.35.25
                                                                            Dec 28, 2024 16:07:00.782563925 CET53070443192.168.2.23162.213.35.25
                                                                            Dec 28, 2024 16:07:00.782578945 CET44353070162.213.35.25192.168.2.23
                                                                            Dec 28, 2024 16:07:00.782597065 CET44353070162.213.35.25192.168.2.23
                                                                            Dec 28, 2024 16:07:00.782620907 CET53070443192.168.2.23162.213.35.25
                                                                            Dec 28, 2024 16:07:00.782620907 CET53070443192.168.2.23162.213.35.25
                                                                            Dec 28, 2024 16:07:00.782639980 CET44353070162.213.35.25192.168.2.23
                                                                            Dec 28, 2024 16:07:00.782665968 CET44353070162.213.35.25192.168.2.23
                                                                            Dec 28, 2024 16:07:01.502166986 CET5263435342192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:07:01.561014891 CET22225777083.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:07:01.561074972 CET577702222192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:07:01.621747971 CET353425263483.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:07:01.621814966 CET5263435342192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:07:01.621834040 CET5263435342192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:07:01.741473913 CET353425263483.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:07:01.741530895 CET5263435342192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:07:01.776319027 CET44353070162.213.35.25192.168.2.23
                                                                            Dec 28, 2024 16:07:01.776386976 CET53070443192.168.2.23162.213.35.25
                                                                            Dec 28, 2024 16:07:01.776436090 CET53070443192.168.2.23162.213.35.25
                                                                            Dec 28, 2024 16:07:01.776453972 CET44353070162.213.35.25192.168.2.23
                                                                            Dec 28, 2024 16:07:01.776612043 CET44353070162.213.35.25192.168.2.23
                                                                            Dec 28, 2024 16:07:01.776650906 CET44353070162.213.35.25192.168.2.23
                                                                            Dec 28, 2024 16:07:01.777388096 CET53070443192.168.2.23162.213.35.25
                                                                            Dec 28, 2024 16:07:01.861038923 CET353425263483.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:07:02.970043898 CET353425263483.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:07:02.970150948 CET5263435342192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:07:03.089716911 CET353425263483.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:07:03.971527100 CET5263635342192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:07:04.091234922 CET353425263683.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:07:04.091623068 CET5263635342192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:07:04.091623068 CET5263635342192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:07:04.211430073 CET353425263683.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:07:04.211579084 CET5263635342192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:07:04.331240892 CET353425263683.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:07:05.437756062 CET353425263683.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:07:05.437982082 CET5263635342192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:07:05.557698965 CET353425263683.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:07:11.140130997 CET43928443192.168.2.2391.189.91.42
                                                                            Dec 28, 2024 16:07:23.426327944 CET42836443192.168.2.2391.189.91.43
                                                                            Dec 28, 2024 16:07:27.521826982 CET4251680192.168.2.23109.202.202.202
                                                                            Dec 28, 2024 16:07:31.469269991 CET5263835342192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:07:31.588929892 CET353425263883.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:07:31.589159966 CET5263835342192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:07:31.589159966 CET5263835342192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:07:31.708834887 CET353425263883.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:07:31.708931923 CET5263835342192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:07:31.828490973 CET353425263883.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:07:32.890167952 CET353425263883.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:07:32.890408039 CET5263835342192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:07:33.009989977 CET353425263883.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:07:52.094311953 CET43928443192.168.2.2391.189.91.42
                                                                            Dec 28, 2024 16:07:58.919025898 CET5264035342192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:07:59.038698912 CET353425264083.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:07:59.038865089 CET5264035342192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:07:59.038902044 CET5264035342192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:07:59.158535957 CET353425264083.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:07:59.158601046 CET5264035342192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:07:59.278211117 CET353425264083.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:08:00.385755062 CET353425264083.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:08:00.385881901 CET5264035342192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:08:00.505351067 CET353425264083.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:08:26.415291071 CET5264235342192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:08:26.534955978 CET353425264283.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:08:26.535084963 CET5264235342192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:08:26.535121918 CET5264235342192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:08:26.654825926 CET353425264283.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:08:26.654906034 CET5264235342192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:08:26.774535894 CET353425264283.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:08:27.881525040 CET353425264283.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:08:27.881726980 CET5264235342192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:08:28.001521111 CET353425264283.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:08:29.122544050 CET5264435342192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:08:29.242065907 CET353425264483.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:08:29.242316008 CET5264435342192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:08:29.242338896 CET5264435342192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:08:29.361974001 CET353425264483.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:08:29.362035990 CET5264435342192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:08:29.481486082 CET353425264483.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:08:30.655411959 CET353425264483.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:08:30.655510902 CET5264435342192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:08:30.774986982 CET353425264483.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:08:56.683247089 CET5264635342192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:08:56.803036928 CET353425264683.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:08:56.803185940 CET5264635342192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:08:56.803246021 CET5264635342192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:08:56.922909021 CET353425264683.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:08:56.923038006 CET5264635342192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:08:57.042825937 CET353425264683.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:08:58.337460995 CET353425264683.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:08:58.338155985 CET5264635342192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:08:58.458677053 CET353425264683.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:08:59.340236902 CET5264835342192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:08:59.460021019 CET353425264883.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:08:59.460289001 CET5264835342192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:08:59.460382938 CET5264835342192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:08:59.580048084 CET353425264883.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:08:59.580200911 CET5264835342192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:08:59.700380087 CET353425264883.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:09:00.810189962 CET353425264883.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:09:00.810337067 CET5264835342192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:09:00.930111885 CET353425264883.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:09:02.046361923 CET5265035342192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:09:02.165986061 CET353425265083.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:09:02.166416883 CET5265035342192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:09:02.166416883 CET5265035342192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:09:02.285953999 CET353425265083.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:09:02.286294937 CET5265035342192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:09:02.406296015 CET353425265083.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:09:03.765408993 CET353425265083.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:09:03.765815020 CET5265035342192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:09:03.885447979 CET353425265083.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:09:04.767915964 CET5265235342192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:09:04.887614965 CET353425265283.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:09:04.887707949 CET5265235342192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:09:04.887876987 CET5265235342192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:09:05.007549047 CET353425265283.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:09:05.007729053 CET5265235342192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:09:05.127326012 CET353425265283.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:09:06.280700922 CET353425265283.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:09:06.280951977 CET5265235342192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:09:06.400476933 CET353425265283.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:09:07.528049946 CET5265435342192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:09:07.647624016 CET353425265483.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:09:07.647718906 CET5265435342192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:09:07.647737026 CET5265435342192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:09:07.767330885 CET353425265483.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:09:07.767467976 CET5265435342192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:09:07.887069941 CET353425265483.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:09:08.948160887 CET353425265483.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:09:08.948455095 CET5265435342192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:09:09.068016052 CET353425265483.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:09:09.949598074 CET5265635342192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:09:10.531198978 CET353425265683.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:09:10.531267881 CET5265635342192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:09:10.531300068 CET5265635342192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:09:10.650916100 CET353425265683.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:09:10.650969982 CET5265635342192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:09:10.770581007 CET353425265683.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:09:11.831772089 CET353425265683.222.191.146192.168.2.23
                                                                            Dec 28, 2024 16:09:11.832103014 CET5265635342192.168.2.2383.222.191.146
                                                                            Dec 28, 2024 16:09:11.951663017 CET353425265683.222.191.146192.168.2.23

                                                                            UDP Packets

                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                            Dec 28, 2024 16:06:53.063574076 CET3375953192.168.2.231.1.1.1
                                                                            Dec 28, 2024 16:06:53.063617945 CET3675853192.168.2.231.1.1.1
                                                                            Dec 28, 2024 16:06:53.202420950 CET53337591.1.1.1192.168.2.23
                                                                            Dec 28, 2024 16:06:53.289320946 CET53367581.1.1.1192.168.2.23
                                                                            Dec 28, 2024 16:06:53.826745033 CET5129453192.168.2.231.1.1.1
                                                                            Dec 28, 2024 16:06:53.964617968 CET53512941.1.1.1192.168.2.23
                                                                            Dec 28, 2024 16:06:58.015988111 CET5871253192.168.2.23195.10.195.195
                                                                            Dec 28, 2024 16:06:58.246014118 CET5358712195.10.195.195192.168.2.23
                                                                            Dec 28, 2024 16:07:01.215787888 CET4998253192.168.2.2381.169.136.222
                                                                            Dec 28, 2024 16:07:01.501247883 CET534998281.169.136.222192.168.2.23
                                                                            Dec 28, 2024 16:07:06.439367056 CET5799053192.168.2.2351.254.162.59
                                                                            Dec 28, 2024 16:07:11.444389105 CET5134753192.168.2.2351.254.162.59
                                                                            Dec 28, 2024 16:07:16.454010010 CET4932453192.168.2.2351.254.162.59
                                                                            Dec 28, 2024 16:07:21.459165096 CET4216753192.168.2.2351.254.162.59
                                                                            Dec 28, 2024 16:07:26.464343071 CET4095653192.168.2.2351.254.162.59
                                                                            Dec 28, 2024 16:07:33.891901016 CET5107253192.168.2.2351.254.162.59
                                                                            Dec 28, 2024 16:07:38.897111893 CET3826953192.168.2.2351.254.162.59
                                                                            Dec 28, 2024 16:07:43.902436972 CET4315753192.168.2.2351.254.162.59
                                                                            Dec 28, 2024 16:07:48.908014059 CET3783553192.168.2.2351.254.162.59
                                                                            Dec 28, 2024 16:07:53.913930893 CET4811153192.168.2.2351.254.162.59
                                                                            Dec 28, 2024 16:08:01.388046980 CET4808453192.168.2.2391.217.137.37
                                                                            Dec 28, 2024 16:08:06.393558979 CET4484153192.168.2.2391.217.137.37
                                                                            Dec 28, 2024 16:08:11.399293900 CET3464253192.168.2.2391.217.137.37
                                                                            Dec 28, 2024 16:08:16.404845953 CET3700653192.168.2.2391.217.137.37
                                                                            Dec 28, 2024 16:08:21.410643101 CET5645753192.168.2.2391.217.137.37
                                                                            Dec 28, 2024 16:08:28.883063078 CET5265553192.168.2.2381.169.136.222
                                                                            Dec 28, 2024 16:08:29.121984005 CET535265581.169.136.222192.168.2.23
                                                                            Dec 28, 2024 16:08:31.656819105 CET4379553192.168.2.2391.217.137.37
                                                                            Dec 28, 2024 16:08:36.661952972 CET5326153192.168.2.2391.217.137.37
                                                                            Dec 28, 2024 16:08:41.667002916 CET3984753192.168.2.2391.217.137.37
                                                                            Dec 28, 2024 16:08:46.672086954 CET4110553192.168.2.2391.217.137.37
                                                                            Dec 28, 2024 16:08:51.678241968 CET3921353192.168.2.2391.217.137.37
                                                                            Dec 28, 2024 16:09:01.813066006 CET5566853192.168.2.23195.10.195.195
                                                                            Dec 28, 2024 16:09:02.045423985 CET5355668195.10.195.195192.168.2.23
                                                                            Dec 28, 2024 16:09:07.282537937 CET5562053192.168.2.23194.36.144.87
                                                                            Dec 28, 2024 16:09:07.527457952 CET5355620194.36.144.87192.168.2.23
                                                                            Dec 28, 2024 16:09:12.833776951 CET4165053192.168.2.23134.195.4.2
                                                                            Dec 28, 2024 16:09:17.839235067 CET4430753192.168.2.23134.195.4.2

                                                                            ICMP Packets

                                                                            TimestampSource IPDest IPChecksumCodeType
                                                                            Dec 28, 2024 16:06:59.086368084 CET192.168.2.23192.168.2.18283(Port unreachable)Destination Unreachable
                                                                            Dec 28, 2024 16:08:19.096939087 CET192.168.2.23192.168.2.18283(Port unreachable)Destination Unreachable

                                                                            DNS Queries

                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                            Dec 28, 2024 16:06:53.063574076 CET192.168.2.231.1.1.10xeda3Standard query (0)daisy.ubuntu.comA (IP address)IN (0x0001)false
                                                                            Dec 28, 2024 16:06:53.063617945 CET192.168.2.231.1.1.10x590bStandard query (0)daisy.ubuntu.com28IN (0x0001)false
                                                                            Dec 28, 2024 16:06:53.826745033 CET192.168.2.231.1.1.10x4b92Standard query (0)daisy.ubuntu.com28IN (0x0001)false
                                                                            Dec 28, 2024 16:06:58.015988111 CET192.168.2.23195.10.195.1950x9829Standard query (0)secure-network-rebirthltd.ruA (IP address)IN (0x0001)false
                                                                            Dec 28, 2024 16:07:01.215787888 CET192.168.2.2381.169.136.2220x143dStandard query (0)secure-network-rebirthltd.ruA (IP address)IN (0x0001)false
                                                                            Dec 28, 2024 16:07:06.439367056 CET192.168.2.2351.254.162.590x84f4Standard query (0)secure-network-rebirthltd.ruA (IP address)IN (0x0001)false
                                                                            Dec 28, 2024 16:07:11.444389105 CET192.168.2.2351.254.162.590x84f4Standard query (0)secure-network-rebirthltd.ruA (IP address)IN (0x0001)false
                                                                            Dec 28, 2024 16:07:16.454010010 CET192.168.2.2351.254.162.590x84f4Standard query (0)secure-network-rebirthltd.ruA (IP address)IN (0x0001)false
                                                                            Dec 28, 2024 16:07:21.459165096 CET192.168.2.2351.254.162.590x84f4Standard query (0)secure-network-rebirthltd.ruA (IP address)IN (0x0001)false
                                                                            Dec 28, 2024 16:07:26.464343071 CET192.168.2.2351.254.162.590x84f4Standard query (0)secure-network-rebirthltd.ruA (IP address)IN (0x0001)false
                                                                            Dec 28, 2024 16:07:33.891901016 CET192.168.2.2351.254.162.590xcaf3Standard query (0)secure-network-rebirthltd.ruA (IP address)IN (0x0001)false
                                                                            Dec 28, 2024 16:07:38.897111893 CET192.168.2.2351.254.162.590xcaf3Standard query (0)secure-network-rebirthltd.ruA (IP address)IN (0x0001)false
                                                                            Dec 28, 2024 16:07:43.902436972 CET192.168.2.2351.254.162.590xcaf3Standard query (0)secure-network-rebirthltd.ruA (IP address)IN (0x0001)false
                                                                            Dec 28, 2024 16:07:48.908014059 CET192.168.2.2351.254.162.590xcaf3Standard query (0)secure-network-rebirthltd.ruA (IP address)IN (0x0001)false
                                                                            Dec 28, 2024 16:07:53.913930893 CET192.168.2.2351.254.162.590xcaf3Standard query (0)secure-network-rebirthltd.ruA (IP address)IN (0x0001)false
                                                                            Dec 28, 2024 16:08:01.388046980 CET192.168.2.2391.217.137.370x6c02Standard query (0)secure-network-rebirthltd.ruA (IP address)IN (0x0001)false
                                                                            Dec 28, 2024 16:08:06.393558979 CET192.168.2.2391.217.137.370x6c02Standard query (0)secure-network-rebirthltd.ruA (IP address)IN (0x0001)false
                                                                            Dec 28, 2024 16:08:11.399293900 CET192.168.2.2391.217.137.370x6c02Standard query (0)secure-network-rebirthltd.ruA (IP address)IN (0x0001)false
                                                                            Dec 28, 2024 16:08:16.404845953 CET192.168.2.2391.217.137.370x6c02Standard query (0)secure-network-rebirthltd.ruA (IP address)IN (0x0001)false
                                                                            Dec 28, 2024 16:08:21.410643101 CET192.168.2.2391.217.137.370x6c02Standard query (0)secure-network-rebirthltd.ruA (IP address)IN (0x0001)false
                                                                            Dec 28, 2024 16:08:28.883063078 CET192.168.2.2381.169.136.2220x85dStandard query (0)secure-network-rebirthltd.ruA (IP address)IN (0x0001)false
                                                                            Dec 28, 2024 16:08:31.656819105 CET192.168.2.2391.217.137.370xf1eStandard query (0)secure-network-rebirthltd.ruA (IP address)IN (0x0001)false
                                                                            Dec 28, 2024 16:08:36.661952972 CET192.168.2.2391.217.137.370xf1eStandard query (0)secure-network-rebirthltd.ruA (IP address)IN (0x0001)false
                                                                            Dec 28, 2024 16:08:41.667002916 CET192.168.2.2391.217.137.370xf1eStandard query (0)secure-network-rebirthltd.ruA (IP address)IN (0x0001)false
                                                                            Dec 28, 2024 16:08:46.672086954 CET192.168.2.2391.217.137.370xf1eStandard query (0)secure-network-rebirthltd.ruA (IP address)IN (0x0001)false
                                                                            Dec 28, 2024 16:08:51.678241968 CET192.168.2.2391.217.137.370xf1eStandard query (0)secure-network-rebirthltd.ruA (IP address)IN (0x0001)false
                                                                            Dec 28, 2024 16:09:01.813066006 CET192.168.2.23195.10.195.1950xd062Standard query (0)secure-network-rebirthltd.ruA (IP address)IN (0x0001)false
                                                                            Dec 28, 2024 16:09:07.282537937 CET192.168.2.23194.36.144.870x318dStandard query (0)secure-network-rebirthltd.ruA (IP address)IN (0x0001)false
                                                                            Dec 28, 2024 16:09:12.833776951 CET192.168.2.23134.195.4.20x6d5dStandard query (0)secure-network-rebirthltd.ruA (IP address)IN (0x0001)false
                                                                            Dec 28, 2024 16:09:17.839235067 CET192.168.2.23134.195.4.20x6d5dStandard query (0)secure-network-rebirthltd.ruA (IP address)IN (0x0001)false

                                                                            DNS Answers

                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                            Dec 28, 2024 16:06:53.202420950 CET1.1.1.1192.168.2.230xeda3No error (0)daisy.ubuntu.com162.213.35.24A (IP address)IN (0x0001)false
                                                                            Dec 28, 2024 16:06:53.202420950 CET1.1.1.1192.168.2.230xeda3No error (0)daisy.ubuntu.com162.213.35.25A (IP address)IN (0x0001)false
                                                                            Dec 28, 2024 16:06:58.246014118 CET195.10.195.195192.168.2.230x9829No error (0)SECURE-NETWORK-REBIRTHLTD.RU83.222.191.146A (IP address)IN (0x0001)false
                                                                            Dec 28, 2024 16:07:01.501247883 CET81.169.136.222192.168.2.230x143dNo error (0)SECURE-NETWORK-REBIRTHLTD.RU83.222.191.146A (IP address)IN (0x0001)false
                                                                            Dec 28, 2024 16:08:29.121984005 CET81.169.136.222192.168.2.230x85dNo error (0)SECURE-NETWORK-REBIRTHLTD.RU83.222.191.146A (IP address)IN (0x0001)false
                                                                            Dec 28, 2024 16:09:02.045423985 CET195.10.195.195192.168.2.230xd062No error (0)SECURE-NETWORK-REBIRTHLTD.RU83.222.191.146A (IP address)IN (0x0001)false
                                                                            Dec 28, 2024 16:09:07.527457952 CET194.36.144.87192.168.2.230x318dNo error (0)secure-network-rebirthltd.ru83.222.191.146A (IP address)IN (0x0001)false

                                                                            HTTP Request Dependency Graph

                                                                            • daisy.ubuntu.com

                                                                            HTTPS Proxied Packets

                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                            0192.168.2.2353070162.213.35.25443
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-12-28 15:07:00 UTC307OUTPOST /9aadafe2051348cd32033e1cad68f0a5fe46fba3240ac1e6e42158f31b8a1371790c09baf3996b4979fe8e533446c7dedf30f654c68b25357334c66911dc6a9e HTTP/1.1
                                                                            Host: daisy.ubuntu.com
                                                                            Accept: */*
                                                                            Content-Type: application/octet-stream
                                                                            X-Whoopsie-Version: 0.2.69ubuntu0.3
                                                                            Content-Length: 164887
                                                                            Expect: 100-continue
                                                                            2024-12-28 15:07:00 UTC25INHTTP/1.1 100 Continue
                                                                            2024-12-28 15:07:00 UTC16384OUTData Raw: 17 84 02 00 02 50 72 6f 63 45 6e 76 69 72 6f 6e 00 4e 00 00 00 50 41 54 48 3d 28 63 75 73 74 6f 6d 2c 20 6e 6f 20 75 73 65 72 29 0a 58 44 47 5f 52 55 4e 54 49 4d 45 5f 44 49 52 3d 3c 73 65 74 3e 0a 4c 41 4e 47 3d 65 6e 5f 55 53 2e 55 54 46 2d 38 0a 53 48 45 4c 4c 3d 2f 62 69 6e 2f 62 61 73 68 00 02 5f 4c 6f 67 69 6e 64 53 65 73 73 69 6f 6e 00 02 00 00 00 35 00 02 44 61 74 65 00 19 00 00 00 54 75 65 20 41 75 67 20 31 37 20 32 30 3a 31 38 3a 30 34 20 32 30 32 31 00 02 53 6f 75 72 63 65 50 61 63 6b 61 67 65 00 0d 00 00 00 6c 69 67 68 74 2d 6c 6f 63 6b 65 72 00 02 50 61 63 6b 61 67 65 41 72 63 68 69 74 65 63 74 75 72 65 00 06 00 00 00 61 6d 64 36 34 00 02 41 72 63 68 69 74 65 63 74 75 72 65 00 06 00 00 00 61 6d 64 36 34 00 02 44 69 73 74 72 6f 52 65 6c 65 61
                                                                            Data Ascii: ProcEnvironNPATH=(custom, no user)XDG_RUNTIME_DIR=<set>LANG=en_US.UTF-8SHELL=/bin/bash_LogindSession5DateTue Aug 17 20:18:04 2021SourcePackagelight-lockerPackageArchitectureamd64Architectureamd64DistroRelea
                                                                            2024-12-28 15:07:00 UTC16384OUTData Raw: 74 75 34 2e 31 0a 6c 69 62 70 61 6d 2d 72 75 6e 74 69 6d 65 20 31 2e 33 2e 31 2d 35 75 62 75 6e 74 75 34 2e 31 0a 6c 69 62 70 61 6d 2d 73 79 73 74 65 6d 64 20 32 34 35 2e 34 2d 34 75 62 75 6e 74 75 33 2e 31 31 0a 6c 69 62 70 61 6d 30 67 20 31 2e 33 2e 31 2d 35 75 62 75 6e 74 75 34 2e 31 0a 6c 69 62 70 61 6e 67 6f 2d 31 2e 30 2d 30 20 31 2e 34 34 2e 37 2d 32 75 62 75 6e 74 75 34 0a 6c 69 62 70 61 6e 67 6f 63 61 69 72 6f 2d 31 2e 30 2d 30 20 31 2e 34 34 2e 37 2d 32 75 62 75 6e 74 75 34 0a 6c 69 62 70 61 6e 67 6f 66 74 32 2d 31 2e 30 2d 30 20 31 2e 34 34 2e 37 2d 32 75 62 75 6e 74 75 34 0a 6c 69 62 70 61 6e 67 6f 78 66 74 2d 31 2e 30 2d 30 20 31 2e 34 34 2e 37 2d 32 75 62 75 6e 74 75 34 0a 6c 69 62 70 61 70 65 72 2d 75 74 69 6c 73 20 31 2e 31 2e 32 38 0a 6c
                                                                            Data Ascii: tu4.1libpam-runtime 1.3.1-5ubuntu4.1libpam-systemd 245.4-4ubuntu3.11libpam0g 1.3.1-5ubuntu4.1libpango-1.0-0 1.44.7-2ubuntu4libpangocairo-1.0-0 1.44.7-2ubuntu4libpangoft2-1.0-0 1.44.7-2ubuntu4libpangoxft-1.0-0 1.44.7-2ubuntu4libpaper-utils 1.1.28l
                                                                            2024-12-28 15:07:00 UTC16384OUTData Raw: 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 67 73 20 20 20 20 20 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 6b 30 20 20 20 20 20 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 6b 31 20 20 20 20 20 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 6b 32 20 20 20 20 20 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 6b 33 20 20 20 20 20 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 6b 34 20 20 20 20 20 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 6b 35 20
                                                                            Data Ascii: 0x0 0gs 0x0 0k0 0x0 0k1 0x0 0k2 0x0 0k3 0x0 0k4 0x0 0k5
                                                                            2024-12-28 15:07:00 UTC16384OUTData Raw: 20 20 20 20 20 20 20 20 20 2f 75 73 72 2f 6c 69 62 2f 78 38 36 5f 36 34 2d 6c 69 6e 75 78 2d 67 6e 75 2f 6c 69 62 78 63 62 2d 72 65 6e 64 65 72 2e 73 6f 2e 30 2e 30 2e 30 0a 37 66 37 39 31 63 30 37 34 30 30 30 2d 37 66 37 39 31 63 30 37 35 30 30 30 20 2d 2d 2d 70 20 30 30 30 30 63 30 30 30 20 66 64 3a 30 30 20 38 30 36 32 36 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2f 75 73 72 2f 6c 69 62 2f 78 38 36 5f 36 34 2d 6c 69 6e 75 78 2d 67 6e 75 2f 6c 69 62 78 63 62 2d 72 65 6e 64 65 72 2e 73 6f 2e 30 2e 30 2e 30 0a 37 66 37 39 31 63 30 37 35 30 30 30 2d 37 66 37 39 31 63 30 37 36 30 30 30 20 72 2d 2d 70 20 30 30 30 30 63 30 30 30 20 66 64 3a 30 30 20 38 30 36 32 36 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2f 75
                                                                            Data Ascii: /usr/lib/x86_64-linux-gnu/libxcb-render.so.0.0.07f791c074000-7f791c075000 ---p 0000c000 fd:00 806260 /usr/lib/x86_64-linux-gnu/libxcb-render.so.0.0.07f791c075000-7f791c076000 r--p 0000c000 fd:00 806260 /u
                                                                            2024-12-28 15:07:00 UTC16384OUTData Raw: 6e 75 78 2d 67 6e 75 2f 6c 69 62 67 64 6b 5f 70 69 78 62 75 66 2d 32 2e 30 2e 73 6f 2e 30 2e 34 30 30 30 2e 30 0a 37 66 37 39 31 63 37 37 33 30 30 30 2d 37 66 37 39 31 63 37 37 34 30 30 30 20 72 77 2d 70 20 30 30 30 32 36 30 30 30 20 66 64 3a 30 30 20 38 30 36 32 34 35 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2f 75 73 72 2f 6c 69 62 2f 78 38 36 5f 36 34 2d 6c 69 6e 75 78 2d 67 6e 75 2f 6c 69 62 67 64 6b 5f 70 69 78 62 75 66 2d 32 2e 30 2e 73 6f 2e 30 2e 34 30 30 30 2e 30 0a 37 66 37 39 31 63 37 37 34 30 30 30 2d 37 66 37 39 31 63 37 37 38 30 30 30 20 72 2d 2d 70 20 30 30 30 30 30 30 30 30 20 66 64 3a 30 30 20 38 30 36 32 36 38 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2f 75 73 72 2f 6c 69 62 2f 78 38 36 5f 36 34
                                                                            Data Ascii: nux-gnu/libgdk_pixbuf-2.0.so.0.4000.07f791c773000-7f791c774000 rw-p 00026000 fd:00 806245 /usr/lib/x86_64-linux-gnu/libgdk_pixbuf-2.0.so.0.4000.07f791c774000-7f791c778000 r--p 00000000 fd:00 806268 /usr/lib/x86_64
                                                                            2024-12-28 15:07:00 UTC16384OUTData Raw: 20 70 6c 61 74 66 6f 72 6d 20 65 69 73 61 2e 30 3a 20 43 61 6e 6e 6f 74 20 61 6c 6c 6f 63 61 74 65 20 72 65 73 6f 75 72 63 65 20 66 6f 72 20 45 49 53 41 20 73 6c 6f 74 20 37 0a 41 75 67 20 31 37 20 32 30 3a 32 34 3a 34 36 20 67 61 6c 61 73 73 69 61 20 6b 65 72 6e 65 6c 3a 20 70 6c 61 74 66 6f 72 6d 20 65 69 73 61 2e 30 3a 20 43 61 6e 6e 6f 74 20 61 6c 6c 6f 63 61 74 65 20 72 65 73 6f 75 72 63 65 20 66 6f 72 20 45 49 53 41 20 73 6c 6f 74 20 38 0a 41 75 67 20 31 37 20 32 30 3a 32 34 3a 34 36 20 67 61 6c 61 73 73 69 61 20 6b 65 72 6e 65 6c 3a 20 73 64 20 33 32 3a 30 3a 30 3a 30 3a 20 5b 73 64 61 5d 20 41 73 73 75 6d 69 6e 67 20 64 72 69 76 65 20 63 61 63 68 65 3a 20 77 72 69 74 65 20 74 68 72 6f 75 67 68 0a 41 75 67 20 31 37 20 32 30 3a 32 34 3a 34 37 20 67
                                                                            Data Ascii: platform eisa.0: Cannot allocate resource for EISA slot 7Aug 17 20:24:46 galassia kernel: platform eisa.0: Cannot allocate resource for EISA slot 8Aug 17 20:24:46 galassia kernel: sd 32:0:0:0: [sda] Assuming drive cache: write throughAug 17 20:24:47 g
                                                                            2024-12-28 15:07:00 UTC16384OUTData Raw: 35 35 31 5d 3a 20 28 49 49 29 20 4c 6f 61 64 4d 6f 64 75 6c 65 3a 20 22 66 62 64 65 76 68 77 22 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 34 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 49 49 29 20 4c 6f 61 64 69 6e 67 20 2f 75 73 72 2f 6c 69 62 2f 78 6f 72 67 2f 6d 6f 64 75 6c 65 73 2f 6c 69 62 66 62 64 65 76 68 77 2e 73 6f 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 34 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 49 49 29 20 4d 6f 64 75 6c 65 20 66 62 64 65 76 68 77 3a 20 76 65 6e 64 6f 72 3d 22 58 2e 4f 72 67 20 46 6f 75 6e 64 61 74 69 6f 6e 22 0a 41 75 67 20 31 37
                                                                            Data Ascii: 551]: (II) LoadModule: "fbdevhw"Aug 17 20:25:04 galassia /usr/lib/gdm3/gdm-x-session[1551]: (II) Loading /usr/lib/xorg/modules/libfbdevhw.soAug 17 20:25:04 galassia /usr/lib/gdm3/gdm-x-session[1551]: (II) Module fbdevhw: vendor="X.Org Foundation"Aug 17
                                                                            2024-12-28 15:07:00 UTC16384OUTData Raw: 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 49 49 29 20 76 6d 77 61 72 65 28 30 29 3a 20 4e 6f 74 20 75 73 69 6e 67 20 64 65 66 61 75 6c 74 20 6d 6f 64 65 20 22 31 39 32 30 78 31 32 30 30 22 20 28 69 6e 73 75 66 66 69 63 69 65 6e 74 20 6d 65 6d 6f 72 79 20 66 6f 72 20 6d 6f 64 65 29 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 35 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 49 49 29 20 76 6d 77 61 72 65 28 30 29 3a 20 4e 6f 74 20 75 73 69 6e 67 20 64 65 66 61 75 6c 74 20 6d 6f 64 65 20 22 39 36 30 78 36 30 30 22 20 28 62 61 64 20 6d 6f 64 65 20 63 6c 6f 63 6b 2f 69 6e 74 65 72 6c 61 63 65 2f 64 6f 75 62 6c 65 73
                                                                            Data Ascii: /lib/gdm3/gdm-x-session[1551]: (II) vmware(0): Not using default mode "1920x1200" (insufficient memory for mode)Aug 17 20:25:05 galassia /usr/lib/gdm3/gdm-x-session[1551]: (II) vmware(0): Not using default mode "960x600" (bad mode clock/interlace/doubles
                                                                            2024-12-28 15:07:00 UTC16384OUTData Raw: 20 31 33 33 36 20 31 35 32 30 20 20 38 36 34 20 38 36 35 20 38 36 38 20 38 39 35 20 2d 68 73 79 6e 63 20 2b 76 73 79 6e 63 20 28 35 33 2e 37 20 6b 48 7a 20 64 29 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 35 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 2a 2a 29 20 76 6d 77 61 72 65 28 30 29 3a 20 20 44 65 66 61 75 6c 74 20 6d 6f 64 65 20 22 31 30 32 34 78 37 36 38 22 3a 20 39 34 2e 35 20 4d 48 7a 2c 20 36 38 2e 37 20 6b 48 7a 2c 20 38 35 2e 30 20 48 7a 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 35 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 49 49 29 20 76 6d 77 61 72
                                                                            Data Ascii: 1336 1520 864 865 868 895 -hsync +vsync (53.7 kHz d)Aug 17 20:25:05 galassia /usr/lib/gdm3/gdm-x-session[1551]: (**) vmware(0): Default mode "1024x768": 94.5 MHz, 68.7 kHz, 85.0 HzAug 17 20:25:05 galassia /usr/lib/gdm3/gdm-x-session[1551]: (II) vmwar
                                                                            2024-12-28 15:07:00 UTC16384OUTData Raw: 65 64 20 53 65 74 20 32 20 6b 65 79 62 6f 61 72 64 3a 20 61 6c 77 61 79 73 20 72 65 70 6f 72 74 73 20 63 6f 72 65 20 65 76 65 6e 74 73 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 35 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 2a 2a 29 20 4f 70 74 69 6f 6e 20 22 44 65 76 69 63 65 22 20 22 2f 64 65 76 2f 69 6e 70 75 74 2f 65 76 65 6e 74 31 22 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 35 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 2a 2a 29 20 4f 70 74 69 6f 6e 20 22 5f 73 6f 75 72 63 65 22 20 22 73 65 72 76 65 72 2f 75 64 65 76 22 0a 41 75 67 20 31 37 20 32 30 3a 32 35
                                                                            Data Ascii: ed Set 2 keyboard: always reports core eventsAug 17 20:25:05 galassia /usr/lib/gdm3/gdm-x-session[1551]: (**) Option "Device" "/dev/input/event1"Aug 17 20:25:05 galassia /usr/lib/gdm3/gdm-x-session[1551]: (**) Option "_source" "server/udev"Aug 17 20:25
                                                                            2024-12-28 15:07:01 UTC279INHTTP/1.1 400 Bad Request
                                                                            Date: Sat, 28 Dec 2024 15:07:01 GMT
                                                                            Server: gunicorn/19.7.1
                                                                            X-Daisy-Revision-Number: 979
                                                                            X-Oops-Repository-Version: 0.0.0
                                                                            Strict-Transport-Security: max-age=2592000
                                                                            Connection: close
                                                                            Transfer-Encoding: chunked
                                                                            17
                                                                            Crash already reported.
                                                                            0


                                                                            System Behavior

                                                                            General

                                                                            Start time (UTC):15:06:40
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/bin/dash
                                                                            Arguments:-
                                                                            File size:129816 bytes
                                                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:40
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/bin/rm
                                                                            Arguments:rm -f /tmp/tmp.sR00XSrcUF /tmp/tmp.2TBPewtrKJ /tmp/tmp.TPf1wIeDb3
                                                                            File size:72056 bytes
                                                                            MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:40
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/bin/dash
                                                                            Arguments:-
                                                                            File size:129816 bytes
                                                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:40
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/bin/cat
                                                                            Arguments:cat /tmp/tmp.sR00XSrcUF
                                                                            File size:43416 bytes
                                                                            MD5 hash:7e9d213e404ad3bb82e4ebb2e1f2c1b3

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:40
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/bin/dash
                                                                            Arguments:-
                                                                            File size:129816 bytes
                                                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:40
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/bin/head
                                                                            Arguments:head -n 10
                                                                            File size:47480 bytes
                                                                            MD5 hash:fd96a67145172477dd57131396fc9608

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:40
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/bin/dash
                                                                            Arguments:-
                                                                            File size:129816 bytes
                                                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:40
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/bin/tr
                                                                            Arguments:tr -d \\000-\\011\\013\\014\\016-\\037
                                                                            File size:51544 bytes
                                                                            MD5 hash:fbd1402dd9f72d8ebfff00ce7c3a7bb5

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:40
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/bin/dash
                                                                            Arguments:-
                                                                            File size:129816 bytes
                                                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:40
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/bin/cut
                                                                            Arguments:cut -c -80
                                                                            File size:47480 bytes
                                                                            MD5 hash:d8ed0ea8f22c0de0f8692d4d9f1759d3

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:40
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/bin/dash
                                                                            Arguments:-
                                                                            File size:129816 bytes
                                                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:40
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/bin/cat
                                                                            Arguments:cat /tmp/tmp.sR00XSrcUF
                                                                            File size:43416 bytes
                                                                            MD5 hash:7e9d213e404ad3bb82e4ebb2e1f2c1b3

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:40
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/bin/dash
                                                                            Arguments:-
                                                                            File size:129816 bytes
                                                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:40
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/bin/head
                                                                            Arguments:head -n 10
                                                                            File size:47480 bytes
                                                                            MD5 hash:fd96a67145172477dd57131396fc9608

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:40
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/bin/dash
                                                                            Arguments:-
                                                                            File size:129816 bytes
                                                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:40
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/bin/tr
                                                                            Arguments:tr -d \\000-\\011\\013\\014\\016-\\037
                                                                            File size:51544 bytes
                                                                            MD5 hash:fbd1402dd9f72d8ebfff00ce7c3a7bb5

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:40
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/bin/dash
                                                                            Arguments:-
                                                                            File size:129816 bytes
                                                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:40
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/bin/cut
                                                                            Arguments:cut -c -80
                                                                            File size:47480 bytes
                                                                            MD5 hash:d8ed0ea8f22c0de0f8692d4d9f1759d3

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:40
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/bin/dash
                                                                            Arguments:-
                                                                            File size:129816 bytes
                                                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:40
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/bin/rm
                                                                            Arguments:rm -f /tmp/tmp.sR00XSrcUF /tmp/tmp.2TBPewtrKJ /tmp/tmp.TPf1wIeDb3
                                                                            File size:72056 bytes
                                                                            MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:48
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/tmp/x86_64.elf
                                                                            Arguments:/tmp/x86_64.elf
                                                                            File size:160968 bytes
                                                                            MD5 hash:255eb9f619666700048a69e9d7e7a80c

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:48
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/tmp/x86_64.elf
                                                                            Arguments:-
                                                                            File size:160968 bytes
                                                                            MD5 hash:255eb9f619666700048a69e9d7e7a80c

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:48
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/tmp/x86_64.elf
                                                                            Arguments:-
                                                                            File size:160968 bytes
                                                                            MD5 hash:255eb9f619666700048a69e9d7e7a80c

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:48
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/tmp/x86_64.elf
                                                                            Arguments:-
                                                                            File size:160968 bytes
                                                                            MD5 hash:255eb9f619666700048a69e9d7e7a80c

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:57
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/tmp/x86_64.elf
                                                                            Arguments:-
                                                                            File size:160968 bytes
                                                                            MD5 hash:255eb9f619666700048a69e9d7e7a80c

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:57
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/tmp/x86_64.elf
                                                                            Arguments:-
                                                                            File size:160968 bytes
                                                                            MD5 hash:255eb9f619666700048a69e9d7e7a80c

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:57
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/bin/sh
                                                                            Arguments:sh -c "iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"
                                                                            File size:129816 bytes
                                                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:57
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/bin/sh
                                                                            Arguments:-
                                                                            File size:129816 bytes
                                                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:57
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/sbin/iptables
                                                                            Arguments:iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
                                                                            File size:99296 bytes
                                                                            MD5 hash:1ab05fef765b6342cdfadaa5275b33af

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:57
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/tmp/x86_64.elf
                                                                            Arguments:-
                                                                            File size:160968 bytes
                                                                            MD5 hash:255eb9f619666700048a69e9d7e7a80c

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:57
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/bin/sh
                                                                            Arguments:sh -c "/bin/busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"
                                                                            File size:129816 bytes
                                                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:57
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/bin/sh
                                                                            Arguments:-
                                                                            File size:129816 bytes
                                                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:57
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/bin/busybox
                                                                            Arguments:/bin/busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
                                                                            File size:2172376 bytes
                                                                            MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:57
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/tmp/x86_64.elf
                                                                            Arguments:-
                                                                            File size:160968 bytes
                                                                            MD5 hash:255eb9f619666700048a69e9d7e7a80c

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:57
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/bin/sh
                                                                            Arguments:sh -c "/bin/iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"
                                                                            File size:129816 bytes
                                                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:58
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/bin/sh
                                                                            Arguments:-
                                                                            File size:129816 bytes
                                                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:58
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/tmp/x86_64.elf
                                                                            Arguments:-
                                                                            File size:160968 bytes
                                                                            MD5 hash:255eb9f619666700048a69e9d7e7a80c

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:58
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/bin/sh
                                                                            Arguments:sh -c "/usr/bin/iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"
                                                                            File size:129816 bytes
                                                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:58
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/bin/sh
                                                                            Arguments:-
                                                                            File size:129816 bytes
                                                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:58
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/tmp/x86_64.elf
                                                                            Arguments:-
                                                                            File size:160968 bytes
                                                                            MD5 hash:255eb9f619666700048a69e9d7e7a80c

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:58
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/bin/sh
                                                                            Arguments:sh -c "busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"
                                                                            File size:129816 bytes
                                                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:58
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/bin/sh
                                                                            Arguments:-
                                                                            File size:129816 bytes
                                                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:58
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/bin/busybox
                                                                            Arguments:busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
                                                                            File size:2172376 bytes
                                                                            MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:48
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/lib/systemd/systemd
                                                                            Arguments:-
                                                                            File size:1620224 bytes
                                                                            MD5 hash:9b2bec7092a40488108543f9334aab75

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:48
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/bin/journalctl
                                                                            Arguments:/usr/bin/journalctl --smart-relinquish-var
                                                                            File size:80120 bytes
                                                                            MD5 hash:bf3a987344f3bacafc44efd882abda8b

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:48
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/lib/systemd/systemd
                                                                            Arguments:-
                                                                            File size:1620224 bytes
                                                                            MD5 hash:9b2bec7092a40488108543f9334aab75

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:48
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/bin/dbus-daemon
                                                                            Arguments:/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
                                                                            File size:249032 bytes
                                                                            MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:48
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/sbin/gdm3
                                                                            Arguments:-
                                                                            File size:453296 bytes
                                                                            MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:48
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/etc/gdm3/PrimeOff/Default
                                                                            Arguments:/etc/gdm3/PrimeOff/Default
                                                                            File size:129816 bytes
                                                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:49
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/sbin/gdm3
                                                                            Arguments:-
                                                                            File size:453296 bytes
                                                                            MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:49
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/etc/gdm3/PrimeOff/Default
                                                                            Arguments:/etc/gdm3/PrimeOff/Default
                                                                            File size:129816 bytes
                                                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:49
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/lib/systemd/systemd
                                                                            Arguments:-
                                                                            File size:1620224 bytes
                                                                            MD5 hash:9b2bec7092a40488108543f9334aab75

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:49
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/sbin/rsyslogd
                                                                            Arguments:/usr/sbin/rsyslogd -n -iNONE
                                                                            File size:727248 bytes
                                                                            MD5 hash:0b8087fc907c42eb3c81a691db258e33

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:49
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/lib/systemd/systemd
                                                                            Arguments:-
                                                                            File size:1620224 bytes
                                                                            MD5 hash:9b2bec7092a40488108543f9334aab75

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:49
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/bin/pulseaudio
                                                                            Arguments:/usr/bin/pulseaudio --daemonize=no --log-target=journal
                                                                            File size:100832 bytes
                                                                            MD5 hash:0c3b4c789d8ffb12b25507f27e14c186

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:49
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/sbin/gdm3
                                                                            Arguments:-
                                                                            File size:453296 bytes
                                                                            MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:49
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/etc/gdm3/PrimeOff/Default
                                                                            Arguments:/etc/gdm3/PrimeOff/Default
                                                                            File size:129816 bytes
                                                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:49
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/lib/systemd/systemd
                                                                            Arguments:-
                                                                            File size:1620224 bytes
                                                                            MD5 hash:9b2bec7092a40488108543f9334aab75

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:49
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/lib/systemd/systemd-journald
                                                                            Arguments:/lib/systemd/systemd-journald
                                                                            File size:162032 bytes
                                                                            MD5 hash:474667ece6cecb5e04c6eb897a1d0d9e

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:49
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/libexec/gvfsd-fuse
                                                                            Arguments:-
                                                                            File size:47632 bytes
                                                                            MD5 hash:d18fbf1cbf8eb57b17fac48b7b4be933

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:49
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/bin/fusermount
                                                                            Arguments:fusermount -u -q -z -- /run/user/1000/gvfs
                                                                            File size:39144 bytes
                                                                            MD5 hash:576a1b135c82bdcbc97a91acea900566

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:51
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/lib/systemd/systemd
                                                                            Arguments:-
                                                                            File size:1620224 bytes
                                                                            MD5 hash:9b2bec7092a40488108543f9334aab75

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:51
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/libexec/rtkit-daemon
                                                                            Arguments:/usr/libexec/rtkit-daemon
                                                                            File size:68096 bytes
                                                                            MD5 hash:df0cacf1db4ec95ac70f5b6e06b8ffd7

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:51
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/lib/systemd/systemd
                                                                            Arguments:-
                                                                            File size:1620224 bytes
                                                                            MD5 hash:9b2bec7092a40488108543f9334aab75

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:51
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/lib/systemd/systemd-logind
                                                                            Arguments:/lib/systemd/systemd-logind
                                                                            File size:268576 bytes
                                                                            MD5 hash:8dd58a1b4c12f7a1d5fe3ce18b2aaeef

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:51
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/lib/systemd/systemd
                                                                            Arguments:-
                                                                            File size:1620224 bytes
                                                                            MD5 hash:9b2bec7092a40488108543f9334aab75

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:51
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/lib/policykit-1/polkitd
                                                                            Arguments:/usr/lib/policykit-1/polkitd --no-debug
                                                                            File size:121504 bytes
                                                                            MD5 hash:8efc9b4b5b524210ad2ea1954a9d0e69

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:52
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/lib/systemd/systemd
                                                                            Arguments:-
                                                                            File size:1620224 bytes
                                                                            MD5 hash:9b2bec7092a40488108543f9334aab75

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:52
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/bin/gpu-manager
                                                                            Arguments:/usr/bin/gpu-manager --log /var/log/gpu-manager.log
                                                                            File size:76616 bytes
                                                                            MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:52
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/bin/gpu-manager
                                                                            Arguments:-
                                                                            File size:76616 bytes
                                                                            MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:52
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/bin/sh
                                                                            Arguments:sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
                                                                            File size:129816 bytes
                                                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:52
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/bin/sh
                                                                            Arguments:-
                                                                            File size:129816 bytes
                                                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:52
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/bin/grep
                                                                            Arguments:grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
                                                                            File size:199136 bytes
                                                                            MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:53
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/bin/gpu-manager
                                                                            Arguments:-
                                                                            File size:76616 bytes
                                                                            MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:53
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/bin/sh
                                                                            Arguments:sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
                                                                            File size:129816 bytes
                                                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:53
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/bin/sh
                                                                            Arguments:-
                                                                            File size:129816 bytes
                                                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:53
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/bin/grep
                                                                            Arguments:grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
                                                                            File size:199136 bytes
                                                                            MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:53
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/bin/gpu-manager
                                                                            Arguments:-
                                                                            File size:76616 bytes
                                                                            MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:53
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/bin/sh
                                                                            Arguments:sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
                                                                            File size:129816 bytes
                                                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:53
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/bin/sh
                                                                            Arguments:-
                                                                            File size:129816 bytes
                                                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:53
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/bin/grep
                                                                            Arguments:grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
                                                                            File size:199136 bytes
                                                                            MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:54
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/bin/gpu-manager
                                                                            Arguments:-
                                                                            File size:76616 bytes
                                                                            MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:54
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/bin/sh
                                                                            Arguments:sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
                                                                            File size:129816 bytes
                                                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:54
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/bin/sh
                                                                            Arguments:-
                                                                            File size:129816 bytes
                                                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:54
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/bin/grep
                                                                            Arguments:grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
                                                                            File size:199136 bytes
                                                                            MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:54
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/bin/gpu-manager
                                                                            Arguments:-
                                                                            File size:76616 bytes
                                                                            MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:54
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/bin/sh
                                                                            Arguments:sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
                                                                            File size:129816 bytes
                                                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:54
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/bin/sh
                                                                            Arguments:-
                                                                            File size:129816 bytes
                                                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:54
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/bin/grep
                                                                            Arguments:grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
                                                                            File size:199136 bytes
                                                                            MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:55
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/bin/gpu-manager
                                                                            Arguments:-
                                                                            File size:76616 bytes
                                                                            MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:55
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/bin/sh
                                                                            Arguments:sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
                                                                            File size:129816 bytes
                                                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:55
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/bin/sh
                                                                            Arguments:-
                                                                            File size:129816 bytes
                                                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:55
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/bin/grep
                                                                            Arguments:grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
                                                                            File size:199136 bytes
                                                                            MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:55
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/bin/gpu-manager
                                                                            Arguments:-
                                                                            File size:76616 bytes
                                                                            MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:55
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/bin/sh
                                                                            Arguments:sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
                                                                            File size:129816 bytes
                                                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:55
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/bin/sh
                                                                            Arguments:-
                                                                            File size:129816 bytes
                                                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:55
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/bin/grep
                                                                            Arguments:grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
                                                                            File size:199136 bytes
                                                                            MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:56
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/bin/gpu-manager
                                                                            Arguments:-
                                                                            File size:76616 bytes
                                                                            MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:56
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/bin/sh
                                                                            Arguments:sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
                                                                            File size:129816 bytes
                                                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:56
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/bin/sh
                                                                            Arguments:-
                                                                            File size:129816 bytes
                                                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:56
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/bin/grep
                                                                            Arguments:grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
                                                                            File size:199136 bytes
                                                                            MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:57
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/lib/systemd/systemd
                                                                            Arguments:-
                                                                            File size:1620224 bytes
                                                                            MD5 hash:9b2bec7092a40488108543f9334aab75

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:57
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/sbin/agetty
                                                                            Arguments:/sbin/agetty -o "-p -- \\u" --noclear tty2 linux
                                                                            File size:69000 bytes
                                                                            MD5 hash:3a374724ba7e863768139bdd60ca36f7

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:58
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/lib/systemd/systemd
                                                                            Arguments:-
                                                                            File size:1620224 bytes
                                                                            MD5 hash:9b2bec7092a40488108543f9334aab75

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:58
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/share/gdm/generate-config
                                                                            Arguments:/usr/share/gdm/generate-config
                                                                            File size:129816 bytes
                                                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:58
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/share/gdm/generate-config
                                                                            Arguments:-
                                                                            File size:129816 bytes
                                                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:58
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/bin/pkill
                                                                            Arguments:pkill --signal HUP --uid gdm dconf-service
                                                                            File size:30968 bytes
                                                                            MD5 hash:fa96a75a08109d8842e4865b2907d51f

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:58
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/lib/systemd/systemd
                                                                            Arguments:-
                                                                            File size:1620224 bytes
                                                                            MD5 hash:9b2bec7092a40488108543f9334aab75

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:06:58
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/bin/journalctl
                                                                            Arguments:/usr/bin/journalctl --flush
                                                                            File size:80120 bytes
                                                                            MD5 hash:bf3a987344f3bacafc44efd882abda8b

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:07:01
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/lib/systemd/systemd
                                                                            Arguments:-
                                                                            File size:1620224 bytes
                                                                            MD5 hash:9b2bec7092a40488108543f9334aab75

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:07:01
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/lib/gdm3/gdm-wait-for-drm
                                                                            Arguments:/usr/lib/gdm3/gdm-wait-for-drm
                                                                            File size:14640 bytes
                                                                            MD5 hash:82043ba752c6930b4e6aaea2f7747545

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:07:12
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/lib/systemd/systemd
                                                                            Arguments:-
                                                                            File size:1620224 bytes
                                                                            MD5 hash:9b2bec7092a40488108543f9334aab75

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:07:12
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/sbin/gdm3
                                                                            Arguments:/usr/sbin/gdm3
                                                                            File size:453296 bytes
                                                                            MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:07:12
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/sbin/gdm3
                                                                            Arguments:-
                                                                            File size:453296 bytes
                                                                            MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:07:12
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/bin/plymouth
                                                                            Arguments:plymouth --ping
                                                                            File size:51352 bytes
                                                                            MD5 hash:87003efd8dad470042f5e75360a8f49f

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:07:13
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/sbin/gdm3
                                                                            Arguments:-
                                                                            File size:453296 bytes
                                                                            MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:07:13
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/lib/gdm3/gdm-session-worker
                                                                            Arguments:"gdm-session-worker [pam/gdm-launch-environment]"
                                                                            File size:293360 bytes
                                                                            MD5 hash:692243754bd9f38fe9bd7e230b5c060a

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:07:14
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/lib/gdm3/gdm-session-worker
                                                                            Arguments:-
                                                                            File size:293360 bytes
                                                                            MD5 hash:692243754bd9f38fe9bd7e230b5c060a

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:07:14
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/lib/gdm3/gdm-wayland-session
                                                                            Arguments:/usr/lib/gdm3/gdm-wayland-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"
                                                                            File size:76368 bytes
                                                                            MD5 hash:d3def63cf1e83f7fb8a0f13b1744ff7c

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:07:15
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/lib/gdm3/gdm-wayland-session
                                                                            Arguments:-
                                                                            File size:76368 bytes
                                                                            MD5 hash:d3def63cf1e83f7fb8a0f13b1744ff7c

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:07:15
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/bin/dbus-daemon
                                                                            Arguments:dbus-daemon --print-address 3 --session
                                                                            File size:249032 bytes
                                                                            MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:07:15
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/bin/dbus-daemon
                                                                            Arguments:-
                                                                            File size:249032 bytes
                                                                            MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:07:15
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/bin/dbus-daemon
                                                                            Arguments:-
                                                                            File size:249032 bytes
                                                                            MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:07:15
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/bin/false
                                                                            Arguments:/bin/false
                                                                            File size:39256 bytes
                                                                            MD5 hash:3177546c74e4f0062909eae43d948bfc

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:07:15
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/lib/gdm3/gdm-wayland-session
                                                                            Arguments:-
                                                                            File size:76368 bytes
                                                                            MD5 hash:d3def63cf1e83f7fb8a0f13b1744ff7c

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:07:15
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/bin/dbus-run-session
                                                                            Arguments:dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart
                                                                            File size:14480 bytes
                                                                            MD5 hash:245f3ef6a268850b33b0225a8753b7f4

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:07:15
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/bin/dbus-run-session
                                                                            Arguments:-
                                                                            File size:14480 bytes
                                                                            MD5 hash:245f3ef6a268850b33b0225a8753b7f4

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:07:15
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/bin/dbus-daemon
                                                                            Arguments:dbus-daemon --nofork --print-address 4 --session
                                                                            File size:249032 bytes
                                                                            MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:07:16
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/sbin/gdm3
                                                                            Arguments:-
                                                                            File size:453296 bytes
                                                                            MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:07:16
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/etc/gdm3/PrimeOff/Default
                                                                            Arguments:/etc/gdm3/PrimeOff/Default
                                                                            File size:129816 bytes
                                                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:07:16
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/sbin/gdm3
                                                                            Arguments:-
                                                                            File size:453296 bytes
                                                                            MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:07:16
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/etc/gdm3/PrimeOff/Default
                                                                            Arguments:/etc/gdm3/PrimeOff/Default
                                                                            File size:129816 bytes
                                                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:07:12
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/lib/systemd/systemd
                                                                            Arguments:-
                                                                            File size:1620224 bytes
                                                                            MD5 hash:9b2bec7092a40488108543f9334aab75

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:07:12
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/lib/accountsservice/accounts-daemon
                                                                            Arguments:/usr/lib/accountsservice/accounts-daemon
                                                                            File size:203192 bytes
                                                                            MD5 hash:01a899e3fb5e7e434bea1290255a1f30

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:07:12
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/lib/accountsservice/accounts-daemon
                                                                            Arguments:-
                                                                            File size:203192 bytes
                                                                            MD5 hash:01a899e3fb5e7e434bea1290255a1f30

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:07:12
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/share/language-tools/language-validate
                                                                            Arguments:/usr/share/language-tools/language-validate en_US.UTF-8
                                                                            File size:129816 bytes
                                                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:07:12
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/share/language-tools/language-validate
                                                                            Arguments:-
                                                                            File size:129816 bytes
                                                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:07:12
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/share/language-tools/language-options
                                                                            Arguments:/usr/share/language-tools/language-options
                                                                            File size:3478464 bytes
                                                                            MD5 hash:16a21f464119ea7fad1d3660de963637

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:07:12
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/share/language-tools/language-options
                                                                            Arguments:-
                                                                            File size:3478464 bytes
                                                                            MD5 hash:16a21f464119ea7fad1d3660de963637

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:07:12
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/bin/sh
                                                                            Arguments:sh -c "locale -a | grep -F .utf8 "
                                                                            File size:129816 bytes
                                                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:07:12
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/bin/sh
                                                                            Arguments:-
                                                                            File size:129816 bytes
                                                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:07:12
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/bin/locale
                                                                            Arguments:locale -a
                                                                            File size:58944 bytes
                                                                            MD5 hash:c72a78792469db86d91369c9057f20d2

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:07:12
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/bin/sh
                                                                            Arguments:-
                                                                            File size:129816 bytes
                                                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:07:12
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/bin/grep
                                                                            Arguments:grep -F .utf8
                                                                            File size:199136 bytes
                                                                            MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:08:19
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/lib/systemd/systemd
                                                                            Arguments:-
                                                                            File size:1620224 bytes
                                                                            MD5 hash:9b2bec7092a40488108543f9334aab75

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:08:19
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/bin/dbus-daemon
                                                                            Arguments:/usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
                                                                            File size:249032 bytes
                                                                            MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:08:20
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/lib/systemd/systemd
                                                                            Arguments:-
                                                                            File size:1620224 bytes
                                                                            MD5 hash:9b2bec7092a40488108543f9334aab75

                                                                            Chronological Activities


                                                                            General

                                                                            Start time (UTC):15:08:20
                                                                            Start date (UTC):28/12/2024
                                                                            Path:/usr/bin/pulseaudio
                                                                            Arguments:/usr/bin/pulseaudio --daemonize=no --log-target=journal
                                                                            File size:100832 bytes
                                                                            MD5 hash:0c3b4c789d8ffb12b25507f27e14c186

                                                                            Chronological Activities