Edit tour

Linux Analysis Report
x86_64.elf

Overview

General Information

Sample name:	x86_64.elf
Analysis ID:	1581736
MD5:	448c261b5d2176ecc6b7c4d166863bec
SHA1:	891bb62164fdde84ad256382a627c8fad68b6180
SHA256:	f24f844f1269c757d1f42a3b4ea03675281d7da4a186b851f3c0d149a2488dd5
Tags:	elfuser-abuse_ch
Infos:

Detection

Gafgyt

Score:	96
Range:	0 - 100
Whitelisted:	false

Signatures

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Sample tries to kill a massive number of system processes

Yara detected Gafgyt

Connects to many ports of the same IP (likely port scanning)

Executes the "iptables" command to insert, remove and/or manipulate rules

Machine Learning detection for sample

Reads system files that contain records of logged in users

Sample reads /proc/mounts (often used for finding a writable filesystem)

Sample tries to kill multiple processes (SIGKILL)

Creates hidden files and/or directories

Deletes log files

Detected TCP or UDP traffic on non-standard ports

Enumerates processes within the "proc" file system

Executes commands using a shell command-line interpreter

Executes the "grep" command used to find patterns in files or piped streams

Executes the "iptables" command used for managing IP filtering and manipulation

Reads CPU information from /sys indicative of miner or evasive malware

Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable

Sample has stripped symbol table

Sample listens on a socket

Sample tries to kill a process (SIGKILL)

Sample tries to set the executable flag

Uses the "uname" system call to query kernel version information (possible evasion)

Yara signature match

Classification

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1581736
Start date and time:	2024-12-28 21:16:14 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 42s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	x86_64.elf
Detection:	MAL
Classification:	mal96.spre.troj.linELF@0/55@11/0

Warnings

Report size exceeded maximum capacity and may have missing behavior information.

Runtime Messages

Command:	/tmp/x86_64.elf
PID:	5490
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	listening dn0
Standard Error:

Process Tree

system is lnxubuntu20

x86_64.elf (PID: 5490, Parent: 5415, MD5: 448c261b5d2176ecc6b7c4d166863bec) Arguments: /tmp/x86_64.elf

x86_64.elf New Fork (PID: 5491, Parent: 5490)

x86_64.elf New Fork (PID: 5492, Parent: 5491)

x86_64.elf New Fork (PID: 5493, Parent: 5492)

x86_64.elf New Fork (PID: 5494, Parent: 5492)

x86_64.elf New Fork (PID: 5754, Parent: 5491)

x86_64.elf New Fork (PID: 5755, Parent: 5754)

sh (PID: 5755, Parent: 5754, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"

sh New Fork (PID: 5757, Parent: 5755)

iptables (PID: 5757, Parent: 5755, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -A INPUT -p tcp --dport 26721 -j ACCEPT

x86_64.elf New Fork (PID: 5768, Parent: 5754)

sh (PID: 5768, Parent: 5754, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "/bin/busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"

sh New Fork (PID: 5769, Parent: 5768)

busybox (PID: 5769, Parent: 5768, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: /bin/busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT

x86_64.elf New Fork (PID: 5770, Parent: 5754)

sh (PID: 5770, Parent: 5754, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "/bin/iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"

sh New Fork (PID: 5771, Parent: 5770)

x86_64.elf New Fork (PID: 5772, Parent: 5754)

sh (PID: 5772, Parent: 5754, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "/usr/bin/iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"

sh New Fork (PID: 5774, Parent: 5772)

x86_64.elf New Fork (PID: 5775, Parent: 5754)

sh (PID: 5775, Parent: 5754, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"

sh New Fork (PID: 5776, Parent: 5775)

busybox (PID: 5776, Parent: 5775, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT

x86_64.elf New Fork (PID: 5756, Parent: 5491)

gnome-session-binary New Fork (PID: 5517, Parent: 1383)

sh (PID: 5517, Parent: 1383, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing

gsd-sharing (PID: 5517, Parent: 1383, MD5: e29d9025d98590fbb69f89fdbd4438b3) Arguments: /usr/libexec/gsd-sharing

gnome-session-binary New Fork (PID: 5519, Parent: 1383)

sh (PID: 5519, Parent: 1383, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-wacom

gsd-wacom (PID: 5519, Parent: 1383, MD5: 13778dd1a23a4e94ddc17ac9caa4fcc1) Arguments: /usr/libexec/gsd-wacom

gnome-session-binary New Fork (PID: 5523, Parent: 1383)

sh (PID: 5523, Parent: 1383, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-keyboard

gsd-keyboard (PID: 5523, Parent: 1383, MD5: 8e288fd17c80bb0a1148b964b2ac2279) Arguments: /usr/libexec/gsd-keyboard

gvfsd-fuse New Fork (PID: 5524, Parent: 3147)

fusermount (PID: 5524, Parent: 3147, MD5: 576a1b135c82bdcbc97a91acea900566) Arguments: fusermount -u -q -z -- /run/user/1000/gvfs

gnome-session-binary New Fork (PID: 5526, Parent: 1383)

sh (PID: 5526, Parent: 1383, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications

gsd-print-notifications (PID: 5526, Parent: 1383, MD5: 71539698aa691718cee775d6b9450ae2) Arguments: /usr/libexec/gsd-print-notifications

gsd-print-notifications New Fork (PID: 5700, Parent: 5526)

gsd-print-notifications New Fork (PID: 5701, Parent: 5700)

gsd-printer (PID: 5701, Parent: 1, MD5: 7995828cf98c315fd55f2ffb3b22384d) Arguments: /usr/libexec/gsd-printer

gnome-session-binary New Fork (PID: 5527, Parent: 1383)

sh (PID: 5527, Parent: 1383, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill

gsd-rfkill (PID: 5527, Parent: 1383, MD5: 88a16a3c0aba1759358c06215ecfb5cc) Arguments: /usr/libexec/gsd-rfkill

gnome-session-binary New Fork (PID: 5530, Parent: 1383)

sh (PID: 5530, Parent: 1383, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-smartcard

gsd-smartcard (PID: 5530, Parent: 1383, MD5: ea1fbd7f62e4cd0331eae2ef754ee605) Arguments: /usr/libexec/gsd-smartcard

gnome-session-binary New Fork (PID: 5537, Parent: 1383)

sh (PID: 5537, Parent: 1383, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-color

gsd-color (PID: 5537, Parent: 1383, MD5: ac2861ad93ce047283e8e87cefef9a19) Arguments: /usr/libexec/gsd-color

gnome-session-binary New Fork (PID: 5538, Parent: 1383)

sh (PID: 5538, Parent: 1383, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-datetime

gsd-datetime (PID: 5538, Parent: 1383, MD5: d80d39745740de37d6634d36e344d4bc) Arguments: /usr/libexec/gsd-datetime

gnome-session-binary New Fork (PID: 5539, Parent: 1383)

sh (PID: 5539, Parent: 1383, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-media-keys

gsd-media-keys (PID: 5539, Parent: 1383, MD5: a425448c135afb4b8bfd79cc0b6b74da) Arguments: /usr/libexec/gsd-media-keys

gnome-session-binary New Fork (PID: 5540, Parent: 1383)

sh (PID: 5540, Parent: 1383, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-screensaver-proxy

gsd-screensaver-proxy (PID: 5540, Parent: 1383, MD5: 77e309450c87dceee43f1a9e50cc0d02) Arguments: /usr/libexec/gsd-screensaver-proxy

gnome-session-binary New Fork (PID: 5541, Parent: 1383)

sh (PID: 5541, Parent: 1383, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-a11y-settings

gsd-a11y-settings (PID: 5541, Parent: 1383, MD5: 18e243d2cf30ecee7ea89d1462725c5c) Arguments: /usr/libexec/gsd-a11y-settings

gnome-session-binary New Fork (PID: 5542, Parent: 1383)

sh (PID: 5542, Parent: 1383, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-power

gsd-power (PID: 5542, Parent: 1383, MD5: 28b8e1b43c3e7f1db6741ea1ecd978b7) Arguments: /usr/libexec/gsd-power

gnome-session-binary New Fork (PID: 5543, Parent: 1383)

sh (PID: 5543, Parent: 1383, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-housekeeping

gsd-housekeeping (PID: 5543, Parent: 1383, MD5: b55f3394a84976ddb92a2915e5d76914) Arguments: /usr/libexec/gsd-housekeeping

gnome-session-binary New Fork (PID: 5544, Parent: 1383)

sh (PID: 5544, Parent: 1383, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sound

gsd-sound (PID: 5544, Parent: 1383, MD5: 4c7d3fb993463337b4a0eb5c80c760ee) Arguments: /usr/libexec/gsd-sound

systemd New Fork (PID: 5567, Parent: 1)

systemd-hostnamed (PID: 5567, Parent: 1, MD5: 2cc8a5576629a2d5bd98e49a4b8bef65) Arguments: /lib/systemd/systemd-hostnamed

dbus-daemon New Fork (PID: 5707, Parent: 5706)

false (PID: 5707, Parent: 5706, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false

systemd New Fork (PID: 5733, Parent: 1)

accounts-daemon (PID: 5733, Parent: 1, MD5: 01a899e3fb5e7e434bea1290255a1f30) Arguments: /usr/lib/accountsservice/accounts-daemon

accounts-daemon New Fork (PID: 5758, Parent: 5733)

language-validate (PID: 5758, Parent: 5733, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/language-tools/language-validate en_US.UTF-8

language-validate New Fork (PID: 5759, Parent: 5758)

language-options (PID: 5759, Parent: 5758, MD5: 16a21f464119ea7fad1d3660de963637) Arguments: /usr/share/language-tools/language-options

language-options New Fork (PID: 5760, Parent: 5759)

sh (PID: 5760, Parent: 5759, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "locale -a | grep -F .utf8 "

sh New Fork (PID: 5762, Parent: 5760)

locale (PID: 5762, Parent: 5760, MD5: c72a78792469db86d91369c9057f20d2) Arguments: locale -a

sh New Fork (PID: 5763, Parent: 5760)

grep (PID: 5763, Parent: 5760, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -F .utf8

systemd New Fork (PID: 5745, Parent: 1)

colord (PID: 5745, Parent: 1, MD5: 70861d1b2818c9279cd4a5c9035dac1f) Arguments: /usr/libexec/colord

colord New Fork (PID: 5937, Parent: 5745)

colord-sane (PID: 5937, Parent: 5745, MD5: 5f98d754a07bf1385c3ff001cde3882e) Arguments: /usr/libexec/colord-sane

systemd New Fork (PID: 5782, Parent: 1)

systemd-localed (PID: 5782, Parent: 1, MD5: 1244af9646256d49594f2a8203329aa9) Arguments: /lib/systemd/systemd-localed

gdm3 New Fork (PID: 5933, Parent: 1289)

Default (PID: 5933, Parent: 1289, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default

gdm3 New Fork (PID: 5936, Parent: 1289)

Default (PID: 5936, Parent: 1289, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default

gdm3 New Fork (PID: 5938, Parent: 1289)

gdm-session-worker (PID: 5938, Parent: 1289, MD5: 692243754bd9f38fe9bd7e230b5c060a) Arguments: "gdm-session-worker [pam/gdm-launch-environment]"

gdm-session-worker New Fork (PID: 5953, Parent: 5938)

gdm-wayland-session (PID: 5953, Parent: 5938, MD5: d3def63cf1e83f7fb8a0f13b1744ff7c) Arguments: /usr/lib/gdm3/gdm-wayland-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"

gdm-wayland-session New Fork (PID: 5956, Parent: 5953)

dbus-run-session (PID: 5956, Parent: 5953, MD5: 245f3ef6a268850b33b0225a8753b7f4) Arguments: dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart

dbus-run-session New Fork (PID: 5957, Parent: 5956)

dbus-daemon (PID: 5957, Parent: 5956, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: dbus-daemon --nofork --print-address 4 --session

dbus-daemon New Fork (PID: 5964, Parent: 5957)

dbus-daemon New Fork (PID: 5965, Parent: 5964)

false (PID: 5965, Parent: 5964, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false

dbus-daemon New Fork (PID: 5967, Parent: 5957)

dbus-daemon New Fork (PID: 5968, Parent: 5967)

false (PID: 5968, Parent: 5967, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false

dbus-daemon New Fork (PID: 5969, Parent: 5957)

dbus-daemon New Fork (PID: 5970, Parent: 5969)

false (PID: 5970, Parent: 5969, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false

dbus-daemon New Fork (PID: 5971, Parent: 5957)

dbus-daemon New Fork (PID: 5972, Parent: 5971)

false (PID: 5972, Parent: 5971, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false

dbus-daemon New Fork (PID: 5973, Parent: 5957)

dbus-daemon New Fork (PID: 5974, Parent: 5973)

false (PID: 5974, Parent: 5973, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false

dbus-daemon New Fork (PID: 5975, Parent: 5957)

dbus-daemon New Fork (PID: 5976, Parent: 5975)

false (PID: 5976, Parent: 5975, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false

dbus-daemon New Fork (PID: 5978, Parent: 5957)

dbus-daemon New Fork (PID: 5979, Parent: 5978)

false (PID: 5979, Parent: 5978, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false

dbus-run-session New Fork (PID: 5959, Parent: 5956)

gnome-session (PID: 5959, Parent: 5956, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: gnome-session --autostart /usr/share/gdm/greeter/autostart

gnome-session-binary (PID: 5959, Parent: 5956, MD5: d9b90be4f7db60cb3c2d3da6a1d31bfb) Arguments: /usr/libexec/gnome-session-binary --systemd --autostart /usr/share/gdm/greeter/autostart

gnome-session-binary New Fork (PID: 5980, Parent: 5959)

session-migration (PID: 5980, Parent: 5959, MD5: 5227af42ebf14ac2fe2acddb002f68dc) Arguments: session-migration

gnome-session-binary New Fork (PID: 5981, Parent: 5959)

sh (PID: 5981, Parent: 5959, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell

gnome-shell (PID: 5981, Parent: 5959, MD5: da7a257239677622fe4b3a65972c9e87) Arguments: /usr/bin/gnome-shell

gdm3 New Fork (PID: 5989, Parent: 1289)

gdm-session-worker (PID: 5989, Parent: 1289, MD5: 692243754bd9f38fe9bd7e230b5c060a) Arguments: "gdm-session-worker [pam/gdm-launch-environment]"

gdm-session-worker New Fork (PID: 6014, Parent: 5989)

gdm-x-session (PID: 6014, Parent: 5989, MD5: 498a824333f1c1ec7767f4612d1887cc) Arguments: /usr/lib/gdm3/gdm-x-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"

gdm-x-session New Fork (PID: 6016, Parent: 6014)

Xorg (PID: 6016, Parent: 6014, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/bin/Xorg vt1 -displayfd 3 -auth /run/user/127/gdm/Xauthority -background none -noreset -keeptty -verbose 3

Xorg.wrap (PID: 6016, Parent: 6014, MD5: 48993830888200ecf19dd7def0884dfd) Arguments: /usr/lib/xorg/Xorg.wrap vt1 -displayfd 3 -auth /run/user/127/gdm/Xauthority -background none -noreset -keeptty -verbose 3

Xorg (PID: 6016, Parent: 6014, MD5: 730cf4c45a7ee8bea88abf165463b7f8) Arguments: /usr/lib/xorg/Xorg vt1 -displayfd 3 -auth /run/user/127/gdm/Xauthority -background none -noreset -keeptty -verbose 3

Xorg New Fork (PID: 6026, Parent: 6016)

sh (PID: 6026, Parent: 6016, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""

sh New Fork (PID: 6027, Parent: 6026)

xkbcomp (PID: 6027, Parent: 6026, MD5: c5f953aec4c00d2a1cc27acb75d62c9b) Arguments: /usr/bin/xkbcomp -w 1 -R/usr/share/X11/xkb -xkm - -em1 "The XKEYBOARD keymap compiler (xkbcomp) reports:" -emp "> " -eml "Errors from xkbcomp are not fatal to the X server" /tmp/server-0.xkm

Xorg New Fork (PID: 6289, Parent: 6016)

sh (PID: 6289, Parent: 6016, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""

sh New Fork (PID: 6292, Parent: 6289)

xkbcomp (PID: 6292, Parent: 6289, MD5: c5f953aec4c00d2a1cc27acb75d62c9b) Arguments: /usr/bin/xkbcomp -w 1 -R/usr/share/X11/xkb -xkm - -em1 "The XKEYBOARD keymap compiler (xkbcomp) reports:" -emp "> " -eml "Errors from xkbcomp are not fatal to the X server" /tmp/server-0.xkm

gdm-x-session New Fork (PID: 6055, Parent: 6014)

Default (PID: 6055, Parent: 6014, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/Prime/Default

gdm-x-session New Fork (PID: 6056, Parent: 6014)

dbus-run-session (PID: 6056, Parent: 6014, MD5: 245f3ef6a268850b33b0225a8753b7f4) Arguments: dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart

dbus-run-session New Fork (PID: 6057, Parent: 6056)

dbus-daemon (PID: 6057, Parent: 6056, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: dbus-daemon --nofork --print-address 4 --session

dbus-daemon New Fork (PID: 6072, Parent: 6057)

dbus-daemon New Fork (PID: 6073, Parent: 6072)

at-spi-bus-launcher (PID: 6073, Parent: 6072, MD5: 1563f274acd4e7ba530a55bdc4c95682) Arguments: /usr/libexec/at-spi-bus-launcher

at-spi-bus-launcher New Fork (PID: 6078, Parent: 6073)

dbus-daemon (PID: 6078, Parent: 6073, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --config-file=/usr/share/defaults/at-spi2/accessibility.conf --nofork --print-address 3

dbus-daemon New Fork (PID: 6407, Parent: 6078)

dbus-daemon New Fork (PID: 6408, Parent: 6407)

at-spi2-registryd (PID: 6408, Parent: 6407, MD5: 1d904c2693452edebc7ede3a9e24d440) Arguments: /usr/libexec/at-spi2-registryd --use-gnome-session

dbus-daemon New Fork (PID: 6099, Parent: 6057)

dbus-daemon New Fork (PID: 6100, Parent: 6099)

false (PID: 6100, Parent: 6099, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false

dbus-daemon New Fork (PID: 6102, Parent: 6057)

dbus-daemon New Fork (PID: 6103, Parent: 6102)

false (PID: 6103, Parent: 6102, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false

dbus-daemon New Fork (PID: 6104, Parent: 6057)

dbus-daemon New Fork (PID: 6105, Parent: 6104)

false (PID: 6105, Parent: 6104, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false

dbus-daemon New Fork (PID: 6106, Parent: 6057)

dbus-daemon New Fork (PID: 6107, Parent: 6106)

false (PID: 6107, Parent: 6106, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false

dbus-daemon New Fork (PID: 6108, Parent: 6057)

dbus-daemon New Fork (PID: 6109, Parent: 6108)

false (PID: 6109, Parent: 6108, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false

dbus-daemon New Fork (PID: 6110, Parent: 6057)

dbus-daemon New Fork (PID: 6111, Parent: 6110)

false (PID: 6111, Parent: 6110, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false

dbus-daemon New Fork (PID: 6113, Parent: 6057)

dbus-daemon New Fork (PID: 6114, Parent: 6113)

false (PID: 6114, Parent: 6113, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false

dbus-daemon New Fork (PID: 6290, Parent: 6057)

dbus-daemon New Fork (PID: 6291, Parent: 6290)

ibus-portal (PID: 6291, Parent: 6290, MD5: 562ad55bd9a4d54bd7b76746b01e37d3) Arguments: /usr/libexec/ibus-portal

dbus-daemon New Fork (PID: 6413, Parent: 6057)

dbus-daemon New Fork (PID: 6414, Parent: 6413)

gjs (PID: 6414, Parent: 6413, MD5: 5f3eceb792bb65c22f23d1efb4fde3ad) Arguments: /usr/bin/gjs /usr/share/gnome-shell/org.gnome.Shell.Notifications

dbus-daemon New Fork (PID: 6472, Parent: 6057)

dbus-daemon New Fork (PID: 6473, Parent: 6472)

false (PID: 6473, Parent: 6472, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false

dbus-run-session New Fork (PID: 6058, Parent: 6056)

gnome-session (PID: 6058, Parent: 6056, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: gnome-session --autostart /usr/share/gdm/greeter/autostart

gnome-session-binary (PID: 6058, Parent: 6056, MD5: d9b90be4f7db60cb3c2d3da6a1d31bfb) Arguments: /usr/libexec/gnome-session-binary --systemd --autostart /usr/share/gdm/greeter/autostart

gnome-session-binary New Fork (PID: 6059, Parent: 6058)

gnome-session-check-accelerated (PID: 6059, Parent: 6058, MD5: a64839518af85b2b9de31aca27646396) Arguments: /usr/libexec/gnome-session-check-accelerated

gnome-session-check-accelerated New Fork (PID: 6079, Parent: 6059)

gnome-session-check-accelerated-gl-helper (PID: 6079, Parent: 6059, MD5: b1ab9a384f9e98a39ae5c36037dd5e78) Arguments: /usr/libexec/gnome-session-check-accelerated-gl-helper --print-renderer

gnome-session-check-accelerated New Fork (PID: 6088, Parent: 6059)

gnome-session-check-accelerated-gles-helper (PID: 6088, Parent: 6059, MD5: 1bd78885765a18e60c05ed1fb5fa3bf8) Arguments: /usr/libexec/gnome-session-check-accelerated-gles-helper --print-renderer

gnome-session-binary New Fork (PID: 6115, Parent: 6058)

session-migration (PID: 6115, Parent: 6058, MD5: 5227af42ebf14ac2fe2acddb002f68dc) Arguments: session-migration

gnome-session-binary New Fork (PID: 6116, Parent: 6058)

sh (PID: 6116, Parent: 6058, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell

gnome-shell (PID: 6116, Parent: 6058, MD5: da7a257239677622fe4b3a65972c9e87) Arguments: /usr/bin/gnome-shell

gnome-shell New Fork (PID: 6282, Parent: 6116)

ibus-daemon (PID: 6282, Parent: 6116, MD5: 1e00fb9860b198c73f6e364e3ff16f31) Arguments: ibus-daemon --panel disable --xim

ibus-daemon New Fork (PID: 6285, Parent: 6282)

ibus-memconf (PID: 6285, Parent: 6282, MD5: 523e939905910d06598e66385761a822) Arguments: /usr/libexec/ibus-memconf

ibus-daemon New Fork (PID: 6287, Parent: 6282)

ibus-daemon New Fork (PID: 6288, Parent: 6287)

ibus-x11 (PID: 6288, Parent: 1, MD5: 2aa1e54666191243814c2733d6992dbd) Arguments: /usr/libexec/ibus-x11 --kill-daemon

ibus-daemon New Fork (PID: 6451, Parent: 6282)

ibus-engine-simple (PID: 6451, Parent: 6282, MD5: 0238866d5e8802a0ce1b1b9af8cb1376) Arguments: /usr/libexec/ibus-engine-simple

gnome-session-binary New Fork (PID: 6431, Parent: 6058)

sh (PID: 6431, Parent: 6058, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing

gsd-sharing (PID: 6431, Parent: 6058, MD5: e29d9025d98590fbb69f89fdbd4438b3) Arguments: /usr/libexec/gsd-sharing

gnome-session-binary New Fork (PID: 6433, Parent: 6058)

sh (PID: 6433, Parent: 6058, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-wacom

gsd-wacom (PID: 6433, Parent: 6058, MD5: 13778dd1a23a4e94ddc17ac9caa4fcc1) Arguments: /usr/libexec/gsd-wacom

gnome-session-binary New Fork (PID: 6435, Parent: 6058)

sh (PID: 6435, Parent: 6058, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-color

gsd-color (PID: 6435, Parent: 6058, MD5: ac2861ad93ce047283e8e87cefef9a19) Arguments: /usr/libexec/gsd-color

gnome-session-binary New Fork (PID: 6436, Parent: 6058)

sh (PID: 6436, Parent: 6058, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-keyboard

gsd-keyboard (PID: 6436, Parent: 6058, MD5: 8e288fd17c80bb0a1148b964b2ac2279) Arguments: /usr/libexec/gsd-keyboard

gnome-session-binary New Fork (PID: 6437, Parent: 6058)

sh (PID: 6437, Parent: 6058, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications

gsd-print-notifications (PID: 6437, Parent: 6058, MD5: 71539698aa691718cee775d6b9450ae2) Arguments: /usr/libexec/gsd-print-notifications

gsd-print-notifications New Fork (PID: 6474, Parent: 6437)

gsd-print-notifications New Fork (PID: 6476, Parent: 6474)

gsd-printer (PID: 6476, Parent: 1, MD5: 7995828cf98c315fd55f2ffb3b22384d) Arguments: /usr/libexec/gsd-printer

gnome-session-binary New Fork (PID: 6438, Parent: 6058)

sh (PID: 6438, Parent: 6058, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill

gsd-rfkill (PID: 6438, Parent: 6058, MD5: 88a16a3c0aba1759358c06215ecfb5cc) Arguments: /usr/libexec/gsd-rfkill

gnome-session-binary New Fork (PID: 6439, Parent: 6058)

sh (PID: 6439, Parent: 6058, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-smartcard

gsd-smartcard (PID: 6439, Parent: 6058, MD5: ea1fbd7f62e4cd0331eae2ef754ee605) Arguments: /usr/libexec/gsd-smartcard

gnome-session-binary New Fork (PID: 6441, Parent: 6058)

sh (PID: 6441, Parent: 6058, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-datetime

gsd-datetime (PID: 6441, Parent: 6058, MD5: d80d39745740de37d6634d36e344d4bc) Arguments: /usr/libexec/gsd-datetime

gnome-session-binary New Fork (PID: 6444, Parent: 6058)

sh (PID: 6444, Parent: 6058, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-media-keys

gsd-media-keys (PID: 6444, Parent: 6058, MD5: a425448c135afb4b8bfd79cc0b6b74da) Arguments: /usr/libexec/gsd-media-keys

gnome-session-binary New Fork (PID: 6445, Parent: 6058)

sh (PID: 6445, Parent: 6058, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-screensaver-proxy

gsd-screensaver-proxy (PID: 6445, Parent: 6058, MD5: 77e309450c87dceee43f1a9e50cc0d02) Arguments: /usr/libexec/gsd-screensaver-proxy

gnome-session-binary New Fork (PID: 6449, Parent: 6058)

sh (PID: 6449, Parent: 6058, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sound

gsd-sound (PID: 6449, Parent: 6058, MD5: 4c7d3fb993463337b4a0eb5c80c760ee) Arguments: /usr/libexec/gsd-sound

gnome-session-binary New Fork (PID: 6453, Parent: 6058)

sh (PID: 6453, Parent: 6058, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-a11y-settings

gsd-a11y-settings (PID: 6453, Parent: 6058, MD5: 18e243d2cf30ecee7ea89d1462725c5c) Arguments: /usr/libexec/gsd-a11y-settings

gnome-session-binary New Fork (PID: 6455, Parent: 6058)

sh (PID: 6455, Parent: 6058, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-housekeeping

gsd-housekeeping (PID: 6455, Parent: 6058, MD5: b55f3394a84976ddb92a2915e5d76914) Arguments: /usr/libexec/gsd-housekeeping

gnome-session-binary New Fork (PID: 6458, Parent: 6058)

sh (PID: 6458, Parent: 6058, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-power

gsd-power (PID: 6458, Parent: 6058, MD5: 28b8e1b43c3e7f1db6741ea1ecd978b7) Arguments: /usr/libexec/gsd-power

gnome-session-binary New Fork (PID: 6806, Parent: 6058)

sh (PID: 6806, Parent: 6058, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/spice-vdagent

spice-vdagent (PID: 6806, Parent: 6058, MD5: 80fb7f613aa78d1b8a229dbcf4577a9d) Arguments: /usr/bin/spice-vdagent

gnome-session-binary New Fork (PID: 6808, Parent: 6058)

sh (PID: 6808, Parent: 6058, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh xbrlapi -q

xbrlapi (PID: 6808, Parent: 6058, MD5: 0cfe25df39d38af32d6265ed947ca5b9) Arguments: xbrlapi -q

gdm3 New Fork (PID: 5990, Parent: 1289)

Default (PID: 5990, Parent: 1289, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default

gdm3 New Fork (PID: 6011, Parent: 1289)

Default (PID: 6011, Parent: 1289, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default

systemd New Fork (PID: 6138, Parent: 1)

systemd-localed (PID: 6138, Parent: 1, MD5: 1244af9646256d49594f2a8203329aa9) Arguments: /lib/systemd/systemd-localed

systemd New Fork (PID: 6299, Parent: 1299)

pulseaudio (PID: 6299, Parent: 1299, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal

systemd New Fork (PID: 6301, Parent: 1)

geoclue (PID: 6301, Parent: 1, MD5: 30ac5455f3c598dde91dc87477fb19f7) Arguments: /usr/libexec/geoclue

systemd New Fork (PID: 6411, Parent: 1)

rtkit-daemon (PID: 6411, Parent: 1, MD5: df0cacf1db4ec95ac70f5b6e06b8ffd7) Arguments: /usr/libexec/rtkit-daemon

systemd New Fork (PID: 6477, Parent: 1)

systemd-hostnamed (PID: 6477, Parent: 1, MD5: 2cc8a5576629a2d5bd98e49a4b8bef65) Arguments: /lib/systemd/systemd-hostnamed

systemd New Fork (PID: 6676, Parent: 1)

fprintd (PID: 6676, Parent: 1, MD5: b0d8829f05cd028529b84b061b660e84) Arguments: /usr/libexec/fprintd

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Bashlite, Gafgyt	Bashlite is a malware family which infects Linux systems in order to launch distributed denial-of-service attacks (DDoS). Originally it was also known under the name Bashdoor, but this term now refers to the exploit method used by the malware. It has been used to launch attacks of up to 400 Gbps.	No Attribution	http://blog.trendmicro.com/trendlabs-security-intelligence/bashlite-affects-devices-running-on-busybox/ https://blog.cyber5w.com/gafgyt-backdoor-analysis https://blog.netlab.360.com/gafgtyt_tor-and-necro-are-on-the-move-again/ https://blog.netlab.360.com/public-cloud-threat-intelligence-202203/ https://blog.netlab.360.com/some_details_of_the_ddos_attacks_targeting_ukraine_and_russia_in_recent_days/	https://malpedia.caad.fkie.fraunhofer.de/details/elf.bashlite

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
x86_64.elf	JoeSecurity_Gafgyt	Yara detected Gafgyt	Joe Security
x86_64.elf	Linux_Trojan_Gafgyt_9e9530a7	unknown	unknown	0x110e0:$a: F6 48 63 FF B8 36 00 00 00 0F 05 48 3D 00 F0 FF FF 48 89 C3
x86_64.elf	Linux_Trojan_Gafgyt_807911a2	unknown	unknown	0x11957:$a: FE 48 39 F3 0F 94 C2 48 83 F9 FF 0F 94 C0 84 D0 74 16 4B 8D
x86_64.elf	Linux_Trojan_Gafgyt_d4227dbf	unknown	unknown	0xe056:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00 0x1389c:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
x86_64.elf	Linux_Trojan_Gafgyt_d996d335	unknown	unknown	0x15796:$a: D0 EB 0F 40 38 37 75 04 48 89 F8 C3 49 FF C8 48 FF C7 4D 85 C0
x86_64.elf	Linux_Trojan_Gafgyt_d0c57a2e	unknown	unknown	0x1aa5a:$a: 07 0F B6 57 01 C1 E0 08 09 D0 89 06 0F BE 47 02 C1 E8 1F 89
x86_64.elf	Linux_Trojan_Gafgyt_620087b9	unknown	unknown	0x11517:$a: 48 89 D8 48 83 C8 01 EB 04 48 8B 76 10 48 3B 46 08 72 F6 48 8B
x86_64.elf	Linux_Trojan_Gafgyt_0cd591cd	unknown	unknown	0x103a2:$a: 4E F8 48 8D 4E D8 49 8D 42 E0 48 83 C7 03 EB 6B 4C 8B 46 F8 48 8D
x86_64.elf	Linux_Trojan_Gafgyt_33b4111a	unknown	unknown	0x117e2:$a: C1 83 E1 0F 74 1A B8 10 00 00 00 48 29 C8 48 8D 0C 02 48 89 DA 48
x86_64.elf	Linux_Trojan_Gafgyt_a33a8363	unknown	unknown	0x1059b:$a: 41 88 02 48 85 D2 75 ED 5A 5B 5D 41 5C 41 5D 4C 89 F0 41 5E
x86_64.elf	Linux_Trojan_Mirai_e0cf29e2	unknown	unknown	0xf82:$a: 83 FE 01 76 12 0F B7 07 83 EE 02 48 83 C7 02 48 01 C2 83 FE 01
Click to see the 6 entries

Memory Dumps

Source	Rule	Description	Author	Strings
5490.1.0000000000400000.000000000041f000.r-x.sdmp	JoeSecurity_Gafgyt	Yara detected Gafgyt	Joe Security
5490.1.0000000000400000.000000000041f000.r-x.sdmp	Linux_Trojan_Gafgyt_9e9530a7	unknown	unknown	0x110e0:$a: F6 48 63 FF B8 36 00 00 00 0F 05 48 3D 00 F0 FF FF 48 89 C3
5490.1.0000000000400000.000000000041f000.r-x.sdmp	Linux_Trojan_Gafgyt_807911a2	unknown	unknown	0x11957:$a: FE 48 39 F3 0F 94 C2 48 83 F9 FF 0F 94 C0 84 D0 74 16 4B 8D
5490.1.0000000000400000.000000000041f000.r-x.sdmp	Linux_Trojan_Gafgyt_d4227dbf	unknown	unknown	0xe056:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00 0x1389c:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
5490.1.0000000000400000.000000000041f000.r-x.sdmp	Linux_Trojan_Gafgyt_d996d335	unknown	unknown	0x15796:$a: D0 EB 0F 40 38 37 75 04 48 89 F8 C3 49 FF C8 48 FF C7 4D 85 C0
5490.1.0000000000400000.000000000041f000.r-x.sdmp	Linux_Trojan_Gafgyt_d0c57a2e	unknown	unknown	0x1aa5a:$a: 07 0F B6 57 01 C1 E0 08 09 D0 89 06 0F BE 47 02 C1 E8 1F 89
5490.1.0000000000400000.000000000041f000.r-x.sdmp	Linux_Trojan_Gafgyt_620087b9	unknown	unknown	0x11517:$a: 48 89 D8 48 83 C8 01 EB 04 48 8B 76 10 48 3B 46 08 72 F6 48 8B
5490.1.0000000000400000.000000000041f000.r-x.sdmp	Linux_Trojan_Gafgyt_0cd591cd	unknown	unknown	0x103a2:$a: 4E F8 48 8D 4E D8 49 8D 42 E0 48 83 C7 03 EB 6B 4C 8B 46 F8 48 8D
5490.1.0000000000400000.000000000041f000.r-x.sdmp	Linux_Trojan_Gafgyt_33b4111a	unknown	unknown	0x117e2:$a: C1 83 E1 0F 74 1A B8 10 00 00 00 48 29 C8 48 8D 0C 02 48 89 DA 48
5490.1.0000000000400000.000000000041f000.r-x.sdmp	Linux_Trojan_Gafgyt_a33a8363	unknown	unknown	0x1059b:$a: 41 88 02 48 85 D2 75 ED 5A 5B 5D 41 5C 41 5D 4C 89 F0 41 5E
5490.1.0000000000400000.000000000041f000.r-x.sdmp	Linux_Trojan_Mirai_e0cf29e2	unknown	unknown	0xf82:$a: 83 FE 01 76 12 0F B7 07 83 EE 02 48 83 C7 02 48 01 C2 83 FE 01
5492.1.0000000000400000.000000000041f000.r-x.sdmp	JoeSecurity_Gafgyt	Yara detected Gafgyt	Joe Security
5492.1.0000000000400000.000000000041f000.r-x.sdmp	Linux_Trojan_Gafgyt_9e9530a7	unknown	unknown	0x110e0:$a: F6 48 63 FF B8 36 00 00 00 0F 05 48 3D 00 F0 FF FF 48 89 C3
5492.1.0000000000400000.000000000041f000.r-x.sdmp	Linux_Trojan_Gafgyt_807911a2	unknown	unknown	0x11957:$a: FE 48 39 F3 0F 94 C2 48 83 F9 FF 0F 94 C0 84 D0 74 16 4B 8D
5492.1.0000000000400000.000000000041f000.r-x.sdmp	Linux_Trojan_Gafgyt_d4227dbf	unknown	unknown	0xe056:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00 0x1389c:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
5492.1.0000000000400000.000000000041f000.r-x.sdmp	Linux_Trojan_Gafgyt_d996d335	unknown	unknown	0x15796:$a: D0 EB 0F 40 38 37 75 04 48 89 F8 C3 49 FF C8 48 FF C7 4D 85 C0
5492.1.0000000000400000.000000000041f000.r-x.sdmp	Linux_Trojan_Gafgyt_d0c57a2e	unknown	unknown	0x1aa5a:$a: 07 0F B6 57 01 C1 E0 08 09 D0 89 06 0F BE 47 02 C1 E8 1F 89
5492.1.0000000000400000.000000000041f000.r-x.sdmp	Linux_Trojan_Gafgyt_620087b9	unknown	unknown	0x11517:$a: 48 89 D8 48 83 C8 01 EB 04 48 8B 76 10 48 3B 46 08 72 F6 48 8B
5492.1.0000000000400000.000000000041f000.r-x.sdmp	Linux_Trojan_Gafgyt_0cd591cd	unknown	unknown	0x103a2:$a: 4E F8 48 8D 4E D8 49 8D 42 E0 48 83 C7 03 EB 6B 4C 8B 46 F8 48 8D
5492.1.0000000000400000.000000000041f000.r-x.sdmp	Linux_Trojan_Gafgyt_33b4111a	unknown	unknown	0x117e2:$a: C1 83 E1 0F 74 1A B8 10 00 00 00 48 29 C8 48 8D 0C 02 48 89 DA 48
5492.1.0000000000400000.000000000041f000.r-x.sdmp	Linux_Trojan_Gafgyt_a33a8363	unknown	unknown	0x1059b:$a: 41 88 02 48 85 D2 75 ED 5A 5B 5D 41 5C 41 5D 4C 89 F0 41 5E
5492.1.0000000000400000.000000000041f000.r-x.sdmp	Linux_Trojan_Mirai_e0cf29e2	unknown	unknown	0xf82:$a: 83 FE 01 76 12 0F B7 07 83 EE 02 48 83 C7 02 48 01 C2 83 FE 01
5493.1.0000000000400000.000000000041f000.r-x.sdmp	JoeSecurity_Gafgyt	Yara detected Gafgyt	Joe Security
5493.1.0000000000400000.000000000041f000.r-x.sdmp	Linux_Trojan_Gafgyt_9e9530a7	unknown	unknown	0x110e0:$a: F6 48 63 FF B8 36 00 00 00 0F 05 48 3D 00 F0 FF FF 48 89 C3
5493.1.0000000000400000.000000000041f000.r-x.sdmp	Linux_Trojan_Gafgyt_807911a2	unknown	unknown	0x11957:$a: FE 48 39 F3 0F 94 C2 48 83 F9 FF 0F 94 C0 84 D0 74 16 4B 8D
5493.1.0000000000400000.000000000041f000.r-x.sdmp	Linux_Trojan_Gafgyt_d4227dbf	unknown	unknown	0xe056:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00 0x1389c:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
5493.1.0000000000400000.000000000041f000.r-x.sdmp	Linux_Trojan_Gafgyt_d996d335	unknown	unknown	0x15796:$a: D0 EB 0F 40 38 37 75 04 48 89 F8 C3 49 FF C8 48 FF C7 4D 85 C0
5493.1.0000000000400000.000000000041f000.r-x.sdmp	Linux_Trojan_Gafgyt_d0c57a2e	unknown	unknown	0x1aa5a:$a: 07 0F B6 57 01 C1 E0 08 09 D0 89 06 0F BE 47 02 C1 E8 1F 89
5493.1.0000000000400000.000000000041f000.r-x.sdmp	Linux_Trojan_Gafgyt_620087b9	unknown	unknown	0x11517:$a: 48 89 D8 48 83 C8 01 EB 04 48 8B 76 10 48 3B 46 08 72 F6 48 8B
5493.1.0000000000400000.000000000041f000.r-x.sdmp	Linux_Trojan_Gafgyt_0cd591cd	unknown	unknown	0x103a2:$a: 4E F8 48 8D 4E D8 49 8D 42 E0 48 83 C7 03 EB 6B 4C 8B 46 F8 48 8D
5493.1.0000000000400000.000000000041f000.r-x.sdmp	Linux_Trojan_Gafgyt_33b4111a	unknown	unknown	0x117e2:$a: C1 83 E1 0F 74 1A B8 10 00 00 00 48 29 C8 48 8D 0C 02 48 89 DA 48
5493.1.0000000000400000.000000000041f000.r-x.sdmp	Linux_Trojan_Gafgyt_a33a8363	unknown	unknown	0x1059b:$a: 41 88 02 48 85 D2 75 ED 5A 5B 5D 41 5C 41 5D 4C 89 F0 41 5E
5493.1.0000000000400000.000000000041f000.r-x.sdmp	Linux_Trojan_Mirai_e0cf29e2	unknown	unknown	0xf82:$a: 83 FE 01 76 12 0F B7 07 83 EE 02 48 83 C7 02 48 01 C2 83 FE 01
Click to see the 28 entries

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: x86_64.elf

ReversingLabs: Detection: 24%

Machine Learning detection for sample

Source: x86_64.elf

Joe Sandbox ML: detected

Source: /usr/lib/xorg/Xorg (PID: 6016)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/libexec/gnome-session-check-accelerated (PID: 6059)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/libexec/gnome-session-check-accelerated-gl-helper (PID: 6079)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/libexec/gnome-session-check-accelerated-gles-helper (PID: 6088)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/gnome-shell (PID: 6116)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pulseaudio (PID: 6299)	Reads CPU info from /sys: /sys/devices/system/cpu/online

Networking

Connects to many ports of the same IP (likely port scanning)

Source: global traffic

TCP traffic: 83.222.191.146 ports 35342,2,3,4,5,2222

Executes the "iptables" command to insert, remove and/or manipulate rules

Source: /bin/sh (PID: 5757)

Iptables executable using switch for changing the iptables rules: /usr/sbin/iptables -> iptables -A INPUT -p tcp --dport 26721 -j ACCEPT

Jump to behavior

Source: global traffic

TCP traffic: 192.168.2.14:56048 -> 83.222.191.146:35342

Source: /bin/sh (PID: 5757)

Iptables executable: /usr/sbin/iptables -> iptables -A INPUT -p tcp --dport 26721 -j ACCEPT

Jump to behavior

Source: /tmp/x86_64.elf (PID: 5490)	Socket: 127.0.0.1:8345	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5754)	Socket: 0.0.0.0:26721	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 5957)	Socket: unknown address family	Jump to behavior
Source: /usr/libexec/gnome-session-binary (PID: 5959)	Socket: unknown address family	Jump to behavior
Source: /usr/lib/xorg/Xorg (PID: 6016)	Socket: unknown address family	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6057)	Socket: unknown address family	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6078)	Socket: unknown address family	Jump to behavior
Source: /usr/libexec/gnome-session-binary (PID: 6058)	Socket: unknown address family	Jump to behavior
Source: /usr/bin/ibus-daemon (PID: 6282)	Socket: unknown address family

Source: unknown	UDP traffic detected without corresponding DNS query: 194.36.144.87
Source: unknown	UDP traffic detected without corresponding DNS query: 101.101.101.101
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 203.50.2.71
Source: unknown	UDP traffic detected without corresponding DNS query: 178.22.122.100
Source: unknown	UDP traffic detected without corresponding DNS query: 212.49.64.1
Source: unknown	UDP traffic detected without corresponding DNS query: 212.49.64.1
Source: unknown	UDP traffic detected without corresponding DNS query: 212.49.64.1
Source: unknown	UDP traffic detected without corresponding DNS query: 212.49.64.1
Source: unknown	UDP traffic detected without corresponding DNS query: 212.49.64.1

Source: global traffic	DNS traffic detected: DNS query: secure-network-rebirthltd.ru
Source: global traffic	DNS traffic detected: DNS query: daisy.ubuntu.com

Source: Xorg.0.log.162.dr	String found in binary or memory: http://wiki.x.org
Source: Xorg.0.log.162.dr	String found in binary or memory: http://www.ubuntu.com/support)

System Summary

Malicious sample detected (through community Yara rule)

Source: x86_64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: x86_64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
Source: x86_64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: x86_64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
Source: x86_64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d0c57a2e Author: unknown
Source: x86_64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: x86_64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
Source: x86_64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: x86_64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown
Source: x86_64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
Source: 5490.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: 5490.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
Source: 5490.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: 5490.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
Source: 5490.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d0c57a2e Author: unknown
Source: 5490.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: 5490.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
Source: 5490.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: 5490.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown
Source: 5490.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
Source: 5492.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: 5492.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
Source: 5492.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: 5492.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
Source: 5492.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d0c57a2e Author: unknown
Source: 5492.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: 5492.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
Source: 5492.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: 5492.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown
Source: 5492.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
Source: 5493.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: 5493.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
Source: 5493.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: 5493.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
Source: 5493.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d0c57a2e Author: unknown
Source: 5493.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: 5493.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
Source: 5493.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: 5493.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown
Source: 5493.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown

Sample tries to kill a massive number of system processes

Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 2, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 3, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 4, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 5, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 6, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 7, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 8, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 9, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 10, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 11, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 12, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 13, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 14, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 15, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 16, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 17, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 18, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 19, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 20, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 21, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 22, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 23, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 24, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 25, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 26, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 27, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 28, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 29, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 30, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 35, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 77, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 78, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 79, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 80, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 81, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 82, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 83, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 84, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 85, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 86, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 88, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 89, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 91, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 92, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 93, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 94, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 95, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 96, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 97, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 98, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 99, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 100, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 101, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 102, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 103, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 104, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 105, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 106, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 107, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 108, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 109, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 110, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 111, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 112, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 113, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 114, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 115, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 116, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 117, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 118, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 119, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 120, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 121, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 122, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 123, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 124, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 125, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 126, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 127, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 128, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 129, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 130, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 131, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 132, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 135, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 142, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 145, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 158, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 202, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 203, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 204, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 205, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 234, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 235, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 240, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 242, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 243, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 244, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 245, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 246, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 247, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 248, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 249, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 250, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 251, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 252, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 253, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 254, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 255, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 256, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 257, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 258, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 259, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 260, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 261, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 262, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 263, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 264, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 265, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 266, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 267, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 268, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 269, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 270, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 271, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 272, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 273, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 274, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 275, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 276, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 277, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 278, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 279, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 280, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 281, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 282, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 283, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 284, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 285, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 286, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 287, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 288, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 289, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 290, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 291, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 292, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 293, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 294, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 295, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 296, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 297, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 298, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 299, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 300, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 301, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 302, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 303, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 304, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 305, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 306, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 307, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 308, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 309, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 310, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 311, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 312, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 313, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 314, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 315, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 316, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 317, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 318, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 319, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 320, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 321, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 322, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 323, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 324, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 325, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 326, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 327, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 328, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 329, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 333, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 348, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 378, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 418, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 419, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 512, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 514, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 519, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 548, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 657, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 658, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 659, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 660, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 671, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 674, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 678, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 679, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 683, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 684, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 740, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 800, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent to PID below 1000: pid: 941, result: successful	Jump to behavior

Sample tries to kill multiple processes (SIGKILL)

Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 2, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 3, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 4, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 5, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 6, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 7, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 8, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 9, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 10, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 11, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 12, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 13, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 14, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 15, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 16, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 17, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 18, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 19, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 20, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 21, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 22, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 23, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 24, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 25, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 26, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 27, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 28, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 29, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 30, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 35, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 77, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 78, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 79, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 80, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 81, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 82, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 83, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 84, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 85, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 86, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 88, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 89, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 91, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 92, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 93, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 94, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 95, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 96, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 97, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 98, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 99, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 100, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 101, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 102, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 103, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 104, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 105, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 106, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 107, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 108, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 109, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 110, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 111, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 112, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 113, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 114, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 115, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 116, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 117, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 118, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 119, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 120, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 121, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 122, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 123, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 124, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 125, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 126, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 127, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 128, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 129, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 130, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 131, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 132, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 135, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 142, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 145, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 158, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 202, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 203, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 204, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 205, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 234, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 235, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 240, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 242, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 243, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 244, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 245, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 246, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 247, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 248, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 249, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 250, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 251, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 252, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 253, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 254, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 255, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 256, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 257, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 258, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 259, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 260, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 261, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 262, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 263, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 264, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 265, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 266, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 267, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 268, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 269, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 270, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 271, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 272, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 273, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 274, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 275, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 276, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 277, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 278, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 279, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 280, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 281, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 282, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 283, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 284, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 285, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 286, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 287, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 288, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 289, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 290, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 291, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 292, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 293, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 294, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 295, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 296, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 297, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 298, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 299, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 300, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 301, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 302, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 303, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 304, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 305, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 306, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 307, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 308, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 309, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 310, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 311, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 312, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 313, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 314, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 315, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 316, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 317, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 318, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 319, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 320, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 321, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 322, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 323, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 324, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 325, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 326, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 327, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 328, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 329, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 333, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 348, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 378, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 418, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 419, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 512, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 514, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 519, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 548, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 657, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 658, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 659, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 660, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 671, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 674, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 678, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 679, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 683, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 684, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 740, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 800, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 941, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 1203, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 1314, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 1383, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 1394, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 1399, result: no such process	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 1560, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 1564, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 1567, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 1577, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 1583, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 1610, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 1630, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 1633, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 1635, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 1638, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 1639, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 1640, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 1642, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 1647, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 1650, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 1653, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 1655, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 1659, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 1661, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 1683, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 1712, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 1717, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 1873, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 2517, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 2672, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 3120, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 3134, result: no such process	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 3142, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 3147, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 3235, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 3245, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 3246, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 3304, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 3319, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 3329, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 3341, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 3361, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 3392, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 3398, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 3402, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 3406, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 3412, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 3420, result: no such process	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 3425, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 3636, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 3667, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 3761, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 3762, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 3763, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 3764, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 5439, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 5492, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 5493, result: unknown	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6057)	SIGKILL sent: pid: 6072, result: successful	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6057)	SIGKILL sent: pid: 6290, result: successful	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6057)	SIGKILL sent: pid: 6413, result: successful	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6078)	SIGKILL sent: pid: 6407, result: successful	Jump to behavior

Source: Initial sample	String containing 'busybox' found: /bin/busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
Source: Initial sample	String containing 'busybox' found: busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
Source: Initial sample	String containing 'busybox' found: setsockoptbindlistenhi im here, i thinkbindtoipconnectpoll/bin/busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT/bin/iptables -A INPUT -p tcp --dport 26721 -j ACCEPT/usr/bin/iptables -A INPUT -p tcp --dport 26721 -j ACCEPTbusybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT/proc/net/tcp/proc//fd0

Source: ELF static info symbol of initial sample

.symtab present: no

Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 2, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 3, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 4, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 5, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 6, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 7, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 8, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 9, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 10, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 11, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 12, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 13, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 14, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 15, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 16, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 17, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 18, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 19, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 20, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 21, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 22, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 23, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 24, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 25, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 26, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 27, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 28, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 29, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 30, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 35, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 77, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 78, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 79, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 80, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 81, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 82, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 83, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 84, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 85, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 86, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 88, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 89, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 91, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 92, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 93, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 94, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 95, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 96, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 97, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 98, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 99, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 100, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 101, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 102, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 103, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 104, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 105, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 106, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 107, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 108, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 109, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 110, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 111, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 112, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 113, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 114, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 115, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 116, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 117, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 118, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 119, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 120, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 121, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 122, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 123, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 124, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 125, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 126, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 127, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 128, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 129, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 130, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 131, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 132, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 135, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 142, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 145, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 158, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 202, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 203, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 204, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 205, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 234, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 235, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 240, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 242, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 243, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 244, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 245, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 246, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 247, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 248, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 249, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 250, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 251, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 252, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 253, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 254, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 255, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 256, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 257, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 258, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 259, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 260, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 261, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 262, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 263, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 264, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 265, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 266, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 267, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 268, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 269, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 270, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 271, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 272, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 273, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 274, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 275, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 276, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 277, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 278, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 279, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 280, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 281, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 282, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 283, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 284, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 285, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 286, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 287, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 288, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 289, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 290, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 291, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 292, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 293, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 294, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 295, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 296, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 297, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 298, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 299, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 300, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 301, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 302, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 303, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 304, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 305, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 306, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 307, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 308, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 309, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 310, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 311, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 312, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 313, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 314, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 315, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 316, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 317, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 318, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 319, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 320, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 321, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 322, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 323, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 324, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 325, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 326, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 327, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 328, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 329, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 333, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 348, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 378, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 418, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 419, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 512, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 514, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 519, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 548, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 657, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 658, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 659, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 660, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 671, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 674, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 678, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 679, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 683, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 684, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 740, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 800, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 941, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 1203, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 1314, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 1383, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 1394, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 1399, result: no such process	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 1560, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 1564, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 1567, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 1577, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 1583, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 1610, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 1630, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 1633, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 1635, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 1638, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 1639, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 1640, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 1642, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 1647, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 1650, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 1653, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 1655, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 1659, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 1661, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 1683, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 1712, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 1717, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 1873, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 2517, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 2672, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 3120, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 3134, result: no such process	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 3142, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 3147, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 3235, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 3245, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 3246, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 3304, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 3319, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 3329, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 3341, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 3361, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 3392, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 3398, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 3402, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 3406, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 3412, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 3420, result: no such process	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 3425, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 3636, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 3667, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 3761, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 3762, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 3763, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 3764, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 5439, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 5492, result: successful	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5493)	SIGKILL sent: pid: 5493, result: unknown	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6057)	SIGKILL sent: pid: 6072, result: successful	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6057)	SIGKILL sent: pid: 6290, result: successful	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6057)	SIGKILL sent: pid: 6413, result: successful	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6078)	SIGKILL sent: pid: 6407, result: successful	Jump to behavior

Source: x86_64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: x86_64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
Source: x86_64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: x86_64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
Source: x86_64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d0c57a2e os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ee7d3a33575ed3aa7431489a8fb18bf30cfd5d6c776066ab2a27f93303124b6, id = d0c57a2e-c10c-436c-be13-50a269326cf2, last_modified = 2021-09-16
Source: x86_64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: x86_64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
Source: x86_64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: x86_64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16
Source: x86_64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
Source: 5490.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: 5490.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
Source: 5490.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: 5490.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
Source: 5490.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d0c57a2e os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ee7d3a33575ed3aa7431489a8fb18bf30cfd5d6c776066ab2a27f93303124b6, id = d0c57a2e-c10c-436c-be13-50a269326cf2, last_modified = 2021-09-16
Source: 5490.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: 5490.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
Source: 5490.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: 5490.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16
Source: 5490.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
Source: 5492.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: 5492.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
Source: 5492.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: 5492.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
Source: 5492.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d0c57a2e os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ee7d3a33575ed3aa7431489a8fb18bf30cfd5d6c776066ab2a27f93303124b6, id = d0c57a2e-c10c-436c-be13-50a269326cf2, last_modified = 2021-09-16
Source: 5492.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: 5492.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
Source: 5492.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: 5492.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16
Source: 5492.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
Source: 5493.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: 5493.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
Source: 5493.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: 5493.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
Source: 5493.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d0c57a2e os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ee7d3a33575ed3aa7431489a8fb18bf30cfd5d6c776066ab2a27f93303124b6, id = d0c57a2e-c10c-436c-be13-50a269326cf2, last_modified = 2021-09-16
Source: 5493.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: 5493.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
Source: 5493.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: 5493.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16
Source: 5493.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16

Source: classification engine

Classification label: mal96.spre.troj.linELF@0/55@11/0

Persistence and Installation Behavior

Executes the "iptables" command to insert, remove and/or manipulate rules

Source: /bin/sh (PID: 5757)

Iptables executable using switch for changing the iptables rules: /usr/sbin/iptables -> iptables -A INPUT -p tcp --dport 26721 -j ACCEPT

Jump to behavior

Sample reads /proc/mounts (often used for finding a writable filesystem)

Source: /bin/fusermount (PID: 5524)	File: /proc/5524/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 5957)	File: /proc/5957/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6057)	File: /proc/6057/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6078)	File: /proc/6078/mounts	Jump to behavior
Source: /usr/bin/gjs (PID: 6414)	File: /proc/6414/mounts	Jump to behavior
Source: /usr/bin/gnome-shell (PID: 6116)	File: /proc/6116/mounts	Jump to behavior

Source: /usr/libexec/gsd-wacom (PID: 5519)	Directory: /var/lib/gdm3/.Xdefaults	Jump to behavior
Source: /usr/libexec/gsd-wacom (PID: 5519)	Directory: /var/lib/gdm3/.Xdefaults-galassia	Jump to behavior
Source: /usr/libexec/gsd-keyboard (PID: 5523)	Directory: /var/lib/gdm3/.Xdefaults	Jump to behavior
Source: /usr/libexec/gsd-keyboard (PID: 5523)	Directory: /var/lib/gdm3/.Xdefaults-galassia	Jump to behavior
Source: /usr/libexec/gsd-rfkill (PID: 5527)	Directory: <invalid fd (9)>/..	Jump to behavior
Source: /usr/libexec/gsd-rfkill (PID: 5527)	Directory: <invalid fd (8)>/..	Jump to behavior
Source: /usr/libexec/gsd-color (PID: 5537)	Directory: /var/lib/gdm3/.Xdefaults	Jump to behavior
Source: /usr/libexec/gsd-color (PID: 5537)	Directory: /var/lib/gdm3/.Xdefaults-galassia	Jump to behavior
Source: /usr/libexec/gsd-media-keys (PID: 5539)	Directory: /var/lib/gdm3/.Xdefaults	Jump to behavior
Source: /usr/libexec/gsd-media-keys (PID: 5539)	Directory: /var/lib/gdm3/.Xdefaults-galassia	Jump to behavior
Source: /usr/libexec/gsd-media-keys (PID: 5539)	Directory: /usr/share/locale/en_US.UTF-8/LC_MESSAGES/.mo	Jump to behavior
Source: /usr/libexec/gsd-media-keys (PID: 5539)	Directory: /usr/share/locale/en_US.utf8/LC_MESSAGES/.mo	Jump to behavior
Source: /usr/libexec/gsd-media-keys (PID: 5539)	Directory: /usr/share/locale/en_US/LC_MESSAGES/.mo	Jump to behavior
Source: /usr/libexec/gsd-media-keys (PID: 5539)	Directory: /usr/share/locale/en.UTF-8/LC_MESSAGES/.mo	Jump to behavior
Source: /usr/libexec/gsd-media-keys (PID: 5539)	Directory: /usr/share/locale/en.utf8/LC_MESSAGES/.mo	Jump to behavior
Source: /usr/libexec/gsd-media-keys (PID: 5539)	Directory: /usr/share/locale/en/LC_MESSAGES/.mo	Jump to behavior
Source: /usr/libexec/gsd-media-keys (PID: 5539)	Directory: /usr/share/locale-langpack/en_US.UTF-8/LC_MESSAGES/.mo	Jump to behavior
Source: /usr/libexec/gsd-media-keys (PID: 5539)	Directory: /usr/share/locale-langpack/en_US.utf8/LC_MESSAGES/.mo	Jump to behavior
Source: /usr/libexec/gsd-media-keys (PID: 5539)	Directory: /usr/share/locale-langpack/en_US/LC_MESSAGES/.mo	Jump to behavior
Source: /usr/libexec/gsd-media-keys (PID: 5539)	Directory: /usr/share/locale-langpack/en.UTF-8/LC_MESSAGES/.mo	Jump to behavior
Source: /usr/libexec/gsd-media-keys (PID: 5539)	Directory: /usr/share/locale-langpack/en.utf8/LC_MESSAGES/.mo	Jump to behavior
Source: /usr/libexec/gsd-media-keys (PID: 5539)	Directory: /usr/share/locale-langpack/en/LC_MESSAGES/.mo	Jump to behavior
Source: /usr/libexec/gsd-power (PID: 5542)	Directory: /var/lib/gdm3/.Xdefaults	Jump to behavior
Source: /usr/libexec/gsd-power (PID: 5542)	Directory: /var/lib/gdm3/.Xdefaults-galassia	Jump to behavior
Source: /lib/systemd/systemd-hostnamed (PID: 5567)	Directory: <invalid fd (10)>/..	Jump to behavior
Source: /usr/lib/accountsservice/accounts-daemon (PID: 5733)	Directory: /var/lib/gdm3/.pam_environment	Jump to behavior
Source: /usr/lib/accountsservice/accounts-daemon (PID: 5733)	Directory: /root/.cache	Jump to behavior
Source: /usr/libexec/colord (PID: 5745)	Directory: /var/lib/colord/.cache	Jump to behavior
Source: /usr/bin/gnome-shell (PID: 5981)	Directory: <invalid fd (11)>/..	Jump to behavior
Source: /usr/bin/gnome-shell (PID: 5981)	Directory: <invalid fd (10)>/..	Jump to behavior
Source: /usr/lib/xorg/Xorg (PID: 6016)	Directory: <invalid fd (23)>/..	Jump to behavior
Source: /usr/lib/xorg/Xorg (PID: 6016)	Directory: <invalid fd (22)>/..	Jump to behavior
Source: /usr/libexec/gnome-session-check-accelerated (PID: 6059)	Directory: /var/lib/gdm3/.drirc	Jump to behavior
Source: /usr/libexec/gnome-session-check-accelerated (PID: 6059)	Directory: /var/lib/gdm3/.Xdefaults	Jump to behavior
Source: /usr/libexec/gnome-session-check-accelerated (PID: 6059)	Directory: /var/lib/gdm3/.Xdefaults-galassia	Jump to behavior
Source: /usr/libexec/gnome-session-check-accelerated-gl-helper (PID: 6079)	Directory: /var/lib/gdm3/.drirc	Jump to behavior
Source: /usr/libexec/gnome-session-check-accelerated-gles-helper (PID: 6088)	Directory: /var/lib/gdm3/.Xdefaults	Jump to behavior
Source: /usr/libexec/gnome-session-check-accelerated-gles-helper (PID: 6088)	Directory: /var/lib/gdm3/.Xdefaults-galassia	Jump to behavior
Source: /usr/libexec/gnome-session-check-accelerated-gles-helper (PID: 6088)	Directory: /var/lib/gdm3/.drirc	Jump to behavior
Source: /usr/bin/gnome-shell (PID: 6116)	Directory: /var/lib/gdm3/.drirc	Jump to behavior
Source: /usr/bin/gnome-shell (PID: 6116)	Directory: <invalid fd (12)>/..	Jump to behavior
Source: /usr/bin/gnome-shell (PID: 6116)	Directory: <invalid fd (11)>/..	Jump to behavior
Source: /usr/bin/gnome-shell (PID: 6116)	Directory: /var/lib/gdm3/.Xdefaults	Jump to behavior
Source: /usr/bin/gnome-shell (PID: 6116)	Directory: /var/lib/gdm3/.Xdefaults-galassia	Jump to behavior
Source: /usr/bin/gnome-shell (PID: 6116)	Directory: <invalid fd (14)>/..	Jump to behavior
Source: /usr/bin/gnome-shell (PID: 6116)	Directory: <invalid fd (13)>/..	Jump to behavior
Source: /usr/libexec/ibus-x11 (PID: 6288)	Directory: /var/lib/gdm3/.Xdefaults
Source: /usr/libexec/ibus-x11 (PID: 6288)	Directory: /var/lib/gdm3/.Xdefaults-galassia
Source: /usr/libexec/gsd-wacom (PID: 6433)	Directory: /var/lib/gdm3/.Xdefaults
Source: /usr/libexec/gsd-wacom (PID: 6433)	Directory: /var/lib/gdm3/.Xdefaults-galassia
Source: /usr/libexec/gsd-color (PID: 6435)	Directory: /var/lib/gdm3/.Xdefaults
Source: /usr/libexec/gsd-color (PID: 6435)	Directory: /var/lib/gdm3/.Xdefaults-galassia
Source: /usr/libexec/gsd-keyboard (PID: 6436)	Directory: /var/lib/gdm3/.Xdefaults
Source: /usr/libexec/gsd-keyboard (PID: 6436)	Directory: /var/lib/gdm3/.Xdefaults-galassia
Source: /usr/libexec/gsd-rfkill (PID: 6438)	Directory: <invalid fd (9)>/..
Source: /usr/libexec/gsd-rfkill (PID: 6438)	Directory: <invalid fd (8)>/..
Source: /usr/libexec/gsd-media-keys (PID: 6444)	Directory: /var/lib/gdm3/.Xdefaults
Source: /usr/libexec/gsd-media-keys (PID: 6444)	Directory: /var/lib/gdm3/.Xdefaults-galassia
Source: /usr/libexec/gsd-media-keys (PID: 6444)	Directory: /usr/share/locale/en_US.UTF-8/LC_MESSAGES/.mo
Source: /usr/libexec/gsd-media-keys (PID: 6444)	Directory: /usr/share/locale/en_US.utf8/LC_MESSAGES/.mo
Source: /usr/libexec/gsd-media-keys (PID: 6444)	Directory: /usr/share/locale/en_US/LC_MESSAGES/.mo
Source: /usr/libexec/gsd-media-keys (PID: 6444)	Directory: /usr/share/locale/en.UTF-8/LC_MESSAGES/.mo
Source: /usr/libexec/gsd-media-keys (PID: 6444)	Directory: /usr/share/locale/en.utf8/LC_MESSAGES/.mo
Source: /usr/libexec/gsd-media-keys (PID: 6444)	Directory: /usr/share/locale/en/LC_MESSAGES/.mo
Source: /usr/libexec/gsd-media-keys (PID: 6444)	Directory: /usr/share/locale-langpack/en_US.UTF-8/LC_MESSAGES/.mo
Source: /usr/libexec/gsd-media-keys (PID: 6444)	Directory: /usr/share/locale-langpack/en_US.utf8/LC_MESSAGES/.mo
Source: /usr/libexec/gsd-media-keys (PID: 6444)	Directory: /usr/share/locale-langpack/en_US/LC_MESSAGES/.mo
Source: /usr/libexec/gsd-media-keys (PID: 6444)	Directory: /usr/share/locale-langpack/en.UTF-8/LC_MESSAGES/.mo
Source: /usr/libexec/gsd-media-keys (PID: 6444)	Directory: /usr/share/locale-langpack/en.utf8/LC_MESSAGES/.mo
Source: /usr/libexec/gsd-media-keys (PID: 6444)	Directory: /usr/share/locale-langpack/en/LC_MESSAGES/.mo
Source: /usr/libexec/gsd-power (PID: 6458)	Directory: /var/lib/gdm3/.Xdefaults
Source: /usr/libexec/gsd-power (PID: 6458)	Directory: /var/lib/gdm3/.Xdefaults-galassia
Source: /lib/systemd/systemd-hostnamed (PID: 6477)	Directory: <invalid fd (10)>/..

Source: /usr/bin/dbus-daemon (PID: 6078)	File opened: /proc/6078/status	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6078)	File opened: /proc/6078/attr/current	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6078)	File opened: /proc/6088/cmdline	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6078)	File opened: /proc/6288/cmdline	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6078)	File opened: /proc/6059/cmdline	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6078)	File opened: /proc/6433/cmdline	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6078)	File opened: /proc/6444/cmdline	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6078)	File opened: /proc/6436/cmdline	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6078)	File opened: /proc/6458/cmdline	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6078)	File opened: /proc/6116/cmdline	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6078)	File opened: /proc/6435/cmdline	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6078)	File opened: /proc/6408/cmdline	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6057)	File opened: /proc/6058/cmdline	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6057)	File opened: /proc/6058/cmdline	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6057)	File opened: /proc/6476/cmdline	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6057)	File opened: /proc/6057/status	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6057)	File opened: /proc/6057/attr/current	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6057)	File opened: /proc/6431/cmdline	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6057)	File opened: /proc/6453/cmdline	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6057)	File opened: /proc/6455/cmdline	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6057)	File opened: /proc/6059/cmdline	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6057)	File opened: /proc/6433/cmdline	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6057)	File opened: /proc/6291/cmdline	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6057)	File opened: /proc/6073/cmdline	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6057)	File opened: /proc/6449/cmdline	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6057)	File opened: /proc/6408/cmdline	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6057)	File opened: /proc/6441/cmdline	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6057)	File opened: /proc/6445/cmdline	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6057)	File opened: /proc/6444/cmdline	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6057)	File opened: /proc/6282/cmdline	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6057)	File opened: /proc/6414/cmdline	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6057)	File opened: /proc/6436/cmdline	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6057)	File opened: /proc/6458/cmdline	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6057)	File opened: /proc/6116/cmdline	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6057)	File opened: /proc/6435/cmdline	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6057)	File opened: /proc/6438/cmdline	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6057)	File opened: /proc/6437/cmdline	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6057)	File opened: /proc/6439/cmdline	Jump to behavior

Source: /tmp/x86_64.elf (PID: 5755)	Shell command executed: sh -c "iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5768)	Shell command executed: sh -c "/bin/busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5770)	Shell command executed: sh -c "/bin/iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5772)	Shell command executed: sh -c "/usr/bin/iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"	Jump to behavior
Source: /tmp/x86_64.elf (PID: 5775)	Shell command executed: sh -c "busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"	Jump to behavior
Source: /usr/share/language-tools/language-options (PID: 5760)	Shell command executed: sh -c "locale -a \| grep -F .utf8 "	Jump to behavior
Source: /usr/lib/xorg/Xorg (PID: 6026)	Shell command executed: sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""	Jump to behavior
Source: /usr/lib/xorg/Xorg (PID: 6289)	Shell command executed: sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""	Jump to behavior

Source: /bin/sh (PID: 5763)

Grep executable: /usr/bin/grep -> grep -F .utf8

Jump to behavior

Source: /bin/sh (PID: 5757)

Iptables executable: /usr/sbin/iptables -> iptables -A INPUT -p tcp --dport 26721 -j ACCEPT

Jump to behavior

Source: /usr/lib/accountsservice/accounts-daemon (PID: 5733)	File: /var/lib/AccountsService/icons (bits: - usr: rx grp: rwx all: rwx)			Jump to behavior
Source: /usr/lib/accountsservice/accounts-daemon (PID: 5733)	File: /var/lib/AccountsService/users (bits: - usr: - grp: - all: rwx)			Jump to behavior

Source: /usr/lib/xorg/Xorg (PID: 6016)

Log file created: /var/log/Xorg.0.log

Jump to dropped file

Source: /usr/lib/xorg/Xorg (PID: 6016)

Truncated file: /var/log/Xorg.pid-6016.log

Jump to behavior

Source: /usr/lib/xorg/Xorg (PID: 6016)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/libexec/gnome-session-check-accelerated (PID: 6059)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/libexec/gnome-session-check-accelerated-gl-helper (PID: 6079)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/libexec/gnome-session-check-accelerated-gles-helper (PID: 6088)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/gnome-shell (PID: 6116)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pulseaudio (PID: 6299)	Reads CPU info from /sys: /sys/devices/system/cpu/online

Source: /bin/busybox (PID: 5769)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/busybox (PID: 5776)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/libexec/gsd-wacom (PID: 5519)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/libexec/gsd-keyboard (PID: 5523)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/libexec/gsd-smartcard (PID: 5530)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/libexec/gsd-color (PID: 5537)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/libexec/gsd-media-keys (PID: 5539)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/libexec/gsd-power (PID: 5542)	Queries kernel information via 'uname':	Jump to behavior
Source: /lib/systemd/systemd-hostnamed (PID: 5567)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/libexec/colord-sane (PID: 5937)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/gdm3/gdm-session-worker (PID: 5938)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/libexec/gnome-session-binary (PID: 5959)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/gdm3/gdm-session-worker (PID: 5989)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/gdm3/gdm-x-session (PID: 6014)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/xorg/Xorg (PID: 6016)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/libexec/at-spi-bus-launcher (PID: 6073)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/libexec/at-spi2-registryd (PID: 6408)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/libexec/gnome-session-binary (PID: 6058)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/libexec/gnome-session-check-accelerated (PID: 6059)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/libexec/gnome-session-check-accelerated-gl-helper (PID: 6079)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/libexec/gnome-session-check-accelerated-gles-helper (PID: 6088)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/gnome-shell (PID: 6116)	Queries kernel information via 'uname':
Source: /usr/libexec/ibus-x11 (PID: 6288)	Queries kernel information via 'uname':
Source: /usr/libexec/gsd-wacom (PID: 6433)	Queries kernel information via 'uname':
Source: /usr/libexec/gsd-color (PID: 6435)	Queries kernel information via 'uname':
Source: /usr/libexec/gsd-keyboard (PID: 6436)	Queries kernel information via 'uname':
Source: /usr/libexec/gsd-smartcard (PID: 6439)	Queries kernel information via 'uname':
Source: /usr/libexec/gsd-media-keys (PID: 6444)	Queries kernel information via 'uname':
Source: /usr/libexec/gsd-power (PID: 6458)	Queries kernel information via 'uname':
Source: /usr/bin/pulseaudio (PID: 6299)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-hostnamed (PID: 6477)	Queries kernel information via 'uname':
Source: /usr/libexec/fprintd (PID: 6676)	Queries kernel information via 'uname':

Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.173] (II) vmware(0): Not using default mode "2880x1620" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 157.357] (II) event2 - VirtualPS/2 VMware VMMouse: device is a pointer
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.981] (II) vmware(0): Not using default mode "320x180" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.195] (II) vmware(0): Not using default mode "1600x900" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.608] (II) vmware(0): Not using default mode "640x480" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.632] (II) vmware(0): Not using default mode "1280x1024" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.484] (II) vmware(0): Modeline "1152x864"x75.0 104.99 1152 1224 1352 1552 864 865 868 902 -hsync +vsync (67.6 kHz d)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.371] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.857] (II) vmware(0): Not using default mode "1600x1024" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.599] (II) vmware(0): Not using default mode "640x480" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.191] (II) vmware(0): Not using default mode "3200x1800" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.783] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.690] (II) vmware(0): Not using default mode "800x600" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.460] (**) vmware(0): Default mode "1152x864": 119.7 MHz, 77.1 kHz, 85.0 Hz
Source: Xorg.0.log.162.dr	Binary or memory string: [ 157.113] (**) VirtualPS/2 VMware VMMouse: always reports core events
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.566] (II) vmware(0): Modeline "832x624"x74.6 57.28 832 864 928 1152 624 625 628 667 -hsync -vsync (49.7 kHz d)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.746] (II) vmware(0): Not using default mode "1920x1440" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.332] (II) vmware(0): Not using default mode "1280x800" (width requires unsupported line pitch)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.699] (II) vmware(0): Modeline "640x400"x85.1 31.50 640 672 736 832 400 401 404 445 -hsync +vsync (37.9 kHz d)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.634] (**) vmware(0): Default mode "640x480": 36.0 MHz, 43.3 kHz, 85.0 Hz
Source: Xorg.0.log.162.dr	Binary or memory string: [ 148.146] (II) vmware(0): Creating default Display subsection in Screen section
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.061] (II) vmware(0): Not using default mode "640x360" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.802] (II) vmware(0): Not using default mode "680x384" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.093] (II) vmware(0): Not using default mode "1600x900" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 157.352] (II) event2 - VirtualPS/2 VMware VMMouse: is tagged by udev as: Mouse
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.521] (II) vmware(0): Modeline "1024x768"x75.0 78.75 1024 1040 1136 1312 768 769 772 800 +hsync +vsync (60.0 kHz d)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 157.229] (II) event3 - VirtualPS/2 VMware VMMouse: is tagged by udev as: Mouse
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.588] (**) vmware(0): Default mode "800x600": 49.5 MHz, 46.9 kHz, 75.0 Hz
Source: Xorg.0.log.162.dr	Binary or memory string: [ 157.390] (**) VirtualPS/2 VMware VMMouse: (accel) selected scheme none/0
Source: Xorg.0.log.162.dr	Binary or memory string: [ 148.007] (II) vmware: driver for VMware SVGA: vmware0405, vmware0710
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.488] (**) vmware(0): Default mode "1152x864": 96.8 MHz, 63.0 kHz, 70.0 Hz
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.579] (II) vmware(0): Not using default mode "512x384" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 157.161] (II) event3 - VirtualPS/2 VMware VMMouse: is tagged by udev as: Mouse
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.516] (**) vmware(0): Default mode "1024x768": 78.8 MHz, 60.0 kHz, 75.0 Hz
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.420] (--) vmware(0): mheig: 885
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.317] (II) vmware(0): Not using default mode "7680x4320" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 157.419] (II) event2 - VirtualPS/2 VMware VMMouse: is tagged by udev as: Mouse
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.963] (II) vmware(0): Not using default mode "1024x768" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.159] (II) vmware(0): Not using default mode "1280x720" (width requires unsupported line pitch)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.413] (II) vmware(0): Not using default mode "2560x1600" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 147.433] (II) Loading /usr/lib/xorg/modules/drivers/vmware_drv.so
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.816] (II) vmware(0): Not using default mode "1400x1050" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.450] (**) vmware(0): Default mode "1152x864": 121.5 MHz, 77.5 kHz, 85.1 Hz
Source: Xorg.0.log.162.dr	Binary or memory string: [ 157.394] (**) VirtualPS/2 VMware VMMouse: (accel) acceleration factor: 2.000
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.967] (II) vmware(0): Not using default mode "2048x1536" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 151.477] (EE) vmware(0): Failed to open drm.
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.625] (**) vmware(0): Default mode "864x486": 32.5 MHz, 30.3 kHz, 59.9 Hz
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.675] (II) vmware(0): Not using default mode "1600x1200" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.312] (II) vmware(0): Not using default mode "15360x8640" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.544] (II) vmware(0): Not using default mode "400x300" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.218] (II) vmware(0): Not using default mode "4096x2304" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.247] (II) vmware(0): Not using default mode "2560x1440" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.871] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.450] (--) vmware(0): w.blu: 8
Source: Xorg.0.log.162.dr	Binary or memory string: [ 157.199] (**) VirtualPS/2 VMware VMMouse: (accel) selected scheme none/0
Source: Xorg.0.log.162.dr	Binary or memory string: [ 157.375] (II) XINPUT: Adding extended input device "VirtualPS/2 VMware VMMouse" (type: MOUSE, id 9)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.097] (II) vmware(0): Not using default mode "800x450" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.677] (**) vmware(0): Default mode "720x405": 22.5 MHz, 25.1 kHz, 59.5 Hz
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.397] (--) vmware(0): depth: 24
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.505] (II) vmware(0): Not using default mode "360x200" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.760] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.551] (**) vmware(0): Default mode "1024x576": 46.5 MHz, 35.9 kHz, 59.9 Hz
Source: Xorg.0.log.162.dr	Binary or memory string: [ 154.109] (II) vmware(0): vgaHWGetIOBase: hwp->IOBase is 0x03d0
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.574] (II) vmware(0): Not using default mode "512x384" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 157.233] (II) event3 - VirtualPS/2 VMware VMMouse: device is a pointer
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.186] (II) vmware(0): Not using default mode "1600x900" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.251] (II) vmware(0): Not using default mode "5120x2880" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 157.185] (II) XINPUT: Adding extended input device "VirtualPS/2 VMware VMMouse" (type: MOUSE, id 8)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.861] (II) vmware(0): Not using default mode "800x512" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.454] (--) vmware(0): vis: 4
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.713] (**) vmware(0): Default mode "640x360": 17.8 MHz, 22.2 kHz, 59.3 Hz
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.154] (II) vmware(0): Not using default mode "2560x1440" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.199] (II) vmware(0): Not using default mode "3840x2160" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.014] (II) vmware(0): Not using default mode "960x540" (monitor doesn't support reduced blanking)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.415] (--) vmware(0): mwidt: 1176
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.111] (II) vmware(0): Not using default mode "1920x1080" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.299] (II) vmware(0): Not using default mode "15360x8640" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 157.281] (**) VirtualPS/2 VMware VMMouse: Applying InputClass "libinput pointer catchall"
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.671] (II) vmware(0): Not using default mode "800x600" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.402] (--) vmware(0): bpp: 32
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.270] (II) vmware(0): Not using default mode "7680x4320" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.727] (II) vmware(0): Modeline "640x350"x85.1 31.50 640 672 736 832 350 382 385 445 +hsync -vsync (37.9 kHz d)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 157.277] (II) config/udev: Adding input device VirtualPS/2 VMware VMMouse (/dev/input/event2)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.342] (II) vmware(0): Not using default mode "1400x900" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.510] (II) vmware(0): Not using default mode "320x240" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.266] (II) vmware(0): Not using default mode "3840x2160" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 157.170] (II) event3 - VirtualPS/2 VMware VMMouse: device removed
Source: Xorg.0.log.162.dr	Binary or memory string: [ 157.285] (II) Using input driver 'libinput' for 'VirtualPS/2 VMware VMMouse'
Source: Xorg.0.log.162.dr	Binary or memory string: [ 151.487] (WW) vmware(0): Disabling 3D support.
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.534] (II) vmware(0): Not using default mode "400x300" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.406] (--) vmware(0): vram: 4194304
Source: Xorg.0.log.162.dr	Binary or memory string: [ 154.170] (II) vmware(0): Initialized VMware Xv extension successfully.
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.471] (==) vmware(0): Default visual is TrueColor
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.666] (II) vmware(0): Not using default mode "1600x1200" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.327] (II) vmware(0): Not using default mode "640x400" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 154.104] (II) vmware(0): Initialized VMware Xinerama extension.
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.602] (II) vmware(0): Modeline "800x600"x72.2 50.00 800 856 976 1040 600 637 643 666 +hsync +vsync (48.1 kHz d)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.718] (II) vmware(0): Not using default mode "928x696" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.088] (II) vmware(0): Not using default mode "800x450" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.004] (II) vmware(0): Not using default mode "432x243" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.653] (II) vmware(0): Modeline "640x480"x75.0 31.50 640 656 720 840 480 481 484 500 -hsync -vsync (37.5 kHz d)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.811] (II) vmware(0): Not using default mode "700x525" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.232] (II) vmware(0): Not using default mode "2048x1152" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.622] (II) vmware(0): Not using default mode "1280x1024" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.709] (II) vmware(0): Not using default mode "896x672" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.681] (II) vmware(0): Modeline "720x405"x59.5 22.50 720 744 808 896 405 408 413 422 -hsync +vsync (25.1 kHz d)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 157.399] (**) VirtualPS/2 VMware VMMouse: (accel) acceleration threshold: 4
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.756] (II) vmware(0): Not using default mode "416x312" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.065] (II) vmware(0): Not using default mode "1368x768" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 147.349] (==) Matched vmware as autoconfigured driver 0
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.237] (II) vmware(0): Not using default mode "5120x2880" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.704] (**) vmware(0): Default mode "640x360": 18.0 MHz, 22.5 kHz, 59.8 Hz
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.896] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.493] (II) vmware(0): Modeline "1152x864"x70.0 96.77 1152 1224 1344 1536 864 865 868 900 -hsync +vsync (63.0 kHz d)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.722] (II) vmware(0): Not using default mode "1856x1392" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 157.424] (II) event2 - VirtualPS/2 VMware VMMouse: device is a pointer
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.436] (**) vmware(0): Default mode "1152x864": 143.5 MHz, 91.5 kHz, 100.0 Hz
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.116] (II) vmware(0): Not using default mode "960x540" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.949] (II) vmware(0): Not using default mode "2048x1536" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.503] (II) vmware(0): Modeline "1152x864"x60.0 81.62 1152 1216 1336 1520 864 865 868 895 -hsync +vsync (53.7 kHz d)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.564] (II) vmware(0): Not using default mode "512x384i" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 154.163] (==) vmware(0): Silken mouse enabled
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.647] (II) vmware(0): Not using default mode "1600x1200" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.525] (II) vmware(0): Not using default mode "320x240" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.385] (II) vmware(0): Not using default mode "1920x1200" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.825] (II) vmware(0): Not using default mode "1400x1050" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.731] (==) vmware(0): DPI set to (96, 96)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 157.253] (II) config/udev: Adding input device VirtualPS/2 VMware VMMouse (/dev/input/mouse1)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.891] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.699] (II) vmware(0): Not using default mode "896x672" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.163] (II) vmware(0): Not using default mode "2880x1620" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.168] (II) vmware(0): Not using default mode "1440x810" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.411] (--) vmware(0): pbase: 0xe8000000
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.481] (==) vmware(0): Will set up a driver mode with dimensions 800x600.
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.399] (II) vmware(0): Not using default mode "960x600" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.584] (II) vmware(0): Modeline "800x600"x85.1 56.30 800 832 896 1048 600 601 604 631 +hsync +vsync (53.7 kHz d)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.774] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.929] (II) vmware(0): Not using default mode "960x600" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.943] (II) vmware(0): Not using default mode "960x720" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.380] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.639] (II) vmware(0): Modeline "640x480"x85.0 36.00 640 696 752 832 480 481 484 509 -hsync -vsync (43.3 kHz d)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.425] (--) vmware(0): depth: 24
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.009] (II) vmware(0): Not using default mode "432x243" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.366] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.620] (II) vmware(0): Modeline "800x600"x56.2 36.00 800 824 896 1024 600 601 603 625 +hsync +vsync (35.2 kHz d)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.531] (II) vmware(0): Modeline "1024x768"x70.1 75.00 1024 1048 1184 1328 768 771 777 806 -hsync -vsync (56.5 kHz d)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 157.166] (II) event3 - VirtualPS/2 VMware VMMouse: device is a pointer
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.479] (**) vmware(0): Default mode "1152x864": 105.0 MHz, 67.6 kHz, 75.0 Hz
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.486] (==) vmware(0): Using gamma correction (1.0, 1.0, 1.0)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.920] (II) vmware(0): Not using default mode "960x540" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.672] (II) vmware(0): Modeline "640x480"x59.9 25.18 640 656 752 800 480 490 492 525 -hsync -vsync (31.5 kHz d)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.910] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.618] (II) vmware(0): Not using default mode "640x512" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.866] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.214] (II) vmware(0): Not using default mode "1920x1080" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 151.506] (WW) vmware(0): Disabling RandR12+ support.
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.778] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 147.400] (II) LoadModule: "vmware"
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.788] (II) vmware(0): Not using default mode "1360x768" (width requires unsupported line pitch)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.629] (II) vmware(0): Modeline "864x486"x59.9 32.50 864 888 968 1072 486 489 494 506 -hsync +vsync (30.3 kHz d)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.611] (II) vmware(0): Modeline "800x600"x60.3 40.00 800 840 968 1056 600 601 605 628 +hsync +vsync (37.9 kHz d)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.526] (**) vmware(0): Default mode "1024x768": 75.0 MHz, 56.5 kHz, 70.1 Hz
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.120] (II) vmware(0): Not using default mode "2048x1152" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.023] (II) vmware(0): Not using default mode "480x270" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.792] (II) vmware(0): Not using default mode "680x384" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 157.209] (**) VirtualPS/2 VMware VMMouse: (accel) acceleration threshold: 4
Source: Xorg.0.log.162.dr	Binary or memory string: [ 157.087] (**) VirtualPS/2 VMware VMMouse: Applying InputClass "libinput pointer catchall"
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.648] (**) vmware(0): Default mode "640x480": 31.5 MHz, 37.5 kHz, 75.0 Hz
Source: Xorg.0.log.162.dr	Binary or memory string: [ 157.361] (II) event2 - VirtualPS/2 VMware VMMouse: device removed
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.607] (**) vmware(0): Default mode "800x600": 40.0 MHz, 37.9 kHz, 60.3 Hz
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.627] (II) vmware(0): Not using default mode "640x512" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.102] (II) vmware(0): Not using default mode "1920x1080" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.807] (II) vmware(0): Not using default mode "1400x1050" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 157.305] (**) VirtualPS/2 VMware VMMouse: always reports core events
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.474] (II) vmware(0): Modeline "1152x864"x75.0 108.00 1152 1216 1344 1600 864 865 868 900 +hsync +vsync (67.5 kHz d)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.458] (==) vmware(0): Depth 24, (==) framebuffer bpp 32
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.695] (**) vmware(0): Default mode "640x400": 31.5 MHz, 37.9 kHz, 85.1 Hz
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.149] (II) vmware(0): Not using default mode "1280x720" (width requires unsupported line pitch)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 154.092] (II) vmware(0): Initialized VMWARE_CTRL extension version 0.2
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.842] (II) vmware(0): Not using default mode "700x525" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.423] (II) vmware(0): Virtual size is 800x600 (pitch 1176)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.570] (**) vmware(0): Default mode "960x540": 40.8 MHz, 33.5 kHz, 59.6 Hz
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.990] (II) vmware(0): Not using default mode "360x202" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.797] (II) vmware(0): Not using default mode "1360x768" (width requires unsupported line pitch)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.322] (II) vmware(0): Not using default mode "1280x800" (width requires unsupported line pitch)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.656] (II) vmware(0): Not using default mode "1600x1200" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.028] (II) vmware(0): Not using default mode "1024x576" (monitor doesn't support reduced blanking)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.507] (**) vmware(0): Default mode "1024x768": 94.5 MHz, 68.7 kHz, 85.0 Hz
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.000] (II) vmware(0): Not using default mode "864x486" (monitor doesn't support reduced blanking)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.554] (II) vmware(0): Not using default mode "400x300" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.722] (**) vmware(0): Default mode "640x350": 31.5 MHz, 37.9 kHz, 85.1 Hz
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.915] (II) vmware(0): Not using default mode "1920x1080" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.445] (--) vmware(0): w.grn: 8
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.052] (II) vmware(0): Not using default mode "640x360" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.389] (II) vmware(0): Not using default mode "960x600" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.209] (II) vmware(0): Not using default mode "3840x2160" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 147.687] (II) Module vmware: vendor="X.Org Foundation"
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.569] (II) vmware(0): Not using default mode "512x384" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.886] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.498] (**) vmware(0): Default mode "1152x864": 81.6 MHz, 53.7 kHz, 60.0 Hz
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.579] (**) vmware(0): Default mode "800x600": 56.3 MHz, 53.7 kHz, 85.1 Hz
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.686] (**) vmware(0): Default mode "720x400": 35.5 MHz, 37.9 kHz, 85.0 Hz
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.972] (II) vmware(0): Not using default mode "1024x768" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.376] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.032] (II) vmware(0): Not using default mode "512x288" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.223] (II) vmware(0): Not using default mode "2048x1152" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.204] (II) vmware(0): Not using default mode "1920x1080" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.529] (II) vmware(0): Not using default mode "400x300" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.876] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.559] (II) vmware(0): Not using default mode "1024x768i" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.275] (II) vmware(0): Not using default mode "3840x2160" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.430] (--) vmware(0): bpp: 32
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.441] (II) vmware(0): Modeline "1152x864"x100.0 143.47 1152 1232 1360 1568 864 865 868 915 -hsync +vsync (91.5 kHz d)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.820] (II) vmware(0): Not using default mode "700x525" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.491] (II) vmware(0): Clock range: 0.00 to 400000.00 MHz
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.594] (II) vmware(0): Not using default mode "1280x960" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.616] (**) vmware(0): Default mode "800x600": 36.0 MHz, 35.2 kHz, 56.2 Hz
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.130] (II) vmware(0): Not using default mode "2048x1152" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.256] (II) vmware(0): Not using default mode "2560x1440" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.718] (II) vmware(0): Modeline "640x360"x59.3 17.75 640 688 720 800 360 363 368 374 +hsync -vsync (22.2 kHz d)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.985] (II) vmware(0): Not using default mode "720x405" (monitor doesn't support reduced blanking)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.455] (II) vmware(0): Modeline "1152x864"x85.1 121.50 1152 1216 1344 1568 864 865 868 911 +hsync -vsync (77.5 kHz d)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.540] (II) vmware(0): Modeline "1024x768"x60.0 65.00 1024 1048 1184 1344 768 771 777 806 -hsync -vsync (48.4 kHz d)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.704] (II) vmware(0): Not using default mode "1792x1344" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.680] (II) vmware(0): Not using default mode "800x600" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.465] (II) vmware(0): Modeline "1152x864"x85.0 119.65 1152 1224 1352 1552 864 865 868 907 -hsync +vsync (77.1 kHz d)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.182] (II) vmware(0): Not using default mode "3200x1800" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.652] (II) vmware(0): Not using default mode "800x600" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.434] (--) vmware(0): w.red: 8
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.261] (II) vmware(0): Not using default mode "7680x4320" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.512] (II) vmware(0): Modeline "1024x768"x85.0 94.50 1024 1072 1168 1376 768 769 772 808 +hsync +vsync (68.7 kHz d)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.037] (II) vmware(0): Not using default mode "512x288" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.074] (II) vmware(0): Not using default mode "1368x768" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.661] (II) vmware(0): Not using default mode "800x600" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 157.092] (II) Using input driver 'libinput' for 'VirtualPS/2 VMware VMMouse'
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.604] (II) vmware(0): Not using default mode "1280x960" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.901] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.496] (II) vmware(0): Not using default mode "320x175" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.852] (II) vmware(0): Not using default mode "720x450" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 157.204] (**) VirtualPS/2 VMware VMMouse: (accel) acceleration factor: 2.000
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.925] (II) vmware(0): Not using default mode "1920x1200" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.083] (II) vmware(0): Not using default mode "1600x900" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.769] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.934] (II) vmware(0): Not using default mode "1920x1440" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.140] (II) vmware(0): Not using default mode "2560x1440" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.593] (II) vmware(0): Modeline "800x600"x75.0 49.50 800 816 896 1056 600 601 604 625 +hsync +vsync (46.9 kHz d)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.954] (II) vmware(0): Not using default mode "1024x768" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.427] (*) vmware(0): Driver mode "vmwlegacy-default-800x600": 36.3 MHz, 36.2 kHz, 60.0 Hz
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.731] (II) vmware(0): Not using default mode "1920x1440" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.177] (II) vmware(0): Not using default mode "1440x810" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.307] (II) vmware(0): Not using default mode "7680x4320" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.714] (II) vmware(0): Not using default mode "1856x1392" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 154.157] (==) vmware(0): Backing store enabled
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.514] (II) vmware(0): Not using default mode "320x240" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 157.082] (II) config/udev: Adding input device VirtualPS/2 VMware VMMouse (/dev/input/event3)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.589] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.667] (**) vmware(0): Default mode "640x480": 25.2 MHz, 31.5 kHz, 59.9 Hz
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.834] (II) vmware(0): Not using default mode "1400x1050" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.476] (==) vmware(0): Using HW cursor
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.881] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.727] (II) vmware(0): Not using default mode "928x696" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.070] (II) vmware(0): Not using default mode "684x384" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.519] (II) vmware(0): Not using default mode "320x240" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.466] (==) vmware(0): RGB weight 888
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.336] (II) vmware(0): Not using default mode "640x400" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.549] (II) vmware(0): Not using default mode "400x300" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.584] (II) vmware(0): Not using default mode "512x384" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.056] (II) vmware(0): Not using default mode "1280x720" (width requires unsupported line pitch)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.764] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 151.513] (--) vmware(0): VMware SVGA regs at (0x1070, 0x1071)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.640] (II) vmware(0): Not using default mode "640x512" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.106] (II) vmware(0): Not using default mode "960x540" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.575] (II) vmware(0): Modeline "960x540"x59.6 40.75 960 992 1088 1216 540 543 548 562 -hsync +vsync (33.5 kHz d)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.976] (II) vmware(0): Not using default mode "320x180" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.958] (II) vmware(0): Not using default mode "2048x1536" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.392] (--) vmware(0): caps: 0xFDFF83E2
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.408] (II) vmware(0): Not using default mode "1280x800" (width requires unsupported line pitch)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 157.437] (II) config/udev: Adding input device VirtualPS/2 VMware VMMouse (/dev/input/mouse0)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.663] (II) vmware(0): Modeline "640x480"x72.8 31.50 640 664 704 832 480 489 492 520 -hsync -vsync (37.9 kHz d)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.613] (II) vmware(0): Not using default mode "1280x1024" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.685] (II) vmware(0): Not using default mode "1600x1200" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.047] (II) vmware(0): Not using default mode "1280x720" (width requires unsupported line pitch)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.228] (II) vmware(0): Not using default mode "4096x2304" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.394] (II) vmware(0): Not using default mode "1920x1200" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.905] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.349] (II) vmware(0): Not using default mode "700x450" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.690] (II) vmware(0): Modeline "720x400"x85.0 35.50 720 756 828 936 400 401 404 446 -hsync +vsync (37.9 kHz d)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.995] (II) vmware(0): Not using default mode "360x202" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.561] (**) vmware(0): Default mode "832x624": 57.3 MHz, 49.7 kHz, 74.6 Hz
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.470] (**) vmware(0): Default mode "1152x864": 108.0 MHz, 67.5 kHz, 75.0 Hz
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.738] (II) vmware(0): Not using default mode "960x720" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.134] (II) vmware(0): Not using default mode "1024x576" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.658] (**) vmware(0): Default mode "640x480": 31.5 MHz, 37.9 kHz, 72.8 Hz
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.597] (**) vmware(0): Default mode "800x600": 50.0 MHz, 48.1 kHz, 72.2 Hz
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.018] (II) vmware(0): Not using default mode "480x270" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.708] (II) vmware(0): Modeline "640x360"x59.8 18.00 640 664 720 800 360 363 368 376 -hsync +vsync (22.5 kHz d)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.079] (II) vmware(0): Not using default mode "684x384" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.125] (II) vmware(0): Not using default mode "1024x576" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.829] (II) vmware(0): Not using default mode "700x525" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.362] (II) vmware(0): Not using default mode "700x450" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.418] (II) vmware(0): Not using default mode "1280x800" (width requires unsupported line pitch)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 151.496] (WW) vmware(0): Disabling Render Acceleration.
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.535] (**) vmware(0): Default mode "1024x768": 65.0 MHz, 48.4 kHz, 60.0 Hz
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.403] (II) vmware(0): Not using default mode "2560x1600" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.556] (II) vmware(0): Modeline "1024x576"x59.9 46.50 1024 1064 1160 1296 576 579 584 599 -hsync +vsync (35.9 kHz d)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.501] (II) vmware(0): Not using default mode "320x200" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.848] (II) vmware(0): Not using default mode "1440x900" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.357] (II) vmware(0): Not using default mode "1400x900" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 153.432] (II) vmware(0): Modeline "vmwlegacy-default-800x600"x60.0 36.25 800 801 802 1002 600 601 602 603 (36.2 kHz ez)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.694] (II) vmware(0): Not using default mode "1792x1344" (insufficient memory for mode)
Source: Xorg.0.log.162.dr	Binary or memory string: [ 152.751] (II) vmware(0): Not using default mode "960x720" (bad mode clock/interlace/doublescan)

Language, Device and Operating System Detection

Reads system files that contain records of logged in users

Source: /usr/lib/accountsservice/accounts-daemon (PID: 5733)

Logged in records file read: /var/log/wtmp

Jump to behavior

Stealing of Sensitive Information

Yara detected Gafgyt

Source: Yara match	File source: x86_64.elf, type: SAMPLE
Source: Yara match	File source: 5490.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5492.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5493.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY

Remote Access Functionality

Yara detected Gafgyt

Source: Yara match	File source: x86_64.elf, type: SAMPLE
Source: Yara match	File source: 5490.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5492.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5493.1.0000000000400000.000000000041f000.r-x.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	Windows Management Instrumentation	1 Scripting	Path Interception	1 File and Directory Permissions Modification	1 OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Non-Standard Port	Exfiltration Over Other Network Medium	2 Service Stop
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Hidden Files and Directories	LSASS Memory	1 System Owner/User Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Indicator Removal	Security Account Manager	1 System Network Configuration Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	1 File and Directory Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	1 System Information Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
x86_64.elf	24%	ReversingLabs	Linux.Backdoor.Mirai
x86_64.elf	100%	Joe Sandbox ML

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
daisy.ubuntu.com	162.213.35.24	true	false		high
secure-network-rebirthltd.ru	83.222.191.146	true	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://wiki.x.org	Xorg.0.log.162.dr	false		high
http://www.ubuntu.com/support)	Xorg.0.log.162.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
83.222.191.146	secure-network-rebirthltd.ru	Bulgaria		43561	NET1-ASBG	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
83.222.191.146	dlr.arm6.elf	Get hash	malicious	Gafgyt	Browse	/binaries/arm6
	dlr.mpsl.elf	Get hash	malicious	Gafgyt	Browse	/binaries/mpsl
	dlr.arm7.elf	Get hash	malicious	Unknown	Browse	/binaries/arm7
	dlr.mips.elf	Get hash	malicious	Gafgyt	Browse	/binaries/mips

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
daisy.ubuntu.com	dlr.arm.elf	Get hash	malicious	Unknown	Browse	162.213.35.24
	wkb86.elf	Get hash	malicious	Mirai	Browse	162.213.35.25
	fnkea7.elf	Get hash	malicious	Mirai	Browse	162.213.35.25
	gnjqwpc.elf	Get hash	malicious	Mirai	Browse	162.213.35.25
	db0fa4b8db0333367e9bda3ab68b8042.arm6.elf	Get hash	malicious	Unknown	Browse	162.213.35.25
	wlw68k.elf	Get hash	malicious	Mirai	Browse	162.213.35.24
	arm7.elf	Get hash	malicious	Unknown	Browse	162.213.35.25
	x86_64.elf	Get hash	malicious	Gafgyt	Browse	162.213.35.24
	yakuza.arm6.elf	Get hash	malicious	Mirai	Browse	162.213.35.25
	yakuza.x86.elf	Get hash	malicious	Mirai	Browse	162.213.35.24
secure-network-rebirthltd.ru	mpsl.elf	Get hash	malicious	Gafgyt	Browse	83.222.191.146
	arm4.elf	Get hash	malicious	Gafgyt	Browse	83.222.191.146
	arm5.elf	Get hash	malicious	Gafgyt	Browse	83.222.191.146
	arm7.elf	Get hash	malicious	Unknown	Browse	83.222.191.146
	mips.elf	Get hash	malicious	Gafgyt	Browse	83.222.191.146
	x86_64.elf	Get hash	malicious	Gafgyt	Browse	83.222.191.146
	arm5.elf	Get hash	malicious	Gafgyt	Browse	83.222.191.146
	mpsl.elf	Get hash	malicious	Gafgyt	Browse	83.222.191.146
	arm4.elf	Get hash	malicious	Gafgyt	Browse	83.222.191.146

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
NET1-ASBG	dlr.arm6.elf	Get hash	malicious	Gafgyt	Browse	83.222.191.146
	dlr.mpsl.elf	Get hash	malicious	Gafgyt	Browse	83.222.191.146
	dlr.arm7.elf	Get hash	malicious	Unknown	Browse	83.222.191.146
	dlr.mips.elf	Get hash	malicious	Gafgyt	Browse	83.222.191.146
	mpsl.elf	Get hash	malicious	Gafgyt	Browse	83.222.191.146
	arm4.elf	Get hash	malicious	Gafgyt	Browse	83.222.191.146
	arm5.elf	Get hash	malicious	Gafgyt	Browse	83.222.191.146
	arm7.elf	Get hash	malicious	Unknown	Browse	83.222.191.146
	mips.elf	Get hash	malicious	Gafgyt	Browse	83.222.191.146
	x86_64.elf	Get hash	malicious	Gafgyt	Browse	83.222.191.146

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

/proc/5965/oom_score_adj

Download File

Process:	/usr/bin/dbus-daemon
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Reputation:	high, very likely benign file
Preview:	0

/proc/5968/oom_score_adj

Download File

Process:	/usr/bin/dbus-daemon
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Reputation:	high, very likely benign file
Preview:	0

/proc/5970/oom_score_adj

Download File

Process:	/usr/bin/dbus-daemon
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Reputation:	high, very likely benign file
Preview:	0

/proc/5972/oom_score_adj

Download File

Process:	/usr/bin/dbus-daemon
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Reputation:	high, very likely benign file
Preview:	0

/proc/5974/oom_score_adj

Download File

Process:	/usr/bin/dbus-daemon
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Preview:	0

/proc/5976/oom_score_adj

Download File

Process:	/usr/bin/dbus-daemon
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Preview:	0

/proc/5979/oom_score_adj

Download File

Process:	/usr/bin/dbus-daemon
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Preview:	0

/proc/6073/oom_score_adj

Download File

Process:	/usr/bin/dbus-daemon
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Preview:	0

/proc/6100/oom_score_adj

Download File

Process:	/usr/bin/dbus-daemon
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Preview:	0

/proc/6103/oom_score_adj

Download File

Process:	/usr/bin/dbus-daemon
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Preview:	0

/proc/6105/oom_score_adj

Download File

Process:	/usr/bin/dbus-daemon
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Preview:	0

/proc/6107/oom_score_adj

Download File

Process:	/usr/bin/dbus-daemon
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Preview:	0

/proc/6109/oom_score_adj

Download File

Process:	/usr/bin/dbus-daemon
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Preview:	0

/proc/6111/oom_score_adj

Download File

Process:	/usr/bin/dbus-daemon
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Preview:	0

/proc/6114/oom_score_adj

Download File

Process:	/usr/bin/dbus-daemon
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Preview:	0

/proc/6291/oom_score_adj

Download File

Process:	/usr/bin/dbus-daemon
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Preview:	0

/proc/6408/oom_score_adj

Download File

Process:	/usr/bin/dbus-daemon
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Preview:	0

/proc/6414/oom_score_adj

Download File

Process:	/usr/bin/dbus-daemon
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Preview:	0

/proc/6473/oom_score_adj

Download File

Process:	/usr/bin/dbus-daemon
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Preview:	0

/run/user/127/ICEauthority

Download File

Process:	/usr/libexec/gnome-session-binary
File Type:	TTComp archive data, binary, 1K dictionary
Category:	dropped
Size (bytes):	1304
Entropy (8bit):	5.9782321723722855
Encrypted:	false
SSDEEP:	12:OxPq3uR2veY+q3u4b3xPYGWveY+Y9p4xPDQXwveY+D44xPUBKiveY+U3BQZ0veYI:M+0nXIr86BPav1k+13sm
MD5:	B1C0654F1220C1B624403E27687D1512
SHA1:	6C1E70B97B22C42A9D68CDCD437476A13F593E91
SHA-256:	96B7F935ABCC411A09333F069DD4869E5DBAE97741DABABFAB9E7E1DEF921A41
SHA-512:	D6DC6C83BB3EE3F6A3DA8C5EB2B8AB790DE3FAD399C9DE52B3E03C2E2E5A95251D178CF826B04C10EEF547DA293849087CCEBB3563242E4EDDF77D3A1935437D
Malicious:	false
Preview:	..XSMP...!unix/galassia:/tmp/.ICE-unix/6058..MIT-MAGIC-COOKIE-1.......#..R....}..XSMP...#local/galassia:@/tmp/.ICE-unix/6058..MIT-MAGIC-COOKIE-1...s.EDl..:n..=....ICE...!unix/galassia:/tmp/.ICE-unix/5959..MIT-MAGIC-COOKIE-1..s.S....@fhWy.Y.c..ICE...#local/galassia:@/tmp/.ICE-unix/5959..MIT-MAGIC-COOKIE-1.....3Jw..........XSMP...!unix/galassia:/tmp/.ICE-unix/1383..MIT-MAGIC-COOKIE-1.....w.0......F!W...XSMP...#local/galassia:@/tmp/.ICE-unix/1383..MIT-MAGIC-COOKIE-1......,mN..b7.....ICE...!unix/galassia:/tmp/.ICE-unix/1313..MIT-MAGIC-COOKIE-1.....]v1..".?.}.....ICE...#local/galassia:@/tmp/.ICE-unix/1313..MIT-MAGIC-COOKIE-1...o4...6]..c..f....XSMP...#local/galassia:@/tmp/.ICE-unix/1313..MIT-MAGIC-COOKIE-1..N.#r......S.....XSMP...!unix/galassia:/tmp/.ICE-unix/1313..MIT-MAGIC-COOKIE-1.....q.p.."LS.DM(..ICE...#local/galassia:@/tmp/.ICE-unix/1383..MIT-MAGIC-COOKIE-1...]...,0..2...`..ICE...!unix/galassia:/tmp/.ICE-unix/1383..MIT-MAGIC-COOKIE-1...y.&.O...j../I....XSMP...#local/galass

/run/user/127/dconf/user

Download File

Process:	/usr/libexec/gsd-power
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	93B885ADFE0DA089CDF634904FD59F71
SHA1:	5BA93C9DB0CFF93F52B521D7420E43F6EDA2784F
SHA-256:	6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D
SHA-512:	B8244D028981D693AF7B456AF8EFA4CAD63D282E19FF14942C246E50D9351D22704A802A71C3580B6370DE4CEB293C324A8423342557D4E5C38438F0E36910EE
Malicious:	false
Preview:	.

/run/user/127/gdm/Xauthority

Download File

Process:	/usr/lib/gdm3/gdm-x-session
File Type:	X11 Xauthority data
Category:	dropped
Size (bytes):	104
Entropy (8bit):	4.983294787198872
Encrypted:	false
SSDEEP:	3:rg/WFllasO93seb+9BuHWFllasO93seb+9K:rg/WFl2N+9cWFl2N+9K
MD5:	67AD169224A631357FDDF2E56301344D
SHA1:	6D3D7B47FF02DA50FAF42819531519AB59A1D660
SHA-256:	A8CA54A405AD6725C343730FB831259198EEAAC4EAC017F77F7EADB42DBDCFA8
SHA-512:	8A9BAE333253569218D77F5DA333DF5E309E9C101C70956740ED660FE9A2C1E326F77E1B58E4F4CDE66D30B14721321F77389053D1A0AE1172818F66981DBDFE
Malicious:	false
Preview:	....galassia....MIT-MAGIC-COOKIE-1...Qyg.S>...rX..h....galassia....MIT-MAGIC-COOKIE-1...Qyg.S>...rX..h

/run/user/127/pulse/pid

Download File

Process:	/usr/bin/pulseaudio
File Type:	ASCII text
Category:	dropped
Size (bytes):	5
Entropy (8bit):	1.9219280948873623
Encrypted:	false
SSDEEP:	3:J:J
MD5:	454BE5129415DB5B4E2B541EDF91CF33
SHA1:	8CAB891804E0738B14747428D79742FEB9299A49
SHA-256:	27F4A337E0800052AAF6BB52A0A47C6A9D9B1ABF01D4F3E08B080383419F2BAC
SHA-512:	8485DFBAF0CCC9D57E394AC1AB8A035F34D9A6DAEC65403CBB365A38D9F0B5660098C3A546284A7AC8CF03B80AFF2332CD6E74752E6136747DDED243EC712F7F
Malicious:	false
Preview:	6299.

/tmp/server-0.xkm

Download File

Process:	/usr/bin/xkbcomp
File Type:	Compiled XKB Keymap: lsb, version 15
Category:	dropped
Size (bytes):	12060
Entropy (8bit):	4.8492493153178975
Encrypted:	false
SSDEEP:	192:tDyb2zOmnECQmwTVFfLaSLus4UVcqLkjoqdD//HJeCQ1+JdDx0s2T:tDyAxvYhFf+S6tUzmp7/1MJ
MD5:	B4E3EB0B8B6B0FC1F46740C573E18D86
SHA1:	7D35426357695EBA77850757E8939A62DCEFF2D1
SHA-256:	7951135CC89A6E89493E3A9997C3D9054439459F8BFCE3DDEC76B943DA79FA91
SHA-512:	8196A23E2B5E525A5581562A2D7F2EE4FF5B694FEF3E218206D52EA9BFE80600BB0C6AA8968CA58E93E1AAD478FA05E157D08DB6D4D1224DDEA6754E377BE001
Malicious:	false
Preview:	.mkx..............D.......................h.......<.....P.@%.......&......D.......NumLock.....Alt.....LevelThree..LAlt....RAlt....RControl....LControl....ScrollLock..LevelFive...AltGr...Meta....Super...Hyper...........evdev+aliases(qwerty)...!.....ESC.AE01AE02AE03AE04AE05AE06AE07AE08AE09AE10AE11AE12BKSPTAB.AD01AD02AD03AD04AD05AD06AD07AD08AD09AD10AD11AD12RTRNLCTLAC01AC02AC03AC04AC05AC06AC07AC08AC09AC10AC11TLDELFSHBKSLAB01AB02AB03AB04AB05AB06AB07AB08AB09AB10RTSHKPMULALTSPCECAPSFK01FK02FK03FK04FK05FK06FK07FK08FK09FK10NMLKSCLKKP7.KP8.KP9.KPSUKP4.KP5.KP6.KPADKP1.KP2.KP3.KP0.KPDLLVL3....LSGTFK11FK12AB11KATAHIRAHENKHKTGMUHEJPCMKPENRCTLKPDVPRSCRALTLNFDHOMEUP..PGUPLEFTRGHTEND.DOWNPGDNINS.DELEI120MUTEVOL-VOL+POWRKPEQI126PAUSI128I129HNGLHJCVAE13LWINRWINCOMPSTOPAGAIPROPUNDOFRNTCOPYOPENPASTFINDCUT.HELPI147I148I149I150I151I152I153I154I155I156I157I158I159I160I161I162I163I164I165I166I167I168I169I170I171I172I173I174I175I176I177I178I179I180I181I182I183I184I185I186I187I188I189I190FK13FK14FK15FK16FK17FK18

/var/lib/AccountsService/users/gdm.464LZ2

Download File

Process:	/usr/lib/accountsservice/accounts-daemon
File Type:	ASCII text
Category:	dropped
Size (bytes):	51
Entropy (8bit):	4.647628037922664
Encrypted:	false
SSDEEP:	3:urCLnT+PzKLrAan4R8AKn:gI+zKLrAa4M
MD5:	071DABFEAD25B35D415780C2CFA55287
SHA1:	ED08D2B2FC77EF256FF9196934A55CFE4AE1B8E3
SHA-256:	E778170EDFD4C9871EFF24F592FF7A23D2A08A86479A6B14E42AF5FC1094416C
SHA-512:	8FBC64B76E1916570726BE87A2E9FBF7BDD1B07AB64A4A007EF20846273D416C04B32F8D2B923F1FDAA82BA729F2668A402DF608F4852E7676F67247A2666668
Malicious:	false
Preview:	[User].Icon=/var/lib/gdm3/.face.SystemAccount=true.

/var/lib/AccountsService/users/gdm.GEKZZ2

Download File

Process:	/usr/lib/accountsservice/accounts-daemon
File Type:	ASCII text
Category:	dropped
Size (bytes):	61
Entropy (8bit):	4.66214589518167
Encrypted:	false
SSDEEP:	3:urzMQvNT+PzKLrAan4R8AKn:gzMQIzKLrAa4M
MD5:	542BA3FB41206AE43928AF1C5E61FEBC
SHA1:	F56F574DAF50D609526B36B5B54FDD59EA4D6A26
SHA-256:	730D9509D4EAA7266829A8F5A8CFEBA6BBDDD5873FC2BD580AD464F4A237E11A
SHA-512:	D774B8F191A5C65228D1B3CA1181701CFCD07A3D91C5571B0DDF32AD3E241C2D7BDFC0697AB97DC10441EF9CDC8AEE5B19BC34E13E5C8B0B91AD06EEF42F5AEA
Malicious:	false
Preview:	[User].XSession=.Icon=/var/lib/gdm3/.face.SystemAccount=true.

/var/lib/gdm3/.config/ibus/bus/ee49dfd4fa47433baee88884e2d7de7c-unix-0

Download File

Process:	/usr/bin/ibus-daemon
File Type:	ASCII text
Category:	dropped
Size (bytes):	381
Entropy (8bit):	5.142019039834077
Encrypted:	false
SSDEEP:	6:SbF4b2sONeZVkSoQ65EfqFFAU+qmnQT23msRvkTFacecf8h/zKLGWW8QbE/5tkI5:q5sU3LWfLUDmQymqSFbfomSK9/wr4fh
MD5:	385AC590C39500EE820B8B8AE4CC6105
SHA1:	3153FEA55C3600869970726675376F0DB9783430
SHA-256:	751060ED872037C01F65E67BA220F1A90B56E3358F1F912A39BE23EB2C1A0FF9
SHA-512:	BD8B2A92271E825B0132F5CF2F1B0FDC59184201E16542F9BD693C9F6B8C49616A5396E6D2EADA793884392AFE8378C1251BB009E20B8E98B0662CE75856B441
Malicious:	false
Preview:	# This file is created by ibus-daemon, please do not modify it..# This file allows processes on the machine to find the.# ibus session bus with the below address..# If the IBUS_ADDRESS environment variable is set, it will.# be used rather than this file..IBUS_ADDRESS=unix:abstract=/var/lib/gdm3/.cache/ibus/dbus-5IFudHab,guid=6273d80cc1bf906155ebc88767705cf5.IBUS_DAEMON_PID=6282.

/var/lib/gdm3/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-sink

Download File

Process:	/usr/bin/pulseaudio
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:v:v
MD5:	68B329DA9893E34099C7D8AD5CB9C940
SHA1:	ADC83B19E793491B1C6EA0FD8B46CD9F32E592FC
SHA-256:	01BA4719C80B6FE911B091A7C05124B64EEECE964E09C058EF8F9805DACA546B
SHA-512:	BE688838CA8686E5C90689BF2AB585CEF1137C999B48C70B92F67A5C34DC15697B5D11C982ED6D71BE1E1E7F7B4E0733884AA97C3F7A339A8ED03577CF74BE09
Malicious:	false
Preview:	.

/var/lib/gdm3/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-source

Download File

Process:	/usr/bin/pulseaudio
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:v:v
MD5:	68B329DA9893E34099C7D8AD5CB9C940
SHA1:	ADC83B19E793491B1C6EA0FD8B46CD9F32E592FC
SHA-256:	01BA4719C80B6FE911B091A7C05124B64EEECE964E09C058EF8F9805DACA546B
SHA-512:	BE688838CA8686E5C90689BF2AB585CEF1137C999B48C70B92F67A5C34DC15697B5D11C982ED6D71BE1E1E7F7B4E0733884AA97C3F7A339A8ED03577CF74BE09
Malicious:	false
Preview:	.

/var/log/Xorg.0.log

Download File

Process:	/usr/lib/xorg/Xorg
File Type:	JSON data
Category:	dropped
Size (bytes):	41347
Entropy (8bit):	5.287097469962216
Encrypted:	false
SSDEEP:	384:CNnNkmP9mp35yXC0kGxCMc3dTdDdRdFdGdJdldrd4dTdRdMdvdtd3d0dkd5djdQb:QnNfC0kUNcVUkl/g94x+hW7bQuL
MD5:	F364A8F9BE9EB7B86D8D0050445DAF00
SHA1:	D6E57E01AA6FBF7E1328581DF65ADCE6ED4BB8D3
SHA-256:	4BFBE52C2EF30C26AFE9C9AF93AEB28012EF90A94E9B9EA246AA90FAA3D6119D
SHA-512:	EC88CDB68F4286760FD5C8AF821F5FBC5E3117E1EB59E3BDD342CCC9DE80D8F98483FC087E34053B6161F31BCAB99B250066CA659F667DA5AF06E435A1789C86
Malicious:	false
Preview:	[ 145.199] (--) Log file renamed from "/var/log/Xorg.pid-6016.log" to "/var/log/Xorg.0.log".[ 145.214] .X.Org X Server 1.20.11.X Protocol Version 11, Revision 0.[ 145.221] Build Operating System: linux Ubuntu.[ 145.226] Current Operating System: Linux galassia 5.4.0-72-generic #80-Ubuntu SMP Mon Apr 12 17:35:00 UTC 2021 x86_64.[ 145.231] Kernel command line: Patched by Joe: BOOT_IMAGE=/vmlinuz-5.4.0-72-generic root=/dev/mapper/ubuntu--vg-ubuntu--lv ro maybe-ubiquity.[ 145.243] Build Date: 06 July 2021 10:17:51AM.[ 145.248] xorg-server 2:1.20.11-1ubuntu1~20.04.2 (For technical support please see http://www.ubuntu.com/support) .[ 145.252] Current version of pixman: 0.38.4.[ 145.256] .Before reporting problems, check http://wiki.x.org..to make sure that you have the latest version..[ 145.260] Markers: (--) probed, (**) from config file, (==) default setting,..(++) from command line, (!!) notice, (II) informational,..(WW) warning, (EE) error, (NI) not implemented, (??)

Static File Info

General

File type:	ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, stripped
Entropy (8bit):	5.2881450771025795
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	x86_64.elf
File size:	164'392 bytes
MD5:	448c261b5d2176ecc6b7c4d166863bec
SHA1:	891bb62164fdde84ad256382a627c8fad68b6180
SHA256:	f24f844f1269c757d1f42a3b4ea03675281d7da4a186b851f3c0d149a2488dd5
SHA512:	c81ea160f5b89979ba3b519bfc306826bdc210acad47fbfb342542931ddb493a908f36584edd84e3331a708ba9311d1d20bafef448a24beb148afe5e2e1e40cf
SSDEEP:	3072:fGyrYWmBVWgHVPmbIwatkZg9xftoamGO5nb9pq8:OyFmBEgOb6HmGE
TLSH:	FBF34C06B5C0C8FEC899C2744BDAE136E972F41D4239B66F27D4AF661F4EE605B2D600
File Content Preview:	.ELF..............>.......@.....@...................@.8...@.......................@.......@.....@.......@.................................Q.......Q.....h.......................Q.td....................................................H...._........H........

Static ELF Info

ELF header
Class:	ELF64
Data:	2's complement, little endian
Version:	1 (current)
Machine:	Advanced Micro Devices X86-64
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x400194
Flags:	0x0
ELF Header Size:	64
Program Header Offset:	64
Program Header Size:	56
Number of Program Headers:	3
Section Header Offset:	163752
Section Header Size:	64
Number of Section Headers:	10
Header String Table Index:	9

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x4000e8	0xe8	0x13	0x0	0x6	AX	1
.text	PROGBITS	0x400100	0x100	0x1b0f6	0x0	0x6	AX	16
.fini	PROGBITS	0x41b1f6	0x1b1f6	0xe	0x0	0x6	AX	1
.rodata	PROGBITS	0x41b220	0x1b220	0x3120	0x0	0x2	A	32
.ctors	PROGBITS	0x51f000	0x1f000	0x18	0x0	0x3	WA	8
.dtors	PROGBITS	0x51f018	0x1f018	0x10	0x0	0x3	WA	8
.data	PROGBITS	0x51f040	0x1f040	0x8f28	0x0	0x3	WA	32
.bss	NOBITS	0x527f80	0x27f68	0x6f80	0x0	0x3	WA	32
.shstrtab	STRTAB	0x0	0x27f68	0x3e	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x400000	0x400000	0x1e340	0x1e340	6.3612	0x5	R E	0x100000	.init .text .fini .rodata
LOAD	0x1f000	0x51f000	0x51f000	0x8f68	0xff00	0.2548	0x6	RW	0x100000	.ctors .dtors .data .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x8

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 28, 2024 21:17:08.344697952 CET	56048	35342	192.168.2.14	83.222.191.146
Dec 28, 2024 21:17:08.464462042 CET	35342	56048	83.222.191.146	192.168.2.14
Dec 28, 2024 21:17:08.464565992 CET	56048	35342	192.168.2.14	83.222.191.146
Dec 28, 2024 21:17:08.464595079 CET	56048	35342	192.168.2.14	83.222.191.146
Dec 28, 2024 21:17:08.584572077 CET	35342	56048	83.222.191.146	192.168.2.14
Dec 28, 2024 21:17:08.584661961 CET	56048	35342	192.168.2.14	83.222.191.146
Dec 28, 2024 21:17:08.705116034 CET	35342	56048	83.222.191.146	192.168.2.14
Dec 28, 2024 21:17:09.811476946 CET	35342	56048	83.222.191.146	192.168.2.14
Dec 28, 2024 21:17:09.811573029 CET	56048	35342	192.168.2.14	83.222.191.146
Dec 28, 2024 21:17:09.931106091 CET	35342	56048	83.222.191.146	192.168.2.14
Dec 28, 2024 21:17:10.698072910 CET	38358	2222	192.168.2.14	83.222.191.146
Dec 28, 2024 21:17:10.817734003 CET	2222	38358	83.222.191.146	192.168.2.14
Dec 28, 2024 21:17:10.817809105 CET	38358	2222	192.168.2.14	83.222.191.146
Dec 28, 2024 21:17:10.825856924 CET	38358	2222	192.168.2.14	83.222.191.146
Dec 28, 2024 21:17:10.825856924 CET	38358	2222	192.168.2.14	83.222.191.146
Dec 28, 2024 21:17:10.945447922 CET	2222	38358	83.222.191.146	192.168.2.14
Dec 28, 2024 21:17:10.988050938 CET	2222	38358	83.222.191.146	192.168.2.14
Dec 28, 2024 21:17:11.182921886 CET	56052	35342	192.168.2.14	83.222.191.146
Dec 28, 2024 21:17:11.302536964 CET	35342	56052	83.222.191.146	192.168.2.14
Dec 28, 2024 21:17:11.302654982 CET	56052	35342	192.168.2.14	83.222.191.146
Dec 28, 2024 21:17:11.302654982 CET	56052	35342	192.168.2.14	83.222.191.146
Dec 28, 2024 21:17:11.424627066 CET	35342	56052	83.222.191.146	192.168.2.14
Dec 28, 2024 21:17:11.424725056 CET	56052	35342	192.168.2.14	83.222.191.146
Dec 28, 2024 21:17:11.544677973 CET	35342	56052	83.222.191.146	192.168.2.14
Dec 28, 2024 21:17:12.607486010 CET	35342	56052	83.222.191.146	192.168.2.14
Dec 28, 2024 21:17:12.607589960 CET	56052	35342	192.168.2.14	83.222.191.146
Dec 28, 2024 21:17:12.727897882 CET	35342	56052	83.222.191.146	192.168.2.14
Dec 28, 2024 21:17:13.130410910 CET	2222	38358	83.222.191.146	192.168.2.14
Dec 28, 2024 21:17:13.130475998 CET	38358	2222	192.168.2.14	83.222.191.146
Dec 28, 2024 21:17:14.428447008 CET	56054	35342	192.168.2.14	83.222.191.146
Dec 28, 2024 21:17:14.551325083 CET	35342	56054	83.222.191.146	192.168.2.14
Dec 28, 2024 21:17:14.551455975 CET	56054	35342	192.168.2.14	83.222.191.146
Dec 28, 2024 21:17:14.551456928 CET	56054	35342	192.168.2.14	83.222.191.146
Dec 28, 2024 21:17:14.671892881 CET	35342	56054	83.222.191.146	192.168.2.14
Dec 28, 2024 21:17:14.672008038 CET	56054	35342	192.168.2.14	83.222.191.146
Dec 28, 2024 21:17:14.792921066 CET	35342	56054	83.222.191.146	192.168.2.14
Dec 28, 2024 21:17:15.906949997 CET	35342	56054	83.222.191.146	192.168.2.14
Dec 28, 2024 21:17:15.907104015 CET	56054	35342	192.168.2.14	83.222.191.146
Dec 28, 2024 21:17:16.026623011 CET	35342	56054	83.222.191.146	192.168.2.14
Dec 28, 2024 21:17:17.394814968 CET	56056	35342	192.168.2.14	83.222.191.146
Dec 28, 2024 21:17:17.514400005 CET	35342	56056	83.222.191.146	192.168.2.14
Dec 28, 2024 21:17:17.514455080 CET	56056	35342	192.168.2.14	83.222.191.146
Dec 28, 2024 21:17:17.514482021 CET	56056	35342	192.168.2.14	83.222.191.146
Dec 28, 2024 21:17:17.634059906 CET	35342	56056	83.222.191.146	192.168.2.14
Dec 28, 2024 21:17:17.634107113 CET	56056	35342	192.168.2.14	83.222.191.146
Dec 28, 2024 21:17:17.753592968 CET	35342	56056	83.222.191.146	192.168.2.14
Dec 28, 2024 21:17:18.862143993 CET	35342	56056	83.222.191.146	192.168.2.14
Dec 28, 2024 21:17:18.862256050 CET	56056	35342	192.168.2.14	83.222.191.146
Dec 28, 2024 21:17:18.981765032 CET	35342	56056	83.222.191.146	192.168.2.14
Dec 28, 2024 21:17:19.866267920 CET	56058	35342	192.168.2.14	83.222.191.146
Dec 28, 2024 21:17:19.986025095 CET	35342	56058	83.222.191.146	192.168.2.14
Dec 28, 2024 21:17:19.986087084 CET	56058	35342	192.168.2.14	83.222.191.146
Dec 28, 2024 21:17:19.986104965 CET	56058	35342	192.168.2.14	83.222.191.146
Dec 28, 2024 21:17:20.105849028 CET	35342	56058	83.222.191.146	192.168.2.14
Dec 28, 2024 21:17:20.105927944 CET	56058	35342	192.168.2.14	83.222.191.146
Dec 28, 2024 21:17:20.225502968 CET	35342	56058	83.222.191.146	192.168.2.14
Dec 28, 2024 21:17:21.291810989 CET	35342	56058	83.222.191.146	192.168.2.14
Dec 28, 2024 21:17:21.291912079 CET	56058	35342	192.168.2.14	83.222.191.146
Dec 28, 2024 21:17:21.412442923 CET	35342	56058	83.222.191.146	192.168.2.14
Dec 28, 2024 21:17:22.719552040 CET	56060	35342	192.168.2.14	83.222.191.146
Dec 28, 2024 21:17:22.839149952 CET	35342	56060	83.222.191.146	192.168.2.14
Dec 28, 2024 21:17:22.839200974 CET	56060	35342	192.168.2.14	83.222.191.146
Dec 28, 2024 21:17:22.839237928 CET	56060	35342	192.168.2.14	83.222.191.146
Dec 28, 2024 21:17:22.958748102 CET	35342	56060	83.222.191.146	192.168.2.14
Dec 28, 2024 21:17:22.958781004 CET	56060	35342	192.168.2.14	83.222.191.146
Dec 28, 2024 21:17:23.078377008 CET	35342	56060	83.222.191.146	192.168.2.14
Dec 28, 2024 21:17:24.191884041 CET	35342	56060	83.222.191.146	192.168.2.14
Dec 28, 2024 21:17:24.191951990 CET	56060	35342	192.168.2.14	83.222.191.146
Dec 28, 2024 21:17:24.311475992 CET	35342	56060	83.222.191.146	192.168.2.14
Dec 28, 2024 21:17:25.195939064 CET	56062	35342	192.168.2.14	83.222.191.146
Dec 28, 2024 21:17:25.315521955 CET	35342	56062	83.222.191.146	192.168.2.14
Dec 28, 2024 21:17:25.315598011 CET	56062	35342	192.168.2.14	83.222.191.146
Dec 28, 2024 21:17:25.315619946 CET	56062	35342	192.168.2.14	83.222.191.146
Dec 28, 2024 21:17:25.435787916 CET	35342	56062	83.222.191.146	192.168.2.14
Dec 28, 2024 21:17:25.435843945 CET	56062	35342	192.168.2.14	83.222.191.146
Dec 28, 2024 21:17:25.555382967 CET	35342	56062	83.222.191.146	192.168.2.14
Dec 28, 2024 21:17:26.661389112 CET	35342	56062	83.222.191.146	192.168.2.14
Dec 28, 2024 21:17:26.661478043 CET	56062	35342	192.168.2.14	83.222.191.146
Dec 28, 2024 21:17:26.781013966 CET	35342	56062	83.222.191.146	192.168.2.14
Dec 28, 2024 21:17:52.714255095 CET	56064	35342	192.168.2.14	83.222.191.146
Dec 28, 2024 21:17:52.834012985 CET	35342	56064	83.222.191.146	192.168.2.14
Dec 28, 2024 21:17:52.834108114 CET	56064	35342	192.168.2.14	83.222.191.146
Dec 28, 2024 21:17:52.834108114 CET	56064	35342	192.168.2.14	83.222.191.146
Dec 28, 2024 21:17:52.953733921 CET	35342	56064	83.222.191.146	192.168.2.14
Dec 28, 2024 21:17:52.953788996 CET	56064	35342	192.168.2.14	83.222.191.146
Dec 28, 2024 21:17:53.073596954 CET	35342	56064	83.222.191.146	192.168.2.14
Dec 28, 2024 21:17:54.134305000 CET	35342	56064	83.222.191.146	192.168.2.14
Dec 28, 2024 21:17:54.134422064 CET	56064	35342	192.168.2.14	83.222.191.146
Dec 28, 2024 21:17:54.253880024 CET	35342	56064	83.222.191.146	192.168.2.14
Dec 28, 2024 21:17:55.137471914 CET	56066	35342	192.168.2.14	83.222.191.146
Dec 28, 2024 21:17:55.257112980 CET	35342	56066	83.222.191.146	192.168.2.14
Dec 28, 2024 21:17:55.257173061 CET	56066	35342	192.168.2.14	83.222.191.146
Dec 28, 2024 21:17:55.257205963 CET	56066	35342	192.168.2.14	83.222.191.146
Dec 28, 2024 21:17:55.376838923 CET	35342	56066	83.222.191.146	192.168.2.14
Dec 28, 2024 21:17:55.376890898 CET	56066	35342	192.168.2.14	83.222.191.146
Dec 28, 2024 21:17:55.496396065 CET	35342	56066	83.222.191.146	192.168.2.14
Dec 28, 2024 21:18:10.269741058 CET	56066	35342	192.168.2.14	83.222.191.146
Dec 28, 2024 21:18:10.389791965 CET	35342	56066	83.222.191.146	192.168.2.14
Dec 28, 2024 21:18:10.710222960 CET	35342	56066	83.222.191.146	192.168.2.14
Dec 28, 2024 21:18:10.710372925 CET	56066	35342	192.168.2.14	83.222.191.146

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 28, 2024 21:17:10.933268070 CET	43907	53	192.168.2.14	194.36.144.87
Dec 28, 2024 21:17:11.177741051 CET	53	43907	194.36.144.87	192.168.2.14
Dec 28, 2024 21:17:13.634721041 CET	44869	53	192.168.2.14	101.101.101.101
Dec 28, 2024 21:17:14.251532078 CET	53	44869	101.101.101.101	192.168.2.14
Dec 28, 2024 21:17:16.697705984 CET	60807	53	192.168.2.14	1.1.1.1
Dec 28, 2024 21:17:16.697782040 CET	37666	53	192.168.2.14	1.1.1.1
Dec 28, 2024 21:17:16.835635900 CET	53	37666	1.1.1.1	192.168.2.14
Dec 28, 2024 21:17:16.914968014 CET	50047	53	192.168.2.14	203.50.2.71
Dec 28, 2024 21:17:16.917694092 CET	53	60807	1.1.1.1	192.168.2.14
Dec 28, 2024 21:17:17.392987013 CET	53	50047	203.50.2.71	192.168.2.14
Dec 28, 2024 21:17:22.303338051 CET	53895	53	192.168.2.14	178.22.122.100
Dec 28, 2024 21:17:22.654457092 CET	53	53895	178.22.122.100	192.168.2.14
Dec 28, 2024 21:17:27.670373917 CET	35412	53	192.168.2.14	212.49.64.1
Dec 28, 2024 21:17:32.677974939 CET	45342	53	192.168.2.14	212.49.64.1
Dec 28, 2024 21:17:37.690473080 CET	55600	53	192.168.2.14	212.49.64.1
Dec 28, 2024 21:17:42.696455002 CET	52801	53	192.168.2.14	212.49.64.1
Dec 28, 2024 21:17:47.699937105 CET	41425	53	192.168.2.14	212.49.64.1

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Dec 28, 2024 21:17:28.041843891 CET	62.24.110.2	192.168.2.14	5a4f	(Time to live exceeded in transit)	Time Exceeded
Dec 28, 2024 21:17:33.058499098 CET	62.24.110.2	192.168.2.14	5a4f	(Time to live exceeded in transit)	Time Exceeded
Dec 28, 2024 21:17:38.086441994 CET	62.24.110.2	192.168.2.14	5a4f	(Time to live exceeded in transit)	Time Exceeded
Dec 28, 2024 21:17:43.089751005 CET	62.24.110.2	192.168.2.14	5a4f	(Time to live exceeded in transit)	Time Exceeded
Dec 28, 2024 21:17:48.096080065 CET	62.24.110.2	192.168.2.14	5a4f	(Time to live exceeded in transit)	Time Exceeded

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 28, 2024 21:17:10.933268070 CET	192.168.2.14	194.36.144.87	0x4ffb	Standard query (0)	secure-network-rebirthltd.ru	A (IP address)	IN (0x0001)	false
Dec 28, 2024 21:17:13.634721041 CET	192.168.2.14	101.101.101.101	0xe7fc	Standard query (0)	secure-network-rebirthltd.ru	A (IP address)	IN (0x0001)	false
Dec 28, 2024 21:17:16.697705984 CET	192.168.2.14	1.1.1.1	0xaecd	Standard query (0)	daisy.ubuntu.com	A (IP address)	IN (0x0001)	false
Dec 28, 2024 21:17:16.697782040 CET	192.168.2.14	1.1.1.1	0x65fe	Standard query (0)	daisy.ubuntu.com	28	IN (0x0001)	false
Dec 28, 2024 21:17:16.914968014 CET	192.168.2.14	203.50.2.71	0xded0	Standard query (0)	secure-network-rebirthltd.ru	A (IP address)	IN (0x0001)	false
Dec 28, 2024 21:17:22.303338051 CET	192.168.2.14	178.22.122.100	0xc35d	Standard query (0)	secure-network-rebirthltd.ru	A (IP address)	IN (0x0001)	false
Dec 28, 2024 21:17:27.670373917 CET	192.168.2.14	212.49.64.1	0xdaa1	Standard query (0)	secure-network-rebirthltd.ru	A (IP address)	IN (0x0001)	false
Dec 28, 2024 21:17:32.677974939 CET	192.168.2.14	212.49.64.1	0xdaa1	Standard query (0)	secure-network-rebirthltd.ru	A (IP address)	IN (0x0001)	false
Dec 28, 2024 21:17:37.690473080 CET	192.168.2.14	212.49.64.1	0xdaa1	Standard query (0)	secure-network-rebirthltd.ru	A (IP address)	IN (0x0001)	false
Dec 28, 2024 21:17:42.696455002 CET	192.168.2.14	212.49.64.1	0xdaa1	Standard query (0)	secure-network-rebirthltd.ru	A (IP address)	IN (0x0001)	false
Dec 28, 2024 21:17:47.699937105 CET	192.168.2.14	212.49.64.1	0xdaa1	Standard query (0)	secure-network-rebirthltd.ru	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Dec 28, 2024 21:17:11.177741051 CET	194.36.144.87	192.168.2.14	0x4ffb	No error (0)	secure-network-rebirthltd.ru	83.222.191.146	A (IP address)	IN (0x0001)	false
Dec 28, 2024 21:17:14.251532078 CET	101.101.101.101	192.168.2.14	0xe7fc	No error (0)	secure-network-rebirthltd.ru	83.222.191.146	A (IP address)	IN (0x0001)	false
Dec 28, 2024 21:17:16.917694092 CET	1.1.1.1	192.168.2.14	0xaecd	No error (0)	daisy.ubuntu.com	162.213.35.24	A (IP address)	IN (0x0001)	false
Dec 28, 2024 21:17:16.917694092 CET	1.1.1.1	192.168.2.14	0xaecd	No error (0)	daisy.ubuntu.com	162.213.35.25	A (IP address)	IN (0x0001)	false
Dec 28, 2024 21:17:17.392987013 CET	203.50.2.71	192.168.2.14	0xded0	No error (0)	secure-network-rebirthltd.ru	83.222.191.146	A (IP address)	IN (0x0001)	false
Dec 28, 2024 21:17:22.654457092 CET	178.22.122.100	192.168.2.14	0xc35d	No error (0)	secure-network-rebirthltd.ru	83.222.191.146	A (IP address)	IN (0x0001)	false

System Behavior

Analysis Process: x86_64.elf PID: 5490, Parent PID: 5415

General

Start time (UTC):	20:16:56
Start date (UTC):	28/12/2024
Path:	/tmp/x86_64.elf
Arguments:	/tmp/x86_64.elf
File size:	164392 bytes
MD5 hash:	448c261b5d2176ecc6b7c4d166863bec

Chronological Activities

Analysis Process: x86_64.elf PID: 5491, Parent PID: 5490

General

Start time (UTC):	20:16:56
Start date (UTC):	28/12/2024
Path:	/tmp/x86_64.elf
Arguments:	-
File size:	164392 bytes
MD5 hash:	448c261b5d2176ecc6b7c4d166863bec

Chronological Activities

Analysis Process: x86_64.elf PID: 5492, Parent PID: 5491

General

Start time (UTC):	20:16:56
Start date (UTC):	28/12/2024
Path:	/tmp/x86_64.elf
Arguments:	-
File size:	164392 bytes
MD5 hash:	448c261b5d2176ecc6b7c4d166863bec

Chronological Activities

Analysis Process: x86_64.elf PID: 5493, Parent PID: 5492

General

Start time (UTC):	20:16:56
Start date (UTC):	28/12/2024
Path:	/tmp/x86_64.elf
Arguments:	-
File size:	164392 bytes
MD5 hash:	448c261b5d2176ecc6b7c4d166863bec

Chronological Activities

Analysis Process: x86_64.elf PID: 5494, Parent PID: 5492

General

Start time (UTC):	20:16:56
Start date (UTC):	28/12/2024
Path:	/tmp/x86_64.elf
Arguments:	-
File size:	164392 bytes
MD5 hash:	448c261b5d2176ecc6b7c4d166863bec

Analysis Process: x86_64.elf PID: 5754, Parent PID: 5491

General

Start time (UTC):	20:17:07
Start date (UTC):	28/12/2024
Path:	/tmp/x86_64.elf
Arguments:	-
File size:	164392 bytes
MD5 hash:	448c261b5d2176ecc6b7c4d166863bec

Chronological Activities

Analysis Process: x86_64.elf PID: 5755, Parent PID: 5754

General

Start time (UTC):	20:17:07
Start date (UTC):	28/12/2024
Path:	/tmp/x86_64.elf
Arguments:	-
File size:	164392 bytes
MD5 hash:	448c261b5d2176ecc6b7c4d166863bec

Chronological Activities

Analysis Process: sh PID: 5755, Parent PID: 5754

General

Start time (UTC):	20:17:07
Start date (UTC):	28/12/2024
Path:	/bin/sh
Arguments:	sh -c "iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5757, Parent PID: 5755

General

Start time (UTC):	20:17:07
Start date (UTC):	28/12/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: iptables PID: 5757, Parent PID: 5755

General

Start time (UTC):	20:17:07
Start date (UTC):	28/12/2024
Path:	/usr/sbin/iptables
Arguments:	iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
File size:	99296 bytes
MD5 hash:	1ab05fef765b6342cdfadaa5275b33af

Chronological Activities

Analysis Process: x86_64.elf PID: 5768, Parent PID: 5754

General

Start time (UTC):	20:17:08
Start date (UTC):	28/12/2024
Path:	/tmp/x86_64.elf
Arguments:	-
File size:	164392 bytes
MD5 hash:	448c261b5d2176ecc6b7c4d166863bec

Chronological Activities

Analysis Process: sh PID: 5768, Parent PID: 5754

General

Start time (UTC):	20:17:08
Start date (UTC):	28/12/2024
Path:	/bin/sh
Arguments:	sh -c "/bin/busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5769, Parent PID: 5768

General

Start time (UTC):	20:17:08
Start date (UTC):	28/12/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: busybox PID: 5769, Parent PID: 5768

General

Start time (UTC):	20:17:08
Start date (UTC):	28/12/2024
Path:	/bin/busybox
Arguments:	/bin/busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Chronological Activities

Analysis Process: x86_64.elf PID: 5770, Parent PID: 5754

General

Start time (UTC):	20:17:08
Start date (UTC):	28/12/2024
Path:	/tmp/x86_64.elf
Arguments:	-
File size:	164392 bytes
MD5 hash:	448c261b5d2176ecc6b7c4d166863bec

Chronological Activities

Analysis Process: sh PID: 5770, Parent PID: 5754

General

Start time (UTC):	20:17:08
Start date (UTC):	28/12/2024
Path:	/bin/sh
Arguments:	sh -c "/bin/iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5771, Parent PID: 5770

General

Start time (UTC):	20:17:09
Start date (UTC):	28/12/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: x86_64.elf PID: 5772, Parent PID: 5754

General

Start time (UTC):	20:17:09
Start date (UTC):	28/12/2024
Path:	/tmp/x86_64.elf
Arguments:	-
File size:	164392 bytes
MD5 hash:	448c261b5d2176ecc6b7c4d166863bec

Chronological Activities

Analysis Process: sh PID: 5772, Parent PID: 5754

General

Start time (UTC):	20:17:09
Start date (UTC):	28/12/2024
Path:	/bin/sh
Arguments:	sh -c "/usr/bin/iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5774, Parent PID: 5772

General

Start time (UTC):	20:17:09
Start date (UTC):	28/12/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: x86_64.elf PID: 5775, Parent PID: 5754

General

Start time (UTC):	20:17:09
Start date (UTC):	28/12/2024
Path:	/tmp/x86_64.elf
Arguments:	-
File size:	164392 bytes
MD5 hash:	448c261b5d2176ecc6b7c4d166863bec

Chronological Activities

Analysis Process: sh PID: 5775, Parent PID: 5754

General

Start time (UTC):	20:17:09
Start date (UTC):	28/12/2024
Path:	/bin/sh
Arguments:	sh -c "busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5776, Parent PID: 5775

General

Start time (UTC):	20:17:09
Start date (UTC):	28/12/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: busybox PID: 5776, Parent PID: 5775

General

Start time (UTC):	20:17:09
Start date (UTC):	28/12/2024
Path:	/usr/bin/busybox
Arguments:	busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Chronological Activities

Analysis Process: x86_64.elf PID: 5756, Parent PID: 5491

General

Start time (UTC):	20:17:07
Start date (UTC):	28/12/2024
Path:	/tmp/x86_64.elf
Arguments:	-
File size:	164392 bytes
MD5 hash:	448c261b5d2176ecc6b7c4d166863bec

Chronological Activities

Analysis Process: gnome-session-binary PID: 5517, Parent PID: 1383

General

Start time (UTC):	20:16:56
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Chronological Activities

Analysis Process: sh PID: 5517, Parent PID: 1383

General

Start time (UTC):	20:16:56
Start date (UTC):	28/12/2024
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: gsd-sharing PID: 5517, Parent PID: 1383

General

Start time (UTC):	20:16:56
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gsd-sharing
Arguments:	/usr/libexec/gsd-sharing
File size:	35424 bytes
MD5 hash:	e29d9025d98590fbb69f89fdbd4438b3

Chronological Activities

Analysis Process: gnome-session-binary PID: 5519, Parent PID: 1383

General

Start time (UTC):	20:16:56
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Chronological Activities

Analysis Process: sh PID: 5519, Parent PID: 1383

General

Start time (UTC):	20:16:56
Start date (UTC):	28/12/2024
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-wacom
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: gsd-wacom PID: 5519, Parent PID: 1383

General

Start time (UTC):	20:16:56
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gsd-wacom
Arguments:	/usr/libexec/gsd-wacom
File size:	39520 bytes
MD5 hash:	13778dd1a23a4e94ddc17ac9caa4fcc1

Chronological Activities

Analysis Process: gnome-session-binary PID: 5523, Parent PID: 1383

General

Start time (UTC):	20:16:56
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Chronological Activities

Analysis Process: sh PID: 5523, Parent PID: 1383

General

Start time (UTC):	20:16:56
Start date (UTC):	28/12/2024
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-keyboard
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: gsd-keyboard PID: 5523, Parent PID: 1383

General

Start time (UTC):	20:16:56
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gsd-keyboard
Arguments:	/usr/libexec/gsd-keyboard
File size:	39760 bytes
MD5 hash:	8e288fd17c80bb0a1148b964b2ac2279

Chronological Activities

Analysis Process: gvfsd-fuse PID: 5524, Parent PID: 3147

General

Start time (UTC):	20:16:56
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gvfsd-fuse
Arguments:	-
File size:	47632 bytes
MD5 hash:	d18fbf1cbf8eb57b17fac48b7b4be933

Chronological Activities

Analysis Process: fusermount PID: 5524, Parent PID: 3147

General

Start time (UTC):	20:16:56
Start date (UTC):	28/12/2024
Path:	/bin/fusermount
Arguments:	fusermount -u -q -z -- /run/user/1000/gvfs
File size:	39144 bytes
MD5 hash:	576a1b135c82bdcbc97a91acea900566

Chronological Activities

Analysis Process: gnome-session-binary PID: 5526, Parent PID: 1383

General

Start time (UTC):	20:16:56
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Chronological Activities

Analysis Process: sh PID: 5526, Parent PID: 1383

General

Start time (UTC):	20:16:56
Start date (UTC):	28/12/2024
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: gsd-print-notifications PID: 5526, Parent PID: 1383

General

Start time (UTC):	20:16:56
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gsd-print-notifications
Arguments:	/usr/libexec/gsd-print-notifications
File size:	51840 bytes
MD5 hash:	71539698aa691718cee775d6b9450ae2

Chronological Activities

Analysis Process: gsd-print-notifications PID: 5700, Parent PID: 5526

General

Start time (UTC):	20:17:00
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gsd-print-notifications
Arguments:	-
File size:	51840 bytes
MD5 hash:	71539698aa691718cee775d6b9450ae2

Chronological Activities

Analysis Process: gsd-print-notifications PID: 5701, Parent PID: 5700

General

Start time (UTC):	20:17:00
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gsd-print-notifications
Arguments:	-
File size:	51840 bytes
MD5 hash:	71539698aa691718cee775d6b9450ae2

Chronological Activities

Analysis Process: gsd-printer PID: 5701, Parent PID: 1

General

Start time (UTC):	20:17:01
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gsd-printer
Arguments:	/usr/libexec/gsd-printer
File size:	31120 bytes
MD5 hash:	7995828cf98c315fd55f2ffb3b22384d

Chronological Activities

Analysis Process: gnome-session-binary PID: 5527, Parent PID: 1383

General

Start time (UTC):	20:16:56
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Chronological Activities

Analysis Process: sh PID: 5527, Parent PID: 1383

General

Start time (UTC):	20:16:56
Start date (UTC):	28/12/2024
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: gsd-rfkill PID: 5527, Parent PID: 1383

General

Start time (UTC):	20:16:56
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gsd-rfkill
Arguments:	/usr/libexec/gsd-rfkill
File size:	51808 bytes
MD5 hash:	88a16a3c0aba1759358c06215ecfb5cc

Chronological Activities

Analysis Process: gnome-session-binary PID: 5530, Parent PID: 1383

General

Start time (UTC):	20:16:56
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Chronological Activities

Analysis Process: sh PID: 5530, Parent PID: 1383

General

Start time (UTC):	20:16:56
Start date (UTC):	28/12/2024
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-smartcard
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: gsd-smartcard PID: 5530, Parent PID: 1383

General

Start time (UTC):	20:16:56
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gsd-smartcard
Arguments:	/usr/libexec/gsd-smartcard
File size:	109152 bytes
MD5 hash:	ea1fbd7f62e4cd0331eae2ef754ee605

Chronological Activities

Analysis Process: gnome-session-binary PID: 5537, Parent PID: 1383

General

Start time (UTC):	20:16:56
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Chronological Activities

Analysis Process: sh PID: 5537, Parent PID: 1383

General

Start time (UTC):	20:16:56
Start date (UTC):	28/12/2024
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-color
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: gsd-color PID: 5537, Parent PID: 1383

General

Start time (UTC):	20:16:57
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gsd-color
Arguments:	/usr/libexec/gsd-color
File size:	92832 bytes
MD5 hash:	ac2861ad93ce047283e8e87cefef9a19

Chronological Activities

Analysis Process: gnome-session-binary PID: 5538, Parent PID: 1383

General

Start time (UTC):	20:16:56
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Chronological Activities

Analysis Process: sh PID: 5538, Parent PID: 1383

General

Start time (UTC):	20:16:56
Start date (UTC):	28/12/2024
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-datetime
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: gsd-datetime PID: 5538, Parent PID: 1383

General

Start time (UTC):	20:16:57
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gsd-datetime
Arguments:	/usr/libexec/gsd-datetime
File size:	76736 bytes
MD5 hash:	d80d39745740de37d6634d36e344d4bc

Chronological Activities

Analysis Process: gnome-session-binary PID: 5539, Parent PID: 1383

General

Start time (UTC):	20:16:57
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Chronological Activities

Analysis Process: sh PID: 5539, Parent PID: 1383

General

Start time (UTC):	20:16:57
Start date (UTC):	28/12/2024
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-media-keys
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: gsd-media-keys PID: 5539, Parent PID: 1383

General

Start time (UTC):	20:16:57
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gsd-media-keys
Arguments:	/usr/libexec/gsd-media-keys
File size:	232936 bytes
MD5 hash:	a425448c135afb4b8bfd79cc0b6b74da

Chronological Activities

Analysis Process: gnome-session-binary PID: 5540, Parent PID: 1383

General

Start time (UTC):	20:16:57
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Chronological Activities

Analysis Process: sh PID: 5540, Parent PID: 1383

General

Start time (UTC):	20:16:57
Start date (UTC):	28/12/2024
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-screensaver-proxy
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: gsd-screensaver-proxy PID: 5540, Parent PID: 1383

General

Start time (UTC):	20:16:57
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gsd-screensaver-proxy
Arguments:	/usr/libexec/gsd-screensaver-proxy
File size:	27232 bytes
MD5 hash:	77e309450c87dceee43f1a9e50cc0d02

Chronological Activities

Analysis Process: gnome-session-binary PID: 5541, Parent PID: 1383

General

Start time (UTC):	20:16:57
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Chronological Activities

Analysis Process: sh PID: 5541, Parent PID: 1383

General

Start time (UTC):	20:16:57
Start date (UTC):	28/12/2024
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-a11y-settings
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: gsd-a11y-settings PID: 5541, Parent PID: 1383

General

Start time (UTC):	20:16:57
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gsd-a11y-settings
Arguments:	/usr/libexec/gsd-a11y-settings
File size:	23056 bytes
MD5 hash:	18e243d2cf30ecee7ea89d1462725c5c

Chronological Activities

Analysis Process: gnome-session-binary PID: 5542, Parent PID: 1383

General

Start time (UTC):	20:16:57
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Chronological Activities

Analysis Process: sh PID: 5542, Parent PID: 1383

General

Start time (UTC):	20:16:57
Start date (UTC):	28/12/2024
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-power
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: gsd-power PID: 5542, Parent PID: 1383

General

Start time (UTC):	20:16:57
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gsd-power
Arguments:	/usr/libexec/gsd-power
File size:	88672 bytes
MD5 hash:	28b8e1b43c3e7f1db6741ea1ecd978b7

Chronological Activities

Analysis Process: gnome-session-binary PID: 5543, Parent PID: 1383

General

Start time (UTC):	20:16:57
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Chronological Activities

Analysis Process: sh PID: 5543, Parent PID: 1383

General

Start time (UTC):	20:16:57
Start date (UTC):	28/12/2024
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-housekeeping
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: gsd-housekeeping PID: 5543, Parent PID: 1383

General

Start time (UTC):	20:16:57
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gsd-housekeeping
Arguments:	/usr/libexec/gsd-housekeeping
File size:	51840 bytes
MD5 hash:	b55f3394a84976ddb92a2915e5d76914

Chronological Activities

Analysis Process: gnome-session-binary PID: 5544, Parent PID: 1383

General

Start time (UTC):	20:16:57
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Chronological Activities

Analysis Process: sh PID: 5544, Parent PID: 1383

General

Start time (UTC):	20:16:57
Start date (UTC):	28/12/2024
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sound
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: gsd-sound PID: 5544, Parent PID: 1383

General

Start time (UTC):	20:16:57
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gsd-sound
Arguments:	/usr/libexec/gsd-sound
File size:	31248 bytes
MD5 hash:	4c7d3fb993463337b4a0eb5c80c760ee

Chronological Activities

Analysis Process: systemd PID: 5567, Parent PID: 1

General

Start time (UTC):	20:17:00
Start date (UTC):	28/12/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: systemd-hostnamed PID: 5567, Parent PID: 1

General

Start time (UTC):	20:17:00
Start date (UTC):	28/12/2024
Path:	/lib/systemd/systemd-hostnamed
Arguments:	/lib/systemd/systemd-hostnamed
File size:	35040 bytes
MD5 hash:	2cc8a5576629a2d5bd98e49a4b8bef65

Chronological Activities

Analysis Process: dbus-daemon PID: 5707, Parent PID: 5706

General

Start time (UTC):	20:17:01
Start date (UTC):	28/12/2024
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: false PID: 5707, Parent PID: 5706

General

Start time (UTC):	20:17:01
Start date (UTC):	28/12/2024
Path:	/bin/false
Arguments:	/bin/false
File size:	39256 bytes
MD5 hash:	3177546c74e4f0062909eae43d948bfc

Chronological Activities

Analysis Process: systemd PID: 5733, Parent PID: 1

General

Start time (UTC):	20:17:05
Start date (UTC):	28/12/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: accounts-daemon PID: 5733, Parent PID: 1

General

Start time (UTC):	20:17:05
Start date (UTC):	28/12/2024
Path:	/usr/lib/accountsservice/accounts-daemon
Arguments:	/usr/lib/accountsservice/accounts-daemon
File size:	203192 bytes
MD5 hash:	01a899e3fb5e7e434bea1290255a1f30

Chronological Activities

Analysis Process: accounts-daemon PID: 5758, Parent PID: 5733

General

Start time (UTC):	20:17:07
Start date (UTC):	28/12/2024
Path:	/usr/lib/accountsservice/accounts-daemon
Arguments:	-
File size:	203192 bytes
MD5 hash:	01a899e3fb5e7e434bea1290255a1f30

Chronological Activities

Analysis Process: language-validate PID: 5758, Parent PID: 5733

General

Start time (UTC):	20:17:07
Start date (UTC):	28/12/2024
Path:	/usr/share/language-tools/language-validate
Arguments:	/usr/share/language-tools/language-validate en_US.UTF-8
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: language-validate PID: 5759, Parent PID: 5758

General

Start time (UTC):	20:17:07
Start date (UTC):	28/12/2024
Path:	/usr/share/language-tools/language-validate
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: language-options PID: 5759, Parent PID: 5758

General

Start time (UTC):	20:17:07
Start date (UTC):	28/12/2024
Path:	/usr/share/language-tools/language-options
Arguments:	/usr/share/language-tools/language-options
File size:	3478464 bytes
MD5 hash:	16a21f464119ea7fad1d3660de963637

Chronological Activities

Analysis Process: language-options PID: 5760, Parent PID: 5759

General

Start time (UTC):	20:17:08
Start date (UTC):	28/12/2024
Path:	/usr/share/language-tools/language-options
Arguments:	-
File size:	3478464 bytes
MD5 hash:	16a21f464119ea7fad1d3660de963637

Chronological Activities

Analysis Process: sh PID: 5760, Parent PID: 5759

General

Start time (UTC):	20:17:08
Start date (UTC):	28/12/2024
Path:	/bin/sh
Arguments:	sh -c "locale -a \| grep -F .utf8 "
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5762, Parent PID: 5760

General

Start time (UTC):	20:17:08
Start date (UTC):	28/12/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: locale PID: 5762, Parent PID: 5760

General

Start time (UTC):	20:17:08
Start date (UTC):	28/12/2024
Path:	/usr/bin/locale
Arguments:	locale -a
File size:	58944 bytes
MD5 hash:	c72a78792469db86d91369c9057f20d2

Chronological Activities

Analysis Process: sh PID: 5763, Parent PID: 5760

General

Start time (UTC):	20:17:08
Start date (UTC):	28/12/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: grep PID: 5763, Parent PID: 5760

General

Start time (UTC):	20:17:08
Start date (UTC):	28/12/2024
Path:	/usr/bin/grep
Arguments:	grep -F .utf8
File size:	199136 bytes
MD5 hash:	1e6ebb9dd094f774478f72727bdba0f5

Chronological Activities

Analysis Process: systemd PID: 5745, Parent PID: 1

General

Start time (UTC):	20:17:06
Start date (UTC):	28/12/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: colord PID: 5745, Parent PID: 1

General

Start time (UTC):	20:17:06
Start date (UTC):	28/12/2024
Path:	/usr/libexec/colord
Arguments:	/usr/libexec/colord
File size:	346632 bytes
MD5 hash:	70861d1b2818c9279cd4a5c9035dac1f

Chronological Activities

Analysis Process: colord PID: 5937, Parent PID: 5745

General

Start time (UTC):	20:17:14
Start date (UTC):	28/12/2024
Path:	/usr/libexec/colord
Arguments:	-
File size:	346632 bytes
MD5 hash:	70861d1b2818c9279cd4a5c9035dac1f

Chronological Activities

Analysis Process: colord-sane PID: 5937, Parent PID: 5745

General

Start time (UTC):	20:17:14
Start date (UTC):	28/12/2024
Path:	/usr/libexec/colord-sane
Arguments:	/usr/libexec/colord-sane
File size:	18736 bytes
MD5 hash:	5f98d754a07bf1385c3ff001cde3882e

Chronological Activities

Analysis Process: systemd PID: 5782, Parent PID: 1

General

Start time (UTC):	20:17:12
Start date (UTC):	28/12/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: systemd-localed PID: 5782, Parent PID: 1

General

Start time (UTC):	20:17:12
Start date (UTC):	28/12/2024
Path:	/lib/systemd/systemd-localed
Arguments:	/lib/systemd/systemd-localed
File size:	43232 bytes
MD5 hash:	1244af9646256d49594f2a8203329aa9

Chronological Activities

Analysis Process: gdm3 PID: 5933, Parent PID: 1289

General

Start time (UTC):	20:17:13
Start date (UTC):	28/12/2024
Path:	/usr/sbin/gdm3
Arguments:	-
File size:	453296 bytes
MD5 hash:	2492e2d8d34f9377e3e530a61a15674f

Chronological Activities

Analysis Process: Default PID: 5933, Parent PID: 1289

General

Start time (UTC):	20:17:13
Start date (UTC):	28/12/2024
Path:	/etc/gdm3/PrimeOff/Default
Arguments:	/etc/gdm3/PrimeOff/Default
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: gdm3 PID: 5936, Parent PID: 1289

General

Start time (UTC):	20:17:13
Start date (UTC):	28/12/2024
Path:	/usr/sbin/gdm3
Arguments:	-
File size:	453296 bytes
MD5 hash:	2492e2d8d34f9377e3e530a61a15674f

Chronological Activities

Analysis Process: Default PID: 5936, Parent PID: 1289

General

Start time (UTC):	20:17:13
Start date (UTC):	28/12/2024
Path:	/etc/gdm3/PrimeOff/Default
Arguments:	/etc/gdm3/PrimeOff/Default
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: gdm3 PID: 5938, Parent PID: 1289

General

Start time (UTC):	20:17:14
Start date (UTC):	28/12/2024
Path:	/usr/sbin/gdm3
Arguments:	-
File size:	453296 bytes
MD5 hash:	2492e2d8d34f9377e3e530a61a15674f

Chronological Activities

Analysis Process: gdm-session-worker PID: 5938, Parent PID: 1289

General

Start time (UTC):	20:17:14
Start date (UTC):	28/12/2024
Path:	/usr/lib/gdm3/gdm-session-worker
Arguments:	"gdm-session-worker [pam/gdm-launch-environment]"
File size:	293360 bytes
MD5 hash:	692243754bd9f38fe9bd7e230b5c060a

Chronological Activities

Analysis Process: gdm-session-worker PID: 5953, Parent PID: 5938

General

Start time (UTC):	20:17:17
Start date (UTC):	28/12/2024
Path:	/usr/lib/gdm3/gdm-session-worker
Arguments:	-
File size:	293360 bytes
MD5 hash:	692243754bd9f38fe9bd7e230b5c060a

Chronological Activities

Analysis Process: gdm-wayland-session PID: 5953, Parent PID: 5938

General

Start time (UTC):	20:17:17
Start date (UTC):	28/12/2024
Path:	/usr/lib/gdm3/gdm-wayland-session
Arguments:	/usr/lib/gdm3/gdm-wayland-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"
File size:	76368 bytes
MD5 hash:	d3def63cf1e83f7fb8a0f13b1744ff7c

Chronological Activities

Analysis Process: gdm-wayland-session PID: 5956, Parent PID: 5953

General

Start time (UTC):	20:17:18
Start date (UTC):	28/12/2024
Path:	/usr/lib/gdm3/gdm-wayland-session
Arguments:	-
File size:	76368 bytes
MD5 hash:	d3def63cf1e83f7fb8a0f13b1744ff7c

Chronological Activities

Analysis Process: dbus-run-session PID: 5956, Parent PID: 5953

General

Start time (UTC):	20:17:18
Start date (UTC):	28/12/2024
Path:	/usr/bin/dbus-run-session
Arguments:	dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart
File size:	14480 bytes
MD5 hash:	245f3ef6a268850b33b0225a8753b7f4

Chronological Activities

Analysis Process: dbus-run-session PID: 5957, Parent PID: 5956

General

Start time (UTC):	20:17:18
Start date (UTC):	28/12/2024
Path:	/usr/bin/dbus-run-session
Arguments:	-
File size:	14480 bytes
MD5 hash:	245f3ef6a268850b33b0225a8753b7f4

Chronological Activities

Analysis Process: dbus-daemon PID: 5957, Parent PID: 5956

General

Start time (UTC):	20:17:18
Start date (UTC):	28/12/2024
Path:	/usr/bin/dbus-daemon
Arguments:	dbus-daemon --nofork --print-address 4 --session
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: dbus-daemon PID: 5964, Parent PID: 5957

General

Start time (UTC):	20:17:20
Start date (UTC):	28/12/2024
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: dbus-daemon PID: 5965, Parent PID: 5964

General

Start time (UTC):	20:17:20
Start date (UTC):	28/12/2024
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: false PID: 5965, Parent PID: 5964

General

Start time (UTC):	20:17:20
Start date (UTC):	28/12/2024
Path:	/bin/false
Arguments:	/bin/false
File size:	39256 bytes
MD5 hash:	3177546c74e4f0062909eae43d948bfc

Chronological Activities

Analysis Process: dbus-daemon PID: 5967, Parent PID: 5957

General

Start time (UTC):	20:17:20
Start date (UTC):	28/12/2024
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: dbus-daemon PID: 5968, Parent PID: 5967

General

Start time (UTC):	20:17:20
Start date (UTC):	28/12/2024
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: false PID: 5968, Parent PID: 5967

General

Start time (UTC):	20:17:20
Start date (UTC):	28/12/2024
Path:	/bin/false
Arguments:	/bin/false
File size:	39256 bytes
MD5 hash:	3177546c74e4f0062909eae43d948bfc

Chronological Activities

Analysis Process: dbus-daemon PID: 5969, Parent PID: 5957

General

Start time (UTC):	20:17:21
Start date (UTC):	28/12/2024
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: dbus-daemon PID: 5970, Parent PID: 5969

General

Start time (UTC):	20:17:21
Start date (UTC):	28/12/2024
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: false PID: 5970, Parent PID: 5969

General

Start time (UTC):	20:17:21
Start date (UTC):	28/12/2024
Path:	/bin/false
Arguments:	/bin/false
File size:	39256 bytes
MD5 hash:	3177546c74e4f0062909eae43d948bfc

Chronological Activities

Analysis Process: dbus-daemon PID: 5971, Parent PID: 5957

General

Start time (UTC):	20:17:21
Start date (UTC):	28/12/2024
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: dbus-daemon PID: 5972, Parent PID: 5971

General

Start time (UTC):	20:17:21
Start date (UTC):	28/12/2024
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: false PID: 5972, Parent PID: 5971

General

Start time (UTC):	20:17:21
Start date (UTC):	28/12/2024
Path:	/bin/false
Arguments:	/bin/false
File size:	39256 bytes
MD5 hash:	3177546c74e4f0062909eae43d948bfc

Chronological Activities

Analysis Process: dbus-daemon PID: 5973, Parent PID: 5957

General

Start time (UTC):	20:17:21
Start date (UTC):	28/12/2024
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: dbus-daemon PID: 5974, Parent PID: 5973

General

Start time (UTC):	20:17:21
Start date (UTC):	28/12/2024
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: false PID: 5974, Parent PID: 5973

General

Start time (UTC):	20:17:21
Start date (UTC):	28/12/2024
Path:	/bin/false
Arguments:	/bin/false
File size:	39256 bytes
MD5 hash:	3177546c74e4f0062909eae43d948bfc

Chronological Activities

Analysis Process: dbus-daemon PID: 5975, Parent PID: 5957

General

Start time (UTC):	20:17:21
Start date (UTC):	28/12/2024
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: dbus-daemon PID: 5976, Parent PID: 5975

General

Start time (UTC):	20:17:21
Start date (UTC):	28/12/2024
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: false PID: 5976, Parent PID: 5975

General

Start time (UTC):	20:17:21
Start date (UTC):	28/12/2024
Path:	/bin/false
Arguments:	/bin/false
File size:	39256 bytes
MD5 hash:	3177546c74e4f0062909eae43d948bfc

Chronological Activities

Analysis Process: dbus-daemon PID: 5978, Parent PID: 5957

General

Start time (UTC):	20:17:22
Start date (UTC):	28/12/2024
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: dbus-daemon PID: 5979, Parent PID: 5978

General

Start time (UTC):	20:17:22
Start date (UTC):	28/12/2024
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: false PID: 5979, Parent PID: 5978

General

Start time (UTC):	20:17:22
Start date (UTC):	28/12/2024
Path:	/bin/false
Arguments:	/bin/false
File size:	39256 bytes
MD5 hash:	3177546c74e4f0062909eae43d948bfc

Chronological Activities

Analysis Process: dbus-run-session PID: 5959, Parent PID: 5956

General

Start time (UTC):	20:17:19
Start date (UTC):	28/12/2024
Path:	/usr/bin/dbus-run-session
Arguments:	-
File size:	14480 bytes
MD5 hash:	245f3ef6a268850b33b0225a8753b7f4

Chronological Activities

Analysis Process: gnome-session PID: 5959, Parent PID: 5956

General

Start time (UTC):	20:17:19
Start date (UTC):	28/12/2024
Path:	/usr/bin/gnome-session
Arguments:	gnome-session --autostart /usr/share/gdm/greeter/autostart
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: gnome-session-binary PID: 5959, Parent PID: 5956

General

Start time (UTC):	20:17:19
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gnome-session-binary
Arguments:	/usr/libexec/gnome-session-binary --systemd --autostart /usr/share/gdm/greeter/autostart
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Chronological Activities

Analysis Process: gnome-session-binary PID: 5980, Parent PID: 5959

General

Start time (UTC):	20:17:22
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Chronological Activities

Analysis Process: session-migration PID: 5980, Parent PID: 5959

General

Start time (UTC):	20:17:22
Start date (UTC):	28/12/2024
Path:	/usr/bin/session-migration
Arguments:	session-migration
File size:	22680 bytes
MD5 hash:	5227af42ebf14ac2fe2acddb002f68dc

Chronological Activities

Analysis Process: gnome-session-binary PID: 5981, Parent PID: 5959

General

Start time (UTC):	20:17:23
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Chronological Activities

Analysis Process: sh PID: 5981, Parent PID: 5959

General

Start time (UTC):	20:17:23
Start date (UTC):	28/12/2024
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: gnome-shell PID: 5981, Parent PID: 5959

General

Start time (UTC):	20:17:23
Start date (UTC):	28/12/2024
Path:	/usr/bin/gnome-shell
Arguments:	/usr/bin/gnome-shell
File size:	23168 bytes
MD5 hash:	da7a257239677622fe4b3a65972c9e87

Chronological Activities

Analysis Process: gdm3 PID: 5989, Parent PID: 1289

General

Start time (UTC):	20:17:26
Start date (UTC):	28/12/2024
Path:	/usr/sbin/gdm3
Arguments:	-
File size:	453296 bytes
MD5 hash:	2492e2d8d34f9377e3e530a61a15674f

Chronological Activities

Analysis Process: gdm-session-worker PID: 5989, Parent PID: 1289

General

Start time (UTC):	20:17:26
Start date (UTC):	28/12/2024
Path:	/usr/lib/gdm3/gdm-session-worker
Arguments:	"gdm-session-worker [pam/gdm-launch-environment]"
File size:	293360 bytes
MD5 hash:	692243754bd9f38fe9bd7e230b5c060a

Chronological Activities

Analysis Process: gdm-session-worker PID: 6014, Parent PID: 5989

General

Start time (UTC):	20:17:27
Start date (UTC):	28/12/2024
Path:	/usr/lib/gdm3/gdm-session-worker
Arguments:	-
File size:	293360 bytes
MD5 hash:	692243754bd9f38fe9bd7e230b5c060a

Chronological Activities

Analysis Process: gdm-x-session PID: 6014, Parent PID: 5989

General

Start time (UTC):	20:17:27
Start date (UTC):	28/12/2024
Path:	/usr/lib/gdm3/gdm-x-session
Arguments:	/usr/lib/gdm3/gdm-x-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"
File size:	96944 bytes
MD5 hash:	498a824333f1c1ec7767f4612d1887cc

Chronological Activities

Analysis Process: gdm-x-session PID: 6016, Parent PID: 6014

General

Start time (UTC):	20:17:27
Start date (UTC):	28/12/2024
Path:	/usr/lib/gdm3/gdm-x-session
Arguments:	-
File size:	96944 bytes
MD5 hash:	498a824333f1c1ec7767f4612d1887cc

Chronological Activities

Analysis Process: Xorg PID: 6016, Parent PID: 6014

General

Start time (UTC):	20:17:27
Start date (UTC):	28/12/2024
Path:	/usr/bin/Xorg
Arguments:	/usr/bin/Xorg vt1 -displayfd 3 -auth /run/user/127/gdm/Xauthority -background none -noreset -keeptty -verbose 3
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: Xorg.wrap PID: 6016, Parent PID: 6014

General

Start time (UTC):	20:17:27
Start date (UTC):	28/12/2024
Path:	/usr/lib/xorg/Xorg.wrap
Arguments:	/usr/lib/xorg/Xorg.wrap vt1 -displayfd 3 -auth /run/user/127/gdm/Xauthority -background none -noreset -keeptty -verbose 3
File size:	14488 bytes
MD5 hash:	48993830888200ecf19dd7def0884dfd

Chronological Activities

Analysis Process: Xorg PID: 6016, Parent PID: 6014

General

Start time (UTC):	20:17:27
Start date (UTC):	28/12/2024
Path:	/usr/lib/xorg/Xorg
Arguments:	/usr/lib/xorg/Xorg vt1 -displayfd 3 -auth /run/user/127/gdm/Xauthority -background none -noreset -keeptty -verbose 3
File size:	2448840 bytes
MD5 hash:	730cf4c45a7ee8bea88abf165463b7f8

Chronological Activities

Analysis Process: Xorg PID: 6026, Parent PID: 6016

General

Start time (UTC):	20:17:37
Start date (UTC):	28/12/2024
Path:	/usr/lib/xorg/Xorg
Arguments:	-
File size:	2448840 bytes
MD5 hash:	730cf4c45a7ee8bea88abf165463b7f8

Chronological Activities

Analysis Process: sh PID: 6026, Parent PID: 6016

General

Start time (UTC):	20:17:37
Start date (UTC):	28/12/2024
Path:	/bin/sh
Arguments:	sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 6027, Parent PID: 6026

General

Start time (UTC):	20:17:37
Start date (UTC):	28/12/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: xkbcomp PID: 6027, Parent PID: 6026

General

Start time (UTC):	20:17:37
Start date (UTC):	28/12/2024
Path:	/usr/bin/xkbcomp
Arguments:	/usr/bin/xkbcomp -w 1 -R/usr/share/X11/xkb -xkm - -em1 "The XKEYBOARD keymap compiler (xkbcomp) reports:" -emp "> " -eml "Errors from xkbcomp are not fatal to the X server" /tmp/server-0.xkm
File size:	217184 bytes
MD5 hash:	c5f953aec4c00d2a1cc27acb75d62c9b

Chronological Activities

Analysis Process: Xorg PID: 6289, Parent PID: 6016

General

Start time (UTC):	20:17:57
Start date (UTC):	28/12/2024
Path:	/usr/lib/xorg/Xorg
Arguments:	-
File size:	2448840 bytes
MD5 hash:	730cf4c45a7ee8bea88abf165463b7f8

Chronological Activities

Analysis Process: sh PID: 6289, Parent PID: 6016

General

Start time (UTC):	20:17:57
Start date (UTC):	28/12/2024
Path:	/bin/sh
Arguments:	sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 6292, Parent PID: 6289

General

Start time (UTC):	20:17:57
Start date (UTC):	28/12/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: xkbcomp PID: 6292, Parent PID: 6289

General

Start time (UTC):	20:17:57
Start date (UTC):	28/12/2024
Path:	/usr/bin/xkbcomp
Arguments:	/usr/bin/xkbcomp -w 1 -R/usr/share/X11/xkb -xkm - -em1 "The XKEYBOARD keymap compiler (xkbcomp) reports:" -emp "> " -eml "Errors from xkbcomp are not fatal to the X server" /tmp/server-0.xkm
File size:	217184 bytes
MD5 hash:	c5f953aec4c00d2a1cc27acb75d62c9b

Chronological Activities

Analysis Process: gdm-x-session PID: 6055, Parent PID: 6014

General

Start time (UTC):	20:17:40
Start date (UTC):	28/12/2024
Path:	/usr/lib/gdm3/gdm-x-session
Arguments:	-
File size:	96944 bytes
MD5 hash:	498a824333f1c1ec7767f4612d1887cc

Chronological Activities

Analysis Process: Default PID: 6055, Parent PID: 6014

General

Start time (UTC):	20:17:40
Start date (UTC):	28/12/2024
Path:	/etc/gdm3/Prime/Default
Arguments:	/etc/gdm3/Prime/Default
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: gdm-x-session PID: 6056, Parent PID: 6014

General

Start time (UTC):	20:17:40
Start date (UTC):	28/12/2024
Path:	/usr/lib/gdm3/gdm-x-session
Arguments:	-
File size:	96944 bytes
MD5 hash:	498a824333f1c1ec7767f4612d1887cc

Chronological Activities

Analysis Process: dbus-run-session PID: 6056, Parent PID: 6014

General

Start time (UTC):	20:17:40
Start date (UTC):	28/12/2024
Path:	/usr/bin/dbus-run-session
Arguments:	dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart
File size:	14480 bytes
MD5 hash:	245f3ef6a268850b33b0225a8753b7f4

Chronological Activities

Analysis Process: dbus-run-session PID: 6057, Parent PID: 6056

General

Start time (UTC):	20:17:40
Start date (UTC):	28/12/2024
Path:	/usr/bin/dbus-run-session
Arguments:	-
File size:	14480 bytes
MD5 hash:	245f3ef6a268850b33b0225a8753b7f4

Chronological Activities

Analysis Process: dbus-daemon PID: 6057, Parent PID: 6056

General

Start time (UTC):	20:17:40
Start date (UTC):	28/12/2024
Path:	/usr/bin/dbus-daemon
Arguments:	dbus-daemon --nofork --print-address 4 --session
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: dbus-daemon PID: 6072, Parent PID: 6057

General

Start time (UTC):	20:17:45
Start date (UTC):	28/12/2024
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: dbus-daemon PID: 6073, Parent PID: 6072

General

Start time (UTC):	20:17:45
Start date (UTC):	28/12/2024
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: at-spi-bus-launcher PID: 6073, Parent PID: 6072

General

Start time (UTC):	20:17:45
Start date (UTC):	28/12/2024
Path:	/usr/libexec/at-spi-bus-launcher
Arguments:	/usr/libexec/at-spi-bus-launcher
File size:	27008 bytes
MD5 hash:	1563f274acd4e7ba530a55bdc4c95682

Chronological Activities

Analysis Process: at-spi-bus-launcher PID: 6078, Parent PID: 6073

General

Start time (UTC):	20:17:45
Start date (UTC):	28/12/2024
Path:	/usr/libexec/at-spi-bus-launcher
Arguments:	-
File size:	27008 bytes
MD5 hash:	1563f274acd4e7ba530a55bdc4c95682

Chronological Activities

Analysis Process: dbus-daemon PID: 6078, Parent PID: 6073

General

Start time (UTC):	20:17:45
Start date (UTC):	28/12/2024
Path:	/usr/bin/dbus-daemon
Arguments:	/usr/bin/dbus-daemon --config-file=/usr/share/defaults/at-spi2/accessibility.conf --nofork --print-address 3
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: dbus-daemon PID: 6407, Parent PID: 6078

General

Start time (UTC):	20:18:00
Start date (UTC):	28/12/2024
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: dbus-daemon PID: 6408, Parent PID: 6407

General

Start time (UTC):	20:18:00
Start date (UTC):	28/12/2024
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: at-spi2-registryd PID: 6408, Parent PID: 6407

General

Start time (UTC):	20:18:00
Start date (UTC):	28/12/2024
Path:	/usr/libexec/at-spi2-registryd
Arguments:	/usr/libexec/at-spi2-registryd --use-gnome-session
File size:	100224 bytes
MD5 hash:	1d904c2693452edebc7ede3a9e24d440

Chronological Activities

Analysis Process: dbus-daemon PID: 6099, Parent PID: 6057

General

Start time (UTC):	20:17:47
Start date (UTC):	28/12/2024
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: dbus-daemon PID: 6100, Parent PID: 6099

General

Start time (UTC):	20:17:47
Start date (UTC):	28/12/2024
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: false PID: 6100, Parent PID: 6099

General

Start time (UTC):	20:17:47
Start date (UTC):	28/12/2024
Path:	/bin/false
Arguments:	/bin/false
File size:	39256 bytes
MD5 hash:	3177546c74e4f0062909eae43d948bfc

Chronological Activities

Analysis Process: dbus-daemon PID: 6102, Parent PID: 6057

General

Start time (UTC):	20:17:47
Start date (UTC):	28/12/2024
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: dbus-daemon PID: 6103, Parent PID: 6102

General

Start time (UTC):	20:17:47
Start date (UTC):	28/12/2024
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: false PID: 6103, Parent PID: 6102

General

Start time (UTC):	20:17:47
Start date (UTC):	28/12/2024
Path:	/bin/false
Arguments:	/bin/false
File size:	39256 bytes
MD5 hash:	3177546c74e4f0062909eae43d948bfc

Chronological Activities

Analysis Process: dbus-daemon PID: 6104, Parent PID: 6057

General

Start time (UTC):	20:17:47
Start date (UTC):	28/12/2024
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: dbus-daemon PID: 6105, Parent PID: 6104

General

Start time (UTC):	20:17:47
Start date (UTC):	28/12/2024
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: false PID: 6105, Parent PID: 6104

General

Start time (UTC):	20:17:47
Start date (UTC):	28/12/2024
Path:	/bin/false
Arguments:	/bin/false
File size:	39256 bytes
MD5 hash:	3177546c74e4f0062909eae43d948bfc

Chronological Activities

Analysis Process: dbus-daemon PID: 6106, Parent PID: 6057

General

Start time (UTC):	20:17:47
Start date (UTC):	28/12/2024
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: dbus-daemon PID: 6107, Parent PID: 6106

General

Start time (UTC):	20:17:47
Start date (UTC):	28/12/2024
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: false PID: 6107, Parent PID: 6106

General

Start time (UTC):	20:17:47
Start date (UTC):	28/12/2024
Path:	/bin/false
Arguments:	/bin/false
File size:	39256 bytes
MD5 hash:	3177546c74e4f0062909eae43d948bfc

Chronological Activities

Analysis Process: dbus-daemon PID: 6108, Parent PID: 6057

General

Start time (UTC):	20:17:47
Start date (UTC):	28/12/2024
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: dbus-daemon PID: 6109, Parent PID: 6108

General

Start time (UTC):	20:17:47
Start date (UTC):	28/12/2024
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: false PID: 6109, Parent PID: 6108

General

Start time (UTC):	20:17:47
Start date (UTC):	28/12/2024
Path:	/bin/false
Arguments:	/bin/false
File size:	39256 bytes
MD5 hash:	3177546c74e4f0062909eae43d948bfc

Chronological Activities

Analysis Process: dbus-daemon PID: 6110, Parent PID: 6057

General

Start time (UTC):	20:17:47
Start date (UTC):	28/12/2024
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: dbus-daemon PID: 6111, Parent PID: 6110

General

Start time (UTC):	20:17:47
Start date (UTC):	28/12/2024
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: false PID: 6111, Parent PID: 6110

General

Start time (UTC):	20:17:47
Start date (UTC):	28/12/2024
Path:	/bin/false
Arguments:	/bin/false
File size:	39256 bytes
MD5 hash:	3177546c74e4f0062909eae43d948bfc

Chronological Activities

Analysis Process: dbus-daemon PID: 6113, Parent PID: 6057

General

Start time (UTC):	20:17:48
Start date (UTC):	28/12/2024
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: dbus-daemon PID: 6114, Parent PID: 6113

General

Start time (UTC):	20:17:48
Start date (UTC):	28/12/2024
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: false PID: 6114, Parent PID: 6113

General

Start time (UTC):	20:17:48
Start date (UTC):	28/12/2024
Path:	/bin/false
Arguments:	/bin/false
File size:	39256 bytes
MD5 hash:	3177546c74e4f0062909eae43d948bfc

Chronological Activities

Analysis Process: dbus-daemon PID: 6290, Parent PID: 6057

General

Start time (UTC):	20:17:57
Start date (UTC):	28/12/2024
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: dbus-daemon PID: 6291, Parent PID: 6290

General

Start time (UTC):	20:17:57
Start date (UTC):	28/12/2024
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: ibus-portal PID: 6291, Parent PID: 6290

General

Start time (UTC):	20:17:57
Start date (UTC):	28/12/2024
Path:	/usr/libexec/ibus-portal
Arguments:	/usr/libexec/ibus-portal
File size:	92536 bytes
MD5 hash:	562ad55bd9a4d54bd7b76746b01e37d3

Chronological Activities

Analysis Process: dbus-daemon PID: 6413, Parent PID: 6057

General

Start time (UTC):	20:18:00
Start date (UTC):	28/12/2024
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: dbus-daemon PID: 6414, Parent PID: 6413

General

Start time (UTC):	20:18:00
Start date (UTC):	28/12/2024
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: gjs PID: 6414, Parent PID: 6413

General

Start time (UTC):	20:18:00
Start date (UTC):	28/12/2024
Path:	/usr/bin/gjs
Arguments:	/usr/bin/gjs /usr/share/gnome-shell/org.gnome.Shell.Notifications
File size:	23128 bytes
MD5 hash:	5f3eceb792bb65c22f23d1efb4fde3ad

Chronological Activities

Analysis Process: dbus-daemon PID: 6472, Parent PID: 6057

General

Start time (UTC):	20:18:09
Start date (UTC):	28/12/2024
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: dbus-daemon PID: 6473, Parent PID: 6472

General

Start time (UTC):	20:18:09
Start date (UTC):	28/12/2024
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: false PID: 6473, Parent PID: 6472

General

Start time (UTC):	20:18:09
Start date (UTC):	28/12/2024
Path:	/bin/false
Arguments:	/bin/false
File size:	39256 bytes
MD5 hash:	3177546c74e4f0062909eae43d948bfc

Chronological Activities

Analysis Process: dbus-run-session PID: 6058, Parent PID: 6056

General

Start time (UTC):	20:17:41
Start date (UTC):	28/12/2024
Path:	/usr/bin/dbus-run-session
Arguments:	-
File size:	14480 bytes
MD5 hash:	245f3ef6a268850b33b0225a8753b7f4

Chronological Activities

Analysis Process: gnome-session PID: 6058, Parent PID: 6056

General

Start time (UTC):	20:17:41
Start date (UTC):	28/12/2024
Path:	/usr/bin/gnome-session
Arguments:	gnome-session --autostart /usr/share/gdm/greeter/autostart
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: gnome-session-binary PID: 6058, Parent PID: 6056

General

Start time (UTC):	20:17:41
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gnome-session-binary
Arguments:	/usr/libexec/gnome-session-binary --systemd --autostart /usr/share/gdm/greeter/autostart
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Chronological Activities

Analysis Process: gnome-session-binary PID: 6059, Parent PID: 6058

General

Start time (UTC):	20:17:41
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Chronological Activities

Analysis Process: gnome-session-check-accelerated PID: 6059, Parent PID: 6058

General

Start time (UTC):	20:17:41
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gnome-session-check-accelerated
Arguments:	/usr/libexec/gnome-session-check-accelerated
File size:	18752 bytes
MD5 hash:	a64839518af85b2b9de31aca27646396

Chronological Activities

Analysis Process: gnome-session-check-accelerated PID: 6079, Parent PID: 6059

General

Start time (UTC):	20:17:46
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gnome-session-check-accelerated
Arguments:	-
File size:	18752 bytes
MD5 hash:	a64839518af85b2b9de31aca27646396

Chronological Activities

Analysis Process: gnome-session-check-accelerated-gl-helper PID: 6079, Parent PID: 6059

General

Start time (UTC):	20:17:46
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gnome-session-check-accelerated-gl-helper
Arguments:	/usr/libexec/gnome-session-check-accelerated-gl-helper --print-renderer
File size:	22920 bytes
MD5 hash:	b1ab9a384f9e98a39ae5c36037dd5e78

Chronological Activities

Analysis Process: gnome-session-check-accelerated PID: 6088, Parent PID: 6059

General

Start time (UTC):	20:17:46
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gnome-session-check-accelerated
Arguments:	-
File size:	18752 bytes
MD5 hash:	a64839518af85b2b9de31aca27646396

Chronological Activities

Analysis Process: gnome-session-check-accelerated-gles-helper PID: 6088, Parent PID: 6059

General

Start time (UTC):	20:17:46
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gnome-session-check-accelerated-gles-helper
Arguments:	/usr/libexec/gnome-session-check-accelerated-gles-helper --print-renderer
File size:	14728 bytes
MD5 hash:	1bd78885765a18e60c05ed1fb5fa3bf8

Chronological Activities

Analysis Process: gnome-session-binary PID: 6115, Parent PID: 6058

General

Start time (UTC):	20:17:48
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Chronological Activities

Analysis Process: session-migration PID: 6115, Parent PID: 6058

General

Start time (UTC):	20:17:48
Start date (UTC):	28/12/2024
Path:	/usr/bin/session-migration
Arguments:	session-migration
File size:	22680 bytes
MD5 hash:	5227af42ebf14ac2fe2acddb002f68dc

Chronological Activities

Analysis Process: gnome-session-binary PID: 6116, Parent PID: 6058

General

Start time (UTC):	20:17:48
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Chronological Activities

Analysis Process: sh PID: 6116, Parent PID: 6058

General

Start time (UTC):	20:17:48
Start date (UTC):	28/12/2024
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: gnome-shell PID: 6116, Parent PID: 6058

General

Start time (UTC):	20:17:48
Start date (UTC):	28/12/2024
Path:	/usr/bin/gnome-shell
Arguments:	/usr/bin/gnome-shell
File size:	23168 bytes
MD5 hash:	da7a257239677622fe4b3a65972c9e87

Chronological Activities

Analysis Process: gnome-shell PID: 6282, Parent PID: 6116

General

Start time (UTC):	20:17:56
Start date (UTC):	28/12/2024
Path:	/usr/bin/gnome-shell
Arguments:	-
File size:	23168 bytes
MD5 hash:	da7a257239677622fe4b3a65972c9e87

Analysis Process: ibus-daemon PID: 6282, Parent PID: 6116

General

Start time (UTC):	20:17:56
Start date (UTC):	28/12/2024
Path:	/usr/bin/ibus-daemon
Arguments:	ibus-daemon --panel disable --xim
File size:	199088 bytes
MD5 hash:	1e00fb9860b198c73f6e364e3ff16f31

Analysis Process: ibus-daemon PID: 6285, Parent PID: 6282

General

Start time (UTC):	20:17:57
Start date (UTC):	28/12/2024
Path:	/usr/bin/ibus-daemon
Arguments:	-
File size:	199088 bytes
MD5 hash:	1e00fb9860b198c73f6e364e3ff16f31

Analysis Process: ibus-memconf PID: 6285, Parent PID: 6282

General

Start time (UTC):	20:17:57
Start date (UTC):	28/12/2024
Path:	/usr/libexec/ibus-memconf
Arguments:	/usr/libexec/ibus-memconf
File size:	22904 bytes
MD5 hash:	523e939905910d06598e66385761a822

Analysis Process: ibus-daemon PID: 6287, Parent PID: 6282

General

Start time (UTC):	20:17:57
Start date (UTC):	28/12/2024
Path:	/usr/bin/ibus-daemon
Arguments:	-
File size:	199088 bytes
MD5 hash:	1e00fb9860b198c73f6e364e3ff16f31

Analysis Process: ibus-daemon PID: 6288, Parent PID: 6287

General

Start time (UTC):	20:17:57
Start date (UTC):	28/12/2024
Path:	/usr/bin/ibus-daemon
Arguments:	-
File size:	199088 bytes
MD5 hash:	1e00fb9860b198c73f6e364e3ff16f31

Analysis Process: ibus-x11 PID: 6288, Parent PID: 1

General

Start time (UTC):	20:17:57
Start date (UTC):	28/12/2024
Path:	/usr/libexec/ibus-x11
Arguments:	/usr/libexec/ibus-x11 --kill-daemon
File size:	100352 bytes
MD5 hash:	2aa1e54666191243814c2733d6992dbd

Analysis Process: ibus-daemon PID: 6451, Parent PID: 6282

General

Start time (UTC):	20:18:06
Start date (UTC):	28/12/2024
Path:	/usr/bin/ibus-daemon
Arguments:	-
File size:	199088 bytes
MD5 hash:	1e00fb9860b198c73f6e364e3ff16f31

Analysis Process: ibus-engine-simple PID: 6451, Parent PID: 6282

General

Start time (UTC):	20:18:06
Start date (UTC):	28/12/2024
Path:	/usr/libexec/ibus-engine-simple
Arguments:	/usr/libexec/ibus-engine-simple
File size:	14712 bytes
MD5 hash:	0238866d5e8802a0ce1b1b9af8cb1376

Analysis Process: gnome-session-binary PID: 6431, Parent PID: 6058

General

Start time (UTC):	20:18:03
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Analysis Process: sh PID: 6431, Parent PID: 6058

General

Start time (UTC):	20:18:03
Start date (UTC):	28/12/2024
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: gsd-sharing PID: 6431, Parent PID: 6058

General

Start time (UTC):	20:18:03
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gsd-sharing
Arguments:	/usr/libexec/gsd-sharing
File size:	35424 bytes
MD5 hash:	e29d9025d98590fbb69f89fdbd4438b3

Analysis Process: gnome-session-binary PID: 6433, Parent PID: 6058

General

Start time (UTC):	20:18:03
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Analysis Process: sh PID: 6433, Parent PID: 6058

General

Start time (UTC):	20:18:03
Start date (UTC):	28/12/2024
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-wacom
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: gsd-wacom PID: 6433, Parent PID: 6058

General

Start time (UTC):	20:18:03
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gsd-wacom
Arguments:	/usr/libexec/gsd-wacom
File size:	39520 bytes
MD5 hash:	13778dd1a23a4e94ddc17ac9caa4fcc1

Analysis Process: gnome-session-binary PID: 6435, Parent PID: 6058

General

Start time (UTC):	20:18:03
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Analysis Process: sh PID: 6435, Parent PID: 6058

General

Start time (UTC):	20:18:03
Start date (UTC):	28/12/2024
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-color
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: gsd-color PID: 6435, Parent PID: 6058

General

Start time (UTC):	20:18:03
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gsd-color
Arguments:	/usr/libexec/gsd-color
File size:	92832 bytes
MD5 hash:	ac2861ad93ce047283e8e87cefef9a19

Analysis Process: gnome-session-binary PID: 6436, Parent PID: 6058

General

Start time (UTC):	20:18:03
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Analysis Process: sh PID: 6436, Parent PID: 6058

General

Start time (UTC):	20:18:03
Start date (UTC):	28/12/2024
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-keyboard
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: gsd-keyboard PID: 6436, Parent PID: 6058

General

Start time (UTC):	20:18:04
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gsd-keyboard
Arguments:	/usr/libexec/gsd-keyboard
File size:	39760 bytes
MD5 hash:	8e288fd17c80bb0a1148b964b2ac2279

Analysis Process: gnome-session-binary PID: 6437, Parent PID: 6058

General

Start time (UTC):	20:18:03
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Analysis Process: sh PID: 6437, Parent PID: 6058

General

Start time (UTC):	20:18:04
Start date (UTC):	28/12/2024
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: gsd-print-notifications PID: 6437, Parent PID: 6058

General

Start time (UTC):	20:18:04
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gsd-print-notifications
Arguments:	/usr/libexec/gsd-print-notifications
File size:	51840 bytes
MD5 hash:	71539698aa691718cee775d6b9450ae2

Analysis Process: gsd-print-notifications PID: 6474, Parent PID: 6437

General

Start time (UTC):	20:18:09
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gsd-print-notifications
Arguments:	-
File size:	51840 bytes
MD5 hash:	71539698aa691718cee775d6b9450ae2

Analysis Process: gsd-print-notifications PID: 6476, Parent PID: 6474

General

Start time (UTC):	20:18:09
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gsd-print-notifications
Arguments:	-
File size:	51840 bytes
MD5 hash:	71539698aa691718cee775d6b9450ae2

Analysis Process: gsd-printer PID: 6476, Parent PID: 1

General

Start time (UTC):	20:18:10
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gsd-printer
Arguments:	/usr/libexec/gsd-printer
File size:	31120 bytes
MD5 hash:	7995828cf98c315fd55f2ffb3b22384d

Analysis Process: gnome-session-binary PID: 6438, Parent PID: 6058

General

Start time (UTC):	20:18:04
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Analysis Process: sh PID: 6438, Parent PID: 6058

General

Start time (UTC):	20:18:04
Start date (UTC):	28/12/2024
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: gsd-rfkill PID: 6438, Parent PID: 6058

General

Start time (UTC):	20:18:04
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gsd-rfkill
Arguments:	/usr/libexec/gsd-rfkill
File size:	51808 bytes
MD5 hash:	88a16a3c0aba1759358c06215ecfb5cc

Analysis Process: gnome-session-binary PID: 6439, Parent PID: 6058

General

Start time (UTC):	20:18:04
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Analysis Process: sh PID: 6439, Parent PID: 6058

General

Start time (UTC):	20:18:04
Start date (UTC):	28/12/2024
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-smartcard
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: gsd-smartcard PID: 6439, Parent PID: 6058

General

Start time (UTC):	20:18:04
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gsd-smartcard
Arguments:	/usr/libexec/gsd-smartcard
File size:	109152 bytes
MD5 hash:	ea1fbd7f62e4cd0331eae2ef754ee605

Analysis Process: gnome-session-binary PID: 6441, Parent PID: 6058

General

Start time (UTC):	20:18:04
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Analysis Process: sh PID: 6441, Parent PID: 6058

General

Start time (UTC):	20:18:05
Start date (UTC):	28/12/2024
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-datetime
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: gsd-datetime PID: 6441, Parent PID: 6058

General

Start time (UTC):	20:18:05
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gsd-datetime
Arguments:	/usr/libexec/gsd-datetime
File size:	76736 bytes
MD5 hash:	d80d39745740de37d6634d36e344d4bc

Analysis Process: gnome-session-binary PID: 6444, Parent PID: 6058

General

Start time (UTC):	20:18:05
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Analysis Process: sh PID: 6444, Parent PID: 6058

General

Start time (UTC):	20:18:05
Start date (UTC):	28/12/2024
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-media-keys
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: gsd-media-keys PID: 6444, Parent PID: 6058

General

Start time (UTC):	20:18:05
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gsd-media-keys
Arguments:	/usr/libexec/gsd-media-keys
File size:	232936 bytes
MD5 hash:	a425448c135afb4b8bfd79cc0b6b74da

Analysis Process: gnome-session-binary PID: 6445, Parent PID: 6058

General

Start time (UTC):	20:18:05
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Analysis Process: sh PID: 6445, Parent PID: 6058

General

Start time (UTC):	20:18:05
Start date (UTC):	28/12/2024
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-screensaver-proxy
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: gsd-screensaver-proxy PID: 6445, Parent PID: 6058

General

Start time (UTC):	20:18:06
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gsd-screensaver-proxy
Arguments:	/usr/libexec/gsd-screensaver-proxy
File size:	27232 bytes
MD5 hash:	77e309450c87dceee43f1a9e50cc0d02

Analysis Process: gnome-session-binary PID: 6449, Parent PID: 6058

General

Start time (UTC):	20:18:05
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Analysis Process: sh PID: 6449, Parent PID: 6058

General

Start time (UTC):	20:18:06
Start date (UTC):	28/12/2024
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sound
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: gsd-sound PID: 6449, Parent PID: 6058

General

Start time (UTC):	20:18:06
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gsd-sound
Arguments:	/usr/libexec/gsd-sound
File size:	31248 bytes
MD5 hash:	4c7d3fb993463337b4a0eb5c80c760ee

Analysis Process: gnome-session-binary PID: 6453, Parent PID: 6058

General

Start time (UTC):	20:18:06
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Analysis Process: sh PID: 6453, Parent PID: 6058

General

Start time (UTC):	20:18:06
Start date (UTC):	28/12/2024
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-a11y-settings
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: gsd-a11y-settings PID: 6453, Parent PID: 6058

General

Start time (UTC):	20:18:06
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gsd-a11y-settings
Arguments:	/usr/libexec/gsd-a11y-settings
File size:	23056 bytes
MD5 hash:	18e243d2cf30ecee7ea89d1462725c5c

Analysis Process: gnome-session-binary PID: 6455, Parent PID: 6058

General

Start time (UTC):	20:18:06
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Analysis Process: sh PID: 6455, Parent PID: 6058

General

Start time (UTC):	20:18:07
Start date (UTC):	28/12/2024
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-housekeeping
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: gsd-housekeeping PID: 6455, Parent PID: 6058

General

Start time (UTC):	20:18:07
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gsd-housekeeping
Arguments:	/usr/libexec/gsd-housekeeping
File size:	51840 bytes
MD5 hash:	b55f3394a84976ddb92a2915e5d76914

Analysis Process: gnome-session-binary PID: 6458, Parent PID: 6058

General

Start time (UTC):	20:18:07
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Analysis Process: sh PID: 6458, Parent PID: 6058

General

Start time (UTC):	20:18:07
Start date (UTC):	28/12/2024
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-power
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: gsd-power PID: 6458, Parent PID: 6058

General

Start time (UTC):	20:18:07
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gsd-power
Arguments:	/usr/libexec/gsd-power
File size:	88672 bytes
MD5 hash:	28b8e1b43c3e7f1db6741ea1ecd978b7

Analysis Process: gnome-session-binary PID: 6806, Parent PID: 6058

General

Start time (UTC):	20:18:23
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Analysis Process: sh PID: 6806, Parent PID: 6058

General

Start time (UTC):	20:18:23
Start date (UTC):	28/12/2024
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/spice-vdagent
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: spice-vdagent PID: 6806, Parent PID: 6058

General

Start time (UTC):	20:18:23
Start date (UTC):	28/12/2024
Path:	/usr/bin/spice-vdagent
Arguments:	/usr/bin/spice-vdagent
File size:	80664 bytes
MD5 hash:	80fb7f613aa78d1b8a229dbcf4577a9d

Analysis Process: gnome-session-binary PID: 6808, Parent PID: 6058

General

Start time (UTC):	20:18:24
Start date (UTC):	28/12/2024
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Analysis Process: sh PID: 6808, Parent PID: 6058

General

Start time (UTC):	20:18:24
Start date (UTC):	28/12/2024
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh xbrlapi -q
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: xbrlapi PID: 6808, Parent PID: 6058

General

Start time (UTC):	20:18:25
Start date (UTC):	28/12/2024
Path:	/usr/bin/xbrlapi
Arguments:	xbrlapi -q
File size:	166384 bytes
MD5 hash:	0cfe25df39d38af32d6265ed947ca5b9

Analysis Process: gdm3 PID: 5990, Parent PID: 1289

General

Start time (UTC):	20:17:26
Start date (UTC):	28/12/2024
Path:	/usr/sbin/gdm3
Arguments:	-
File size:	453296 bytes
MD5 hash:	2492e2d8d34f9377e3e530a61a15674f

Analysis Process: Default PID: 5990, Parent PID: 1289

General

Start time (UTC):	20:17:26
Start date (UTC):	28/12/2024
Path:	/etc/gdm3/PrimeOff/Default
Arguments:	/etc/gdm3/PrimeOff/Default
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: gdm3 PID: 6011, Parent PID: 1289

General

Start time (UTC):	20:17:26
Start date (UTC):	28/12/2024
Path:	/usr/sbin/gdm3
Arguments:	-
File size:	453296 bytes
MD5 hash:	2492e2d8d34f9377e3e530a61a15674f

Analysis Process: Default PID: 6011, Parent PID: 1289

General

Start time (UTC):	20:17:26
Start date (UTC):	28/12/2024
Path:	/etc/gdm3/PrimeOff/Default
Arguments:	/etc/gdm3/PrimeOff/Default
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: systemd PID: 6138, Parent PID: 1

General

Start time (UTC):	20:17:56
Start date (UTC):	28/12/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Analysis Process: systemd-localed PID: 6138, Parent PID: 1

General

Start time (UTC):	20:17:56
Start date (UTC):	28/12/2024
Path:	/lib/systemd/systemd-localed
Arguments:	/lib/systemd/systemd-localed
File size:	43232 bytes
MD5 hash:	1244af9646256d49594f2a8203329aa9

Analysis Process: systemd PID: 6299, Parent PID: 1299

General

Start time (UTC):	20:17:59
Start date (UTC):	28/12/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Analysis Process: pulseaudio PID: 6299, Parent PID: 1299

General

Start time (UTC):	20:17:59
Start date (UTC):	28/12/2024
Path:	/usr/bin/pulseaudio
Arguments:	/usr/bin/pulseaudio --daemonize=no --log-target=journal
File size:	100832 bytes
MD5 hash:	0c3b4c789d8ffb12b25507f27e14c186

Analysis Process: systemd PID: 6301, Parent PID: 1

General

Start time (UTC):	20:17:59
Start date (UTC):	28/12/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Analysis Process: geoclue PID: 6301, Parent PID: 1

General

Start time (UTC):	20:17:59
Start date (UTC):	28/12/2024
Path:	/usr/libexec/geoclue
Arguments:	/usr/libexec/geoclue
File size:	301544 bytes
MD5 hash:	30ac5455f3c598dde91dc87477fb19f7

Analysis Process: systemd PID: 6411, Parent PID: 1

General

Start time (UTC):	20:18:00
Start date (UTC):	28/12/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Analysis Process: rtkit-daemon PID: 6411, Parent PID: 1

General

Start time (UTC):	20:18:00
Start date (UTC):	28/12/2024
Path:	/usr/libexec/rtkit-daemon
Arguments:	/usr/libexec/rtkit-daemon
File size:	68096 bytes
MD5 hash:	df0cacf1db4ec95ac70f5b6e06b8ffd7

Analysis Process: systemd PID: 6477, Parent PID: 1

General

Start time (UTC):	20:18:09
Start date (UTC):	28/12/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Analysis Process: systemd-hostnamed PID: 6477, Parent PID: 1

General

Start time (UTC):	20:18:09
Start date (UTC):	28/12/2024
Path:	/lib/systemd/systemd-hostnamed
Arguments:	/lib/systemd/systemd-hostnamed
File size:	35040 bytes
MD5 hash:	2cc8a5576629a2d5bd98e49a4b8bef65

Analysis Process: systemd PID: 6676, Parent PID: 1

General

Start time (UTC):	20:18:20
Start date (UTC):	28/12/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Analysis Process: fprintd PID: 6676, Parent PID: 1

General

Start time (UTC):	20:18:20
Start date (UTC):	28/12/2024
Path:	/usr/libexec/fprintd
Arguments:	/usr/libexec/fprintd
File size:	125312 bytes
MD5 hash:	b0d8829f05cd028529b84b061b660e84

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file or directory permissions/attributes to evade access control lists (ACLs) and access protected files.File and directory permissions are commonly managed by ACLs configured by the file or directory owner, or users with the appropriate permissions. File and directory ACL implementations vary by platform, but generally explicitly designate which users or groups can perform which actions (read, write, execute, etc.).
Tactics:	Defense Evasion
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, File: File Metadata, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete or modify artifacts generated within systems to remove evidence of their presence or hinder defenses. Various artifacts may be created by an adversary or something that can be attributed to an adversary’s actions. Typically these artifacts are used as defensive indicators related to monitored events, such as strings from downloaded files, logs that are generated from user actions, and other data analyzed by defenders. Location, format, and type of artifact (such as command or login history) are often specific to each platform.
Tactics:	Defense Evasion
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Deletion, File: File Metadata, File: File Modification, Firewall: Firewall Rule Modification, Network Traffic: Network Traffic Content, Process: OS API Execution, Process: Process Creation, Scheduled Job: Scheduled Job Modification, User Account: User Account Authentication, User Account: User Account Deletion, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, Google Workspace, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may stop or disable services on a system to render those services unavailable to legitimate users. Stopping critical services or processes can inhibit or stop response to an incident or aid in the adversary's overall objectives to cause damage to the environment.
Tactics:	Impact
Data Sources:	Command: Command Execution, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Termination, Service: Service Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report x86_64.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Malware Threat Intel

Yara Signatures

Initial Sample

Memory Dumps

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Bitcoin Miner

Networking

System Summary

Persistence and Installation Behavior

Malware Analysis System Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

/proc/5965/oom_score_adj

/proc/5968/oom_score_adj

/proc/5970/oom_score_adj

/proc/5972/oom_score_adj

/proc/5974/oom_score_adj

/proc/5976/oom_score_adj

/proc/5979/oom_score_adj

/proc/6073/oom_score_adj

/proc/6100/oom_score_adj

/proc/6103/oom_score_adj

/proc/6105/oom_score_adj

/proc/6107/oom_score_adj

/proc/6109/oom_score_adj

/proc/6111/oom_score_adj

/proc/6114/oom_score_adj

/proc/6291/oom_score_adj

/proc/6408/oom_score_adj

/proc/6414/oom_score_adj

/proc/6473/oom_score_adj

/run/user/127/ICEauthority

/run/user/127/dconf/user

/run/user/127/gdm/Xauthority

/run/user/127/pulse/pid

/tmp/server-0.xkm

/var/lib/AccountsService/users/gdm.464LZ2

/var/lib/AccountsService/users/gdm.GEKZZ2

/var/lib/gdm3/.config/ibus/bus/ee49dfd4fa47433baee88884e2d7de7c-unix-0

/var/lib/gdm3/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-sink

Linux Analysis Report
x86_64.elf