Edit tour

Linux Analysis Report
wrjkngh4.elf

Overview

General Information

Sample name:	wrjkngh4.elf
Analysis ID:	1585051
MD5:	ba0dff6489cdd0b797968fe5e7d4dba1
SHA1:	84e6f3cbf9c7be24def18289c8600fc52f83a52e
SHA256:	b6d784ecc666b8316490eaffc564e994685f2b52f3516734ca8fe665c82c0c35
Tags:	elfuser-abuse_ch
Infos:

Detection

Score:	68
Range:	0 - 100
Whitelisted:	false

Signatures

Multi AV Scanner detection for submitted file

Reads system files that contain records of logged in users

Sample deletes itself

Sample reads /proc/mounts (often used for finding a writable filesystem)

Sample tries to kill multiple processes (SIGKILL)

Sends malformed DNS queries

Creates hidden files and/or directories

Deletes log files

Detected TCP or UDP traffic on non-standard ports

Enumerates processes within the "proc" file system

Executes commands using a shell command-line interpreter

Executes the "grep" command used to find patterns in files or piped streams

Executes the "kill" or "pkill" command typically used to terminate processes

Found strings indicative of a multi-platform dropper

Reads CPU information from /sys indicative of miner or evasive malware

Reads system information from the proc file system

Reads system version information

Reads the 'hosts' file potentially containing internal network hosts

Sample has stripped symbol table

Sample listens on a socket

Sample tries to kill a process (SIGKILL)

Sample tries to set the executable flag

Sleeps for long times indicative of sandbox evasion

Uses the "uname" system call to query kernel version information (possible evasion)

Classification

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1585051
Start date and time:	2025-01-07 01:22:43 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 28s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	wrjkngh4.elf
Detection:	MAL
Classification:	mal68.spre.troj.evad.linELF@0/178@116/0

Warnings

Connection to analysis system has been lost, crash info: Unknown
Report size exceeded maximum capacity and may have missing behavior information.
VT rate limit hit for: http://wiki.x.org
VT rate limit hit for: https://www.rsyslog.com

Runtime Messages

Command:	/tmp/wrjkngh4.elf
PID:	5817
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	about to cum inside a femboy btw
Standard Error:

Process Tree

system is lnxubuntu20

wrjkngh4.elf (PID: 5817, Parent: 5745, MD5: 8943e5f8f8c280467b4472c15ae93ba9) Arguments: /tmp/wrjkngh4.elf

wrjkngh4.elf New Fork (PID: 5820, Parent: 5817)

wrjkngh4.elf New Fork (PID: 5822, Parent: 5820)

gnome-session-binary New Fork (PID: 5824, Parent: 1498)

sh (PID: 5824, Parent: 1498, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill

gsd-rfkill (PID: 5824, Parent: 1498, MD5: 88a16a3c0aba1759358c06215ecfb5cc) Arguments: /usr/libexec/gsd-rfkill

systemd New Fork (PID: 5859, Parent: 1)

dbus-daemon (PID: 5859, Parent: 1, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only

gvfsd-fuse New Fork (PID: 5860, Parent: 3210)

fusermount (PID: 5860, Parent: 3210, MD5: 576a1b135c82bdcbc97a91acea900566) Arguments: fusermount -u -q -z -- /run/user/1000/gvfs

systemd New Fork (PID: 5861, Parent: 3044)

pulseaudio (PID: 5861, Parent: 3044, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal

systemd New Fork (PID: 5862, Parent: 1)

rsyslogd (PID: 5862, Parent: 1, MD5: 0b8087fc907c42eb3c81a691db258e33) Arguments: /usr/sbin/rsyslogd -n -iNONE

systemd New Fork (PID: 5863, Parent: 1)

dbus-daemon (PID: 5863, Parent: 1, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only

systemd New Fork (PID: 5867, Parent: 1)

rsyslogd (PID: 5867, Parent: 1, MD5: 0b8087fc907c42eb3c81a691db258e33) Arguments: /usr/sbin/rsyslogd -n -iNONE

systemd New Fork (PID: 5877, Parent: 1)

systemd-logind (PID: 5877, Parent: 1, MD5: 8dd58a1b4c12f7a1d5fe3ce18b2aaeef) Arguments: /lib/systemd/systemd-logind

systemd New Fork (PID: 5936, Parent: 1)

agetty (PID: 5936, Parent: 1, MD5: 3a374724ba7e863768139bdd60ca36f7) Arguments: /sbin/agetty -o "-p -- \\u" --noclear tty2 linux

gdm3 New Fork (PID: 5937, Parent: 1333)

Default (PID: 5937, Parent: 1333, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default

gdm3 New Fork (PID: 5938, Parent: 1333)

Default (PID: 5938, Parent: 1333, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default

gdm3 New Fork (PID: 5939, Parent: 1333)

Default (PID: 5939, Parent: 1333, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default

systemd New Fork (PID: 5940, Parent: 1)

dbus-daemon (PID: 5940, Parent: 1, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only

systemd New Fork (PID: 5941, Parent: 1)

agetty (PID: 5941, Parent: 1, MD5: 3a374724ba7e863768139bdd60ca36f7) Arguments: /sbin/agetty -o "-p -- \\u" --noclear tty2 linux

systemd New Fork (PID: 5942, Parent: 1)

rsyslogd (PID: 5942, Parent: 1, MD5: 0b8087fc907c42eb3c81a691db258e33) Arguments: /usr/sbin/rsyslogd -n -iNONE

systemd New Fork (PID: 5943, Parent: 1)

gpu-manager (PID: 5943, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log

gpu-manager New Fork (PID: 5944, Parent: 5943)

sh (PID: 5944, Parent: 5943, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"

sh New Fork (PID: 5945, Parent: 5944)

grep (PID: 5945, Parent: 5944, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf

gpu-manager New Fork (PID: 5949, Parent: 5943)

sh (PID: 5949, Parent: 5943, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"

sh New Fork (PID: 5950, Parent: 5949)

grep (PID: 5950, Parent: 5949, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf

gpu-manager New Fork (PID: 5951, Parent: 5943)

sh (PID: 5951, Parent: 5943, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"

sh New Fork (PID: 5952, Parent: 5951)

grep (PID: 5952, Parent: 5951, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf

gpu-manager New Fork (PID: 5953, Parent: 5943)

sh (PID: 5953, Parent: 5943, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"

sh New Fork (PID: 5954, Parent: 5953)

grep (PID: 5954, Parent: 5953, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf

gpu-manager New Fork (PID: 5955, Parent: 5943)

sh (PID: 5955, Parent: 5943, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"

sh New Fork (PID: 5956, Parent: 5955)

grep (PID: 5956, Parent: 5955, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf

gpu-manager New Fork (PID: 6018, Parent: 5943)

sh (PID: 6018, Parent: 5943, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"

sh New Fork (PID: 6019, Parent: 6018)

grep (PID: 6019, Parent: 6018, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf

gpu-manager New Fork (PID: 6023, Parent: 5943)

sh (PID: 6023, Parent: 5943, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"

sh New Fork (PID: 6024, Parent: 6023)

grep (PID: 6024, Parent: 6023, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf

gpu-manager New Fork (PID: 6087, Parent: 5943)

sh (PID: 6087, Parent: 5943, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"

sh New Fork (PID: 6088, Parent: 6087)

grep (PID: 6088, Parent: 6087, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf

systemd New Fork (PID: 5959, Parent: 1)

systemd-logind (PID: 5959, Parent: 1, MD5: 8dd58a1b4c12f7a1d5fe3ce18b2aaeef) Arguments: /lib/systemd/systemd-logind

systemd New Fork (PID: 6022, Parent: 1)

journalctl (PID: 6022, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --smart-relinquish-var

systemd New Fork (PID: 6027, Parent: 1)

systemd-logind (PID: 6027, Parent: 1, MD5: 8dd58a1b4c12f7a1d5fe3ce18b2aaeef) Arguments: /lib/systemd/systemd-logind

systemd New Fork (PID: 6037, Parent: 1)

systemd-journald (PID: 6037, Parent: 1, MD5: 474667ece6cecb5e04c6eb897a1d0d9e) Arguments: /lib/systemd/systemd-journald

systemd New Fork (PID: 6089, Parent: 1)

rsyslogd (PID: 6089, Parent: 1, MD5: 0b8087fc907c42eb3c81a691db258e33) Arguments: /usr/sbin/rsyslogd -n -iNONE

systemd New Fork (PID: 6090, Parent: 1)

dbus-daemon (PID: 6090, Parent: 1, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only

systemd New Fork (PID: 6094, Parent: 1)

generate-config (PID: 6094, Parent: 1, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/gdm/generate-config

generate-config New Fork (PID: 6095, Parent: 6094)

pkill (PID: 6095, Parent: 6094, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill --signal HUP --uid gdm dconf-service

systemd New Fork (PID: 6096, Parent: 1)

gdm-wait-for-drm (PID: 6096, Parent: 1, MD5: 82043ba752c6930b4e6aaea2f7747545) Arguments: /usr/lib/gdm3/gdm-wait-for-drm

systemd New Fork (PID: 6097, Parent: 1)

journalctl (PID: 6097, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --flush

systemd New Fork (PID: 6103, Parent: 1)

gdm3 (PID: 6103, Parent: 1, MD5: 2492e2d8d34f9377e3e530a61a15674f) Arguments: /usr/sbin/gdm3

gdm3 New Fork (PID: 6106, Parent: 6103)

plymouth (PID: 6106, Parent: 6103, MD5: 87003efd8dad470042f5e75360a8f49f) Arguments: plymouth --ping

gdm3 New Fork (PID: 6122, Parent: 6103)

gdm-session-worker (PID: 6122, Parent: 6103, MD5: 692243754bd9f38fe9bd7e230b5c060a) Arguments: "gdm-session-worker [pam/gdm-launch-environment]"

gdm-session-worker New Fork (PID: 6126, Parent: 6122)

gdm-wayland-session (PID: 6126, Parent: 6122, MD5: d3def63cf1e83f7fb8a0f13b1744ff7c) Arguments: /usr/lib/gdm3/gdm-wayland-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"

gdm-wayland-session New Fork (PID: 6130, Parent: 6126)

dbus-run-session (PID: 6130, Parent: 6126, MD5: 245f3ef6a268850b33b0225a8753b7f4) Arguments: dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart

dbus-run-session New Fork (PID: 6131, Parent: 6130)

dbus-daemon (PID: 6131, Parent: 6130, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: dbus-daemon --nofork --print-address 4 --session

dbus-daemon New Fork (PID: 6135, Parent: 6131)

dbus-daemon New Fork (PID: 6136, Parent: 6135)

false (PID: 6136, Parent: 6135, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false

dbus-daemon New Fork (PID: 6138, Parent: 6131)

dbus-daemon New Fork (PID: 6139, Parent: 6138)

false (PID: 6139, Parent: 6138, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false

dbus-daemon New Fork (PID: 6140, Parent: 6131)

dbus-daemon New Fork (PID: 6141, Parent: 6140)

false (PID: 6141, Parent: 6140, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false

dbus-daemon New Fork (PID: 6142, Parent: 6131)

dbus-daemon New Fork (PID: 6143, Parent: 6142)

false (PID: 6143, Parent: 6142, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false

dbus-daemon New Fork (PID: 6144, Parent: 6131)

dbus-daemon New Fork (PID: 6145, Parent: 6144)

false (PID: 6145, Parent: 6144, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false

dbus-daemon New Fork (PID: 6146, Parent: 6131)

dbus-daemon New Fork (PID: 6147, Parent: 6146)

false (PID: 6147, Parent: 6146, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false

dbus-daemon New Fork (PID: 6151, Parent: 6131)

dbus-daemon New Fork (PID: 6152, Parent: 6151)

false (PID: 6152, Parent: 6151, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false

dbus-run-session New Fork (PID: 6132, Parent: 6130)

gnome-session (PID: 6132, Parent: 6130, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: gnome-session --autostart /usr/share/gdm/greeter/autostart

gnome-session-binary (PID: 6132, Parent: 6130, MD5: d9b90be4f7db60cb3c2d3da6a1d31bfb) Arguments: /usr/libexec/gnome-session-binary --systemd --autostart /usr/share/gdm/greeter/autostart

gnome-session-binary New Fork (PID: 6153, Parent: 6132)

session-migration (PID: 6153, Parent: 6132, MD5: 5227af42ebf14ac2fe2acddb002f68dc) Arguments: session-migration

gnome-session-binary New Fork (PID: 6154, Parent: 6132)

sh (PID: 6154, Parent: 6132, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell

gnome-shell (PID: 6154, Parent: 6132, MD5: da7a257239677622fe4b3a65972c9e87) Arguments: /usr/bin/gnome-shell

gdm3 New Fork (PID: 6160, Parent: 6103)

gdm-session-worker (PID: 6160, Parent: 6103, MD5: 692243754bd9f38fe9bd7e230b5c060a) Arguments: "gdm-session-worker [pam/gdm-launch-environment]"

gdm-session-worker New Fork (PID: 6165, Parent: 6160)

gdm-x-session (PID: 6165, Parent: 6160, MD5: 498a824333f1c1ec7767f4612d1887cc) Arguments: /usr/lib/gdm3/gdm-x-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"

gdm-x-session New Fork (PID: 6169, Parent: 6165)

Xorg (PID: 6169, Parent: 6165, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/bin/Xorg vt1 -displayfd 3 -auth /run/user/127/gdm/Xauthority -background none -noreset -keeptty -verbose 3

Xorg.wrap (PID: 6169, Parent: 6165, MD5: 48993830888200ecf19dd7def0884dfd) Arguments: /usr/lib/xorg/Xorg.wrap vt1 -displayfd 3 -auth /run/user/127/gdm/Xauthority -background none -noreset -keeptty -verbose 3

Xorg (PID: 6169, Parent: 6165, MD5: 730cf4c45a7ee8bea88abf165463b7f8) Arguments: /usr/lib/xorg/Xorg vt1 -displayfd 3 -auth /run/user/127/gdm/Xauthority -background none -noreset -keeptty -verbose 3

Xorg New Fork (PID: 6176, Parent: 6169)

sh (PID: 6176, Parent: 6169, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""

sh New Fork (PID: 6177, Parent: 6176)

xkbcomp (PID: 6177, Parent: 6176, MD5: c5f953aec4c00d2a1cc27acb75d62c9b) Arguments: /usr/bin/xkbcomp -w 1 -R/usr/share/X11/xkb -xkm - -em1 "The XKEYBOARD keymap compiler (xkbcomp) reports:" -emp "> " -eml "Errors from xkbcomp are not fatal to the X server" /tmp/server-0.xkm

Xorg New Fork (PID: 6401, Parent: 6169)

sh (PID: 6401, Parent: 6169, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""

sh New Fork (PID: 6402, Parent: 6401)

xkbcomp (PID: 6402, Parent: 6401, MD5: c5f953aec4c00d2a1cc27acb75d62c9b) Arguments: /usr/bin/xkbcomp -w 1 -R/usr/share/X11/xkb -xkm - -em1 "The XKEYBOARD keymap compiler (xkbcomp) reports:" -emp "> " -eml "Errors from xkbcomp are not fatal to the X server" /tmp/server-0.xkm

gdm-x-session New Fork (PID: 6182, Parent: 6165)

Default (PID: 6182, Parent: 6165, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/Prime/Default

gdm-x-session New Fork (PID: 6183, Parent: 6165)

dbus-run-session (PID: 6183, Parent: 6165, MD5: 245f3ef6a268850b33b0225a8753b7f4) Arguments: dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart

dbus-run-session New Fork (PID: 6184, Parent: 6183)

dbus-daemon (PID: 6184, Parent: 6183, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: dbus-daemon --nofork --print-address 4 --session

dbus-daemon New Fork (PID: 6197, Parent: 6184)

dbus-daemon New Fork (PID: 6198, Parent: 6197)

at-spi-bus-launcher (PID: 6198, Parent: 6197, MD5: 1563f274acd4e7ba530a55bdc4c95682) Arguments: /usr/libexec/at-spi-bus-launcher

at-spi-bus-launcher New Fork (PID: 6203, Parent: 6198)

dbus-daemon (PID: 6203, Parent: 6198, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --config-file=/usr/share/defaults/at-spi2/accessibility.conf --nofork --print-address 3

dbus-daemon New Fork (PID: 6566, Parent: 6203)

dbus-daemon New Fork (PID: 6567, Parent: 6566)

at-spi2-registryd (PID: 6567, Parent: 6566, MD5: 1d904c2693452edebc7ede3a9e24d440) Arguments: /usr/libexec/at-spi2-registryd --use-gnome-session

dbus-daemon New Fork (PID: 6224, Parent: 6184)

dbus-daemon New Fork (PID: 6225, Parent: 6224)

false (PID: 6225, Parent: 6224, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false

dbus-daemon New Fork (PID: 6227, Parent: 6184)

dbus-daemon New Fork (PID: 6228, Parent: 6227)

false (PID: 6228, Parent: 6227, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false

dbus-daemon New Fork (PID: 6229, Parent: 6184)

dbus-daemon New Fork (PID: 6230, Parent: 6229)

false (PID: 6230, Parent: 6229, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false

dbus-daemon New Fork (PID: 6231, Parent: 6184)

dbus-daemon New Fork (PID: 6232, Parent: 6231)

false (PID: 6232, Parent: 6231, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false

dbus-daemon New Fork (PID: 6233, Parent: 6184)

dbus-daemon New Fork (PID: 6234, Parent: 6233)

false (PID: 6234, Parent: 6233, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false

dbus-daemon New Fork (PID: 6235, Parent: 6184)

dbus-daemon New Fork (PID: 6236, Parent: 6235)

false (PID: 6236, Parent: 6235, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false

dbus-daemon New Fork (PID: 6238, Parent: 6184)

dbus-daemon New Fork (PID: 6239, Parent: 6238)

false (PID: 6239, Parent: 6238, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false

dbus-daemon New Fork (PID: 6403, Parent: 6184)

dbus-daemon New Fork (PID: 6404, Parent: 6403)

ibus-portal (PID: 6404, Parent: 6403, MD5: 562ad55bd9a4d54bd7b76746b01e37d3) Arguments: /usr/libexec/ibus-portal

dbus-daemon New Fork (PID: 6579, Parent: 6184)

dbus-daemon New Fork (PID: 6580, Parent: 6579)

gjs (PID: 6580, Parent: 6579, MD5: 5f3eceb792bb65c22f23d1efb4fde3ad) Arguments: /usr/bin/gjs /usr/share/gnome-shell/org.gnome.Shell.Notifications

dbus-daemon New Fork (PID: 6773, Parent: 6184)

dbus-daemon New Fork (PID: 6774, Parent: 6773)

false (PID: 6774, Parent: 6773, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false

dbus-run-session New Fork (PID: 6185, Parent: 6183)

gnome-session (PID: 6185, Parent: 6183, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: gnome-session --autostart /usr/share/gdm/greeter/autostart

gnome-session-binary (PID: 6185, Parent: 6183, MD5: d9b90be4f7db60cb3c2d3da6a1d31bfb) Arguments: /usr/libexec/gnome-session-binary --systemd --autostart /usr/share/gdm/greeter/autostart

gnome-session-binary New Fork (PID: 6186, Parent: 6185)

gnome-session-check-accelerated (PID: 6186, Parent: 6185, MD5: a64839518af85b2b9de31aca27646396) Arguments: /usr/libexec/gnome-session-check-accelerated

gnome-session-check-accelerated New Fork (PID: 6204, Parent: 6186)

gnome-session-check-accelerated-gl-helper (PID: 6204, Parent: 6186, MD5: b1ab9a384f9e98a39ae5c36037dd5e78) Arguments: /usr/libexec/gnome-session-check-accelerated-gl-helper --print-renderer

gnome-session-check-accelerated New Fork (PID: 6213, Parent: 6186)

gnome-session-check-accelerated-gles-helper (PID: 6213, Parent: 6186, MD5: 1bd78885765a18e60c05ed1fb5fa3bf8) Arguments: /usr/libexec/gnome-session-check-accelerated-gles-helper --print-renderer

gnome-session-binary New Fork (PID: 6240, Parent: 6185)

session-migration (PID: 6240, Parent: 6185, MD5: 5227af42ebf14ac2fe2acddb002f68dc) Arguments: session-migration

gnome-session-binary New Fork (PID: 6241, Parent: 6185)

sh (PID: 6241, Parent: 6185, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell

gnome-shell (PID: 6241, Parent: 6185, MD5: da7a257239677622fe4b3a65972c9e87) Arguments: /usr/bin/gnome-shell

gnome-shell New Fork (PID: 6357, Parent: 6241)

ibus-daemon (PID: 6357, Parent: 6241, MD5: 1e00fb9860b198c73f6e364e3ff16f31) Arguments: ibus-daemon --panel disable --xim

ibus-daemon New Fork (PID: 6397, Parent: 6357)

ibus-memconf (PID: 6397, Parent: 6357, MD5: 523e939905910d06598e66385761a822) Arguments: /usr/libexec/ibus-memconf

ibus-daemon New Fork (PID: 6398, Parent: 6357)

ibus-daemon New Fork (PID: 6399, Parent: 6398)

ibus-x11 (PID: 6399, Parent: 1, MD5: 2aa1e54666191243814c2733d6992dbd) Arguments: /usr/libexec/ibus-x11 --kill-daemon

ibus-daemon New Fork (PID: 6622, Parent: 6357)

ibus-engine-simple (PID: 6622, Parent: 6357, MD5: 0238866d5e8802a0ce1b1b9af8cb1376) Arguments: /usr/libexec/ibus-engine-simple

gnome-session-binary New Fork (PID: 6596, Parent: 6185)

sh (PID: 6596, Parent: 6185, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing

gsd-sharing (PID: 6596, Parent: 6185, MD5: e29d9025d98590fbb69f89fdbd4438b3) Arguments: /usr/libexec/gsd-sharing

gnome-session-binary New Fork (PID: 6598, Parent: 6185)

sh (PID: 6598, Parent: 6185, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-wacom

gsd-wacom (PID: 6598, Parent: 6185, MD5: 13778dd1a23a4e94ddc17ac9caa4fcc1) Arguments: /usr/libexec/gsd-wacom

gnome-session-binary New Fork (PID: 6600, Parent: 6185)

sh (PID: 6600, Parent: 6185, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-color

gsd-color (PID: 6600, Parent: 6185, MD5: ac2861ad93ce047283e8e87cefef9a19) Arguments: /usr/libexec/gsd-color

gnome-session-binary New Fork (PID: 6601, Parent: 6185)

sh (PID: 6601, Parent: 6185, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-keyboard

gsd-keyboard (PID: 6601, Parent: 6185, MD5: 8e288fd17c80bb0a1148b964b2ac2279) Arguments: /usr/libexec/gsd-keyboard

gnome-session-binary New Fork (PID: 6602, Parent: 6185)

sh (PID: 6602, Parent: 6185, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications

gsd-print-notifications (PID: 6602, Parent: 6185, MD5: 71539698aa691718cee775d6b9450ae2) Arguments: /usr/libexec/gsd-print-notifications

gsd-print-notifications New Fork (PID: 6775, Parent: 6602)

gsd-print-notifications New Fork (PID: 6776, Parent: 6775)

gsd-printer (PID: 6776, Parent: 1, MD5: 7995828cf98c315fd55f2ffb3b22384d) Arguments: /usr/libexec/gsd-printer

gnome-session-binary New Fork (PID: 6604, Parent: 6185)

sh (PID: 6604, Parent: 6185, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill

gsd-rfkill (PID: 6604, Parent: 6185, MD5: 88a16a3c0aba1759358c06215ecfb5cc) Arguments: /usr/libexec/gsd-rfkill

gnome-session-binary New Fork (PID: 6605, Parent: 6185)

sh (PID: 6605, Parent: 6185, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-smartcard

gsd-smartcard (PID: 6605, Parent: 6185, MD5: ea1fbd7f62e4cd0331eae2ef754ee605) Arguments: /usr/libexec/gsd-smartcard

gnome-session-binary New Fork (PID: 6608, Parent: 6185)

sh (PID: 6608, Parent: 6185, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-datetime

gsd-datetime (PID: 6608, Parent: 6185, MD5: d80d39745740de37d6634d36e344d4bc) Arguments: /usr/libexec/gsd-datetime

gnome-session-binary New Fork (PID: 6609, Parent: 6185)

sh (PID: 6609, Parent: 6185, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-media-keys

gsd-media-keys (PID: 6609, Parent: 6185, MD5: a425448c135afb4b8bfd79cc0b6b74da) Arguments: /usr/libexec/gsd-media-keys

gnome-session-binary New Fork (PID: 6610, Parent: 6185)

sh (PID: 6610, Parent: 6185, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-screensaver-proxy

gsd-screensaver-proxy (PID: 6610, Parent: 6185, MD5: 77e309450c87dceee43f1a9e50cc0d02) Arguments: /usr/libexec/gsd-screensaver-proxy

gnome-session-binary New Fork (PID: 6612, Parent: 6185)

sh (PID: 6612, Parent: 6185, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sound

gsd-sound (PID: 6612, Parent: 6185, MD5: 4c7d3fb993463337b4a0eb5c80c760ee) Arguments: /usr/libexec/gsd-sound

gnome-session-binary New Fork (PID: 6617, Parent: 6185)

sh (PID: 6617, Parent: 6185, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-a11y-settings

gsd-a11y-settings (PID: 6617, Parent: 6185, MD5: 18e243d2cf30ecee7ea89d1462725c5c) Arguments: /usr/libexec/gsd-a11y-settings

gnome-session-binary New Fork (PID: 6620, Parent: 6185)

sh (PID: 6620, Parent: 6185, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-housekeeping

gsd-housekeeping (PID: 6620, Parent: 6185, MD5: b55f3394a84976ddb92a2915e5d76914) Arguments: /usr/libexec/gsd-housekeeping

gnome-session-binary New Fork (PID: 6624, Parent: 6185)

sh (PID: 6624, Parent: 6185, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-power

gsd-power (PID: 6624, Parent: 6185, MD5: 28b8e1b43c3e7f1db6741ea1ecd978b7) Arguments: /usr/libexec/gsd-power

gnome-session-binary New Fork (PID: 6951, Parent: 6185)

sh (PID: 6951, Parent: 6185, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/spice-vdagent

spice-vdagent (PID: 6951, Parent: 6185, MD5: 80fb7f613aa78d1b8a229dbcf4577a9d) Arguments: /usr/bin/spice-vdagent

gnome-session-binary New Fork (PID: 6998, Parent: 6185)

sh (PID: 6998, Parent: 6185, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh xbrlapi -q

xbrlapi (PID: 6998, Parent: 6185, MD5: 0cfe25df39d38af32d6265ed947ca5b9) Arguments: xbrlapi -q

gdm3 New Fork (PID: 6161, Parent: 6103)

Default (PID: 6161, Parent: 6103, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default

gdm3 New Fork (PID: 6162, Parent: 6103)

Default (PID: 6162, Parent: 6103, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default

systemd New Fork (PID: 6107, Parent: 1)

accounts-daemon (PID: 6107, Parent: 1, MD5: 01a899e3fb5e7e434bea1290255a1f30) Arguments: /usr/lib/accountsservice/accounts-daemon

accounts-daemon New Fork (PID: 6111, Parent: 6107)

language-validate (PID: 6111, Parent: 6107, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/language-tools/language-validate en_US.UTF-8

language-validate New Fork (PID: 6112, Parent: 6111)

language-options (PID: 6112, Parent: 6111, MD5: 16a21f464119ea7fad1d3660de963637) Arguments: /usr/share/language-tools/language-options

language-options New Fork (PID: 6113, Parent: 6112)

sh (PID: 6113, Parent: 6112, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "locale -a | grep -F .utf8 "

sh New Fork (PID: 6114, Parent: 6113)

locale (PID: 6114, Parent: 6113, MD5: c72a78792469db86d91369c9057f20d2) Arguments: locale -a

sh New Fork (PID: 6115, Parent: 6113)

grep (PID: 6115, Parent: 6113, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -F .utf8

systemd New Fork (PID: 6118, Parent: 1)

polkitd (PID: 6118, Parent: 1, MD5: 8efc9b4b5b524210ad2ea1954a9d0e69) Arguments: /usr/lib/policykit-1/polkitd --no-debug

systemd New Fork (PID: 6128, Parent: 1431)

dbus-daemon (PID: 6128, Parent: 1431, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only

systemd New Fork (PID: 6263, Parent: 1)

systemd-localed (PID: 6263, Parent: 1, MD5: 1244af9646256d49594f2a8203329aa9) Arguments: /lib/systemd/systemd-localed

systemd New Fork (PID: 6411, Parent: 1)

upowerd (PID: 6411, Parent: 1, MD5: 1253eea2fe5fe4017069664284e326cd) Arguments: /usr/lib/upower/upowerd

systemd New Fork (PID: 6451, Parent: 1431)

pulseaudio (PID: 6451, Parent: 1431, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal

systemd New Fork (PID: 6456, Parent: 1)

geoclue (PID: 6456, Parent: 1, MD5: 30ac5455f3c598dde91dc87477fb19f7) Arguments: /usr/libexec/geoclue

systemd New Fork (PID: 6564, Parent: 1)

rtkit-daemon (PID: 6564, Parent: 1, MD5: df0cacf1db4ec95ac70f5b6e06b8ffd7) Arguments: /usr/libexec/rtkit-daemon

systemd New Fork (PID: 6575, Parent: 1)

wpa_supplicant (PID: 6575, Parent: 1, MD5: 2a5acf2a7a908a1388a09991ed7881e1) Arguments: /sbin/wpa_supplicant -u -s -O /run/wpa_supplicant

systemd New Fork (PID: 6576, Parent: 1)

avahi-daemon (PID: 6576, Parent: 1, MD5: 0125e88392fec809934928f8638511ff) Arguments: /usr/sbin/avahi-daemon -s

avahi-daemon New Fork (PID: 6581, Parent: 6576)

systemd New Fork (PID: 6577, Parent: 1)

packagekitd (PID: 6577, Parent: 1, MD5: 46b0c31f013b71a0eb63b1c040f11c86) Arguments: /usr/lib/packagekit/packagekitd

packagekitd New Fork (PID: 6603, Parent: 6577)

dpkg (PID: 6603, Parent: 6577, MD5: 5e18156b434fc45062eec2f28b9147be) Arguments: /usr/bin/dpkg --print-foreign-architectures

systemd New Fork (PID: 6639, Parent: 1)

systemd-hostnamed (PID: 6639, Parent: 1, MD5: 2cc8a5576629a2d5bd98e49a4b8bef65) Arguments: /lib/systemd/systemd-hostnamed

systemd New Fork (PID: 6810, Parent: 1)

colord (PID: 6810, Parent: 1, MD5: 70861d1b2818c9279cd4a5c9035dac1f) Arguments: /usr/libexec/colord

colord New Fork (PID: 6999, Parent: 6810)

colord-sane (PID: 6999, Parent: 6810, MD5: 5f98d754a07bf1385c3ff001cde3882e) Arguments: /usr/libexec/colord-sane

systemd New Fork (PID: 6822, Parent: 1)

fprintd (PID: 6822, Parent: 1, MD5: b0d8829f05cd028529b84b061b660e84) Arguments: /usr/libexec/fprintd

systemd New Fork (PID: 6954, Parent: 1)

ModemManager (PID: 6954, Parent: 1, MD5: 24379bf705a8ff3b2379314585843d4f) Arguments: /usr/sbin/ModemManager --filter-policy=strict

systemd New Fork (PID: 6989, Parent: 3044)

dbus-daemon (PID: 6989, Parent: 3044, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only

systemd New Fork (PID: 6990, Parent: 3044)

pulseaudio (PID: 6990, Parent: 3044, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal

cleanup

Yara Signatures

⊘No yara matches

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: wrjkngh4.elf	Virustotal: Detection: 31%			Perma Link
Source: wrjkngh4.elf	ReversingLabs: Detection: 31%

Source: /usr/bin/pkill (PID: 6095)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/lib/xorg/Xorg (PID: 6169)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/libexec/gnome-session-check-accelerated (PID: 6186)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/libexec/gnome-session-check-accelerated-gl-helper (PID: 6204)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/libexec/gnome-session-check-accelerated-gles-helper (PID: 6213)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/gnome-shell (PID: 6241)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pulseaudio (PID: 6451)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pulseaudio (PID: 6990)	Reads CPU info from /sys: /sys/devices/system/cpu/online

Source: wrjkngh4.elf

String: AEOF/proc//proc/%s/cmdlinewgetcurlftpechokillbashrebootshutdownhaltpoweroff[locker] killed process: %s ;; pid: %d

Networking

Sends malformed DNS queries

Source: global traffic

DNS traffic detected: malformed DNS query: fingwi.cardiacpure.ru. [malformed]

Source: global traffic	TCP traffic: 192.168.2.15:39064 -> 178.215.238.112:33966
Source: global traffic	TCP traffic: 192.168.2.15:37436 -> 89.190.156.145:7733

Source: /usr/sbin/rsyslogd (PID: 5862)	Reads hosts file: /etc/hosts	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 5867)	Reads hosts file: /etc/hosts	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 5942)	Reads hosts file: /etc/hosts	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6089)	Reads hosts file: /etc/hosts	Jump to behavior

Source: /lib/systemd/systemd-journald (PID: 6037)	Socket: unknown address family	Jump to behavior
Source: /usr/sbin/gdm3 (PID: 6103)	Socket: unknown address family	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6131)	Socket: unknown address family	Jump to behavior
Source: /usr/libexec/gnome-session-binary (PID: 6132)	Socket: unknown address family	Jump to behavior
Source: /usr/lib/xorg/Xorg (PID: 6169)	Socket: unknown address family	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6184)	Socket: unknown address family	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6203)	Socket: unknown address family	Jump to behavior
Source: /usr/libexec/gnome-session-binary (PID: 6185)	Socket: unknown address family
Source: /usr/bin/ibus-daemon (PID: 6357)	Socket: unknown address family

Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145

Source: global traffic	DNS traffic detected: DNS query: fingwi.cardiacpure.ru
Source: global traffic	DNS traffic detected: DNS query: fingwi.cardiacpure.ru. [malformed]

Source: syslog.89.dr, Xorg.0.log.168.dr	String found in binary or memory: http://wiki.x.org
Source: syslog.89.dr, Xorg.0.log.168.dr	String found in binary or memory: http://www.ubuntu.com/support)
Source: syslog.89.dr, syslog.21.dr, syslog.45.dr, syslog.29.dr	String found in binary or memory: https://www.rsyslog.com

System Summary

Sample tries to kill multiple processes (SIGKILL)

Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 1679, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 5824, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 658, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 723, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 724, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 777, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 779, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 782, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 789, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 796, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 933, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 1333, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 1440, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 1497, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 1617, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 3060, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 3157, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 3220, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 5801, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 5802, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 5859, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 5860, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 5861, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 5862, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 1432, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 3047, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 5863, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 5867, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 5936, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 490, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 764, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 766, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 1431, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 3044, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 5662, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 5831, result: no such process	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 5940, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 5942, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 5959, result: successful	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6184)	SIGKILL sent: pid: 6197, result: successful	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6184)	SIGKILL sent: pid: 6403, result: successful	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6184)	SIGKILL sent: pid: 6579, result: successful	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6203)	SIGKILL sent: pid: 6566, result: successful	Jump to behavior

Source: ELF static info symbol of initial sample

.symtab present: no

Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 1679, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 5824, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 658, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 723, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 724, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 777, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 779, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 782, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 789, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 796, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 933, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 1333, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 1440, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 1497, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 1617, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 3060, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 3157, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 3220, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 5801, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 5802, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 5859, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 5860, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 5861, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 5862, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 1432, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 3047, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 5863, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 5867, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 5936, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 490, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 764, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 766, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 1431, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 3044, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 5662, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 5831, result: no such process	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 5940, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 5942, result: successful	Jump to behavior
Source: /tmp/wrjkngh4.elf (PID: 5822)	SIGKILL sent: pid: 5959, result: successful	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6184)	SIGKILL sent: pid: 6197, result: successful	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6184)	SIGKILL sent: pid: 6403, result: successful	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6184)	SIGKILL sent: pid: 6579, result: successful	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6203)	SIGKILL sent: pid: 6566, result: successful	Jump to behavior

Source: classification engine

Classification label: mal68.spre.troj.evad.linELF@0/178@116/0

Persistence and Installation Behavior

Sample reads /proc/mounts (often used for finding a writable filesystem)

Source: /usr/bin/dbus-daemon (PID: 5859)	File: /proc/5859/mounts	Jump to behavior
Source: /bin/fusermount (PID: 5860)	File: /proc/5860/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 5863)	File: /proc/5863/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 5940)	File: /proc/5940/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6090)	File: /proc/6090/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6131)	File: /proc/6131/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6184)	File: /proc/6184/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6203)	File: /proc/6203/mounts	Jump to behavior
Source: /usr/bin/gjs (PID: 6580)	File: /proc/6580/mounts	Jump to behavior
Source: /usr/bin/gnome-shell (PID: 6241)	File: /proc/6241/mounts
Source: /usr/bin/dbus-daemon (PID: 6128)	File: /proc/6128/mounts
Source: /usr/bin/dbus-daemon (PID: 6989)	File: /proc/6989/mounts

Source: /lib/systemd/systemd-logind (PID: 5877)	Directory: <invalid fd (18)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 5877)	Directory: <invalid fd (17)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 5877)	File: /run/systemd/seats/.#seat0MtUH9z	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6027)	Directory: <invalid fd (18)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6027)	Directory: <invalid fd (17)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6027)	File: /run/systemd/seats/.#seat0xedaTU	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6027)	File: /run/systemd/users/.#127cCvMoW	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6027)	File: /run/systemd/users/.#127uyXbPT	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6027)	Directory: <invalid fd (20)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6027)	Directory: <invalid fd (19)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6027)	File: /run/systemd/seats/.#seat05fbkJT	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6027)	File: /run/systemd/users/.#127yM2R9T	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6027)	File: /run/systemd/sessions/.#c1MPza4T	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6027)	File: /run/systemd/users/.#127fdPkGX	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6027)	File: /run/systemd/seats/.#seat0NU8aCW	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6027)	File: /run/systemd/users/.#127DsGOTU	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6027)	File: /run/systemd/sessions/.#c1IbjgUW	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6027)	File: /run/systemd/sessions/.#c1iFJTFW	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6027)	File: /run/systemd/users/.#127qOOfcV	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6027)	File: /run/systemd/sessions/.#c1RiBl4W	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6027)	File: /run/systemd/sessions/.#c1WkmD2W	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6027)	File: /run/systemd/sessions/.#c1c6aFKT	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6027)	File: /run/systemd/users/.#127i6waaX	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6027)	File: /run/systemd/seats/.#seat0UuhBRX	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6027)	File: /run/systemd/users/.#1272TpeWX	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6027)	File: /run/systemd/seats/.#seat0GmdeZT	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6027)	File: /run/systemd/users/.#127sLSS5T	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6027)	File: /run/systemd/seats/.#seat0OWOQ3V	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6027)	File: /run/systemd/users/.#1271MJ02X	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6027)	File: /run/systemd/sessions/.#c2aZmXGU	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6027)	File: /run/systemd/users/.#127QKzkVU	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6027)	File: /run/systemd/seats/.#seat0nLvTmV	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6027)	File: /run/systemd/sessions/.#c20iX0EU	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6027)	File: /run/systemd/sessions/.#c2zc2NTV	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6027)	File: /run/systemd/users/.#127PJk1HU	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6027)	File: /run/systemd/sessions/.#c2UrlunW	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6027)	Directory: <invalid fd (21)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6027)	Directory: <invalid fd (20)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6027)	File: /run/systemd/sessions/.#c2DNitVV	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6027)	Directory: <invalid fd (22)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6027)	Directory: <invalid fd (21)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6027)	File: /run/systemd/sessions/.#c2oyj4QV	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6027)	Directory: <invalid fd (23)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6027)	Directory: <invalid fd (22)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6027)	File: /run/systemd/sessions/.#c2Ld5ZvW	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6027)	Directory: <invalid fd (24)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6027)	Directory: <invalid fd (23)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6027)	File: /run/systemd/sessions/.#c2D9KviY	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6027)	File: /run/systemd/inhibit/.#1QmNHhV	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6027)	File: /run/systemd/inhibit/.#2D8962X	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6027)	File: /run/systemd/inhibit/.#3j9WrNV	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6027)	File: /run/systemd/inhibit/.#4xiH8fU	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6027)	File: /run/systemd/inhibit/.#5hQgS0U	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File: /run/systemd/journal/streams/.#9:65402uG00FF	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File: /run/systemd/journal/streams/.#9:65403GqpgOG	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File: /run/systemd/journal/streams/.#9:65404Wg979H	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File: /run/systemd/journal/streams/.#9:65416p9kP3I	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File: /run/systemd/journal/streams/.#9:654183OFYnG	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File: /run/systemd/journal/streams/.#9:65419K5BFfH	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File: /run/systemd/journal/streams/.#9:654943X8D6H	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File: /run/systemd/journal/streams/.#9:65501RFgl1E	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File: /run/systemd/journal/streams/.#9:66184VoRIcJ	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File: /run/systemd/journal/streams/.#9:666437pLUCI	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File: /run/systemd/journal/streams/.#9:66644wXBzTI	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File: /run/systemd/journal/streams/.#9:66653k0dklH	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File: /run/systemd/journal/streams/.#9:66654vjMjbF	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File: /run/systemd/journal/streams/.#9:662554vRSbJ	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File: /run/systemd/journal/streams/.#9:66282B8xOGG	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File: /run/systemd/journal/streams/.#9:663774UXitH	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File: /run/systemd/journal/streams/.#9:663794YwBpG	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File: /run/systemd/journal/streams/.#9:66422850WKH	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File: /run/systemd/journal/streams/.#9:66424Cb3HWG	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File: /run/systemd/journal/streams/.#9:66463vid9WE	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File: /run/systemd/journal/streams/.#9:664693mVV5G	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File: /run/systemd/journal/streams/.#9:66828rRECnG	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File: /run/systemd/journal/streams/.#9:67015sda7XE	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File: /run/systemd/journal/streams/.#9:670172VEOJI	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File: /run/systemd/journal/streams/.#9:67608X8v6aH	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File: /run/systemd/journal/streams/.#9:67738iAiGMG	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File: /run/systemd/journal/streams/.#9:67739bTBgjG	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File: /run/systemd/journal/streams/.#9:67979H5zDHE	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File: /run/systemd/journal/streams/.#9:6798061RgWH	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File: /run/systemd/journal/streams/.#9:67284CUTp7F	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File: /run/systemd/journal/streams/.#9:67293kxW28E	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File: /run/systemd/journal/streams/.#9:67303ya20CE	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File: /run/systemd/journal/streams/.#9:67336l3ekoG	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File: /run/systemd/journal/streams/.#9:673375f9wYG	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File: /run/systemd/journal/streams/.#9:67358qAG1XE	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File: /run/systemd/journal/streams/.#9:67360lKqlbF	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File: /run/systemd/journal/streams/.#9:67361zXQKuG	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File: /run/systemd/journal/streams/.#9:673626ZfWqI	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File: /run/systemd/journal/streams/.#9:67363mO2xPI	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File: /run/systemd/journal/streams/.#9:67364HoZkLI	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File: /run/systemd/journal/streams/.#9:67365MhKx8E	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File: /run/systemd/journal/streams/.#9:67366G2JtPH	Jump to behavior
Source: /usr/bin/gnome-shell (PID: 6154)	Directory: <invalid fd (11)>/..	Jump to behavior
Source: /usr/bin/gnome-shell (PID: 6154)	Directory: <invalid fd (10)>/..	Jump to behavior
Source: /usr/lib/xorg/Xorg (PID: 6169)	Directory: <invalid fd (23)>/..	Jump to behavior
Source: /usr/lib/xorg/Xorg (PID: 6169)	Directory: <invalid fd (22)>/..	Jump to behavior
Source: /usr/libexec/gnome-session-check-accelerated (PID: 6186)	Directory: /var/lib/gdm3/.drirc
Source: /usr/libexec/gnome-session-check-accelerated (PID: 6186)	Directory: /var/lib/gdm3/.Xdefaults
Source: /usr/libexec/gnome-session-check-accelerated (PID: 6186)	Directory: /var/lib/gdm3/.Xdefaults-galassia
Source: /usr/libexec/gnome-session-check-accelerated-gl-helper (PID: 6204)	Directory: /var/lib/gdm3/.drirc
Source: /usr/libexec/gnome-session-check-accelerated-gles-helper (PID: 6213)	Directory: /var/lib/gdm3/.Xdefaults
Source: /usr/libexec/gnome-session-check-accelerated-gles-helper (PID: 6213)	Directory: /var/lib/gdm3/.Xdefaults-galassia
Source: /usr/libexec/gnome-session-check-accelerated-gles-helper (PID: 6213)	Directory: /var/lib/gdm3/.drirc
Source: /usr/bin/gnome-shell (PID: 6241)	Directory: /var/lib/gdm3/.drirc
Source: /usr/bin/gnome-shell (PID: 6241)	Directory: <invalid fd (12)>/..
Source: /usr/bin/gnome-shell (PID: 6241)	Directory: <invalid fd (11)>/..
Source: /usr/bin/gnome-shell (PID: 6241)	Directory: /var/lib/gdm3/.Xdefaults
Source: /usr/bin/gnome-shell (PID: 6241)	Directory: /var/lib/gdm3/.Xdefaults-galassia
Source: /usr/bin/gnome-shell (PID: 6241)	Directory: <invalid fd (14)>/..
Source: /usr/bin/gnome-shell (PID: 6241)	Directory: <invalid fd (13)>/..
Source: /usr/libexec/ibus-x11 (PID: 6399)	Directory: /var/lib/gdm3/.Xdefaults
Source: /usr/libexec/ibus-x11 (PID: 6399)	Directory: /var/lib/gdm3/.Xdefaults-galassia
Source: /usr/libexec/gsd-wacom (PID: 6598)	Directory: /var/lib/gdm3/.Xdefaults
Source: /usr/libexec/gsd-wacom (PID: 6598)	Directory: /var/lib/gdm3/.Xdefaults-galassia
Source: /usr/libexec/gsd-color (PID: 6600)	Directory: /var/lib/gdm3/.Xdefaults
Source: /usr/libexec/gsd-color (PID: 6600)	Directory: /var/lib/gdm3/.Xdefaults-galassia
Source: /usr/libexec/gsd-keyboard (PID: 6601)	Directory: /var/lib/gdm3/.Xdefaults
Source: /usr/libexec/gsd-keyboard (PID: 6601)	Directory: /var/lib/gdm3/.Xdefaults-galassia
Source: /usr/libexec/gsd-rfkill (PID: 6604)	Directory: <invalid fd (9)>/..
Source: /usr/libexec/gsd-rfkill (PID: 6604)	Directory: <invalid fd (8)>/..
Source: /usr/libexec/gsd-media-keys (PID: 6609)	Directory: /var/lib/gdm3/.Xdefaults
Source: /usr/libexec/gsd-media-keys (PID: 6609)	Directory: /var/lib/gdm3/.Xdefaults-galassia
Source: /usr/libexec/gsd-media-keys (PID: 6609)	Directory: /usr/share/locale/en_US.UTF-8/LC_MESSAGES/.mo
Source: /usr/libexec/gsd-media-keys (PID: 6609)	Directory: /usr/share/locale/en_US.utf8/LC_MESSAGES/.mo
Source: /usr/libexec/gsd-media-keys (PID: 6609)	Directory: /usr/share/locale/en_US/LC_MESSAGES/.mo
Source: /usr/libexec/gsd-media-keys (PID: 6609)	Directory: /usr/share/locale/en.UTF-8/LC_MESSAGES/.mo
Source: /usr/libexec/gsd-media-keys (PID: 6609)	Directory: /usr/share/locale/en.utf8/LC_MESSAGES/.mo
Source: /usr/libexec/gsd-media-keys (PID: 6609)	Directory: /usr/share/locale/en/LC_MESSAGES/.mo
Source: /usr/libexec/gsd-media-keys (PID: 6609)	Directory: /usr/share/locale-langpack/en_US.UTF-8/LC_MESSAGES/.mo
Source: /usr/libexec/gsd-media-keys (PID: 6609)	Directory: /usr/share/locale-langpack/en_US.utf8/LC_MESSAGES/.mo
Source: /usr/libexec/gsd-media-keys (PID: 6609)	Directory: /usr/share/locale-langpack/en_US/LC_MESSAGES/.mo
Source: /usr/libexec/gsd-media-keys (PID: 6609)	Directory: /usr/share/locale-langpack/en.UTF-8/LC_MESSAGES/.mo
Source: /usr/libexec/gsd-media-keys (PID: 6609)	Directory: /usr/share/locale-langpack/en.utf8/LC_MESSAGES/.mo
Source: /usr/libexec/gsd-media-keys (PID: 6609)	Directory: /usr/share/locale-langpack/en/LC_MESSAGES/.mo
Source: /usr/libexec/gsd-power (PID: 6624)	Directory: /var/lib/gdm3/.Xdefaults
Source: /usr/libexec/gsd-power (PID: 6624)	Directory: /var/lib/gdm3/.Xdefaults-galassia
Source: /usr/lib/accountsservice/accounts-daemon (PID: 6107)	Directory: /var/lib/gdm3/.pam_environment
Source: /usr/lib/accountsservice/accounts-daemon (PID: 6107)	Directory: /root/.cache
Source: /usr/lib/policykit-1/polkitd (PID: 6118)	Directory: /root/.cache
Source: /usr/lib/upower/upowerd (PID: 6411)	Directory: <invalid fd (12)>/..
Source: /usr/lib/upower/upowerd (PID: 6411)	Directory: <invalid fd (11)>/..
Source: /usr/lib/packagekit/packagekitd (PID: 6577)	Directory: /root/.cache
Source: /lib/systemd/systemd-hostnamed (PID: 6639)	Directory: <invalid fd (10)>/..
Source: /usr/libexec/colord (PID: 6810)	Directory: /var/lib/colord/.cache
Source: /usr/sbin/ModemManager (PID: 6954)	Directory: <invalid fd (12)>/..
Source: /usr/sbin/ModemManager (PID: 6954)	Directory: <invalid fd (11)>/..

Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6131/comm	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6131/cmdline	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6131/status	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6131/attr/current	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6131/sessionid	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6131/loginuid	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6131/cgroup	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6132/comm	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6132/cmdline	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6132/status	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6132/attr/current	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6132/sessionid	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6132/loginuid	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6132/cgroup	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6154/comm	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6154/cmdline	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6154/status	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6154/attr/current	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6154/sessionid	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6154/loginuid	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6154/cgroup	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6575/comm	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6575/cmdline	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6575/status	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6575/attr/current	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6575/sessionid	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6575/loginuid	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6575/cgroup	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6577/comm	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6577/cmdline	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6577/status	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6577/attr/current	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6577/sessionid	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6577/loginuid	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6577/cgroup	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6037/cmdline	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6037/status	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6037/attr/current	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6037/sessionid	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6037/loginuid	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6037/cgroup	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6213/comm	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6213/cmdline	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6213/status	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6213/attr/current	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6213/sessionid	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6213/loginuid	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6213/cgroup	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6576/comm	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6576/cmdline	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6576/status	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6576/attr/current	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6576/sessionid	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6576/loginuid	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6576/cgroup	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6576/comm	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6576/cmdline	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6576/status	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6576/attr/current	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6576/sessionid	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6576/loginuid	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6576/cgroup	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6576/comm	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6576/cmdline	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6576/status	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6576/attr/current	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6576/sessionid	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6576/loginuid	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6576/cgroup	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6090/comm	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6090/cmdline	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6090/status	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6090/attr/current	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6090/sessionid	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6090/loginuid	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6090/cgroup	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6090/comm	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6090/cmdline	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6090/status	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6090/attr/current	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6090/sessionid	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6090/loginuid	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6090/cgroup	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6090/comm	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6090/cmdline	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6090/status	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6090/attr/current	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6090/sessionid	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6090/loginuid	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6090/cgroup	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6090/comm	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6090/cmdline	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6090/status	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6090/attr/current	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6090/sessionid	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6090/loginuid	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6090/cgroup	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6090/comm	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6090/cmdline	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6090/status	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6090/attr/current	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6090/sessionid	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6090/loginuid	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6090/cgroup	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6090/comm	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6090/cmdline	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6090/status	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6090/attr/current	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6090/sessionid	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6090/loginuid	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6090/cgroup	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6090/comm	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6090/cmdline	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6090/status	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6090/attr/current	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6090/sessionid	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6090/loginuid	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6090/cgroup	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6090/comm	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6090/cmdline	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6090/status	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6090/attr/current	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6090/sessionid	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6090/loginuid	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6090/cgroup	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6090/comm	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6090/cmdline	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6090/status	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6090/attr/current	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6090/sessionid	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6090/loginuid	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	File opened: /proc/6090/cgroup	Jump to behavior

Source: /usr/bin/gpu-manager (PID: 5944)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5949)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5951)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5953)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5955)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6018)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6023)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6087)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/lib/xorg/Xorg (PID: 6176)	Shell command executed: sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""	Jump to behavior
Source: /usr/lib/xorg/Xorg (PID: 6401)	Shell command executed: sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""	Jump to behavior
Source: /usr/share/language-tools/language-options (PID: 6113)	Shell command executed: sh -c "locale -a \| grep -F .utf8 "

Source: /bin/sh (PID: 5945)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 5950)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 5952)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 5954)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 5956)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 6019)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 6024)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 6088)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 6115)	Grep executable: /usr/bin/grep -> grep -F .utf8

Source: /usr/share/gdm/generate-config (PID: 6095)

Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service

Jump to behavior

Source: /lib/systemd/systemd-journald (PID: 6037)

Reads from proc file: /proc/meminfo

Jump to behavior

Source: /sbin/agetty (PID: 5936)	Reads version info: /etc/issue			Jump to behavior
Source: /sbin/agetty (PID: 5941)	Reads version info: /etc/issue			Jump to behavior

Source: /usr/sbin/gdm3 (PID: 6103)	File: /var/run/gdm3 (bits: - usr: -x grp: x all: rwx)	Jump to behavior
Source: /usr/sbin/gdm3 (PID: 6103)	File: /var/log/gdm3 (bits: - usr: -x grp: x all: rwx)	Jump to behavior
Source: /usr/lib/accountsservice/accounts-daemon (PID: 6107)	File: /var/lib/AccountsService/icons (bits: - usr: rx grp: rwx all: rwx)
Source: /usr/lib/accountsservice/accounts-daemon (PID: 6107)	File: /var/lib/AccountsService/users (bits: - usr: - grp: - all: rwx)

Source: /usr/sbin/rsyslogd (PID: 5862)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 5867)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 5867)	Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 5942)	Log file created: /var/log/kern.log
Source: /usr/bin/gpu-manager (PID: 5943)	Log file created: /var/log/gpu-manager.log	Jump to dropped file
Source: /usr/sbin/rsyslogd (PID: 6089)	Log file created: /var/log/kern.log	Jump to dropped file
Source: /usr/sbin/rsyslogd (PID: 6089)	Log file created: /var/log/auth.log	Jump to dropped file
Source: /usr/lib/xorg/Xorg (PID: 6169)	Log file created: /var/log/Xorg.0.log	Jump to dropped file

Hooking and other Techniques for Hiding and Protection

Sample deletes itself

Source: /tmp/wrjkngh4.elf (PID: 5820)

File: /tmp/wrjkngh4.elf

Jump to behavior

Source: /usr/bin/gpu-manager (PID: 5943)	Truncated file: /var/log/gpu-manager.log			Jump to behavior
Source: /usr/lib/xorg/Xorg (PID: 6169)	Truncated file: /var/log/Xorg.pid-6169.log			Jump to behavior

Source: /usr/bin/pkill (PID: 6095)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/lib/xorg/Xorg (PID: 6169)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/libexec/gnome-session-check-accelerated (PID: 6186)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/libexec/gnome-session-check-accelerated-gl-helper (PID: 6204)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/libexec/gnome-session-check-accelerated-gles-helper (PID: 6213)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/gnome-shell (PID: 6241)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pulseaudio (PID: 6451)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pulseaudio (PID: 6990)	Reads CPU info from /sys: /sys/devices/system/cpu/online

Source: /tmp/wrjkngh4.elf (PID: 5822)

Sleeps longer then 60s: 300.0s

Jump to behavior

Source: /tmp/wrjkngh4.elf (PID: 5817)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 5862)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 5867)	Queries kernel information via 'uname':	Jump to behavior
Source: /sbin/agetty (PID: 5936)	Queries kernel information via 'uname':	Jump to behavior
Source: /sbin/agetty (PID: 5941)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 5942)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5943)	Queries kernel information via 'uname':	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6037)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6089)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/gdm3/gdm-session-worker (PID: 6122)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/libexec/gnome-session-binary (PID: 6132)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/gdm3/gdm-session-worker (PID: 6160)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/gdm3/gdm-x-session (PID: 6165)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/xorg/Xorg (PID: 6169)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/libexec/at-spi-bus-launcher (PID: 6198)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/libexec/at-spi2-registryd (PID: 6567)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/libexec/gnome-session-binary (PID: 6185)	Queries kernel information via 'uname':
Source: /usr/libexec/gnome-session-check-accelerated (PID: 6186)	Queries kernel information via 'uname':
Source: /usr/libexec/gnome-session-check-accelerated-gl-helper (PID: 6204)	Queries kernel information via 'uname':
Source: /usr/libexec/gnome-session-check-accelerated-gles-helper (PID: 6213)	Queries kernel information via 'uname':
Source: /usr/bin/gnome-shell (PID: 6241)	Queries kernel information via 'uname':
Source: /usr/libexec/ibus-x11 (PID: 6399)	Queries kernel information via 'uname':
Source: /usr/libexec/gsd-wacom (PID: 6598)	Queries kernel information via 'uname':
Source: /usr/libexec/gsd-color (PID: 6600)	Queries kernel information via 'uname':
Source: /usr/libexec/gsd-keyboard (PID: 6601)	Queries kernel information via 'uname':
Source: /usr/libexec/gsd-smartcard (PID: 6605)	Queries kernel information via 'uname':
Source: /usr/libexec/gsd-media-keys (PID: 6609)	Queries kernel information via 'uname':
Source: /usr/libexec/gsd-power (PID: 6624)	Queries kernel information via 'uname':
Source: /usr/bin/pulseaudio (PID: 6451)	Queries kernel information via 'uname':
Source: /usr/sbin/avahi-daemon (PID: 6576)	Queries kernel information via 'uname':
Source: /usr/lib/packagekit/packagekitd (PID: 6577)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-hostnamed (PID: 6639)	Queries kernel information via 'uname':
Source: /usr/libexec/colord-sane (PID: 6999)	Queries kernel information via 'uname':
Source: /usr/libexec/fprintd (PID: 6822)	Queries kernel information via 'uname':
Source: /usr/bin/pulseaudio (PID: 6990)	Queries kernel information via 'uname':

Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:15 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) Loading /usr/lib/xorg/modules/drivers/vmware_drv.so
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:18 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "512x384" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.200] (II) vmware(0): Not using default mode "1600x900" (insufficient memory for mode)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:19 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "320x180" (bad mode clock/interlace/doublescan)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:20 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Modeline "640x400"x85.1 31.50 640 672 736 832 400 401 404 445 -hsync +vsync (37.9 kHz d)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 216.984] (II) config/udev: Adding input device VirtualPS/2 VMware VMMouse (/dev/input/event2)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.763] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.922] (**) vmware(0): Default mode "640x400": 31.5 MHz, 37.9 kHz, 85.1 Hz
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.565] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.802] (II) vmware(0): Modeline "800x600"x60.3 40.00 800 840 968 1056 600 601 605 628 +hsync +vsync (37.9 kHz d)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.452] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.106] (--) vmware(0): pbase: 0xe8000000
Source: Xorg.0.log.168.dr	Binary or memory string: [ 216.990] (**) VirtualPS/2 VMware VMMouse: Applying InputClass "libinput pointer catchall"
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.055] (II) vmware(0): Not using default mode "1600x900" (insufficient memory for mode)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:19 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "684x384" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.262] (II) vmware(0): Not using default mode "2048x1152" (insufficient memory for mode)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 213.328] (II) vmware(0): Initialized VMware Xv extension successfully.
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.431] (II) vmware(0): Not using default mode "1400x900" (insufficient memory for mode)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.346] (II) vmware(0): Not using default mode "3840x2160" (insufficient memory for mode)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.799] (II) vmware(0): Not using default mode "1920x1080" (insufficient memory for mode)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.519] (II) vmware(0): Not using default mode "1280x800" (width requires unsupported line pitch)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.935] (II) vmware(0): Not using default mode "432x243" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 217.129] (II) event2 - VirtualPS/2 VMware VMMouse: is tagged by udev as: Mouse
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:20 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Modeline "640x360"x59.3 17.75 640 688 720 800 360 363 368 374 +hsync -vsync (22.2 kHz d)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.403] (II) vmware(0): Not using default mode "1280x800" (width requires unsupported line pitch)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.713] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.287] (II) vmware(0): Not using default mode "5120x2880" (insufficient memory for mode)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.709] (II) vmware(0): Modeline "1024x576"x59.9 46.50 1024 1064 1160 1296 576 579 584 599 -hsync +vsync (35.9 kHz d)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.546] (**) vmware(0): Default mode "1152x864": 143.5 MHz, 91.5 kHz, 100.0 Hz
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:19 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "1400x900" (insufficient memory for mode)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.716] (**) vmware(0): Default mode "832x624": 57.3 MHz, 49.7 kHz, 74.6 Hz
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:19 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "1600x1024" (insufficient memory for mode)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.559] (**) vmware(0): Default mode "1152x864": 121.5 MHz, 77.5 kHz, 85.1 Hz
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:15 galassia /usr/lib/gdm3/gdm-x-session[6169]: (==) Matched vmware as autoconfigured driver 0
Source: wrjkngh4.elf, 5817.1.00007ffe7d973000.00007ffe7d994000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-sh4
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:20 galassia /usr/lib/gdm3/gdm-x-session[6169]: (**) vmware(0): Default mode "640x480": 36.0 MHz, 43.3 kHz, 85.0 Hz
Source: Xorg.0.log.168.dr	Binary or memory string: [ 216.955] (II) config/udev: Adding input device VirtualPS/2 VMware VMMouse (/dev/input/mouse1)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:24 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) Using input driver 'libinput' for 'VirtualPS/2 VMware VMMouse'
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.151] (--) vmware(0): w.blu: 8
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:18 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "1400x1050" (insufficient memory for mode)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.422] (II) vmware(0): Not using default mode "800x600" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.673] (II) vmware(0): Not using default mode "1440x900" (insufficient memory for mode)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.909] (**) vmware(0): Default mode "720x400": 35.5 MHz, 37.9 kHz, 85.0 Hz
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.643] (**) vmware(0): Default mode "1024x768": 94.5 MHz, 68.7 kHz, 85.0 Hz
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.585] (**) vmware(0): Default mode "1152x864": 108.0 MHz, 67.5 kHz, 75.0 Hz
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:18 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "1792x1344" (insufficient memory for mode)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:15 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) LoadModule: "vmware"
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.904] (II) vmware(0): Not using default mode "720x405" (monitor doesn't support reduced blanking)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:19 galassia /usr/lib/gdm3/gdm-x-session[6169]: (**) vmware(0): Default mode "1152x864": 121.5 MHz, 77.5 kHz, 85.1 Hz
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:19 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Modeline "1152x864"x75.0 108.00 1152 1216 1344 1600 864 865 868 900 +hsync +vsync (67.5 kHz d)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:19 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Modeline "1152x864"x85.1 121.50 1152 1216 1344 1568 864 865 868 911 +hsync -vsync (77.5 kHz d)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.617] (**) vmware(0): Default mode "1152x864": 96.8 MHz, 63.0 kHz, 70.0 Hz
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.965] (II) vmware(0): Not using default mode "512x288" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.308] (II) vmware(0): Not using default mode "512x384" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 208.586] (II) Loading /usr/lib/xorg/modules/drivers/vmware_drv.so
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.410] (II) vmware(0): Not using default mode "640x400" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.289] (II) vmware(0): Not using default mode "1024x768i" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.560] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:18 galassia /usr/lib/gdm3/gdm-x-session[6169]: (WW) vmware(0): Disabling 3D support.
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:18 galassia /usr/lib/gdm3/gdm-x-session[6169]: (WW) vmware(0): Disabling Render Acceleration.
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.180] (II) vmware(0): Not using default mode "1440x810" (insufficient memory for mode)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.523] (II) vmware(0): Not using default mode "1920x1440" (insufficient memory for mode)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.936] (**) vmware(0): Default mode "640x360": 18.0 MHz, 22.5 kHz, 59.8 Hz
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.504] (II) vmware(0): Not using default mode "928x696" (bad mode clock/interlace/doublescan)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:19 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "864x486" (monitor doesn't support reduced blanking)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:24 galassia /usr/lib/gdm3/gdm-x-session[6169]: (**) VirtualPS/2 VMware VMMouse: Applying InputClass "libinput pointer catchall"
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:18 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Clock range: 0.00 to 400000.00 MHz
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:19 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "15360x8640" (insufficient memory for mode)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.184] (==) vmware(0): Default visual is TrueColor
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.146] (II) vmware(0): Not using default mode "2560x1440" (insufficient memory for mode)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.971] (II) vmware(0): Not using default mode "512x288" (bad mode clock/interlace/doublescan)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:19 galassia /usr/lib/gdm3/gdm-x-session[6169]: (**) vmware(0): Default mode "1152x864": 143.5 MHz, 91.5 kHz, 100.0 Hz
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.132] (II) vmware(0): Not using default mode "2560x1440" (insufficient memory for mode)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.640] (II) vmware(0): Not using default mode "700x525" (bad mode clock/interlace/doublescan)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:19 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Modeline "1024x768"x85.0 94.50 1024 1072 1168 1376 768 769 772 808 +hsync +vsync (68.7 kHz d)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.318] (II) vmware(0): Not using default mode "512x384" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.307] (II) vmware(0): Not using default mode "5120x2880" (insufficient memory for mode)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:18 galassia /usr/lib/gdm3/gdm-x-session[6169]: message repeated 4 times: [ (II) vmware(0): Not using default mode "400x300" (bad mode clock/interlace/doublescan)]
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:19 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "960x720" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.010] (II) vmware(0): Not using default mode "1368x768" (insufficient memory for mode)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.375] (II) vmware(0): Not using default mode "7680x4320" (insufficient memory for mode)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:19 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "1024x576" (bad mode clock/interlace/doublescan)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:20 galassia /usr/lib/gdm3/gdm-x-session[6169]: (**) vmware(0): Default mode "832x624": 57.3 MHz, 49.7 kHz, 74.6 Hz
Source: Xorg.0.log.168.dr	Binary or memory string: [ 216.876] (II) XINPUT: Adding extended input device "VirtualPS/2 VMware VMMouse" (type: MOUSE, id 8)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.702] (**) vmware(0): Default mode "1024x576": 46.5 MHz, 35.9 kHz, 59.9 Hz
Source: Xorg.0.log.168.dr	Binary or memory string: [ 216.997] (II) Using input driver 'libinput' for 'VirtualPS/2 VMware VMMouse'
Source: Xorg.0.log.168.dr	Binary or memory string: [ 217.143] (II) event2 - VirtualPS/2 VMware VMMouse: device removed
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:19 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Modeline "1152x864"x75.0 104.99 1152 1224 1352 1552 864 865 868 902 -hsync +vsync (67.6 kHz d)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:20 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Modeline "800x600"x60.3 40.00 800 840 968 1056 600 601 605 628 +hsync +vsync (37.9 kHz d)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.039] (II) vmware(0): Not using default mode "1600x900" (insufficient memory for mode)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:18 galassia /usr/lib/gdm3/gdm-x-session[6169]: message repeated 3 times: [ (II) vmware(0): Not using default mode "320x240" (bad mode clock/interlace/doublescan)]
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:20 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Modeline "800x600"x56.2 36.00 800 824 896 1024 600 601 603 625 +hsync +vsync (35.2 kHz d)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.735] (II) vmware(0): Modeline "960x540"x59.6 40.75 960 992 1088 1216 540 543 548 562 -hsync +vsync (33.5 kHz d)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.809] (**) vmware(0): Default mode "800x600": 36.0 MHz, 35.2 kHz, 56.2 Hz
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:18 galassia /usr/lib/gdm3/gdm-x-session[6169]: (--) vmware(0): vis: 4
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:18 galassia /usr/lib/gdm3/gdm-x-session[6169]: (WW) vmware(0): Disabling RandR12+ support.
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.830] (II) vmware(0): Modeline "864x486"x59.9 32.50 864 888 968 1072 486 489 494 506 -hsync +vsync (30.3 kHz d)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:20 galassia /usr/lib/gdm3/gdm-x-session[6169]: (**) vmware(0): Default mode "800x600": 49.5 MHz, 46.9 kHz, 75.0 Hz
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.093] (--) vmware(0): bpp: 32
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.047] (II) vmware(0): Not using default mode "800x450" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.884] (II) vmware(0): Modeline "640x480"x59.9 25.18 640 656 752 800 480 490 492 525 -hsync -vsync (31.5 kHz d)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:19 galassia /usr/lib/gdm3/gdm-x-session[6169]: (**) vmware(0): Default mode "1152x864": 105.0 MHz, 67.6 kHz, 75.0 Hz
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.623] (II) vmware(0): Modeline "1152x864"x70.0 96.77 1152 1224 1344 1536 864 865 868 900 -hsync +vsync (63.0 kHz d)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.916] (II) vmware(0): Modeline "720x400"x85.0 35.50 720 756 828 936 400 401 404 446 -hsync +vsync (37.9 kHz d)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.605] (II) vmware(0): Not using default mode "1360x768" (width requires unsupported line pitch)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.591] (II) vmware(0): Not using default mode "1360x768" (width requires unsupported line pitch)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:20 galassia /usr/lib/gdm3/gdm-x-session[6169]: (**) vmware(0): Default mode "1024x768": 75.0 MHz, 56.5 kHz, 70.1 Hz
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:19 galassia /usr/lib/gdm3/gdm-x-session[6169]: (**) vmware(0): Default mode "1152x864": 108.0 MHz, 67.5 kHz, 75.0 Hz
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:20 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Modeline "640x480"x72.8 31.50 640 664 704 832 480 489 492 520 -hsync -vsync (37.9 kHz d)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.313] (II) vmware(0): Not using default mode "512x384" (bad mode clock/interlace/doublescan)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:19 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "2560x1440" (insufficient memory for mode)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.492] (II) vmware(0): Not using default mode "960x600" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.278] (II) vmware(0): Not using default mode "2048x1152" (insufficient memory for mode)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:24 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) event2 - VirtualPS/2 VMware VMMouse: device is a pointer
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:20 galassia /usr/lib/gdm3/gdm-x-session[6169]: (**) vmware(0): Default mode "1024x768": 65.0 MHz, 48.4 kHz, 60.0 Hz
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:24 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) event3 - VirtualPS/2 VMware VMMouse: device removed
Source: Xorg.0.log.168.dr	Binary or memory string: [ 216.753] (**) VirtualPS/2 VMware VMMouse: always reports core events
Source: wrjkngh4.elf, 5817.1.000055ad55fce000.000055ad56031000.rw-.sdmp	Binary or memory string: U5!/etc/qemu-binfmt/sh4
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:19 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Virtual size is 800x600 (pitch 1176)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.834] (II) vmware(0): Not using default mode "1920x1440" (insufficient memory for mode)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:20 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Modeline "640x360"x59.8 18.00 640 664 720 800 360 363 368 376 -hsync +vsync (22.5 kHz d)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.548] (II) vmware(0): Not using default mode "416x312" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.539] (II) vmware(0): Modeline "vmwlegacy-default-800x600"x60.0 36.25 800 801 802 1002 600 601 602 603 (36.2 kHz ez)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.771] (II) vmware(0): Modeline "800x600"x75.0 49.50 800 816 896 1056 600 601 604 625 +hsync +vsync (46.9 kHz d)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:19 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "720x405" (monitor doesn't support reduced blanking)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.076] (II) vmware(0): Not using default mode "960x540" (bad mode clock/interlace/doublescan)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:18 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:20 galassia /usr/lib/gdm3/gdm-x-session[6169]: (**) vmware(0): Default mode "800x600": 50.0 MHz, 48.1 kHz, 72.2 Hz
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.173] (==) vmware(0): RGB weight 888
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.210] (II) vmware(0): Clock range: 0.00 to 400000.00 MHz
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.988] (II) vmware(0): Not using default mode "640x360" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.069] (II) vmware(0): Not using default mode "1920x1080" (insufficient memory for mode)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:24 galassia /usr/lib/gdm3/gdm-x-session[6169]: (**) VirtualPS/2 VMware VMMouse: (accel) acceleration factor: 2.000
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:18 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "1280x960" (insufficient memory for mode)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:19 galassia /usr/lib/gdm3/gdm-x-session[6169]: (**) vmware(0): Default mode "1024x768": 94.5 MHz, 68.7 kHz, 85.0 Hz
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.464] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.100] (--) vmware(0): vram: 4194304
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.415] (II) vmware(0): Not using default mode "1600x1200" (insufficient memory for mode)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.243] (II) vmware(0): Not using default mode "320x240" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.916] (II) vmware(0): Not using default mode "360x202" (bad mode clock/interlace/doublescan)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:18 galassia /usr/lib/gdm3/gdm-x-session[6169]: message repeated 5 times: [ (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)]
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.855] (II) vmware(0): Not using default mode "1024x768" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 216.857] (II) event3 - VirtualPS/2 VMware VMMouse: device removed
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:19 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "1024x576" (monitor doesn't support reduced blanking)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.454] (II) vmware(0): Not using default mode "1600x1200" (insufficient memory for mode)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 213.320] (==) vmware(0): Silken mouse enabled
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.922] (II) vmware(0): Not using default mode "864x486" (monitor doesn't support reduced blanking)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.633] (II) vmware(0): Not using default mode "1400x1050" (insufficient memory for mode)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.166] (II) vmware(0): Not using default mode "1440x810" (insufficient memory for mode)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.417] (II) vmware(0): Not using default mode "1400x900" (insufficient memory for mode)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:20 galassia /usr/lib/gdm3/gdm-x-session[6169]: (**) vmware(0): Default mode "640x480": 31.5 MHz, 37.5 kHz, 75.0 Hz
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:20 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Modeline "640x480"x85.0 36.00 640 696 752 832 480 481 484 509 -hsync -vsync (43.3 kHz d)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.626] (II) vmware(0): Not using default mode "700x525" (bad mode clock/interlace/doublescan)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:20 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Modeline "960x540"x59.6 40.75 960 992 1088 1216 540 543 548 562 -hsync +vsync (33.5 kHz d)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:19 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "640x360" (bad mode clock/interlace/doublescan)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:19 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "7680x4320" (insufficient memory for mode)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.231] (II) vmware(0): Not using default mode "1920x1080" (insufficient memory for mode)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:19 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "1920x1440" (insufficient memory for mode)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.871] (II) vmware(0): Modeline "640x480"x72.8 31.50 640 664 704 832 480 489 492 520 -hsync -vsync (37.9 kHz d)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 216.688] (**) VirtualPS/2 VMware VMMouse: Applying InputClass "libinput pointer catchall"
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:19 galassia /usr/lib/gdm3/gdm-x-session[6169]: (**) vmware(0): Default mode "1152x864": 96.8 MHz, 63.0 kHz, 70.0 Hz
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:18 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "800x600" (bad mode clock/interlace/doublescan)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:19 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "700x450" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.316] (II) vmware(0): Not using default mode "2560x1440" (insufficient memory for mode)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.578] (II) vmware(0): Modeline "1152x864"x85.0 119.65 1152 1224 1352 1552 864 865 868 907 -hsync +vsync (77.1 kHz d)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.500] (II) vmware(0): Not using default mode "2560x1600" (insufficient memory for mode)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:19 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "960x540" (monitor doesn't support reduced blanking)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.555] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:19 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "800x512" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.959] (II) vmware(0): Not using default mode "1024x576" (monitor doesn't support reduced blanking)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:19 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "2048x1536" (insufficient memory for mode)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.848] (II) vmware(0): Not using default mode "2048x1536" (insufficient memory for mode)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.726] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:20 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Modeline "720x400"x85.0 35.50 720 756 828 936 400 401 404 446 -hsync +vsync (37.9 kHz d)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.656] (**) vmware(0): Default mode "1024x768": 78.8 MHz, 60.0 kHz, 75.0 Hz
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:18 galassia /usr/lib/gdm3/gdm-x-session[6169]: (--) vmware(0): bpp: 32
Source: Xorg.0.log.168.dr	Binary or memory string: [ 216.680] (II) config/udev: Adding input device VirtualPS/2 VMware VMMouse (/dev/input/event3)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 217.162] (II) XINPUT: Adding extended input device "VirtualPS/2 VMware VMMouse" (type: MOUSE, id 9)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:24 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) XINPUT: Adding extended input device "VirtualPS/2 VMware VMMouse" (type: MOUSE, id 9)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.113] (--) vmware(0): mwidt: 1176
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:18 galassia /usr/lib/gdm3/gdm-x-session[6169]: (--) vmware(0): w.grn: 8
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:24 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) config/udev: Adding input device VirtualPS/2 VMware VMMouse (/dev/input/event3)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.553] (II) vmware(0): Modeline "1152x864"x100.0 143.47 1152 1232 1360 1568 864 865 868 915 -hsync +vsync (91.5 kHz d)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:18 galassia /usr/lib/gdm3/gdm-x-session[6169]: (--) vmware(0): vram: 4194304
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:20 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Modeline "1024x768"x75.0 78.75 1024 1040 1136 1312 768 769 772 800 +hsync +vsync (60.0 kHz d)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:18 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "1856x1392" (insufficient memory for mode)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.139] (II) vmware(0): Not using default mode "1280x720" (width requires unsupported line pitch)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:16 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware: driver for VMware SVGA: vmware0405, vmware0710
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.470] (II) vmware(0): Not using default mode "1920x1200" (insufficient memory for mode)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:18 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "1360x768" (width requires unsupported line pitch)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:19 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "1024x768" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 208.846] (II) vmware: driver for VMware SVGA: vmware0405, vmware0710
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.868] (II) vmware(0): Not using default mode "1024x768" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.424] (II) vmware(0): Not using default mode "700x450" (bad mode clock/interlace/doublescan)
Source: wrjkngh4.elf, 5817.1.00007ffe7d973000.00007ffe7d994000.rw-.sdmp	Binary or memory string: sx86_64/usr/bin/qemu-sh4/tmp/wrjkngh4.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/wrjkngh4.elf
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:24 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) XINPUT: Adding extended input device "VirtualPS/2 VMware VMMouse" (type: MOUSE, id 8)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.996] (II) vmware(0): Not using default mode "1280x720" (width requires unsupported line pitch)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:18 galassia /usr/lib/gdm3/gdm-x-session[6169]: (==) vmware(0): Depth 24, (==) framebuffer bpp 32
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:24 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) event3 - VirtualPS/2 VMware VMMouse: is tagged by udev as: Mouse
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:24 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) config/udev: Adding input device VirtualPS/2 VMware VMMouse (/dev/input/event2)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:18 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "1024x768i" (bad mode clock/interlace/doublescan)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:19 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "3200x1800" (insufficient memory for mode)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:20 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): vgaHWGetIOBase: hwp->IOBase is 0x03d0
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:16 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Creating default Display subsection in Screen section
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:18 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "700x525" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.368] (II) vmware(0): Not using default mode "15360x8640" (insufficient memory for mode)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:19 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Modeline "1152x864"x100.0 143.47 1152 1232 1360 1568 864 865 868 915 -hsync +vsync (91.5 kHz d)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.894] (**) vmware(0): Default mode "720x405": 22.5 MHz, 25.1 kHz, 59.5 Hz
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.085] (II) vmware(0): Not using default mode "1920x1080" (insufficient memory for mode)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:20 galassia /usr/lib/gdm3/gdm-x-session[6169]: (**) vmware(0): Default mode "640x350": 31.5 MHz, 37.9 kHz, 85.1 Hz
Source: wrjkngh4.elf, 5817.1.000055ad55fce000.000055ad56031000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/sh4
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.506] (II) vmware(0): Not using default mode "1280x800" (width requires unsupported line pitch)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 213.230] (II) vmware(0): Initialized VMWARE_CTRL extension version 0.2
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:18 galassia /usr/lib/gdm3/gdm-x-session[6169]: message repeated 3 times: [ (II) vmware(0): Not using default mode "512x384" (bad mode clock/interlace/doublescan)]
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.783] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:24 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) config/udev: Adding input device VirtualPS/2 VMware VMMouse (/dev/input/mouse0)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.239] (II) vmware(0): Not using default mode "3840x2160" (insufficient memory for mode)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:18 galassia /usr/lib/gdm3/gdm-x-session[6169]: (--) vmware(0): depth: 24
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.570] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.003] (II) vmware(0): Not using default mode "640x360" (bad mode clock/interlace/doublescan)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:18 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "512x384i" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.145] (--) vmware(0): w.grn: 8
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.863] (**) vmware(0): Default mode "640x480": 31.5 MHz, 37.9 kHz, 72.8 Hz
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.977] (==) vmware(0): DPI set to (96, 96)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.365] (II) vmware(0): Not using default mode "640x512" (bad mode clock/interlace/doublescan)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:19 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "1600x900" (insufficient memory for mode)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:20 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Initialized VMWARE_CTRL extension version 0.2
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.030] (II) vmware(0): Not using default mode "684x384" (bad mode clock/interlace/doublescan)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:18 galassia /usr/lib/gdm3/gdm-x-session[6169]: (--) vmware(0): w.red: 8
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:20 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Modeline "1024x576"x59.9 46.50 1024 1064 1160 1296 576 579 584 599 -hsync +vsync (35.9 kHz d)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:24 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) config/udev: Adding input device VirtualPS/2 VMware VMMouse (/dev/input/mouse1)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.173] (II) vmware(0): Not using default mode "2880x1620" (insufficient memory for mode)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.324] (II) vmware(0): Not using default mode "7680x4320" (insufficient memory for mode)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.630] (**) vmware(0): Default mode "1152x864": 81.6 MHz, 53.7 kHz, 60.0 Hz
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.191] (==) vmware(0): Using HW cursor
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.485] (II) vmware(0): Not using default mode "1792x1344" (insufficient memory for mode)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.699] (II) vmware(0): Not using default mode "800x512" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.118] (II) vmware(0): Not using default mode "2048x1152" (insufficient memory for mode)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.132] (--) vmware(0): bpp: 32
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.207] (II) vmware(0): Not using default mode "3200x1800" (insufficient memory for mode)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.970] (II) vmware(0): Modeline "640x350"x85.1 31.50 640 672 736 832 350 382 385 445 +hsync -vsync (37.9 kHz d)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.850] (**) vmware(0): Default mode "640x480": 31.5 MHz, 37.5 kHz, 75.0 Hz
Source: Xorg.0.log.168.dr	Binary or memory string: [ 210.766] (WW) vmware(0): Disabling RandR12+ support.
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.197] (==) vmware(0): Will set up a driver mode with dimensions 800x600.
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.283] (II) vmware(0): Not using default mode "400x300" (bad mode clock/interlace/doublescan)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:18 galassia /usr/lib/gdm3/gdm-x-session[6169]: (==) vmware(0): Will set up a driver mode with dimensions 800x600.
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:19 galassia /usr/lib/gdm3/gdm-x-session[6169]: (**) vmware(0): Default mode "1152x864": 81.6 MHz, 53.7 kHz, 60.0 Hz
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:19 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "2880x1620" (insufficient memory for mode)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.653] (II) vmware(0): Not using default mode "700x525" (bad mode clock/interlace/doublescan)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:18 galassia /usr/lib/gdm3/gdm-x-session[6169]: (EE) vmware(0): Failed to open drm.
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.483] (II) vmware(0): Not using default mode "1920x1200" (insufficient memory for mode)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.339] (II) vmware(0): Not using default mode "640x480" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.247] (II) vmware(0): Not using default mode "1920x1080" (insufficient memory for mode)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.820] (II) vmware(0): Not using default mode "1920x1200" (insufficient memory for mode)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.253] (II) vmware(0): Not using default mode "320x240" (bad mode clock/interlace/doublescan)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:18 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "320x240" (bad mode clock/interlace/doublescan)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:20 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Modeline "800x600"x85.1 56.30 800 832 896 1048 600 601 604 631 +hsync +vsync (53.7 kHz d)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.910] (II) vmware(0): Not using default mode "360x202" (bad mode clock/interlace/doublescan)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:20 galassia /usr/lib/gdm3/gdm-x-session[6169]: (**) vmware(0): Default mode "640x480": 25.2 MHz, 31.5 kHz, 59.9 Hz
Source: Xorg.0.log.168.dr	Binary or memory string: [ 210.729] (EE) vmware(0): Failed to open drm.
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.474] (II) vmware(0): Not using default mode "896x672" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 208.531] (==) Matched vmware as autoconfigured driver 0
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:19 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "960x600" (bad mode clock/interlace/doublescan)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:20 galassia /usr/lib/gdm3/gdm-x-session[6169]: (**) vmware(0): Default mode "800x600": 40.0 MHz, 37.9 kHz, 60.3 Hz
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.874] (II) vmware(0): Not using default mode "2048x1536" (insufficient memory for mode)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.353] (II) vmware(0): Not using default mode "640x480" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.764] (**) vmware(0): Default mode "800x600": 49.5 MHz, 46.9 kHz, 75.0 Hz
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.816] (II) vmware(0): Modeline "800x600"x56.2 36.00 800 824 896 1024 600 601 603 625 +hsync +vsync (35.2 kHz d)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.429] (II) vmware(0): Not using default mode "1600x1200" (insufficient memory for mode)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:20 galassia /usr/lib/gdm3/gdm-x-session[6169]: (**) vmware(0): Default mode "800x600": 36.0 MHz, 35.2 kHz, 56.2 Hz
Source: Xorg.0.log.168.dr	Binary or memory string: [ 210.773] (--) vmware(0): VMware SVGA regs at (0x1070, 0x1071)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.898] (II) vmware(0): Not using default mode "320x180" (bad mode clock/interlace/doublescan)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:19 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.264] (II) vmware(0): Not using default mode "400x300" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.158] (--) vmware(0): vis: 4
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.095] (II) vmware(0): Not using default mode "960x540" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.773] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:18 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "1600x1200" (insufficient memory for mode)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:20 galassia /usr/lib/gdm3/gdm-x-session[6169]: (**) vmware(0): Default mode "1024x576": 46.5 MHz, 35.9 kHz, 59.9 Hz
Source: wrjkngh4.elf, 5817.1.00007ffe7d973000.00007ffe7d994000.rw-.sdmp	Binary or memory string: /tmp/qemu-open.n4tOc4
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.062] (II) vmware(0): Not using default mode "800x450" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.324] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:18 galassia /usr/lib/gdm3/gdm-x-session[6169]: (--) vmware(0): pbase: 0xe8000000
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.159] (II) vmware(0): Not using default mode "2880x1620" (insufficient memory for mode)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 216.851] (II) event3 - VirtualPS/2 VMware VMMouse: device is a pointer
Source: Xorg.0.log.168.dr	Binary or memory string: [ 217.242] (II) config/udev: Adding input device VirtualPS/2 VMware VMMouse (/dev/input/mouse0)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.706] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.163] (==) vmware(0): Depth 24, (==) framebuffer bpp 32
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.104] (II) vmware(0): Not using default mode "2048x1152" (insufficient memory for mode)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:19 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "3840x2160" (insufficient memory for mode)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.230] (II) vmware(0): Not using default mode "360x200" (bad mode clock/interlace/doublescan)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:19 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "5120x2880" (insufficient memory for mode)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:19 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "700x525" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.892] (II) vmware(0): Not using default mode "320x180" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.740] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.618] (II) vmware(0): Not using default mode "1400x1050" (insufficient memory for mode)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.215] (II) vmware(0): Not using default mode "1600x900" (insufficient memory for mode)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:19 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "960x540" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.402] (II) vmware(0): Not using default mode "1600x1200" (insufficient memory for mode)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 217.223] (II) event2 - VirtualPS/2 VMware VMMouse: device is a pointer
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.612] (II) vmware(0): Not using default mode "680x384" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.371] (II) vmware(0): Not using default mode "1280x1024" (insufficient memory for mode)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 216.940] (II) event3 - VirtualPS/2 VMware VMMouse: device is a pointer
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.743] (**) vmware(0): Default mode "800x600": 56.3 MHz, 53.7 kHz, 85.1 Hz
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:20 galassia /usr/lib/gdm3/gdm-x-session[6169]: (==) vmware(0): DPI set to (96, 96)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.408] (II) vmware(0): Not using default mode "800x600" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 216.906] (**) VirtualPS/2 VMware VMMouse: (accel) acceleration threshold: 4
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:20 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Modeline "720x405"x59.5 22.50 720 744 808 896 405 408 413 422 -hsync +vsync (25.1 kHz d)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 216.894] (**) VirtualPS/2 VMware VMMouse: (accel) selected scheme none/0
Source: Xorg.0.log.168.dr	Binary or memory string: [ 210.752] (WW) vmware(0): Disabling Render Acceleration.
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.650] (II) vmware(0): Modeline "1024x768"x85.0 94.50 1024 1072 1168 1376 768 769 772 808 +hsync +vsync (68.7 kHz d)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:20 galassia /usr/lib/gdm3/gdm-x-session[6169]: (**) vmware(0): Default mode "640x360": 18.0 MHz, 22.5 kHz, 59.8 Hz
Source: Xorg.0.log.168.dr	Binary or memory string: [ 213.251] (II) vmware(0): vgaHWGetIOBase: hwp->IOBase is 0x03d0
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:20 galassia /usr/lib/gdm3/gdm-x-session[6169]: (**) vmware(0): Default mode "800x600": 56.3 MHz, 53.7 kHz, 85.1 Hz
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.086] (--) vmware(0): depth: 24
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:20 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Modeline "832x624"x74.6 57.28 832 864 928 1152 624 625 628 667 -hsync -vsync (49.7 kHz d)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:19 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:18 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "416x312" (bad mode clock/interlace/doublescan)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:20 galassia /usr/lib/gdm3/gdm-x-session[6169]: (**) vmware(0): Default mode "720x400": 35.5 MHz, 37.9 kHz, 85.0 Hz
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.513] (II) vmware(0): Not using default mode "2560x1600" (insufficient memory for mode)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:20 galassia /usr/lib/gdm3/gdm-x-session[6169]: (**) vmware(0): Default mode "720x405": 22.5 MHz, 25.1 kHz, 59.5 Hz
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.823] (**) vmware(0): Default mode "864x486": 32.5 MHz, 30.3 kHz, 59.9 Hz
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:24 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) event2 - VirtualPS/2 VMware VMMouse: device removed
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.684] (**) vmware(0): Default mode "1024x768": 65.0 MHz, 48.4 kHz, 60.0 Hz
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.395] (II) vmware(0): Not using default mode "640x400" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.583] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.929] (II) vmware(0): Modeline "640x400"x85.1 31.50 640 672 736 832 400 401 404 445 -hsync +vsync (37.9 kHz d)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.359] (II) vmware(0): Not using default mode "1280x1024" (insufficient memory for mode)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:18 galassia /usr/lib/gdm3/gdm-x-session[6169]: (==) vmware(0): Using HW cursor
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.330] (II) vmware(0): Not using default mode "1280x960" (insufficient memory for mode)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:19 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "1280x800" (width requires unsupported line pitch)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:19 galassia /usr/lib/gdm3/gdm-x-session[6169]: (*) vmware(0): Driver mode "vmwlegacy-default-800x600": 36.3 MHz, 36.2 kHz, 60.0 Hz
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.532] (*) vmware(0): Driver mode "vmwlegacy-default-800x600": 36.3 MHz, 36.2 kHz, 60.0 Hz
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.073] (--) vmware(0): caps: 0xFDFF83E2
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:20 galassia /usr/lib/gdm3/gdm-x-session[6169]: (**) vmware(0): Default mode "640x360": 17.8 MHz, 22.2 kHz, 59.3 Hz
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.383] (II) vmware(0): Not using default mode "1280x800" (width requires unsupported line pitch)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:20 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Modeline "640x480"x59.9 25.18 640 656 752 800 480 490 492 525 -hsync -vsync (31.5 kHz d)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.023] (II) vmware(0): Not using default mode "1368x768" (insufficient memory for mode)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:15 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) Module vmware: vendor="X.Org Foundation"
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.438] (II) vmware(0): Not using default mode "700x450" (bad mode clock/interlace/doublescan)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:24 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) event3 - VirtualPS/2 VMware VMMouse: device is a pointer
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.646] (II) vmware(0): Not using default mode "1400x1050" (insufficient memory for mode)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:18 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "928x696" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.675] (II) vmware(0): Modeline "1024x768"x70.1 75.00 1024 1048 1184 1328 768 771 777 806 -hsync -vsync (56.5 kHz d)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.152] (II) vmware(0): Not using default mode "1280x720" (width requires unsupported line pitch)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:19 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Modeline "1152x864"x85.0 119.65 1152 1224 1352 1552 864 865 868 907 -hsync +vsync (77.1 kHz d)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.339] (II) vmware(0): Not using default mode "7680x4320" (insufficient memory for mode)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.477] (II) vmware(0): Not using default mode "960x600" (bad mode clock/interlace/doublescan)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:18 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "1920x1440" (insufficient memory for mode)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:20 galassia /usr/lib/gdm3/gdm-x-session[6169]: (**) vmware(0): Default mode "640x400": 31.5 MHz, 37.9 kHz, 85.1 Hz
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.526] (II) vmware(0): Virtual size is 800x600 (pitch 1176)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:19 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "360x202" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.667] (II) vmware(0): Not using default mode "700x525" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.837] (**) vmware(0): Default mode "640x480": 36.0 MHz, 43.3 kHz, 85.0 Hz
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.963] (**) vmware(0): Default mode "640x350": 31.5 MHz, 37.9 kHz, 85.1 Hz
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.693] (II) vmware(0): Not using default mode "1600x1024" (insufficient memory for mode)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:18 galassia /usr/lib/gdm3/gdm-x-session[6169]: (--) vmware(0): mheig: 885
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:18 galassia /usr/lib/gdm3/gdm-x-session[6169]: (--) vmware(0): caps: 0xFDFF83E2
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.844] (II) vmware(0): Modeline "640x480"x85.0 36.00 640 696 752 832 480 481 484 509 -hsync -vsync (43.3 kHz d)
Source: wrjkngh4.elf, 5817.1.00007ffe7d973000.00007ffe7d994000.rw-.sdmp	Binary or memory string: U/tmp/qemu-open.n4tOc4\
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.389] (II) vmware(0): Not using default mode "1280x1024" (insufficient memory for mode)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:20 galassia /usr/lib/gdm3/gdm-x-session[6169]: (**) vmware(0): Default mode "640x480": 31.5 MHz, 37.9 kHz, 72.8 Hz
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:18 galassia /usr/lib/gdm3/gdm-x-session[6169]: (==) vmware(0): Using gamma correction (1.0, 1.0, 1.0)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:19 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "1280x720" (width requires unsupported line pitch)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:19 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "4096x2304" (insufficient memory for mode)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.827] (II) vmware(0): Not using default mode "960x600" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.331] (II) vmware(0): Not using default mode "3840x2160" (insufficient memory for mode)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:18 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "640x480" (bad mode clock/interlace/doublescan)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:19 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "1440x900" (insufficient memory for mode)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:19 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "2560x1600" (insufficient memory for mode)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.258] (II) vmware(0): Not using default mode "400x300" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.637] (II) vmware(0): Modeline "1152x864"x60.0 81.62 1152 1216 1336 1520 864 865 868 895 -hsync +vsync (53.7 kHz d)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.668] (**) vmware(0): Default mode "1024x768": 75.0 MHz, 56.5 kHz, 70.1 Hz
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.248] (II) vmware(0): Not using default mode "320x240" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.274] (II) vmware(0): Not using default mode "400x300" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 217.056] (**) VirtualPS/2 VMware VMMouse: always reports core events
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:19 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "512x288" (bad mode clock/interlace/doublescan)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:18 galassia /usr/lib/gdm3/gdm-x-session[6169]: (--) vmware(0): mwidt: 1176
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.255] (II) vmware(0): Not using default mode "4096x2304" (insufficient memory for mode)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:19 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "1368x768" (insufficient memory for mode)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:18 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "1280x1024" (insufficient memory for mode)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.352] (II) vmware(0): Not using default mode "15360x8640" (insufficient memory for mode)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:19 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "640x400" (bad mode clock/interlace/doublescan)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:18 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "680x384" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.461] (II) vmware(0): Not using default mode "800x600" (bad mode clock/interlace/doublescan)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:20 galassia /usr/lib/gdm3/gdm-x-session[6169]: (==) vmware(0): Backing store enabled
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:19 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "2048x1152" (insufficient memory for mode)
Source: wrjkngh4.elf, 5817.1.00007ffe7d973000.00007ffe7d994000.rw-.sdmp	Binary or memory string: /qemu-open.XXXXX
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.138] (--) vmware(0): w.red: 8
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:20 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Initialized VMware Xinerama extension.
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.125] (II) vmware(0): Not using default mode "1024x576" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 213.312] (==) vmware(0): Backing store enabled
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.950] (**) vmware(0): Default mode "640x360": 17.8 MHz, 22.2 kHz, 59.3 Hz
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:20 galassia /usr/lib/gdm3/gdm-x-session[6169]: (==) vmware(0): Silken mouse enabled
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.793] (**) vmware(0): Default mode "800x600": 40.0 MHz, 37.9 kHz, 60.3 Hz
Source: Xorg.0.log.168.dr	Binary or memory string: [ 217.195] (**) VirtualPS/2 VMware VMMouse: (accel) acceleration threshold: 4
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.517] (II) vmware(0): Not using default mode "928x696" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.536] (II) vmware(0): Not using default mode "1920x1440" (insufficient memory for mode)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:20 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Modeline "864x486"x59.9 32.50 864 888 968 1072 486 489 494 506 -hsync +vsync (30.3 kHz d)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.977] (II) vmware(0): Not using default mode "1280x720" (width requires unsupported line pitch)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 210.741] (WW) vmware(0): Disabling 3D support.
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.224] (II) vmware(0): Not using default mode "320x200" (bad mode clock/interlace/doublescan)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:19 galassia /usr/lib/gdm3/gdm-x-session[6169]: (**) vmware(0): Default mode "1152x864": 119.7 MHz, 77.1 kHz, 85.0 Hz
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.953] (II) vmware(0): Not using default mode "480x270" (bad mode clock/interlace/doublescan)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:20 galassia /usr/lib/gdm3/gdm-x-session[6169]: (**) vmware(0): Default mode "960x540": 40.8 MHz, 33.5 kHz, 59.6 Hz
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.112] (II) vmware(0): Not using default mode "1024x576" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.840] (II) vmware(0): Not using default mode "960x720" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.191] (II) vmware(0): Not using default mode "3200x1800" (insufficient memory for mode)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.902] (II) vmware(0): Modeline "720x405"x59.5 22.50 720 744 808 896 405 408 413 422 -hsync +vsync (25.1 kHz d)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:20 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Modeline "1024x768"x60.0 65.00 1024 1048 1184 1344 768 771 777 806 -hsync -vsync (48.4 kHz d)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.731] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 216.841] (II) event3 - VirtualPS/2 VMware VMMouse: is tagged by udev as: Mouse
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:18 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "400x300" (bad mode clock/interlace/doublescan)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:19 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "1440x810" (insufficient memory for mode)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:19 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "800x450" (bad mode clock/interlace/doublescan)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:20 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Modeline "800x600"x75.0 49.50 800 816 896 1056 600 601 604 625 +hsync +vsync (46.9 kHz d)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:19 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "1920x1080" (insufficient memory for mode)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.378] (II) vmware(0): Not using default mode "640x512" (bad mode clock/interlace/doublescan)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:19 galassia /usr/lib/gdm3/gdm-x-session[6169]: (**) vmware(0): Default mode "1024x768": 78.8 MHz, 60.0 kHz, 75.0 Hz
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:18 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "960x720" (bad mode clock/interlace/doublescan)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:20 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Modeline "640x350"x85.1 31.50 640 672 736 832 350 382 385 445 +hsync -vsync (37.9 kHz d)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:19 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "480x270" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.861] (II) vmware(0): Not using default mode "2048x1536" (insufficient memory for mode)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:20 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Modeline "1024x768"x70.1 75.00 1024 1048 1184 1328 768 771 777 806 -hsync -vsync (56.5 kHz d)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 216.933] (II) event3 - VirtualPS/2 VMware VMMouse: is tagged by udev as: Mouse
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.752] (II) vmware(0): Modeline "800x600"x85.1 56.30 800 832 896 1048 600 601 604 631 +hsync +vsync (53.7 kHz d)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 208.568] (II) LoadModule: "vmware"
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.016] (II) vmware(0): Not using default mode "684x384" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.778] (**) vmware(0): Default mode "800x600": 50.0 MHz, 48.1 kHz, 72.2 Hz
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.784] (II) vmware(0): Modeline "800x600"x72.2 50.00 800 856 976 1040 600 637 643 666 +hsync +vsync (48.1 kHz d)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.566] (II) vmware(0): Modeline "1152x864"x85.1 121.50 1152 1216 1344 1568 864 865 868 911 +hsync -vsync (77.5 kHz d)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.749] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.595] (II) vmware(0): Modeline "1152x864"x75.0 108.00 1152 1216 1344 1600 864 865 868 900 +hsync +vsync (67.5 kHz d)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:20 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Modeline "800x600"x72.2 50.00 800 856 976 1040 600 637 643 666 +hsync +vsync (48.1 kHz d)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:18 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "320x200" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.397] (II) vmware(0): Not using default mode "640x512" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.445] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:19 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Modeline "vmwlegacy-default-800x600"x60.0 36.25 800 801 802 1002 600 601 602 603 (36.2 kHz ez)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.878] (**) vmware(0): Default mode "640x480": 25.2 MHz, 31.5 kHz, 59.9 Hz
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.346] (II) vmware(0): Not using default mode "1280x960" (insufficient memory for mode)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.694] (II) vmware(0): Modeline "1024x768"x60.0 65.00 1024 1048 1184 1344 768 771 777 806 -hsync -vsync (48.4 kHz d)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.436] (II) vmware(0): Not using default mode "800x600" (bad mode clock/interlace/doublescan)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:24 galassia /usr/lib/gdm3/gdm-x-session[6169]: (**) VirtualPS/2 VMware VMMouse: (accel) selected scheme none/0
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:20 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Initialized VMware Xv extension successfully.
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.302] (II) vmware(0): Not using default mode "512x384" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 213.244] (II) vmware(0): Initialized VMware Xinerama extension.
Source: Xorg.0.log.168.dr	Binary or memory string: [ 217.181] (**) VirtualPS/2 VMware VMMouse: (accel) selected scheme none/0
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:18 galassia /usr/lib/gdm3/gdm-x-session[6169]: (--) vmware(0): w.blu: 8
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:18 galassia /usr/lib/gdm3/gdm-x-session[6169]: (--) vmware(0): VMware SVGA regs at (0x1070, 0x1071)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:20 galassia /usr/lib/gdm3/gdm-x-session[6169]: (**) vmware(0): Default mode "864x486": 32.5 MHz, 30.3 kHz, 59.9 Hz
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.683] (II) vmware(0): Not using default mode "720x450" (bad mode clock/interlace/doublescan)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:24 galassia /usr/lib/gdm3/gdm-x-session[6169]: (**) VirtualPS/2 VMware VMMouse: (accel) acceleration threshold: 4
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.598] (II) vmware(0): Not using default mode "680x384" (bad mode clock/interlace/doublescan)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:24 galassia /usr/lib/gdm3/gdm-x-session[6169]: (**) VirtualPS/2 VMware VMMouse: always reports core events
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.498] (II) vmware(0): Not using default mode "1856x1392" (insufficient memory for mode)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.663] (II) vmware(0): Modeline "1024x768"x75.0 78.75 1024 1040 1136 1312 768 769 772 800 +hsync +vsync (60.0 kHz d)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 208.639] (II) Module vmware: vendor="X.Org Foundation"
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.529] (II) vmware(0): Not using default mode "960x720" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 217.216] (II) event2 - VirtualPS/2 VMware VMMouse: is tagged by udev as: Mouse
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.217] (II) vmware(0): Not using default mode "320x175" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.361] (II) vmware(0): Not using default mode "7680x4320" (insufficient memory for mode)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.603] (**) vmware(0): Default mode "1152x864": 105.0 MHz, 67.6 kHz, 75.0 Hz
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.448] (II) vmware(0): Not using default mode "800x600" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.722] (II) vmware(0): Modeline "832x624"x74.6 57.28 832 864 928 1152 624 625 628 667 -hsync -vsync (49.7 kHz d)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:19 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "432x243" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.719] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:19 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Modeline "1152x864"x70.0 96.77 1152 1224 1344 1536 864 865 868 900 -hsync +vsync (63.0 kHz d)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.442] (II) vmware(0): Not using default mode "1600x1200" (insufficient memory for mode)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.729] (**) vmware(0): Default mode "960x540": 40.8 MHz, 33.5 kHz, 59.6 Hz
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.813] (II) vmware(0): Not using default mode "960x540" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.660] (II) vmware(0): Not using default mode "1400x1050" (insufficient memory for mode)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:19 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Modeline "1152x864"x60.0 81.62 1152 1216 1336 1520 864 865 868 895 -hsync +vsync (53.7 kHz d)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.947] (II) vmware(0): Not using default mode "480x270" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.222] (II) vmware(0): Not using default mode "3840x2160" (insufficient memory for mode)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:18 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "320x175" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.492] (II) vmware(0): Not using default mode "896x672" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.295] (II) vmware(0): Not using default mode "512x384i" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 217.187] (**) VirtualPS/2 VMware VMMouse: (accel) acceleration factor: 2.000
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.237] (II) vmware(0): Not using default mode "320x240" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.941] (II) vmware(0): Not using default mode "960x540" (monitor doesn't support reduced blanking)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:20 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Modeline "640x480"x75.0 31.50 640 656 720 840 480 481 484 500 -hsync -vsync (37.5 kHz d)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.511] (II) vmware(0): Not using default mode "1856x1392" (insufficient memory for mode)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.119] (--) vmware(0): mheig: 885
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.609] (II) vmware(0): Modeline "1152x864"x75.0 104.99 1152 1224 1352 1552 864 865 868 902 -hsync +vsync (67.6 kHz d)
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:24 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) event2 - VirtualPS/2 VMware VMMouse: is tagged by udev as: Mouse
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.928] (II) vmware(0): Not using default mode "432x243" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.575] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 217.137] (II) event2 - VirtualPS/2 VMware VMMouse: device is a pointer
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:18 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "640x512" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 216.695] (II) Using input driver 'libinput' for 'VirtualPS/2 VMware VMMouse'
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:19 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "720x450" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.883] (II) vmware(0): Not using default mode "1024x768" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.458] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.943] (II) vmware(0): Modeline "640x360"x59.8 18.00 640 664 720 800 360 363 368 376 -hsync +vsync (22.5 kHz d)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.126] (--) vmware(0): depth: 24
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.857] (II) vmware(0): Modeline "640x480"x75.0 31.50 640 656 720 840 480 481 484 500 -hsync -vsync (37.5 kHz d)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.572] (**) vmware(0): Default mode "1152x864": 119.7 MHz, 77.1 kHz, 85.0 Hz
Source: syslog.89.dr	Binary or memory string: Jan 6 18:24:18 galassia /usr/lib/gdm3/gdm-x-session[6169]: (II) vmware(0): Not using default mode "896x672" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 211.269] (II) vmware(0): Not using default mode "400x300" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.168.dr	Binary or memory string: [ 212.957] (II) vmware(0): Modeline "640x360"x59.3 17.75 640 688 720 800 360 363 368 374 +hsync -vsync (22.2 kHz d)

Language, Device and Operating System Detection

Reads system files that contain records of logged in users

Source: /usr/lib/accountsservice/accounts-daemon (PID: 6107)

Logged in records file read: /var/log/wtmp

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	2 Scripting	Valid Accounts	Windows Management Instrumentation	2 Scripting	Path Interception	1 Virtualization/Sandbox Evasion	1 OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Non-Standard Port	Exfiltration Over Other Network Medium	1 Service Stop
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 File and Directory Permissions Modification	LSASS Memory	1 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Disable or Modify Tools	Security Account Manager	1 System Owner/User Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Hidden Files and Directories	NTDS	11 File and Directory Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Indicator Removal	LSA Secrets	3 System Information Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 File Deletion	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
wrjkngh4.elf	32%	Virustotal		Browse
wrjkngh4.elf	32%	ReversingLabs	Linux.Trojan.Mirai

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://wiki.x.org	0%	Avira URL Cloud	safe
https://www.rsyslog.com	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
fingwi.cardiacpure.ru	178.215.238.112	true	false		high
fingwi.cardiacpure.ru. [malformed]	unknown	unknown	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.rsyslog.com	syslog.89.dr, syslog.21.dr, syslog.45.dr, syslog.29.dr	false	Avira URL Cloud: safe	unknown
http://wiki.x.org	syslog.89.dr, Xorg.0.log.168.dr	false	Avira URL Cloud: safe	unknown
http://www.ubuntu.com/support)	syslog.89.dr, Xorg.0.log.168.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
178.215.238.112	fingwi.cardiacpure.ru	Germany		10753	LVLT-10753US	false
89.190.156.145	unknown	United Kingdom		7489	HOSTUS-GLOBAL-ASHostUSHK	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
178.215.238.112	vevhea4.elf	Get hash	malicious	Unknown	Browse
	qbfwdbg.elf	Get hash	malicious	Unknown	Browse
	wlw68k.elf	Get hash	malicious	Unknown	Browse
	ivwebcda7.elf	Get hash	malicious	Mirai	Browse
	fbhervbhsl.elf	Get hash	malicious	Unknown	Browse
	ngwa5.elf	Get hash	malicious	Unknown	Browse
	debvps.elf	Get hash	malicious	Unknown	Browse
	wev86.elf	Get hash	malicious	Unknown	Browse
	gnjqwpc.elf	Get hash	malicious	Unknown	Browse
	arm7.elf	Get hash	malicious	Mirai	Browse
89.190.156.145	vevhea4.elf	Get hash	malicious	Unknown	Browse
	qbfwdbg.elf	Get hash	malicious	Unknown	Browse
	wlw68k.elf	Get hash	malicious	Unknown	Browse
	ivwebcda7.elf	Get hash	malicious	Mirai	Browse
	fbhervbhsl.elf	Get hash	malicious	Unknown	Browse
	ngwa5.elf	Get hash	malicious	Unknown	Browse
	debvps.elf	Get hash	malicious	Unknown	Browse
	wev86.elf	Get hash	malicious	Unknown	Browse
	gnjqwpc.elf	Get hash	malicious	Unknown	Browse
	Aqua.arm7.elf	Get hash	malicious	Mirai	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
fingwi.cardiacpure.ru	qbfwdbg.elf	Get hash	malicious	Unknown	Browse	178.215.238.112
	fbhervbhsl.elf	Get hash	malicious	Unknown	Browse	178.215.238.112
	debvps.elf	Get hash	malicious	Unknown	Browse	178.215.238.112

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
HOSTUS-GLOBAL-ASHostUSHK	vevhea4.elf	Get hash	malicious	Unknown	Browse	89.190.156.145
	qbfwdbg.elf	Get hash	malicious	Unknown	Browse	89.190.156.145
	wlw68k.elf	Get hash	malicious	Unknown	Browse	89.190.156.145
	ivwebcda7.elf	Get hash	malicious	Mirai	Browse	89.190.156.145
	fbhervbhsl.elf	Get hash	malicious	Unknown	Browse	89.190.156.145
	ngwa5.elf	Get hash	malicious	Unknown	Browse	89.190.156.145
	debvps.elf	Get hash	malicious	Unknown	Browse	89.190.156.145
	wev86.elf	Get hash	malicious	Unknown	Browse	89.190.156.145
	gnjqwpc.elf	Get hash	malicious	Unknown	Browse	89.190.156.145
	Aqua.arm7.elf	Get hash	malicious	Mirai	Browse	89.190.156.145
LVLT-10753US	vevhea4.elf	Get hash	malicious	Unknown	Browse	178.215.238.112
	qbfwdbg.elf	Get hash	malicious	Unknown	Browse	178.215.238.112
	wlw68k.elf	Get hash	malicious	Unknown	Browse	178.215.238.112
	ivwebcda7.elf	Get hash	malicious	Mirai	Browse	178.215.238.112
	fbhervbhsl.elf	Get hash	malicious	Unknown	Browse	178.215.238.112
	ngwa5.elf	Get hash	malicious	Unknown	Browse	178.215.238.112
	debvps.elf	Get hash	malicious	Unknown	Browse	178.215.238.112
	wev86.elf	Get hash	malicious	Unknown	Browse	178.215.238.112
	gnjqwpc.elf	Get hash	malicious	Unknown	Browse	178.215.238.112
	arm7.elf	Get hash	malicious	Mirai	Browse	178.215.238.112

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

/home/saturnino/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-sink

Download File

Process:	/usr/bin/pulseaudio
File Type:	ASCII text
Category:	dropped
Size (bytes):	10
Entropy (8bit):	2.9219280948873623
Encrypted:	false
SSDEEP:	3:5bkPn:pkP
MD5:	FF001A15CE15CF062A3704CEA2991B5F
SHA1:	B06F6855F376C3245B82212AC73ADED55DFE5DEF
SHA-256:	C54830B41ECFA1B6FBDC30397188DDA86B7B200E62AEAC21AE694A6192DCC38A
SHA-512:	65EBF7C31F6F65713CE01B38A112E97D0AE64A6BD1DA40CE4C1B998F10CD3912EE1A48BB2B279B24493062118AAB3B8753742E2AF28E56A31A7AAB27DE80E7BF
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	auto_null.

/home/saturnino/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-source

Download File

Process:	/usr/bin/pulseaudio
File Type:	ASCII text
Category:	dropped
Size (bytes):	18
Entropy (8bit):	3.4613201402110088
Encrypted:	false
SSDEEP:	3:5bkrIZsXvn:pkckv
MD5:	28FE6435F34B3367707BB1C5D5F6B430
SHA1:	EB8FE2D16BD6BBCCE106C94E4D284543B2573CF6
SHA-256:	721A37C69E555799B41D308849E8F8125441883AB021B723FED90A9B744F36C0
SHA-512:	6B6AB7C0979629D0FEF6BE47C5C6BCC367EDD0AAE3FC973F4DE2FD5F0A819C89E7656DB65D453B1B5398E54012B27EDFE02894AD87A7E0AF3A9C5F2EB24A9919
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	auto_null.monitor.

/proc/6136/oom_score_adj

Download File

Process:	/usr/bin/dbus-daemon
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Reputation:	high, very likely benign file
Preview:	0

/proc/6139/oom_score_adj

Download File

Process:	/usr/bin/dbus-daemon
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Reputation:	high, very likely benign file
Preview:	0

/proc/6141/oom_score_adj

Download File

Process:	/usr/bin/dbus-daemon
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Preview:	0

/proc/6143/oom_score_adj

Download File

Process:	/usr/bin/dbus-daemon
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Preview:	0

/proc/6145/oom_score_adj

Download File

Process:	/usr/bin/dbus-daemon
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Preview:	0

/proc/6147/oom_score_adj

Download File

Process:	/usr/bin/dbus-daemon
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Preview:	0

/proc/6152/oom_score_adj

Download File

Process:	/usr/bin/dbus-daemon
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Preview:	0

/proc/6198/oom_score_adj

Download File

Process:	/usr/bin/dbus-daemon
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Preview:	0

/proc/6225/oom_score_adj

Download File

Process:	/usr/bin/dbus-daemon
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Preview:	0

/proc/6228/oom_score_adj

Download File

Process:	/usr/bin/dbus-daemon
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Preview:	0

/proc/6230/oom_score_adj

Download File

Process:	/usr/bin/dbus-daemon
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Preview:	0

/proc/6232/oom_score_adj

Download File

Process:	/usr/bin/dbus-daemon
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Preview:	0

/proc/6234/oom_score_adj

Download File

Process:	/usr/bin/dbus-daemon
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Preview:	0

/proc/6236/oom_score_adj

Download File

Process:	/usr/bin/dbus-daemon
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Preview:	0

/proc/6239/oom_score_adj

Download File

Process:	/usr/bin/dbus-daemon
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Preview:	0

/proc/6404/oom_score_adj

Download File

Process:	/usr/bin/dbus-daemon
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Preview:	0

/proc/6567/oom_score_adj

Download File

Process:	/usr/bin/dbus-daemon
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Preview:	0

/proc/6580/oom_score_adj

Download File

Process:	/usr/bin/dbus-daemon
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Preview:	0

/proc/6774/oom_score_adj

Download File

Process:	/usr/bin/dbus-daemon
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Preview:	0

/run/avahi-daemon/pid

Download File

Process:	/usr/sbin/avahi-daemon
File Type:	ASCII text
Category:	dropped
Size (bytes):	5
Entropy (8bit):	1.9219280948873623
Encrypted:	false
SSDEEP:	3:jTv:vv
MD5:	A3112D9451EAC308A070C9536885138D
SHA1:	3927806D56FD741DD1323FA35D87A01AE7879230
SHA-256:	D6B04BAA09EF35DB52AEE51312D72BDC8477BCBE251C832131DB469B7EA99D53
SHA-512:	DBEA0D0A5145955029FFDF0C591E74DD65C2FC31079EBE2C4F2A44A1793A489286F90C97E2AE4143D5823C9DBCED17FC5EF4AA24A0D94B76A4C77F175BF8DF7B
Malicious:	false
Preview:	6576.

/run/gdm3.pid

Download File

Process:	/usr/sbin/gdm3
File Type:	ASCII text
Category:	dropped
Size (bytes):	5
Entropy (8bit):	2.321928094887362
Encrypted:	false
SSDEEP:	3:4Wv:4Wv
MD5:	5C6922C3F43AA76E5CF1374BEB820793
SHA1:	7322DF59DAB946B3292EC63F47207CFEB3950984
SHA-256:	6A20BFEC8BCC974D40566852BEAF01B08B76AC14995C0A953DC05D1C02B19010
SHA-512:	210FF9BB12E63A78E9FE6BD5899CABC784653E81BE935D164451A3BAC2991305A36B67BC590222BD40F60C6AEB7E558827666ADB25B83008A46B7CFD0B9DBE8E
Malicious:	false
Preview:	6103.

/run/systemd/inhibit/.#1QmNHhV

Download File

Process:	/lib/systemd/systemd-logind
File Type:	ASCII text
Category:	dropped
Size (bytes):	143
Entropy (8bit):	5.090645391357815
Encrypted:	false
SSDEEP:	3:SbFVVmFyinKMs/eWJAAVu9ifjyeIppTMXSHK72X8/Sf9n:SbFuFyL8OAApflApLHK7wR9n
MD5:	9DF8C168A874FA332CDF5A35EFEF1884
SHA1:	8939B723242E7EE9848D2D3C96DD9BE02D6558AD
SHA-256:	4347F3EFF520BE5420ACCC46D25E284E9088508E1B687A91DC7B054692E6803C
SHA-512:	1F94623F9C891E6973861E77C98784F104FB4250FDB67702A9154B568FDE9F487A5663638725B44C0EF3D5888A5F83984E38A39CE5B2EDEE7589903BE18A0CD4
Malicious:	false
Preview:	# This is private data. Do not parse..WHAT=sleep.MODE=delay.UID=0.PID=6411.WHO=UPower.WHY=Pause device polling.FIFO=/run/systemd/inhibit/1.ref.

/run/systemd/inhibit/.#2D8962X

Download File

Process:	/lib/systemd/systemd-logind
File Type:	ASCII text
Category:	dropped
Size (bytes):	198
Entropy (8bit):	5.2194016554059095
Encrypted:	false
SSDEEP:	6:SbFuFyL8NEL1QXccIRI/cIlGjdC+4yqKLXv0Rsz:qgFqXQXTI1IlxyqKjcRsz
MD5:	44F1DBA3A0FC516E372CF1CBECC81C76
SHA1:	90132EBC48EBD1ABA2F1C0F7557192CE19C4E7F7
SHA-256:	A3598A45910AECDB4CF0946EBCF52C8E7082772281A62C4DE7E216DAA4B187FE
SHA-512:	4486B5D953A29F1CF591B99DB0DABAEF075C0D258391D6F3E102444253446F19092CBC22C60D22794CE06A4E99CFAEE75896CE0AF05C233B1D3B0E1541A1F4D6
Malicious:	false
Preview:	# This is private data. Do not parse..WHAT=handle-power-key:handle-suspend-key:handle-hibernate-key.MODE=block.UID=127.PID=6609.WHO=gdm.WHY=GNOME handling keypresses.FIFO=/run/systemd/inhibit/2.ref.

/run/systemd/inhibit/.#3j9WrNV

Download File

Process:	/lib/systemd/systemd-logind
File Type:	ASCII text
Category:	dropped
Size (bytes):	147
Entropy (8bit):	5.180533233946161
Encrypted:	false
SSDEEP:	3:SbFVVmFyinKMs/eWJAAVu9c++MyiiXoqKZLXviX8/SfWADv:SbFuFyL8OAAx+4yqKLXv0RT
MD5:	3E228079AFD8658383F11343F358D423
SHA1:	7EDB360B44A028BB5C690BAAF04A042C45D3EF6B
SHA-256:	15F811AE3CCC371AA1F5F862A481ED8196F46CDB1F3FE364314D2977AFF2BECE
SHA-512:	DC25EC534A5B6632D0580EA7DFB8A00EB076D8EB0633FFCB96065C5795A3534E5E548924F38BDF69F5A3A638F5088EC5EC81EBF86845EE88F3DEFCDA0EB8CA54
Malicious:	false
Preview:	# This is private data. Do not parse..WHAT=sleep.MODE=delay.UID=127.PID=6609.WHO=gdm.WHY=GNOME handling keypresses.FIFO=/run/systemd/inhibit/3.ref.

/run/systemd/inhibit/.#4xiH8fU

Download File

Process:	/lib/systemd/systemd-logind
File Type:	ASCII text
Category:	dropped
Size (bytes):	152
Entropy (8bit):	5.138883971711133
Encrypted:	false
SSDEEP:	3:SbFVVmFyinKMs/eWJAAVu9c++ot+3iXulpv5RX8/SflY:SbFuFyL8OAAx+PtylpLRS
MD5:	CED79CB9301E4B8813B5D66413F51744
SHA1:	6A5BD713722B36DC1B5241281427ABFEE7F2F87D
SHA-256:	2965FDF5741D6AA3823901BA4525716B016491A02C54DDDAD7AA0C1F814FC5C7
SHA-512:	6872A8D08DFA8BB83ACF1EBE7FD29E897F7F59B7F1BC213666FCDB94CB00B5569D3DF0EE31A249B2EC69FE5ECD014D274931E0D6048D1101ACA482E996A15A80
Malicious:	false
Preview:	# This is private data. Do not parse..WHAT=sleep.MODE=delay.UID=127.PID=6624.WHO=gdm.WHY=GNOME needs to lock the screen.FIFO=/run/systemd/inhibit/4.ref.

/run/systemd/inhibit/.#5hQgS0U

Download File

Process:	/lib/systemd/systemd-logind
File Type:	ASCII text
Category:	dropped
Size (bytes):	164
Entropy (8bit):	4.974198609053518
Encrypted:	false
SSDEEP:	3:SbFVVmFyinKMs/eWJAAVu9if2tqvDkBoDWicRF2Tg+tX8/Sf5:SbFuFyL8OAApfxDjDJcjKR5
MD5:	8A2534E6EEF283D8985BF151E70AC212
SHA1:	F30D6B5BE0D8C4B4C7840FE950A1A2D44151C0A6
SHA-256:	DB1BD4B7B301ADE7156807A53B8E8ED4B2B4E2FA4199E8119A02685014641443
SHA-512:	8472260E5F7E002F9FB66BCFB528B0CF8C3E10751B848CE3DA9317250F0B357820C488CDB92DD82BEF3F918C6E5AE2201EB700025320E59F5A463723CE9076DB
Malicious:	false
Preview:	# This is private data. Do not parse..WHAT=sleep.MODE=delay.UID=0.PID=6954.WHO=ModemManager.WHY=ModemManager needs to reset devices.FIFO=/run/systemd/inhibit/5.ref.

/run/systemd/journal/streams/.#9:65402uG00FF

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	223
Entropy (8bit):	5.553036361523724
Encrypted:	false
SSDEEP:	3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxmyRkH3eUUQq1cdjg2+:SbFuFyLVIg1BG+f+My0uujg2ji4s
MD5:	4FEBBC6B756588E70E2E70AB97DA8D55
SHA1:	37A5E3A71E6C96B47B2A704A93BE8922C1034943
SHA-256:	9E131656E95BEA204C218BE5779561E821E5CF3A407BC92E78BBB776322454E1
SHA-512:	2390F1F6EE56768E7DAB24F23F5E3A62F5BB77055D32E928C8EB60AA13765162A092AD555BC75D1069843CDDB0866C6D0BA1B9414D456C15756F0C6AA81B77FA
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=868d7b597e244501acb9b115af30c987.IDENTIFIER=journalctl.UNIT=systemd-journal-flush.service.

/run/systemd/journal/streams/.#9:65403GqpgOG

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	220
Entropy (8bit):	5.481801715590442
Encrypted:	false
SSDEEP:	6:SbFuFyLVIg1BG+f+MJNHzv/NjZcHcljX+:qgFq6g10+f+MJBmAu
MD5:	18C998E18E9E3EDC358AB28FD31CEF87
SHA1:	24A5DF9078754CA590926357ADCFCEBD86862A0E
SHA-256:	7A897DD5C8162E96E72DC5F0EA3A863337CD6FD26D4230E8E2BBB591280F8195
SHA-512:	AAA48825CD4D071F6A4A377FE2AB852F331FAC077129D91EF37120739C8DF6FF95A656354EA5839F644FE4A029FB4BC15081128B26B978199E06653A94A667C0
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=c49bd311859846bea152b1c36eda7e80.IDENTIFIER=systemd-logind.UNIT=systemd-logind.service.

/run/systemd/journal/streams/.#9:65404Wg979H

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	207
Entropy (8bit):	5.426353350500575
Encrypted:	false
SSDEEP:	3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxmsgQ1RqcHRynQlY+sd:SbFuFyLVIg1BG+f+MsgQT4UYTjosQu
MD5:	9DEE83F372F1142391015F651C0CC7C6
SHA1:	4791AF2B2E4AA48BE925C2B204FA82765C2E9F47
SHA-256:	DA520CC9E368938AC701B2E29CA08D725C66F270F62D71D9E22D08DAC75E3677
SHA-512:	FF1C9797F9DD179A37F62C10BB5221F23863D69836A5E359714C44272C7384C696B98F550CD9A83D27766F0AC3C698601E571D9D1E573861E2C7330C06111C60
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=f945683eb3eb499daf9b47d71e6e502b.IDENTIFIER=dbus-daemon.UNIT=dbus.service.

/run/systemd/journal/streams/.#9:65416p9kP3I

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	210
Entropy (8bit):	5.386120293270035
Encrypted:	false
SSDEEP:	3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLCHh6KV+h6CQzuxm/TamCUbpWdUS0A+sjsx:SbFuFyLVIg1BAf+M7CUOq8jNALyAZD
MD5:	FE79DBFF84D3E3881344919ABDA0356D
SHA1:	499D6DE81A40DA4D69ABF7841451B317FD50108A
SHA-256:	54385E8BACA567A895F3448B0046850E10605AF7C71F61A538398E983AFE8792
SHA-512:	13FA821FC062D3FADC33A80CD4DD033EC5409FACFA0CF896D8A74F40C67D3063B50257B2DA291BB61CBBBED18BCBB94C2C21A7251B3A5CDEF6AEDE7A380B0412
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=1.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=55c844dcef9f41a89dae31a113bbaff3.IDENTIFIER=generate-config.UNIT=gdm.service.

/run/systemd/journal/streams/.#9:654183OFYnG

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	211
Entropy (8bit):	5.485956963812718
Encrypted:	false
SSDEEP:	3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLCHh6KV+h6CQzuxm+weHc+9vATjs2BbQIeT:SbFuFyLVIg1BAf+M+w4r9v8jNdQIeXD
MD5:	A93213D4F8A955746929CC9F2410CA0B
SHA1:	D675EAA9AC2AFADA55192254D35B1B4FEE75A23D
SHA-256:	DCB397C054BE2F14D77FBF9D281496EA7E3A05445BF937D9ED199176175679E6
SHA-512:	D457FE06477DFA36F303846D8D0D5FA240D17B3BEFFA87CC83D58AD793EA9B5D4DB26F109DC43889B53FA77BFA187681C37CFFDE672CA1F7386AA48ADEA28455
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=1.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=4705e0f3102a419691f2088597b67fa5.IDENTIFIER=gdm-wait-for-drm.UNIT=gdm.service.

/run/systemd/journal/streams/.#9:65419K5BFfH

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	223
Entropy (8bit):	5.521881458891067
Encrypted:	false
SSDEEP:	3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxmrzokArllsjs7Lbgw3:SbFuFyLVIg1BG+f+MPYIji4s
MD5:	DFCE17B6E85A14150B39177FB030FC50
SHA1:	A64E573D63BCD2A0FB102159AB633269F01DCA16
SHA-256:	322EE5A0BB10849F3BA1B2CD3BC48BE40536E20E2EAB55547982C3D850F711A6
SHA-512:	6F4BEA46BDFF8DAC170C10D3C800530B6E37AF94DFE579D1F181980217D34B4C23700EFFDFE8DF9BE6E7ECAC8577A3769D84B3F61C4E8BC86CEAA9000676B364
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=a3511478f50344fc9e871e7c37fb6fc1.IDENTIFIER=journalctl.UNIT=systemd-journal-flush.service.

/run/systemd/journal/streams/.#9:654943X8D6H

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	199
Entropy (8bit):	5.36311749267913
Encrypted:	false
SSDEEP:	3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLCHh6KV+h6CQzuxmv/BmGXWYyTrHKshg2jr:SbFuFyLVIg1BAf+MBxGYy/Rg2jNTZD
MD5:	435DB5659E4522C61AC2BC2F1175C51C
SHA1:	99AAF11548EB7E60D79537BD1D3E49C84D9B794D
SHA-256:	B7A207D7881D28128C78BBA9DF3C49FFC9F917A60F9753DFF86FB3FB54AD4FE8
SHA-512:	57293C20E3A3C3B16E1AA41F0B7C8F5BE9B7A525B373026E48CAA9C8D26DF48977D2CC9D685FE2A2F20C1E3E4A2AAEAD50DA80BC61FFAD0F316C99285172EA8E
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=1.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=ea39401bcc9e435690854c93484bc9be.IDENTIFIER=gdm3.UNIT=gdm.service.

/run/systemd/journal/streams/.#9:65501RFgl1E

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	222
Entropy (8bit):	5.4158433242226165
Encrypted:	false
SSDEEP:	6:SbFuFyLVIg1BG+f+MzzVRVvcCi8jLTTIWTIL:qgFq6g10+f+Mzz7hbREWEL
MD5:	89980A546E452872899E04421839539D
SHA1:	71DC92F2726CACA75A12C85C68FE7FBA8D8C425C
SHA-256:	F8E770CF724A41525C843BDA73ABA408B3A16DC97D7175FE83C341526D985EDE
SHA-512:	421D7115C32B344C0F15B79421AB26C9DF80771C1C258F31BA3F1C0887AD70737C71C91686390A0164A8D6D5678814F5CE53A0C6BDC910DB2A138A255D6FA6B8
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=36f07e0409f04f90822c027d120fc8bc.IDENTIFIER=accounts-daemon.UNIT=accounts-daemon.service.

/run/systemd/journal/streams/.#9:66184VoRIcJ

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	205
Entropy (8bit):	5.361072445542339
Encrypted:	false
SSDEEP:	3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxm6LDcI61LXUpc7QByz:SbFuFyLVIg1BG+f+M6t0oyD2jbVC
MD5:	F772E322284E053FD97904BC69991BDA
SHA1:	161D546F21C41BC6CE614568E58B9DBC64AC5640
SHA-256:	62376827564F53E41BFD010720B79F3BB6F02AB4B91A23FB12C760BA7A95F281
SHA-512:	AE740EFC23904F7A0BAC9A6D8A52A0B6569F8836BA272608B9B3E6A9C7B259DC5995AFFC5DEEA8A9E0B65D7C51C2DAAB91829F7DD10F3BE15BC3B32414346810
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=0c934a91ff4949a4b0d4b213fe9045d9.IDENTIFIER=polkitd.UNIT=polkit.service.

/run/systemd/journal/streams/.#9:662554vRSbJ

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	189
Entropy (8bit):	5.372695363735684
Encrypted:	false
SSDEEP:	3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxmpxg/GnPghUxAOshT9:SbFuFyLVIg1BG+f+MM/GPTADZjoa
MD5:	4D9EE955F17A16AA21DA2FDB5533933E
SHA1:	651303C1BC0EEDC35D62FD072B7A688523A60723
SHA-256:	378D5250D90485EE7DF34EE3361B6952B5AFA68462CA536DC2EA91612040F946
SHA-512:	A4599DE22EFCB52840EEB00B4423BB94A5AA5958ABF7D2AC9179A5C58BCCD0FC5C83ABCF2B894E943E9B0C51290329EECB7CE93456EC536545F8F3C68AC773B0
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=ce14cf3a2c8f44f49584cec8142e5de7.IDENTIFIER=dbus-daemon.

/run/systemd/journal/streams/.#9:66282B8xOGG

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	190
Entropy (8bit):	5.331681606438222
Encrypted:	false
SSDEEP:	3:SbFVVmFyinKMsPOdvP69ms947z+h6SnLAqC+h6KV+h6CQzuxmp04SxIP0/A5qjsE:SbFuFyLVK6g7/+BG+f+MmLl8qjN3r
MD5:	526C78BC24FBEC4AB14E4191D58D3158
SHA1:	123EB0A1A2FE1D7C211EB5A37C684A6C8804209C
SHA-256:	2209B38206FAE1312F0F3236DC5B598AF9E86C4DDBBBE2FA96591FD1BBC29FD0
SHA-512:	27A10F8C65AB602AB17142F46BCF58B17BAE0857F8615F44A0EAAEC333AA52C5D55D06F7FBE2BE53ECE56F8F214D58AAFCEDAEEC658AB6AFB000D7AE3FE0579B
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=6.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=ca8cbe7105b04e1bb96ab79b5d9a220e.IDENTIFIER=gnome-session.

/run/systemd/journal/streams/.#9:663774UXitH

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	200
Entropy (8bit):	5.479716529727785
Encrypted:	false
SSDEEP:	6:SbFuFyLVK6g7/+BG+f+MgeDRtuqjFmzXvn:qgFqo6g7/+0+f+Mtru4QXvn
MD5:	20A5DDB6DF026BCC0CA4FC342C00F171
SHA1:	30A128F17A0257FBC8918F3A0692B9FF97DFE7D1
SHA-256:	B2732DC99C50F33C03AF20841FE6CA61220ABADFB2E068AB15680F368E4FCB93
SHA-512:	4D1727F4FDD482F23F09F59CF28A0E97C02ACDA86686588A4C1EDF14D76E30C900C4D3A522608D1607C91F76A54FDFC1B0957FDBB5030FF482D2699F5B600007
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=6.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=5b758f321c6e49669f446d2f6bcf3c19.IDENTIFIER=org.gnome.Shell.desktop.

/run/systemd/journal/streams/.#9:663794YwBpG

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	200
Entropy (8bit):	5.438347705420951
Encrypted:	false
SSDEEP:	6:SbFuFyLVI6g7/+BG+f+M+ZrEJ0hTjFmzXvn:qgFqdg7/+0+f+MQo0hNQXvn
MD5:	1A4B345CE48AB5742FA2AD67014FE3B7
SHA1:	667A7DFA41B12AEC89FB165EB0E7E278C4B6BEF5
SHA-256:	055E268335EB8F7A34F8D363F0848A59E513534447A05544139B421279995890
SHA-512:	001C2A22D88013DE376C49ECEE0FC609ECA3525D9A5761C0265F69BE05A28D43667F3F87F71BD8873CD363F4BF692D1ABACC8BA7B3B4BE66B1CF25FFA3C03F3F
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=4.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=491e7d43abc8455d85c615711cd60521.IDENTIFIER=org.gnome.Shell.desktop.

/run/systemd/journal/streams/.#9:66422850WKH

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	195
Entropy (8bit):	5.4003740911476745
Encrypted:	false
SSDEEP:	3:SbFVVmFyinKMsPOdvP69ms947z+h6SnLAqC+h6KV+h6CQzuxmyEDVgEXEtfRwqjk:SbFuFyLVK6g7/+BG+f+MyEDVg+EljNq
MD5:	006E29D237A163D89C367CDEF402CBB8
SHA1:	25BF9C1967ABD75184378803DD0538727C509513
SHA-256:	F3598E61FE4E15AAD003536BF951376C8694409FE7E82D139E94BCC674DFC7EF
SHA-512:	2ED73A2F67060AF3F1CB0DF40E080C7F2AD94D48262DA43745E4A061DA02EDECC301F346538E0549A2886D0BBD66F1E4EAA177E31FE1386C239FF9F812A67870
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=6.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=88c53909c07c44eeb162adeeaa077436.IDENTIFIER=gdm-session-worker.

/run/systemd/journal/streams/.#9:66424Cb3HWG

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	195
Entropy (8bit):	5.435741255005314
Encrypted:	false
SSDEEP:	3:SbFVVmFyinKMsPOfvP69ms947z+h6SnLAqC+h6KV+h6CQzuxm7pI8AyEBrRxsjsz:SbFuFyLVI6g7/+BG+f+MCRyOdqjNq
MD5:	E4879ED2A7F4A9B0117FDDDE1FD810F7
SHA1:	6FA5137D2A44639806902A949B8ACD6C3F9EF340
SHA-256:	5635B3C94C2FA232944B29F1631527B6FAF4A53C99C0521CEC5FAAF85894C696
SHA-512:	1B37A51D430C9C863E353F02520DF6A6DA45231FC40333F4B643725D08160AD3FFA3322254E7A88716FD68C9E47ABEF1F2E7E457FCBC70E244C26250FCFDF9BE
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=4.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=10f36e095e3e43b7997fabc2648a4f91.IDENTIFIER=gdm-session-worker.

/run/systemd/journal/streams/.#9:66463vid9WE

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	204
Entropy (8bit):	5.463135342780244
Encrypted:	false
SSDEEP:	6:SbFuFyLVK6g7/+BG+f+Mi2TgjFQMzKYA9:qgFqo6g7/+0+f+MDTqTmt9
MD5:	CC1802B218667C4F9D83D54BB16BE166
SHA1:	D17484760282D427589AC807F237966FE3B9A0E3
SHA-256:	2C74A234CC3D1BB7EC2CFD8491214CE3D113A99BB297AEC741AD02DFA178F57B
SHA-512:	522D0E6D67B8FC6CECF2BF536FF745B39774F0835C521B0BBCEFC966E481B30E42AF30AC425DCCEB5299689CED2F32398F3CF24F5FCF4C841895C2A01C2EE249
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=6.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=1fe02eb9f9234455ab2ae5b2ba66ff93.IDENTIFIER=/usr/lib/gdm3/gdm-x-session.

/run/systemd/journal/streams/.#9:664693mVV5G

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	204
Entropy (8bit):	5.502145911505901
Encrypted:	false
SSDEEP:	6:SbFuFyLVI6g7/+BG+f+Ms+5HNjFQMzKYA9:qgFqdg7/+0+f+Ms+5zTmt9
MD5:	E3F74BE3BB07938840C9297521697D62
SHA1:	D093BECB0BEDE5B2CADD018B3CCDAAFEF43E5F01
SHA-256:	79ECC90E71F52612DD9A42639988C02FCFD88D31244AC17B09EC5A0DD213F4FD
SHA-512:	64EF59123DA6A80DA99321917F7AA0CB0D7A7E01A8884385B9E29770161081352FFE3BD83D97939F23534A3623C160DC8623D9A2F8BDC1CEC6A8030804ABF5B1
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=4.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=f530a57a798744668ac9255fc05f9203.IDENTIFIER=/usr/lib/gdm3/gdm-x-session.

/run/systemd/journal/streams/.#9:666437pLUCI

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	195
Entropy (8bit):	5.405186608748731
Encrypted:	false
SSDEEP:	3:SbFVVmFyinKMsPOdvP69ms947z+h6SnLAqC+h6KV+h6CQzuxm/AQA9+TT3XeshTQ:SbFuFyLVK6g7/+BG+f+MIQA9qT3dTjNq
MD5:	81AB984FDAB67755ADCD78BC75E62F18
SHA1:	2871CDD53E6EBEA42B7D562C9A876641FE84F7B7
SHA-256:	525A9253D85C3064247BBAA0FF2DFEC156F5274F2486D9DC13928FBE9F42B1F6
SHA-512:	CF88E50F2F0FC010E607C4735447E83E2A98ED934D0161EB4E04290CE03DCECB6B27784382A826E47D342488DED514F8C448BE2CDC59F2235886838AB82FC086
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=6.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=53d25de8fec04053a2ebf5db7cbde729.IDENTIFIER=gdm-session-worker.

/run/systemd/journal/streams/.#9:66644wXBzTI

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	195
Entropy (8bit):	5.416206016981435
Encrypted:	false
SSDEEP:	3:SbFVVmFyinKMsPOfvP69ms947z+h6SnLAqC+h6KV+h6CQzuxmumTCoqcU1Frxsjk:SbFuFyLVI6g7/+BG+f+MutNcGqjNq
MD5:	E7F72D592272FCC363BB3679936F05C1
SHA1:	D45ABB06E3E0F7BB334B2361600EA25829D4C304
SHA-256:	4164FFBB63F5F240EEFDDAF53056FD08F3B8ACA1CD3AE83C2DD963DC607730C8
SHA-512:	7A32A9DD60CE1D8172B3A6C6DDC364D98DBDF63D853C8E0047D37BBF5E7968089ED8CC9D94C8A59C5C1A57255911A5E020FE729E77D5B587F03FBF64E57A4A3D
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=4.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=d1ddb6c088974840a94e0523598bb191.IDENTIFIER=gdm-session-worker.

/run/systemd/journal/streams/.#9:66653k0dklH

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	210
Entropy (8bit):	5.509275634901301
Encrypted:	false
SSDEEP:	6:SbFuFyLVK6g7/+BG+f+MmIcJHRRQqjFQMzKaBu:qgFqo6g7/+0+f+MRcftTmh
MD5:	9888545A340E8B53EEE2F7A443E1DDA1
SHA1:	AEF4DE285445B6CD09E537E250FE10591683684E
SHA-256:	C48039A7B8B61BD774AB7ED6F3B2E0653A146EF0DF765755088834BF08EE0A6F
SHA-512:	0B3DEDFD191A7DA865AEBB67C6EC73CBA520F0444F404FF73C2904C0B827E975FDC47AEA16ACEADB4A495B44AFD4D7A2DF69F2283823A10B1F16BE3153BDAB7A
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=6.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=e91a9358915b4032bc90fe4e344f194a.IDENTIFIER=/usr/lib/gdm3/gdm-wayland-session.

/run/systemd/journal/streams/.#9:66654vjMjbF

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	210
Entropy (8bit):	5.50986112564613
Encrypted:	false
SSDEEP:	6:SbFuFyLVI6g7/+BG+f+Mo10TE5jFQMzKaBu:qgFqdg7/+0+f+Mo10wPTmh
MD5:	C2F1C34C7F8647700F82BA2DF4BB85C5
SHA1:	8F4B795409492CF9D9288B272552B340E0ECA980
SHA-256:	04FEE64B629F6FFCC4B56440B5CD674F3E0BCC1323542CC06983C14607EA4763
SHA-512:	C4F3C0E22CB4565271538F57450ACD3B79E921456CB6BCDDB03AFB9FFA1CD01E8740302BC627303D37AFB2B6A00469EE421E4766F327138006B2B58CD5836AC8
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=4.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=ba293bc551a94472b5b64b54e3cbef32.IDENTIFIER=/usr/lib/gdm3/gdm-wayland-session.

/run/systemd/journal/streams/.#9:66828rRECnG

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	190
Entropy (8bit):	5.368078202995601
Encrypted:	false
SSDEEP:	3:SbFVVmFyinKMsPOdvP69ms947z+h6SnLAqC+h6KV+h6CQzuxm4gujSR5QRyrjvAd:SbFuFyLVK6g7/+BG+f+M4gP5Ljv8jN3r
MD5:	3EEE2057E0FAD5BC3735F458E8CDCA81
SHA1:	27676617CE57FB61FA9069FFAF2AE96F140CAB21
SHA-256:	774B703C6D50587739AC1471ADF9E365AF8F58653B83DBFE613044DDA29AF671
SHA-512:	F1EEB141A0A6C0CCF580E5EF69B33A963059F1E4297BED99D260790800E71CF26A8FC2D8DE82EDAF58D95A2680F93A2DF7596255A5ECA7C95E63BC2BBD62CDB1
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=6.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=24c752bf3d074a57b7a40900d40fb518.IDENTIFIER=gnome-session.

/run/systemd/journal/streams/.#9:67015sda7XE

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	200
Entropy (8bit):	5.360460452754669
Encrypted:	false
SSDEEP:	6:SbFuFyLVK6g7/+BG+f+Myk2lTS9qjFmzXvn:qgFqo6g7/+0+f+MT2ZS94QXvn
MD5:	A35194B6505FEA342629EAB4375E055C
SHA1:	9A8D665B58264C84CBA90C83A0D787CB8DD06F51
SHA-256:	1D49E067C7B5C008DCC561AF333F6FD8717E7C98B9A0AADE7558D6CA22FED6B7
SHA-512:	FDF7DBABBC28B784DA6183068D53FA0C772445D93AECB9883088DBAF7123FBCFDCCA2DC5D2F3712EA042322DAC680994DB41FCBF80CF2C6014D3420A45878804
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=6.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=87c784982c704d8a9c7799c8684d4a7a.IDENTIFIER=org.gnome.Shell.desktop.

/run/systemd/journal/streams/.#9:670172VEOJI

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	200
Entropy (8bit):	5.4486378128716675
Encrypted:	false
SSDEEP:	6:SbFuFyLVI6g7/+BG+f+MDFNeHAg2jFmzXvn:qgFqdg7/+0+f+MDFNeggEQXvn
MD5:	F94360E35EA67E7CFF1A01AD573CFD1A
SHA1:	E790B435462FD5F5FF3EA31005CC442430620C26
SHA-256:	53EE221BEDF351ED3A93F7233EB677A29FA5BAA5616B165D556F8C1D58CB8827
SHA-512:	A51FCB343F64AA928A223FF10D765DE182D1D4FD4C1B3E2E975E2108BF0C20BB78EEFCA025E2AA5946F8A0C97B08936C07D5D6DC16524B6983DD60D2E35331FE
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=4.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=9977d5cae16f493db8e87686533555dc.IDENTIFIER=org.gnome.Shell.desktop.

/run/systemd/journal/streams/.#9:67284CUTp7F

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	220
Entropy (8bit):	5.416613350180006
Encrypted:	false
SSDEEP:	6:SbFuFyLVIg1BG+f+Ms3z+j11T2jdcjemEg:qgFq6g10+f+MsDO1lcOemEg
MD5:	6EED0BE1D4954DEFEAFFAA66529594EA
SHA1:	30CD5E4E96CE161B07E5F444E648ECCEC3C81F40
SHA-256:	DA7D9B1A07A1F3E35803335486294A1DB663FDE235B134E3F71E68974836898C
SHA-512:	BC596314DA51CFC36E72A604827C61AD50779756A52240E53FC1C09EA39EE8E18F97BC9E4BA21A35C32B9E23E134ED7CBF5B8EB15953B3280FF85486D897E06B
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=feb1a1e5030e4850bfcff2a874975228.IDENTIFIER=wpa_supplicant.UNIT=wpa_supplicant.service.

/run/systemd/journal/streams/.#9:67293kxW28E

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	216
Entropy (8bit):	5.407517158912306
Encrypted:	false
SSDEEP:	6:SbFuFyLVIg1BG+f+Mo4sDG+dRuo8jLIiAvAW:qgFq6g10+f+MviGyuobiAvAW
MD5:	FC70F3B51CAFDCEC08E40681F8547CBE
SHA1:	722F3B575E5C351AD6B94D4587BD72BBB270BC3E
SHA-256:	887851A8A821DC9645C69B9E8C35E3CB059734F13090BF327DFCF9B0C070965F
SHA-512:	C7A3377B6BE37744855ECB85359BA82981E8B910E80F3FB44D62E6F331F94140171FD02046FC59C2406FFF535853FDE0B737566688EED83D59CA20195C602647
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=33f8a691c9ca4c638cfc962b84d84293.IDENTIFIER=avahi-daemon.UNIT=avahi-daemon.service.

/run/systemd/journal/streams/.#9:67303ya20CE

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	213
Entropy (8bit):	5.391171105707873
Encrypted:	false
SSDEEP:	3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxm8GGFswFikuA+sjsh5:SbFuFyLVIg1BG+f+M8/FE8juTt
MD5:	AFB3E051B09EEA2D9505CDC75FE21EEA
SHA1:	213A5B5B11FDA102340AC40FB2CF025E653C94E6
SHA-256:	D3C5727C7552B593D8E5A77E2817A7DE7E4FCC7F5A229DEF21A364E3C15E3013
SHA-512:	2FF0E2B1EF3F4232623CDF2DDA9CEB2993466740D2F68CE7671792EEC5A53D12D9AFF0172228860FB2003CE388D60F74768E392D575B7CFEFF57DB01050F1D08
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=6cc2020343434be89611fdd7fff0e6ca.IDENTIFIER=packagekitd.UNIT=packagekit.service.

/run/systemd/journal/streams/.#9:67336l3ekoG

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	217
Entropy (8bit):	5.4143479757082185
Encrypted:	false
SSDEEP:	6:SbFuFyLVK6g7/+BG+f+M61gEpDRc30ZjFmShmWc0vn:qgFqo6g7/+0+f+M61gSNw+9kWc0vn
MD5:	CF4E26787D37AECBFBE20C93B81C2097
SHA1:	2F7C46F2332AFBDE515C82020FEA7668092D1B5F
SHA-256:	0589064F62CA4293BF8B02CC0B43F3DE6E5D3A8685F66E643A439787CF712EE1
SHA-512:	D02150E88D91C1E72CE8B6EC76DFB791C0F4BDA18004C8DD936203318569D20B541593B66FE6B6F262E8B1DF5F5C8E97271991DA911DEB0500638690F545B666
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=6.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=a5df9e62fc69480ca0ff474f80c562b2.IDENTIFIER=org.gnome.SettingsDaemon.Sharing.desktop.

/run/systemd/journal/streams/.#9:673375f9wYG

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	217
Entropy (8bit):	5.377214236122304
Encrypted:	false
SSDEEP:	6:SbFuFyLVI6g7/+BG+f+Mkx0hTjFmShmWc0vn:qgFqdg7/+0+f+Mkx0hN9kWc0vn
MD5:	FF3B3FB92E88F5D38EFBB7C28DB9535C
SHA1:	E411B2E6C2822CE13FC5812162709C23DC84AD15
SHA-256:	6BC0597E54CEA26DD6123CCFDF0C3B2017FEAFEACE2186DDB192B63D15DCCF53
SHA-512:	DD2B458DD52F554713BB90E16538772FB62D87C65B68E6074546A9FCF611130BC20164431FC772A524B860A8EA752B526FA637E69780CFD08027946356732D7C
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=4.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=94af6ece70064b6b86c34ebcaedd6901.IDENTIFIER=org.gnome.SettingsDaemon.Sharing.desktop.

/run/systemd/journal/streams/.#9:67358qAG1XE

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	215
Entropy (8bit):	5.430301480801465
Encrypted:	false
SSDEEP:	6:SbFuFyLVK6g7/+BG+f+MumMkUlTjFmShmVxfvn:qgFqo6g7/+0+f+Mh6N9kVxfvn
MD5:	DAFD0AF9353B9CAA85692C8742B8AF18
SHA1:	23462DED9AEB5936B7AAD0C32758F839F86C0206
SHA-256:	F6CF8130BFC2304962873CA47949247272F55BCE05A4668BC112EC9CAD22D33F
SHA-512:	4342708535FCB19F463F785F46704440E656097FCFEF629D9C02DB9CC12F6FEF91E1BA3D2D49490F5DD5E46ED1D13E43026912022293CDC4F8F0818F3538A794
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=6.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=d1b39067ba8a4d73b9f1680735cd46e6.IDENTIFIER=org.gnome.SettingsDaemon.Wacom.desktop.

/run/systemd/journal/streams/.#9:67360lKqlbF

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	215
Entropy (8bit):	5.410195973840378
Encrypted:	false
SSDEEP:	6:SbFuFyLVI6g7/+BG+f+Msjbg2jFmShmVxfvn:qgFqdg7/+0+f+MsYE9kVxfvn
MD5:	1630D155E742952463B75D8B0A6D8EE2
SHA1:	6E642BBE2BD7CA494100273E613C657F94900DD1
SHA-256:	571536A675E077AD9BFD5CCC2C87BF2489E62C35BDC33F81E0934286C0B83391
SHA-512:	D3CC7FC7BC46B36C99A9568532304E182BBD1CA424A7721254B0815C5EFA025CC4250401102C11C2FD581AF53D8D1A4A17634F456E7C790D1AC6DB8FF0AD3AD2
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=4.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=fe79c1196bc34adcb8753319eceeb70a.IDENTIFIER=org.gnome.SettingsDaemon.Wacom.desktop.

/run/systemd/journal/streams/.#9:67361zXQKuG

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	215
Entropy (8bit):	5.363099708635388
Encrypted:	false
SSDEEP:	6:SbFuFyLVK6g7/+BG+f+M+VyeSjFmShmDxfvn:qgFqo6g7/+0+f+MQTQ9kDBvn
MD5:	81E787C123FB81575FD0A0F982ED33A3
SHA1:	F9B41FB18DE7CACBBBA663EF2B9AD1BB68E618EA
SHA-256:	66BDE9C89B59D61C6ED34F036D757D47ED2F26CF79C6BF2B323D7B3717FB8EA4
SHA-512:	F4893AE65080CB9B90C6FCD38E5AF3796F8F73A671F8F366DBE5CE970567238CB62F444D7C6B50DBE7C7CEC95FC031274B4497AAEF94D47970F94F7E0A97F531
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=6.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=48091d0ebe274092add2910b4e89ae81.IDENTIFIER=org.gnome.SettingsDaemon.Color.desktop.

/run/systemd/journal/streams/.#9:673626ZfWqI

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	215
Entropy (8bit):	5.443848501188642
Encrypted:	false
SSDEEP:	6:SbFuFyLVI6g7/+BG+f+MK7B2jFmShmDxfvn:qgFqdg7/+0+f+MK29kDBvn
MD5:	D65731CE0B16ECC08412A1950060F2EC
SHA1:	937FE23D3D25A8400588AD1248FCF271103BF73B
SHA-256:	6F0C7EBCB6122C287A2786F9FC2F6DE4C9604638A0E1977E68516336B7A15EEE
SHA-512:	A63C1DF1AA163CF43B30730E62342DF6D135A3FB016777C637BDF52441BF66E4A4F5CB0A0D73A4230763D1502B86ADA184CABBC313924A8B9E96B63D393990A2
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=4.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=cc2ec91146b64dbe93abf3f6269645bf.IDENTIFIER=org.gnome.SettingsDaemon.Color.desktop.

/run/systemd/journal/streams/.#9:67363mO2xPI

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	218
Entropy (8bit):	5.447165442608032
Encrypted:	false
SSDEEP:	6:SbFuFyLVK6g7/+BG+f+M8HcRse2cL32jFmShmxBrvn:qgFqo6g7/+0+f+M8+259kxBvn
MD5:	18838C32ECA4708E22659CE9134D1820
SHA1:	0EB738DB1AAC0ADE25401FD9E0E5A809971B5D92
SHA-256:	D1F83352DFF2510109AC9BEFFCAD9F15BCD98A09FCC7058CB470879DC795CFFF
SHA-512:	8C5FB20A3B2DF57F1C0CED09EED53BC2FA9A8C8EBE348FEEE3C9F1D4B867ED204C35BA5EFF7B6734459ED7441949277BE99465F730FA2E9F2D5138141C9F5948
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=6.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=6b92df62d7784001b979cfbe9d95c046.IDENTIFIER=org.gnome.SettingsDaemon.Keyboard.desktop.

/run/systemd/journal/streams/.#9:67364HoZkLI

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	218
Entropy (8bit):	5.45176882599175
Encrypted:	false
SSDEEP:	6:SbFuFyLVI6g7/+BG+f+MkKHqbN1jFmShmxBrvn:qgFqdg7/+0+f+MkcO9kxBvn
MD5:	0E6FC15EEC2040B9273C520F1441EF05
SHA1:	5EE639F0EEB49F20BD85CAD98C310091077AD4E2
SHA-256:	5B1477AEA8C7688BD3BDC2DAFD594B57E0C923836E2D7ADF657A7D9C5C58CDF1
SHA-512:	9AFA89C95BDA4D6AEC6E386FB1FF3E6110AA127B7D8DDA80C8705B97E9D58C962CEA52F065FA6ECB31C55FA227B1121D54201589BB9ADA20D832FB0BCA788741
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=4.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=c365c6a4b4cf4c6b8d12fbf9685df6c6.IDENTIFIER=org.gnome.SettingsDaemon.Keyboard.desktop.

/run/systemd/journal/streams/.#9:67365MhKx8E

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	228
Entropy (8bit):	5.44960369011046
Encrypted:	false
SSDEEP:	6:SbFuFyLVK6g7/+BG+f+M+xbuVrqjFmShm5PKJ0vn:qgFqo6g7/+0+f+MpG9kYJ0vn
MD5:	0ADFE263C9C71BCBFA47DED8EFAEC0BB
SHA1:	36EED5C756CB58D6E1882168D8D8432157E1D892
SHA-256:	478CFAF8C28D9546AE65C785ECCF609FA598737FE1E24DDE501162B6D63469E5
SHA-512:	C4E577D333738D2221A99FAAA0B59037771B02742F8AB5C9ED0C7D668A166A0B4FE800A0384EDE943CAFE488AF8C89D1369CE721254C902ED6A003EBB17B46E4
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=6.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=459192d29f0548428abb97f78d6dc5b5.IDENTIFIER=org.gnome.SettingsDaemon.PrintNotifications.desktop.

/run/systemd/journal/streams/.#9:67366G2JtPH

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	228
Entropy (8bit):	5.41629830395505
Encrypted:	false
SSDEEP:	6:SbFuFyLVI6g7/+BG+f+M8vQIkG0jFmShm5PKJ0vn:qgFqdg7/+0+f+M8vCG+9kYJ0vn
MD5:	9FA8772EA371471F33AC3845C708086B
SHA1:	C5D4318B1AD7D47EC202F47D7177F2A150B288CE
SHA-256:	63AB0FD7BCFB41302F532FA6FB00E3675B3D1BE6653AC4882971B7A9B31E8E2C
SHA-512:	2610F2A6DC216339B8E4D65FB98CB67730114390FCD09A0009297D82D8B26D9E9B85AC049008241A727B06AFB3A870CFA9FA39F5711E295C9FBB9D24C9BDC17E
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=4.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=6e88b90fe27a44e5bfcd0b2ab81143ec.IDENTIFIER=org.gnome.SettingsDaemon.PrintNotifications.desktop.

/run/systemd/journal/streams/.#9:67367dhPbSG

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	216
Entropy (8bit):	5.435114948585336
Encrypted:	false
SSDEEP:	6:SbFuFyLVK6g7/+BG+f+MohNJ8jFmShmatvn:qgFqo6g7/+0+f+Mohv29katvn
MD5:	BEA69F038F6FF13BB732FBC43A094A13
SHA1:	F0F24931F99DD2813BA41E513B7640F7C2414889
SHA-256:	F6204EF6E8A029A1330CA303C6C11DB03ADB9CB4641D25292B0B6FF427BEC79C
SHA-512:	F84098FCCABF1B7BD5A60F7C7570137C53C90489C2E09C718453CAD90F99C1D5CD1E2360859E9C731BA7D8BED95712509BC1A6C1A535AE19BE0A1BD163E44461
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=6.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=bcddcbed26fd478893bcff7372af4fde.IDENTIFIER=org.gnome.SettingsDaemon.Rfkill.desktop.

/run/systemd/journal/streams/.#9:67368hpnBdH

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	216
Entropy (8bit):	5.47791639533458
Encrypted:	false
SSDEEP:	6:SbFuFyLVI6g7/+BG+f+MsU+W0huqjFmShmatvn:qgFqdg7/+0+f+Msi0hN9katvn
MD5:	238E9EF971C495C79E9278C01BD78BE7
SHA1:	85D050E3E984D6526F67F16CC55A4440F295FD77
SHA-256:	F643DC5BC166F2E079185087924343C553D08AC85EDE9F1EE4896E00A0ED64D2
SHA-512:	D70F159BF2984F15AB87B01F7ED49A9013DFED3E0FA9531A58027476B3CCF14AE31346410DAB20FBF2F3747427B79D6B35E06B3E096CB2AEE9623577749395D8
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=4.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=f5d45092b39c4d83b07520381b6b294a.IDENTIFIER=org.gnome.SettingsDaemon.Rfkill.desktop.

/run/systemd/journal/streams/.#9:67369T6T4RH

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	219
Entropy (8bit):	5.416775640877934
Encrypted:	false
SSDEEP:	6:SbFuFyLVK6g7/+BG+f+M5zjjFmShmzxvvn:qgFqo6g7/+0+f+Mtd9kztvn
MD5:	97659F47193DF4986DFFF40166766EEE
SHA1:	D1774CDB0E43A105F946605A35522A296300D79B
SHA-256:	8201D1D2B094F8D85440AE1DC280797C429EAD5A4C710C9134D8E54797726FEF
SHA-512:	7E4DB7F3C89A4B96A90775AE1D6958DA648A1773023A93AEE762AB0C6DB1D195B777DAA039C4C62218C78BCF11A882FFC970B2BBB3F9670059446BA856868FC9
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=6.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=75c0bcc40391455f96ed60440b40958f.IDENTIFIER=org.gnome.SettingsDaemon.Smartcard.desktop.

/run/systemd/journal/streams/.#9:67370PSDcwI

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	219
Entropy (8bit):	5.391425028715985
Encrypted:	false
SSDEEP:	6:SbFuFyLVI6g7/+BG+f+M4fN/9zdjFmShmzxvvn:qgFqdg7/+0+f+M4fjj9kztvn
MD5:	D7F4BF113B677DBAFB0E056ADC617D2B
SHA1:	D6C425028A305C29F70D515D2B3237C4C43DA987
SHA-256:	C0748B1876A3A266A7C5304C2E4682BF86DE3685C20890AC6EB54CC80A4752AC
SHA-512:	69965F9A709D088EB71D504B8F571646DE2846D6595F35C5C3FECF264ECB8D5465CD952CD5B71F6FBC5A0CFD9C2E7F2BD29B449D83005C4B1D6AC3E304E09794
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=4.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=21bd3429dde54547a2980ca192a8501e.IDENTIFIER=org.gnome.SettingsDaemon.Smartcard.desktop.

/run/systemd/journal/streams/.#9:67391IuoqYF

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	218
Entropy (8bit):	5.4125368182923985
Encrypted:	false
SSDEEP:	6:SbFuFyLVK6g7/+BG+f+MiQsZjFmShmZBvn:qgFqo6g7/+0+f+MiQ29kZBvn
MD5:	163C28C60973ABC5D6C4460EA271AF52
SHA1:	7334BCF924B9019110D8CEBAB4CDB23B12DFD1F8
SHA-256:	4D84E23FE70A32780E40064DE8FF98F2411EDE2644A7A78DB7D1C9F2661E3E09
SHA-512:	242DD56DBCB2CC91614EEBAD655EBC310E8558E1874151D8A4A3096D5AD893A185B1704E74929B104FED6D0305ADD85ECE3AD12B0CA3F38F0EA724ED92F1618D
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=6.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=72e41d94d80341bba5c42355bcca1452.IDENTIFIER=org.gnome.SettingsDaemon.Datetime.desktop.

/run/systemd/journal/streams/.#9:67393X9FugF

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	218
Entropy (8bit):	5.389969458023847
Encrypted:	false
SSDEEP:	6:SbFuFyLVI6g7/+BG+f+M8MufGSkM0jFmShmZBvn:qgFqdg7/+0+f+M8ag+9kZBvn
MD5:	CD97CCBCAF6D0D8330791F94844B731D
SHA1:	75C04C1498FEF436D68FF3BFDE8C252ACF9F10BC
SHA-256:	E95B3ECBFEA50A9BDE12987DA24B6F4ABAB9C9E32D595944E7EFC5BF865E3CBF
SHA-512:	B7FDDB2E6A8FF09F706300AFC3931B3AA99E820CCAD2545E8924D29A9D3F528BA290DB358ADB42BE56528AF0046B6D0AAF655D00BBC1117F85A6EEE0192938D3
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=4.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=6106d25088b34681a8aadef696292b93.IDENTIFIER=org.gnome.SettingsDaemon.Datetime.desktop.

/run/systemd/journal/streams/.#9:67396ho2FuF

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	219
Entropy (8bit):	5.394470089673012
Encrypted:	false
SSDEEP:	6:SbFuFyLVK6g7/+BG+f+Mv7uWTjFmShmwtvn:qgFqo6g7/+0+f+MjuWN9kwtvn
MD5:	3768B06FC568A5283E77B7EFB160F9B8
SHA1:	5A405E1A238D97EDD3B6B342C63A0117DE23B9EE
SHA-256:	7969216C741B15933F2464F9608B989D13D061D09FD77CC9EED666174AAD4E8B
SHA-512:	5DBE9064CCA8CD58E7DF6F8DE9B494F773E0964311136A29C28EFE1E1ACF6CC0A839348A93A7F1481853D67283F31A0AD61DB9F1FBFE391F3A5287DC07A4E791
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=6.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=7e1ea42478d44b94bfe4e3a09a528080.IDENTIFIER=org.gnome.SettingsDaemon.MediaKeys.desktop.

/run/systemd/journal/streams/.#9:67397sPf07I

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	219
Entropy (8bit):	5.402690496338677
Encrypted:	false
SSDEEP:	6:SbFuFyLVI6g7/+BG+f+M+gRLMEhMqjFmShmwtvn:qgFqdg7/+0+f+MzMcv9kwtvn
MD5:	240BA1B3400CBBC8F7E4105F0854D64F
SHA1:	F48F23E643A1413647717BCFD0D65191A1EED04A
SHA-256:	E7ABADD62EA4044206FAEA805D2719974F71488C8D1AA6C764E7135898D22ED7
SHA-512:	38BE691AD1E7205922B66EDEF9396358B7BD366EFAC0D9C4F854F152C59207BD86651F1BEE0344DD56A361F1AFC047DF7825E144F8F6865B1FD3A51CCC32C47A
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=4.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=475e27c440d44c90af7c55b503859dac.IDENTIFIER=org.gnome.SettingsDaemon.MediaKeys.desktop.

/run/systemd/journal/streams/.#9:67400VTTXaI

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	226
Entropy (8bit):	5.456017340183688
Encrypted:	false
SSDEEP:	6:SbFuFyLVK6g7/+BG+f+MoNoFeFrqjFmShmkiEovn:qgFqo6g7/+0+f+Mo+e29kVEovn
MD5:	2EA36867835CEEF211F01F3756845AD9
SHA1:	B129BAA0010C699AE5AF3DE9DCCE3AC25907DDA7
SHA-256:	C8F27247384612061A16DAE3DA0F93FC81896EF1D4A3A92436C3A022B5AF0944
SHA-512:	31A0C6C51329168FC21CAAF75740DCC93C4E0C9A567466EA3A9024000E7C3F863339AF01A8D3792DC6B0222C320AB9B0A2BB560739320C70F12FEA1C3EC55762
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=6.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=b9195ff7b1374ad0b8e566311f0de8da.IDENTIFIER=org.gnome.SettingsDaemon.ScreensaverProxy.desktop.

/run/systemd/journal/streams/.#9:67401eyIISE

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	226
Entropy (8bit):	5.460899654554309
Encrypted:	false
SSDEEP:	6:SbFuFyLVI6g7/+BG+f+M8UQfeiCNTjFmShmkiEovn:qgFqdg7/+0+f+M8ZCNN9kVEovn
MD5:	0D60E0DCC7163E6D1E924698A3BBE441
SHA1:	A6A88762A850438BA5CB812FE09626A64FBA17FE
SHA-256:	32EAED068EFB4E464B371B085328D497C3BDFCDEB46E5845307E8E4EC9639960
SHA-512:	3DF0B2026A1B46CF3256FC6754DD8D6F2C3BC1047D0DA5839533F2AC79EF78C67CB0180AC657CBA22BCB0E47A05925E5C0B35A95F13DF37767FA66B98B0858CA
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=4.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=6cf582d2f677428d92f1624de42ab5be.IDENTIFIER=org.gnome.SettingsDaemon.ScreensaverProxy.desktop.

/run/systemd/journal/streams/.#9:67404y4CCkH

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	215
Entropy (8bit):	5.397685318692845
Encrypted:	false
SSDEEP:	6:SbFuFyLVK6g7/+BG+f+M6WXnt0N/cYjFmShmpvn:qgFqo6g7/+0+f+MFWcS9kpvn
MD5:	DB809F5A17BC4B054CC928F073DD7B6A
SHA1:	037BB60C33601FB796F758194B8E9D433F30EC31
SHA-256:	315FA3969FDFD4E011FA3BAB9648E935272BC5DF39E1642D42B78074F8746C44
SHA-512:	D2CA12DC71739CEE8BEA3D5EDABD8B4F073E68383900D8F751CC9087E0CE8D0DFDCFFBF602CCF1F8AD7A58D581C02B865C1AC50416A1CA4341263302CE453B9B
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=6.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=0292cebd24d74e7bb9900c8e8efdd43c.IDENTIFIER=org.gnome.SettingsDaemon.Sound.desktop.

/run/systemd/journal/streams/.#9:67405jNSTRE

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	215
Entropy (8bit):	5.43751908109666
Encrypted:	false
SSDEEP:	6:SbFuFyLVI6g7/+BG+f+M65mzcgE22jFmShmpvn:qgFqdg7/+0+f+Mhcvv9kpvn
MD5:	BDDD04C5FE51B3BC9251E2803A43D34A
SHA1:	9CFE5AFF66DEDB1833AEE29BB944B1B9DD51C289
SHA-256:	DB2431F7EA2FDD78E9EA5DE2D6B710B33DDDDC6F6C9B7FED90094BFF50975A7F
SHA-512:	97058D3A063DC3C61F8C3CE0A25E37B9A1CD0CC9EF60D95C85CCDBC41F88932DCEDE0EC7E4783732155CBB1978936C94B69A08FA92CEC0D4AD2A723224CFEF2C
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=4.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=06d2f66abcd44dc09a37282bf3856bd8.IDENTIFIER=org.gnome.SettingsDaemon.Sound.desktop.

/run/systemd/journal/streams/.#9:67426U1OkbH

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	222
Entropy (8bit):	5.441503054235605
Encrypted:	false
SSDEEP:	6:SbFuFyLVK6g7/+BG+f+M8MsU1XyjFmShmQmc0vn:qgFqo6g7/+0+f+M8M11Xw9kQmtvn
MD5:	5E56C7BDF81702E4BEAEEB3D312393EF
SHA1:	822B53EF446D44510DDF878574D00A596A0E771E
SHA-256:	EB9766BDE0587BC66FDF0851FC58286AF645CD2F456665317FD8D1F910C33E0B
SHA-512:	7AC2429394A6769ADF2D9526C2845936588921E13D5D77BF281EDCCAAD293F2FE29DC529C9D1F089334C129E48DD8715ED44938762DDA19CB20CA8BB1334330E
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=6.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=6aca68d8389949719b7355f408eb8068.IDENTIFIER=org.gnome.SettingsDaemon.A11ySettings.desktop.

/run/systemd/journal/streams/.#9:67428w9IlqI

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	222
Entropy (8bit):	5.403825000286957
Encrypted:	false
SSDEEP:	6:SbFuFyLVI6g7/+BG+f+MaWNAsDng2jFmShmQmc0vn:qgFqdg7/+0+f+MdNN9kQmtvn
MD5:	A3F4EBD271B023FC338AB41910C945A7
SHA1:	24873656569CE6D338055BC69E6B97B83B97F42D
SHA-256:	3BFE1F1D22BCD46413DA731F1CCAEA5484BB8507372C16FA0831E800D9DCCF1E
SHA-512:	1720DAA95CF12EBBD5D14C3BF6FD5808943A02D3CD8A93068C736AE0BE81107086F7187BB9BA203E6486236895D3729D74F74FE1BD3DF288844D48A92AA21BA5
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=4.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=1911d328e62442029692d6133280372c.IDENTIFIER=org.gnome.SettingsDaemon.A11ySettings.desktop.

/run/systemd/journal/streams/.#9:67449UfPcGE

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	222
Entropy (8bit):	5.455525833904734
Encrypted:	false
SSDEEP:	6:SbFuFyLVK6g7/+BG+f+M68BhTjFmShmx+0vn:qgFqo6g7/+0+f+Mvd9k40vn
MD5:	D320DD0C3243C2FBC7B5EEF67BF1821B
SHA1:	D2E00460960783C3527D690A49CA00F41AD120D5
SHA-256:	15AF981D0164A75D736D8084E6AB4F57B50643D60FAE0CD0E1771DBD7FCE3A1F
SHA-512:	5FFFD8458927D4DE4129B51AC5DC8F751205CC196F86A1DD948B9A9EADDF5F4C50E70F43C8A7283E8C8D934FC44921A0B48DE521C666AD2F8BC0DE7A68629DCF
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=6.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=03c21a689b1348bfb55bdb835cd8ed38.IDENTIFIER=org.gnome.SettingsDaemon.Housekeeping.desktop.

/run/systemd/journal/streams/.#9:674515qQrDH

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	222
Entropy (8bit):	5.421250460265349
Encrypted:	false
SSDEEP:	6:SbFuFyLVI6g7/+BG+f+M+ELDiBDjFmShmx+0vn:qgFqdg7/+0+f+MXY99k40vn
MD5:	23969E886ABB61745E8FCE3E83A0218C
SHA1:	817050823120F0C8A2AFD20DA1E4A80233124B07
SHA-256:	2FC02393083E4B6C17F2CE4CAAE044B8EA7E61E7F441C3B981D31CEA6A63B6E5
SHA-512:	0220D731BF5AFD4847AD4A1BF17CCEF624BED294E2D0CC97FAB31C7135A569337801AF9CABB4FF92CA2B964268B7E489719C48D2A1194D9C437D3F4E9C67188B
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=4.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=407e8a45b3ee4f72954bf43c7b406bec.IDENTIFIER=org.gnome.SettingsDaemon.Housekeeping.desktop.

/run/systemd/journal/streams/.#9:67494hWnNXI

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	215
Entropy (8bit):	5.384104622796484
Encrypted:	false
SSDEEP:	6:SbFuFyLVK6g7/+BG+f+MBh86E3jFmShm3vn:qgFqo6g7/+0+f+MBm9k3vn
MD5:	ABA0467872A55DCCAA1EAC5B70563440
SHA1:	42421CF5C28B82F03394997D41AAF84ABEFFFC44
SHA-256:	852241620CAFC863581D70320819D91175A17AF7ECCB66D311FF9227AEF272EB
SHA-512:	B15E35426B65FA2E160200924F173399EFA490794FA702CE979B14D4CF93AFFC416D7C6C3B9A673612011D5BD971F96623E09872F3800A2EC99F9442BB4A0D2A
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=6.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=a14152b1f48e4791a0fea80f928da1ae.IDENTIFIER=org.gnome.SettingsDaemon.Power.desktop.

/run/systemd/journal/streams/.#9:67496P9hpjG

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	215
Entropy (8bit):	5.453540840905417
Encrypted:	false
SSDEEP:	6:SbFuFyLVI6g7/+BG+f+MA/VZXj1jFmShm3vn:qgFqdg7/+0+f+MAtpX9k3vn
MD5:	3F85BD5D194A4E2B2E93A47A1CEA2166
SHA1:	4E4D4B5C48A23EA3FFE187EAB4449BF4B41B7032
SHA-256:	488F9C4BB3015F2DA3E9141E16FE5AE5F1A5B78BB11382F5AC594AC3ECC0F7EF
SHA-512:	6358B75899E62A9A601085357E8633E77BB653EEB4D5B0CF5E186C5194ABE101A64275E628E31AA8158D5E0FF6BDC642B5589865311DC05A1D5A3CCE16FC7B95
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=4.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=165bffc78a6548b7a2803487e97691aa.IDENTIFIER=org.gnome.SettingsDaemon.Power.desktop.

/run/systemd/journal/streams/.#9:67608X8v6aH

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	222
Entropy (8bit):	5.458692508758587
Encrypted:	false
SSDEEP:	6:SbFuFyLVIg1BG+f+MOaYDJJG5asZjZcH5CHq:qgFq6g10+f+MOa8JGIszmmq
MD5:	094D408AF8FB31FF861E234EFFB48B27
SHA1:	1EA9ACA1EF283456B00A7A20FAA4447B53F84407
SHA-256:	855840FF1696F3BB214CEA3008FA555C3EFE35EE2F081211BA9DD215A16E65B8
SHA-512:	F735E5E3512927EBC651EB9523B55638AA6531E22B4F6140672E8E41F89EC1E1655E8E19CCC2929BB9E270E461DCCD16F069203A47245FE23B3334FB10F303E5
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=3113db589b984104b156c7ce9202e7e2.IDENTIFIER=systemd-localed.UNIT=systemd-localed.service.

/run/systemd/journal/streams/.#9:67738iAiGMG

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	205
Entropy (8bit):	5.404787218803365
Encrypted:	false
SSDEEP:	3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxm+HGAHywlW6FeRqjsf:SbFuFyLVIg1BG+f+M+HXSwlF4qjfGt
MD5:	1119EC3F9CD187BE94CAD9EA8BBD8AF4
SHA1:	02E6F78908636C58E283A05FE32D698C5CD074D2
SHA-256:	A18875B13DF68A46B955D9CAEE2FCC424D5BAFEE1348985293084CBF8592ED85
SHA-512:	82AFCB556A50EFE5791118B1F98D0A0485902D65718A8975313288731CB09C56D319CF45A932A6074CDD030D73E8CFC4A1DD5817F0A135D67F1247E2A326280F
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=432fecebfa55486690ee38b619ff35a9.IDENTIFIER=upowerd.UNIT=upower.service.

/run/systemd/journal/streams/.#9:67739bTBgjG

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	188
Entropy (8bit):	5.336219200089491
Encrypted:	false
SSDEEP:	3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxmvWQQODYXDBQEJVVtM:SbFuFyLVIg1BG+f+M+QVDoBQEJVVtdNE
MD5:	934310F233F952E27B38C130993B13B2
SHA1:	84046C217C09C6DCF8AF1CEE52BF26C9A3DF0957
SHA-256:	1C2C3ED3A49B59177230311C6CE3B7F858915CE6B8EE26425DC54F17DF3BEC62
SHA-512:	583431DA86ABE69AD556CE17FD9E20294EBBC9FBED4BDB21F6A885DCAF4A871DC215E70876B04EDB64AE25ACD54F5231A6872C9E1D9E524892E8F35CC09791DA
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=e34e1332f76d45ebb72fd5af00011808.IDENTIFIER=pulseaudio.

/run/systemd/journal/streams/.#9:67979H5zDHE

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	206
Entropy (8bit):	5.431619881105897
Encrypted:	false
SSDEEP:	6:SbFuFyLVIg1BG+f+M8G9qT4CjNALQru+u:qgFq6g10+f+M8IOWr
MD5:	DD4DD8F9C450484F5C457C632A34CCA3
SHA1:	907CAD994B79040BF1A98BAA5D3ADF991CB6E4E7
SHA-256:	8754317AF5177706D76281945EB78C21D9D3A9DD1434A498B175B1CB6E8A8701
SHA-512:	FF05449F53CB1FC5E664B66AB4EA1A5FDB4563A1A869253C30238EF7E9F623D390ABC016B60F753E9380B8CC4A61B74834FBF2B7ECC4EF7482EB55661DE466D6
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=6990cb8dcc3d43c8bcf224f1bd57b003.IDENTIFIER=geoclue.UNIT=geoclue.service.

/run/systemd/journal/streams/.#9:6798061RgWH

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	216
Entropy (8bit):	5.421241406876854
Encrypted:	false
SSDEEP:	3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxm4A4zRcV+p54Bv8jsx:SbFuFyLVIg1BG+f+M4R+y4B0jNE
MD5:	FB630DC6AED84B36CB2E9F9234DCE785
SHA1:	4AD570B9CBF1A73468452DD2B7E9CA35CE0B92CF
SHA-256:	1DCF9970845BEC6668B3E3FC43A7C15D2F8AF878D3744E8CCD0E2724892DCE6C
SHA-512:	C11881BFF16E728C371757175FF3BFB43B65911776F2BCBD88C59A242C3CA0133C62D4BC53FFE3BC7F86A89EF65F840AEFCD2BC92F823C253171EEC360B3BEB9
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=2e500399c0c74906beb0f263ef6dff5d.IDENTIFIER=rtkit-daemon.UNIT=rtkit-daemon.service.

/run/systemd/journal/streams/.#9:69708NcxLwI

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	226
Entropy (8bit):	5.407764234741144
Encrypted:	false
SSDEEP:	3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxm5sdcHkpu2jsicWmI0:SbFuFyLVIg1BG+f+MGdcEphjZcHdzqDq
MD5:	C28DA49E1C64601580BAB62AA81482C9
SHA1:	9EF3EB33E66C22B3430B05EA714404A73B4346BB
SHA-256:	2561B6446D6AEB64C95486515D5D32B6AF4312EA2181AAC211EACAC8C9809BD3
SHA-512:	69B9F0598AB1FFA5CFCFC24443EA615A478A22FF5086D324BD95E16ADFFB0F59895E045020FAF71DFF523E171D6BDB0EDBD33D78C410BFD8F80CA98DBEA3C717
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=3dacc81255b841f1bba1fdeb0c4114a7.IDENTIFIER=systemd-hostnamed.UNIT=systemd-hostnamed.service.

/run/systemd/journal/streams/.#9:69786FUsrxF

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	204
Entropy (8bit):	5.404892483881217
Encrypted:	false
SSDEEP:	6:SbFuFyLVIg1BG+f+MENcjvATjJKJMBNr+:qgFq6g10+f+ME2jv6K+NK
MD5:	51D51C793F1E596B2FF102E921B55FF1
SHA1:	7D7C5C5C2D32B813378FA54DE6F08E4CF9571222
SHA-256:	20C629E055474C1DF8DFE95AD83FF3D4D5A08DD86184162073D9F4C55790F2A9
SHA-512:	DE3853201447CAC2C5B5B7D2F5330F14D74C772C79EC5B6B4228CF0FD3B0ED52B15ABEA6C7C59EB9AE446BC4AE15F8BDC7DAF8AC9B41FDB2E6F7D6B1CB06CA32
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=c52a5eb15814467caf7783b860d17e79.IDENTIFIER=colord.UNIT=colord.service.

/run/systemd/journal/streams/.#9:69802AWuDaI

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	206
Entropy (8bit):	5.376482762483121
Encrypted:	false
SSDEEP:	3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxm9uTacyVQtg2js3MCZ:SbFuFyLVIg1BG+f+MEy+g2jXjK
MD5:	B2BC8A9F34260A311C5ED23F6253143E
SHA1:	67AFABE55179188DDDA87B532E382AC2276898F4
SHA-256:	D8DFF5A42989DC0A672623DDD22730860580E739365D9160EBE8A6A0FFBA5874
SHA-512:	F86F44D369C4713A5B6EFBF0A27DEE2267CD18E6388CFEF8B62AD062D887A905A4665D865422862CFEEEEEA4C10C36827EE19404F04A319FE16D211DF5E11C07
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=7cadc1afee6e4e4bb9697d0580f92a65.IDENTIFIER=fprintd.UNIT=fprintd.service.

/run/systemd/journal/streams/.#9:69906WA9mrG

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	198
Entropy (8bit):	5.337444686328216
Encrypted:	false
SSDEEP:	6:SbFuFyLVK6g7/+BG+f+Mo1eaFShZjZarvn:qgFqo6g7/+0+f+Mo1ek2zarvn
MD5:	B5F578FC6AEA0BF2967ABFC79352F02A
SHA1:	66FA6863DC4DD3A5E953712BD1930FB14611D285
SHA-256:	0CA234670953DBBD8936C14341D2D20F9D65EEE90C37DFE250778B8989FF66AA
SHA-512:	18BD0C855247EE385AC409BC3B9D98954EA28E937ECCB7F922EE599BC928FB9C31564ACDC588F3CD0320E6AF6BAB33E25A5322F999C63F96F0236E92B342A633
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=6.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=b4de0e1bbd7240208760fd9aa2ebeb7c.IDENTIFIER=spice-vdagent.desktop.

/run/systemd/journal/streams/.#9:69907TtjCtG

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	198
Entropy (8bit):	5.357858039762391
Encrypted:	false
SSDEEP:	3:SbFVVmFyinKMsPOfvP69ms947z+h6SnLAqC+h6KV+h6CQzuxm6TBMko3MxsjsiVq:SbFuFyLVI6g7/+BG+f+M6VMdjZarvn
MD5:	A4003DBABAB6EE348CECA4B5A36083E3
SHA1:	A3EEA9CE709D0558EC5831989403D8CED0011428
SHA-256:	F83053C6B0C5B794033B48D128E02281C015ADB482C243192D0F81F597973ED3
SHA-512:	1E63008DE022595EDF944BC2374873E0405C81734E5669C8C8A34BBE1DDDA7522CAA08F4D2E1223940C690AAEC0CDC93897F9B35B535A1C3BA8C5D0CD79812A6
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=4.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=0314864ad9f64ebaa33a0fadc4c84d72.IDENTIFIER=spice-vdagent.desktop.

/run/systemd/journal/streams/.#9:70061iH9lEH

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	216
Entropy (8bit):	5.389438625580669
Encrypted:	false
SSDEEP:	3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxmz1K6Id6I9RqjsjODc:SbFuFyLVIg1BG+f+M5K6IUbjhD1DTu
MD5:	9FD9DBB6CAFBD3350DB13152F22BC3B8
SHA1:	7532C099AE9FA7A2DF78785638C1D42FD6379767
SHA-256:	890CC6FC9A17FE3CEF542A88E026CF49BABE9A5D32FDE527347F29F90FF40AB3
SHA-512:	1F3C650CF897B804CEFCCF5C8834E307B432C2109DC8EB5D7AEA078670650A06D70F71DF2E215D218640E113EC2FF0FA835643E0B7E6AE01D0B779DE325CC226
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=9f95a9e3dfd2492d8f10168df74caaf4.IDENTIFIER=ModemManager.UNIT=ModemManager.service.

/run/systemd/journal/streams/.#9:70110YkIn7E

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	189
Entropy (8bit):	5.375510543500971
Encrypted:	false
SSDEEP:	3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxm4cfnvHMglsjs1Han:SbFuFyLVIg1BG+f+M4IMg2joa
MD5:	0D0EBBFD2BD9CD828C51754B29D5BAEB
SHA1:	DC46A111D31D538E1C16AEA16AE8A97219DDE69F
SHA-256:	8AECAADB49CB43C53E749909113656070D867021472F48C17374A2CA452293EC
SHA-512:	84A43302FE8002C2206E7ED9C269994057CA5D00B493B423AAB1B1650F9777DD2341AE87A908DC65E6AC7F39ABBEF2EB0A83F9AB15C44E1515BC1787C6486961
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=23148fb539f044058e1e22b9f8eb64db.IDENTIFIER=dbus-daemon.

/run/systemd/journal/streams/.#9:70111xDrTjF

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	188
Entropy (8bit):	5.380454974581065
Encrypted:	false
SSDEEP:	3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxm7NrVT6R9dQemjvshF:SbFuFyLVIg1BG+f+M9IPdTmYjtWL0
MD5:	6A6A9A0C4555057C7829171C766E65D6
SHA1:	8726055C959E38FF2D3C350653B8EA5F87B60AB7
SHA-256:	FE54C9AE29F20FA2C7837DB7216C37D59A4544D95F97CA18A899CDC510D2C598
SHA-512:	C8266827E1EBAC21E5E71674DC7D0944D75D357F5FA3260840BDE3D3CE60EB26C121AE853AA03C372C70714A98D938E7FBC141255DBC09D76C0E1C0186B06422
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=128f8806166b47e48f54c1c5b74efbc1.IDENTIFIER=pulseaudio.

/run/systemd/journal/streams/.#9:70132drRQXE

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	192
Entropy (8bit):	5.4103901676728166
Encrypted:	false
SSDEEP:	3:SbFVVmFyinKMsPOdvP69ms947z+h6SnLAqC+h6KV+h6CQzuxm7xnKyTGQpSRU8s2:SbFuFyLVK6g7/+BG+f+MxNGISy9j022v
MD5:	2868D5AFF88B578C83E669CC77B86F93
SHA1:	95CFD732DFA6EE488C98AECC5DB7F61D4B83D5E9
SHA-256:	26FFDA35738E4F3B18A09CA351339917133EB3343CA24A9713F5A1478892E742
SHA-512:	736DFDFBDBBBEF4790E0E1FB37439846C71D156380D2A3C42FDA239618D55C34C0D7AB36A087C5F650FB7F2841EE723E2085D940226BC7EEB937602D6A6B90EF
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=6.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=1572f89316d1484984a5d45f2874116b.IDENTIFIER=xbrlapi.desktop.

/run/systemd/journal/streams/.#9:70133tS1y3I

Download File

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	192
Entropy (8bit):	5.3908518868159785
Encrypted:	false
SSDEEP:	3:SbFVVmFyinKMsPOfvP69ms947z+h6SnLAqC+h6KV+h6CQzuxmsGaAniHQWVEkHMR:SbFuFyLVI6g7/+BG+f+MsHCiHQWBHZjq
MD5:	981D60C2B1FFFE7C6F8066ACB0BFE32A
SHA1:	87B84D02A36B51AF13C48259EB509E887A87B805
SHA-256:	BEF65B06CC2073652A571F27AF93D8C51D5E824FC9DA08B913E23D38573FC88F
SHA-512:	033DB47A602FF97E4D5BF3FB511149619E4B68540C5E0B105B910260DAA93FA9937006FD028EF8875C1A467956428148BB0E0CA61FCB64A411B8E8557B71DA3D
Malicious:	false
Preview:	# This is private data. Do not parse.PRIORITY=4.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=fc60c2e21018470fb53234cd828cedcb.IDENTIFIER=xbrlapi.desktop.

/run/systemd/seats/.#seat05fbkJT

Download File

Process:	/lib/systemd/systemd-logind
File Type:	ASCII text
Category:	dropped
Size (bytes):	141
Entropy (8bit):	4.960504169374753
Encrypted:	false
SSDEEP:	3:SbFVVmFyinKMsuH47rLg205vmLUbr+8G88mNvt2KwshcXSv:SbFuFyLwH47Pg20ggW8Gc12rNXc
MD5:	0EDD8049A9E5176912C3C2CBE234DFDB
SHA1:	616927BAAF2CF712B1D1F7F3A8F0507CAA5EAC6C
SHA-256:	434739B0976400CCB6A6302EF461A199F0A5D77E2AF9920D50DE2D799F07E9D6
SHA-512:	171A582F760BF8F9E23DB8ED7EDCE5D88B3B6532E1A46ECB3200291F480682EC5ABAA3B4464E639410A9098CD9AA464EDF6D92CEA0D625C40AACF65FED79E3D4
Malicious:	false
Preview:	# This is private data. Do not parse..IS_SEAT0=1.CAN_MULTI_SESSION=1.CAN_TTY=1.CAN_GRAPHICAL=0.ACTIVE=c1.ACTIVE_UID=127.SESSIONS=c1.UIDS=127.

/run/systemd/seats/.#seat0GmdeZT

Download File

Process:	/lib/systemd/systemd-logind
File Type:	ASCII text
Category:	dropped
Size (bytes):	116
Entropy (8bit):	4.957035419463244
Encrypted:	false
SSDEEP:	3:SbFVVmFyinKMsuH47rLg205vmLUbr+ugKQ2KwshcXSv:SbFuFyLwH47Pg20ggWunQ2rNXc
MD5:	66D114877B3B4DB3BDD8A3AD4F5E7421
SHA1:	62E0CB0F51E0E3F97BE251CB917968DFF69ED344
SHA-256:	A922628916A7DDBE2BAA33F421C82250527EA3C28E429749353A1C75C0C18860
SHA-512:	5651247FA236DCF020A3C8456E4A9A74A85C5B9B3CCE94A3CF8F85FD4D66465C9F97DF7A1822E6CA4553C02BE149F3021D58DCC0C8CB6DCF37F915BD0A158187
Malicious:	false
Preview:	# This is private data. Do not parse..IS_SEAT0=1.CAN_MULTI_SESSION=1.CAN_TTY=1.CAN_GRAPHICAL=0.SESSIONS=c1.UIDS=127.

/run/systemd/seats/.#seat0MtUH9z

Download File

Process:	/lib/systemd/systemd-logind
File Type:	ASCII text
Category:	dropped
Size (bytes):	95
Entropy (8bit):	4.921230646592726
Encrypted:	false
SSDEEP:	3:SbFVVmFyinKMsuH47rLg205vmLUbr+v:SbFuFyLwH47Pg20ggWv
MD5:	BE58CCABC942125F5E27AF6EB1BA2F88
SHA1:	07C20F55E36EE48869B223B8FC4DBC227C7353AC
SHA-256:	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
SHA-512:	E5A270995FDE80530927E0BACD3BF76EE820C968AABD55D2E34579326F388AFD6DE7FB8C5D54F69D3F6AC30A5B587FD3B0456FC60326E7DF4F45789A900D046C
Malicious:	false
Preview:	# This is private data. Do not parse..IS_SEAT0=1.CAN_MULTI_SESSION=1.CAN_TTY=1.CAN_GRAPHICAL=0.

/run/systemd/seats/.#seat0NU8aCW

Download File

Process:	/lib/systemd/systemd-logind
File Type:	ASCII text
Category:	dropped
Size (bytes):	141
Entropy (8bit):	4.960504169374753
Encrypted:	false
SSDEEP:	3:SbFVVmFyinKMsuH47rLg205vmLUbr+8G88mNvt2KwshcXSv:SbFuFyLwH47Pg20ggW8Gc12rNXc
MD5:	0EDD8049A9E5176912C3C2CBE234DFDB
SHA1:	616927BAAF2CF712B1D1F7F3A8F0507CAA5EAC6C
SHA-256:	434739B0976400CCB6A6302EF461A199F0A5D77E2AF9920D50DE2D799F07E9D6
SHA-512:	171A582F760BF8F9E23DB8ED7EDCE5D88B3B6532E1A46ECB3200291F480682EC5ABAA3B4464E639410A9098CD9AA464EDF6D92CEA0D625C40AACF65FED79E3D4
Malicious:	false
Preview:	# This is private data. Do not parse..IS_SEAT0=1.CAN_MULTI_SESSION=1.CAN_TTY=1.CAN_GRAPHICAL=0.ACTIVE=c1.ACTIVE_UID=127.SESSIONS=c1.UIDS=127.

/run/systemd/seats/.#seat0OWOQ3V

Download File

Process:	/lib/systemd/systemd-logind
File Type:	ASCII text
Category:	dropped
Size (bytes):	141
Entropy (8bit):	4.974985332353238
Encrypted:	false
SSDEEP:	3:SbFVVmFyinKMsuH47rLg205vmLUbr+8G/aQvt2ze5XSv:SbFuFyLwH47Pg20ggW8Od12z0Xc
MD5:	638FD4D562360E2AE0FE6842F6853400
SHA1:	CBDEA5AA977FAB4C2DA4C6947CFECFD4B641A644
SHA-256:	565DDE081A5672324151D2EFF5E529ACF29FA96FFCAB42C24FE8A246E929364A
SHA-512:	07CD1D41240B27E815AF85BBF6195001A672FEFA70DBF3B89AD5A128E850BA740DEEE3EA8A77A5ABFBC5ECD86F3EAFD40B5512348C1161265C90EE858DD51F86
Malicious:	false
Preview:	# This is private data. Do not parse..IS_SEAT0=1.CAN_MULTI_SESSION=1.CAN_TTY=1.CAN_GRAPHICAL=0.ACTIVE=c2.ACTIVE_UID=127.SESSIONS=c2.UIDS=127.

/run/systemd/seats/.#seat0UuhBRX

Download File

Process:	/lib/systemd/systemd-logind
File Type:	ASCII text
Category:	dropped
Size (bytes):	116
Entropy (8bit):	4.957035419463244
Encrypted:	false
SSDEEP:	3:SbFVVmFyinKMsuH47rLg205vmLUbr+ugKQ2KwshcXSv:SbFuFyLwH47Pg20ggWunQ2rNXc
MD5:	66D114877B3B4DB3BDD8A3AD4F5E7421
SHA1:	62E0CB0F51E0E3F97BE251CB917968DFF69ED344
SHA-256:	A922628916A7DDBE2BAA33F421C82250527EA3C28E429749353A1C75C0C18860
SHA-512:	5651247FA236DCF020A3C8456E4A9A74A85C5B9B3CCE94A3CF8F85FD4D66465C9F97DF7A1822E6CA4553C02BE149F3021D58DCC0C8CB6DCF37F915BD0A158187
Malicious:	false
Preview:	# This is private data. Do not parse..IS_SEAT0=1.CAN_MULTI_SESSION=1.CAN_TTY=1.CAN_GRAPHICAL=0.SESSIONS=c1.UIDS=127.

/run/systemd/seats/.#seat0nLvTmV

Download File

Process:	/lib/systemd/systemd-logind
File Type:	ASCII text
Category:	dropped
Size (bytes):	141
Entropy (8bit):	4.974985332353238
Encrypted:	false
SSDEEP:	3:SbFVVmFyinKMsuH47rLg205vmLUbr+8G/aQvt2ze5XSv:SbFuFyLwH47Pg20ggW8Od12z0Xc
MD5:	638FD4D562360E2AE0FE6842F6853400
SHA1:	CBDEA5AA977FAB4C2DA4C6947CFECFD4B641A644
SHA-256:	565DDE081A5672324151D2EFF5E529ACF29FA96FFCAB42C24FE8A246E929364A
SHA-512:	07CD1D41240B27E815AF85BBF6195001A672FEFA70DBF3B89AD5A128E850BA740DEEE3EA8A77A5ABFBC5ECD86F3EAFD40B5512348C1161265C90EE858DD51F86
Malicious:	false
Preview:	# This is private data. Do not parse..IS_SEAT0=1.CAN_MULTI_SESSION=1.CAN_TTY=1.CAN_GRAPHICAL=0.ACTIVE=c2.ACTIVE_UID=127.SESSIONS=c2.UIDS=127.

/run/systemd/seats/.#seat0xedaTU

Download File

Process:	/lib/systemd/systemd-logind
File Type:	ASCII text
Category:	dropped
Size (bytes):	95
Entropy (8bit):	4.921230646592726
Encrypted:	false
SSDEEP:	3:SbFVVmFyinKMsuH47rLg205vmLUbr+v:SbFuFyLwH47Pg20ggWv
MD5:	BE58CCABC942125F5E27AF6EB1BA2F88
SHA1:	07C20F55E36EE48869B223B8FC4DBC227C7353AC
SHA-256:	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
SHA-512:	E5A270995FDE80530927E0BACD3BF76EE820C968AABD55D2E34579326F388AFD6DE7FB8C5D54F69D3F6AC30A5B587FD3B0456FC60326E7DF4F45789A900D046C
Malicious:	false
Preview:	# This is private data. Do not parse..IS_SEAT0=1.CAN_MULTI_SESSION=1.CAN_TTY=1.CAN_GRAPHICAL=0.

/run/systemd/sessions/.#c1IbjgUW

Download File

Process:	/lib/systemd/systemd-logind
File Type:	ASCII text
Category:	dropped
Size (bytes):	321
Entropy (8bit):	5.427211428346373
Encrypted:	false
SSDEEP:	6:SbFuFyLPCOcPdNdUKBhcIGjwn9xfx2xNIByy6GB+jgDc7ocn:qgFqPuFN6IG0n99x2xayWQgDczn
MD5:	F3DF3D82E88CF2886F9A6A212B549C79
SHA1:	0DDCA30CEFEFED5D94E115E9BD27373FE827D43C
SHA-256:	C433622F456D75FF28190F82E1248BA5D59B25D202C479B2F0DEC0AACA29D3A8
SHA-512:	B841F83A514FD5453694C2FB9CDA37AD6811B654F293330FA4A3E62FCB740F59E52BAD277CFD62B9D0547B649030C41A5CFEA019E47DD037C48687517B528766
Malicious:	false
Preview:	# This is private data. Do not parse..UID=127.USER=gdm.ACTIVE=1.IS_DISPLAY=1.STATE=active.REMOTE=0.TYPE=wayland.CLASS=greeter.SCOPE=session-c1.scope.FIFO=/run/systemd/sessions/c1.ref.SEAT=seat0.TTY=tty1.TTY_VALIDITY=from-pam.SERVICE=gdm-launch-environment.VTNR=1.LEADER=6122.REALTIME=1736209446458152.MONOTONIC=199117347.

/run/systemd/sessions/.#c1MPza4T

Download File

Process:	/lib/systemd/systemd-logind
File Type:	ASCII text
Category:	dropped
Size (bytes):	333
Entropy (8bit):	5.488828912376954
Encrypted:	false
SSDEEP:	6:SbFuFyLPCOcPdVuRmUKBhcIS3xffbcxfx2xNIByy6GB+jgDc7ocn:qgFqPuFVuRZI4Bzc9x2xayWQgDczn
MD5:	3BE9FB6ED7A320900B5CC5604C7C26B2
SHA1:	C43A8E3A44526DE119616261000058A3BAFA936A
SHA-256:	EF4764A126E91B8F9D0A1172A6A23B222408E238ED494FDDE704FFEB595BB4E0
SHA-512:	0DCE95B019AAA0E4F68791F8AF955F9917B3C26FE34F1F8778267C69888228CB216B21AE3C2850DBC424827BC85BE9A953FA5E8AEBD382145FE909ACE6718A7D
Malicious:	false
Preview:	# This is private data. Do not parse..UID=127.USER=gdm.ACTIVE=1.IS_DISPLAY=1.STATE=opening.REMOTE=0.TYPE=wayland.CLASS=greeter.SCOPE=session-c1.scope.SCOPE_JOB=/org/freedesktop/systemd1/job/8404.SEAT=seat0.TTY=tty1.TTY_VALIDITY=from-pam.SERVICE=gdm-launch-environment.VTNR=1.LEADER=6122.REALTIME=1736209446458152.MONOTONIC=199117347.

/run/systemd/sessions/.#c1RiBl4W

Download File

Process:	/lib/systemd/systemd-logind
File Type:	ASCII text
Category:	dropped
Size (bytes):	337
Entropy (8bit):	5.438309569388573
Encrypted:	false
SSDEEP:	6:SbFuFyLPCOcPdNdUKBhcIGjwn9xfx2xNIByy6GB+jgDc7ocpon:qgFqPuFN6IG0n99x2xayWQgDczG
MD5:	B402302DD93B39197197D5F8882124D5
SHA1:	6D7517FC6674CDC86F3AAFEE81B723475655973A
SHA-256:	9C12204846B17424A1FE01E77288EC139600558AF9792D52D827D0A7F0D2ABC0
SHA-512:	F1FD03D9D6A80302FA9763313D76E2DB57E0A56573960C8488B69C964FE27284E08DBED9BC2F07EAC35748F9DAA1EA88C2559471FBA2CD823289EEF6FE3BE1EF
Malicious:	false
Preview:	# This is private data. Do not parse..UID=127.USER=gdm.ACTIVE=1.IS_DISPLAY=1.STATE=active.REMOTE=0.TYPE=wayland.CLASS=greeter.SCOPE=session-c1.scope.FIFO=/run/systemd/sessions/c1.ref.SEAT=seat0.TTY=tty1.TTY_VALIDITY=from-pam.SERVICE=gdm-launch-environment.VTNR=1.LEADER=6122.REALTIME=1736209446458152.MONOTONIC=199117347.CONTROLLER=:1.9.

/run/systemd/sessions/.#c1WkmD2W

Download File

Process:	/lib/systemd/systemd-logind
File Type:	ASCII text
Category:	dropped
Size (bytes):	321
Entropy (8bit):	5.427211428346373
Encrypted:	false
SSDEEP:	6:SbFuFyLPCOcPdNdUKBhcIGjwn9xfx2xNIByy6GB+jgDc7ocn:qgFqPuFN6IG0n99x2xayWQgDczn
MD5:	F3DF3D82E88CF2886F9A6A212B549C79
SHA1:	0DDCA30CEFEFED5D94E115E9BD27373FE827D43C
SHA-256:	C433622F456D75FF28190F82E1248BA5D59B25D202C479B2F0DEC0AACA29D3A8
SHA-512:	B841F83A514FD5453694C2FB9CDA37AD6811B654F293330FA4A3E62FCB740F59E52BAD277CFD62B9D0547B649030C41A5CFEA019E47DD037C48687517B528766
Malicious:	false
Preview:	# This is private data. Do not parse..UID=127.USER=gdm.ACTIVE=1.IS_DISPLAY=1.STATE=active.REMOTE=0.TYPE=wayland.CLASS=greeter.SCOPE=session-c1.scope.FIFO=/run/systemd/sessions/c1.ref.SEAT=seat0.TTY=tty1.TTY_VALIDITY=from-pam.SERVICE=gdm-launch-environment.VTNR=1.LEADER=6122.REALTIME=1736209446458152.MONOTONIC=199117347.

/run/systemd/sessions/.#c1c6aFKT

Download File

Process:	/lib/systemd/systemd-logind
File Type:	ASCII text
Category:	dropped
Size (bytes):	288
Entropy (8bit):	5.385387312415387
Encrypted:	false
SSDEEP:	6:SbFuFyLPCOcPddL32UKBhcIixfx2xNIByy6GB+jgDc7ocn:qgFqPuFdDJIi9x2xayWQgDczn
MD5:	BBDB633E30451D6950097131281D2357
SHA1:	E9C699605DEE4E94F7547FE21E642B567027087E
SHA-256:	44513A00DFF1947B6FCA86654986487F8BBC73E9C17A82CFA988DEAE7F46E2BD
SHA-512:	88BB0F9F7265DBA4928BB8061D40DB86533283CB3511165AADDF8875BA38B5499AF841413517AE477518AA73F084CC249FD34FF98FA6E33BD0129CFB9A37F085
Malicious:	false
Preview:	# This is private data. Do not parse..UID=127.USER=gdm.ACTIVE=1.IS_DISPLAY=1.STATE=closing.REMOTE=0.TYPE=wayland.CLASS=greeter.SCOPE=session-c1.scope.SEAT=seat0.TTY=tty1.TTY_VALIDITY=from-pam.SERVICE=gdm-launch-environment.VTNR=1.LEADER=6122.REALTIME=1736209446458152.MONOTONIC=199117347.

/run/systemd/sessions/.#c1iFJTFW

Download File

Process:	/lib/systemd/systemd-logind
File Type:	ASCII text
Category:	dropped
Size (bytes):	321
Entropy (8bit):	5.427211428346373
Encrypted:	false
SSDEEP:	6:SbFuFyLPCOcPdNdUKBhcIGjwn9xfx2xNIByy6GB+jgDc7ocn:qgFqPuFN6IG0n99x2xayWQgDczn
MD5:	F3DF3D82E88CF2886F9A6A212B549C79
SHA1:	0DDCA30CEFEFED5D94E115E9BD27373FE827D43C
SHA-256:	C433622F456D75FF28190F82E1248BA5D59B25D202C479B2F0DEC0AACA29D3A8
SHA-512:	B841F83A514FD5453694C2FB9CDA37AD6811B654F293330FA4A3E62FCB740F59E52BAD277CFD62B9D0547B649030C41A5CFEA019E47DD037C48687517B528766
Malicious:	false
Preview:	# This is private data. Do not parse..UID=127.USER=gdm.ACTIVE=1.IS_DISPLAY=1.STATE=active.REMOTE=0.TYPE=wayland.CLASS=greeter.SCOPE=session-c1.scope.FIFO=/run/systemd/sessions/c1.ref.SEAT=seat0.TTY=tty1.TTY_VALIDITY=from-pam.SERVICE=gdm-launch-environment.VTNR=1.LEADER=6122.REALTIME=1736209446458152.MONOTONIC=199117347.

/run/systemd/sessions/.#c20iX0EU

Download File

Process:	/lib/systemd/systemd-logind
File Type:	ASCII text
Category:	dropped
Size (bytes):	317
Entropy (8bit):	5.429572115059906
Encrypted:	false
SSDEEP:	6:SbFuFyLPCOcPdNH/hc/KHjwnsDxfx2xNIByy6GB6ZTgDWsDQa:qgFqPuFNuCH0nI9x2xayWkTgDPMa
MD5:	E465197C755BE79E2585F8956A8E9AE8
SHA1:	196BD80B87E06273A67B4ED2444C7AE1855C21E4
SHA-256:	959E60208B43F925E1E4FBA974F4938DF44726323005B5D3C1D6C1B37232C01E
SHA-512:	9DFC671080EB24F2A649A4DA68B4E88A0E9D0F1B9437370CE80097151A528BE24EB604D56090C93E28D1D2A46184873A17458FEA532DF3CA5B8AA7B4C8DADC55
Malicious:	false
Preview:	# This is private data. Do not parse..UID=127.USER=gdm.ACTIVE=1.IS_DISPLAY=1.STATE=active.REMOTE=0.TYPE=x11.CLASS=greeter.SCOPE=session-c2.scope.FIFO=/run/systemd/sessions/c2.ref.SEAT=seat0.TTY=tty1.TTY_VALIDITY=from-pam.SERVICE=gdm-launch-environment.VTNR=1.LEADER=6160.REALTIME=1736209453578965.MONOTONIC=206238160.

/run/systemd/sessions/.#c2D9KviY

Download File

Process:	/lib/systemd/systemd-logind
File Type:	ASCII text
Category:	dropped
Size (bytes):	367
Entropy (8bit):	5.454016009182429
Encrypted:	false
SSDEEP:	6:SbFuFyLPCOcPdNH/hc/KHjwnsDxfx2xNIByy6GB6ZTgDWsDQA8iFn:qgFqPuFNuCH0nI9x2xayWkTgDPMA8iFn
MD5:	0C6E2022001F47AA71EC25D01B567C27
SHA1:	63C58F7BF35A598BC8D55D1FDE708BA2823DEE17
SHA-256:	98336E4578F1279138CCB519BECE488382B7852946F9785815CE8B58E23B1C00
SHA-512:	FB3DFF14322A52DC36EA85681E9FA1A633901B81FD1C09D5EC3320D8E7AC7212ECF4C1E4E3325E59CD405C92CB33A6EB5118A40843367790BEDABFB5F73BC48F
Malicious:	false
Preview:	# This is private data. Do not parse..UID=127.USER=gdm.ACTIVE=1.IS_DISPLAY=1.STATE=active.REMOTE=0.TYPE=x11.CLASS=greeter.SCOPE=session-c2.scope.FIFO=/run/systemd/sessions/c2.ref.SEAT=seat0.TTY=tty1.TTY_VALIDITY=from-pam.SERVICE=gdm-launch-environment.VTNR=1.LEADER=6160.REALTIME=1736209453578965.MONOTONIC=206238160.CONTROLLER=:1.13.DEVICES=13:64 13:67 13:65 13:66 .

/run/systemd/sessions/.#c2DNitVV

Download File

Process:	/lib/systemd/systemd-logind
File Type:	ASCII text
Category:	dropped
Size (bytes):	349
Entropy (8bit):	5.443524172891456
Encrypted:	false
SSDEEP:	6:SbFuFyLPCOcPdNH/hc/KHjwnsDxfx2xNIByy6GB6ZTgDWsDQA8i:qgFqPuFNuCH0nI9x2xayWkTgDPMA8i
MD5:	99876730888AD971172BF90AF77CA138
SHA1:	35A6A8F242640FCD89BA2A60DD82FAF0E4220381
SHA-256:	931DEEC7033B4C88E61E0024BD4A42D760CDC117C46CBF1BA6AE5DE68C571C84
SHA-512:	C8E522A37B12D9163BB2CE9CFE9DCBB010F53FA7ED6D85213C72BEE30DC868D21C0107194D2E787D6750FC79205CF766B4D0DD74E49BF8E691AB1E739922C6EC
Malicious:	false
Preview:	# This is private data. Do not parse..UID=127.USER=gdm.ACTIVE=1.IS_DISPLAY=1.STATE=active.REMOTE=0.TYPE=x11.CLASS=greeter.SCOPE=session-c2.scope.FIFO=/run/systemd/sessions/c2.ref.SEAT=seat0.TTY=tty1.TTY_VALIDITY=from-pam.SERVICE=gdm-launch-environment.VTNR=1.LEADER=6160.REALTIME=1736209453578965.MONOTONIC=206238160.CONTROLLER=:1.13.DEVICES=13:64 .

/run/systemd/sessions/.#c2Ld5ZvW

Download File

Process:	/lib/systemd/systemd-logind
File Type:	ASCII text
Category:	dropped
Size (bytes):	361
Entropy (8bit):	5.456051861542475
Encrypted:	false
SSDEEP:	6:SbFuFyLPCOcPdNH/hc/KHjwnsDxfx2xNIByy6GB6ZTgDWsDQA8wn:qgFqPuFNuCH0nI9x2xayWkTgDPMA8w
MD5:	660D38C005ABD8710ADF0DEA8FB83B54
SHA1:	B52AC0E55E606F923B3484B284231AD999D7BBE0
SHA-256:	0E2D5C4B0A5012F5C3F00BA9AC146BDBBFEB30B5B9D1ACAA53F2003DA1F633B8
SHA-512:	CD3DD1E516E219D25492074DF83E43EB000B210B664BFFF9D04D1F6735C0972E86D20E8E38ECE602D12E07A33DF8C36362058C4F1F05A7204F346C11BE5E4146
Malicious:	false
Preview:	# This is private data. Do not parse..UID=127.USER=gdm.ACTIVE=1.IS_DISPLAY=1.STATE=active.REMOTE=0.TYPE=x11.CLASS=greeter.SCOPE=session-c2.scope.FIFO=/run/systemd/sessions/c2.ref.SEAT=seat0.TTY=tty1.TTY_VALIDITY=from-pam.SERVICE=gdm-launch-environment.VTNR=1.LEADER=6160.REALTIME=1736209453578965.MONOTONIC=206238160.CONTROLLER=:1.13.DEVICES=13:64 13:67 13:65 .

/run/systemd/sessions/.#c2UrlunW

Download File

Process:	/lib/systemd/systemd-logind
File Type:	ASCII text
Category:	dropped
Size (bytes):	334
Entropy (8bit):	5.439187471892393
Encrypted:	false
SSDEEP:	6:SbFuFyLPCOcPdNH/hc/KHjwnsDxfx2xNIByy6GB6ZTgDWsDQA3:qgFqPuFNuCH0nI9x2xayWkTgDPMA3
MD5:	F2DBB78D140B4607EB49BDAD88DFEC90
SHA1:	D448006F4A29DECE88038E13D9323C873FF3703B
SHA-256:	8F4321B87FEDFFF3BAECF4E56187C3069066510ED33EC5195A590DACF62BCBD5
SHA-512:	00B4E79428DC95AA2BD324B080B746588F1E3717BB147923F696D1F8DFE78D6D277DE2D75F9E40F70F65E7C392A48DE380CE819F04D1E0977A47E8798FED1747
Malicious:	false
Preview:	# This is private data. Do not parse..UID=127.USER=gdm.ACTIVE=1.IS_DISPLAY=1.STATE=active.REMOTE=0.TYPE=x11.CLASS=greeter.SCOPE=session-c2.scope.FIFO=/run/systemd/sessions/c2.ref.SEAT=seat0.TTY=tty1.TTY_VALIDITY=from-pam.SERVICE=gdm-launch-environment.VTNR=1.LEADER=6160.REALTIME=1736209453578965.MONOTONIC=206238160.CONTROLLER=:1.13.

/run/systemd/sessions/.#c2aZmXGU

Download File

Process:	/lib/systemd/systemd-logind
File Type:	ASCII text
Category:	dropped
Size (bytes):	329
Entropy (8bit):	5.490073912837566
Encrypted:	false
SSDEEP:	6:SbFuFyLPCOcPdVuRQ/hc/Kf3xffM4Hxfx2xNIByy6GB6ZTgDWsDQa:qgFqPuFVuRpCvBT9x2xayWkTgDPMa
MD5:	8E7952B493DA3D7011C420B8842D49BB
SHA1:	D4C6D0D36D24EF8CBB69088BAC3512D89A0437E9
SHA-256:	201AA81E47C2FAA7B32CA43524105355C00941ACD2588E2CE4257EAED609B4B3
SHA-512:	C0F5E06C08D6305D67FABB20CDE9D3BE19E314B85815D641B0AB090304A4A83963025741B1C9AE54C5E1DAE75457474B004A929C692C73295844E31593F71647
Malicious:	false
Preview:	# This is private data. Do not parse..UID=127.USER=gdm.ACTIVE=1.IS_DISPLAY=1.STATE=opening.REMOTE=0.TYPE=x11.CLASS=greeter.SCOPE=session-c2.scope.SCOPE_JOB=/org/freedesktop/systemd1/job/8467.SEAT=seat0.TTY=tty1.TTY_VALIDITY=from-pam.SERVICE=gdm-launch-environment.VTNR=1.LEADER=6160.REALTIME=1736209453578965.MONOTONIC=206238160.

/run/systemd/sessions/.#c2oyj4QV

Download File

Process:	/lib/systemd/systemd-logind
File Type:	ASCII text
Category:	dropped
Size (bytes):	355
Entropy (8bit):	5.451344686872356
Encrypted:	false
SSDEEP:	6:SbFuFyLPCOcPdNH/hc/KHjwnsDxfx2xNIByy6GB6ZTgDWsDQA8nn:qgFqPuFNuCH0nI9x2xayWkTgDPMA8n
MD5:	8B932DDA01A3984B7B2638FBF785ED0B
SHA1:	4C7ADBF579ABC6F5302551D1C6C49E06CB35B721
SHA-256:	77C03AB155F3CB149E7EAD71CEA7B261120ED126747866833D1B45B97F793FF4
SHA-512:	FA18B726FFDF2E7EB419EA613381832385290CAD4A30DA052C2B1211121434318D996C6AD4E6566E18F174CF38FB13249B40C090B9075177EBD0A4749F2EC275
Malicious:	false
Preview:	# This is private data. Do not parse..UID=127.USER=gdm.ACTIVE=1.IS_DISPLAY=1.STATE=active.REMOTE=0.TYPE=x11.CLASS=greeter.SCOPE=session-c2.scope.FIFO=/run/systemd/sessions/c2.ref.SEAT=seat0.TTY=tty1.TTY_VALIDITY=from-pam.SERVICE=gdm-launch-environment.VTNR=1.LEADER=6160.REALTIME=1736209453578965.MONOTONIC=206238160.CONTROLLER=:1.13.DEVICES=13:64 13:65 .

/run/systemd/sessions/.#c2zc2NTV

Download File

Process:	/lib/systemd/systemd-logind
File Type:	ASCII text
Category:	dropped
Size (bytes):	317
Entropy (8bit):	5.429572115059906
Encrypted:	false
SSDEEP:	6:SbFuFyLPCOcPdNH/hc/KHjwnsDxfx2xNIByy6GB6ZTgDWsDQa:qgFqPuFNuCH0nI9x2xayWkTgDPMa
MD5:	E465197C755BE79E2585F8956A8E9AE8
SHA1:	196BD80B87E06273A67B4ED2444C7AE1855C21E4
SHA-256:	959E60208B43F925E1E4FBA974F4938DF44726323005B5D3C1D6C1B37232C01E
SHA-512:	9DFC671080EB24F2A649A4DA68B4E88A0E9D0F1B9437370CE80097151A528BE24EB604D56090C93E28D1D2A46184873A17458FEA532DF3CA5B8AA7B4C8DADC55
Malicious:	false
Preview:	# This is private data. Do not parse..UID=127.USER=gdm.ACTIVE=1.IS_DISPLAY=1.STATE=active.REMOTE=0.TYPE=x11.CLASS=greeter.SCOPE=session-c2.scope.FIFO=/run/systemd/sessions/c2.ref.SEAT=seat0.TTY=tty1.TTY_VALIDITY=from-pam.SERVICE=gdm-launch-environment.VTNR=1.LEADER=6160.REALTIME=1736209453578965.MONOTONIC=206238160.

/run/systemd/users/.#1271MJ02X

Download File

Process:	/lib/systemd/systemd-logind
File Type:	ASCII text
Category:	dropped
Size (bytes):	240
Entropy (8bit):	5.129100215498272
Encrypted:	false
SSDEEP:	6:SbFuFyL3BVgL4q1c7iesnAiRJgD8/gAG2z5c2zw02zb2owB:qgFq30z1cL/iRJgD8/z5HzwPzbA
MD5:	2048350CF7987F68C04FC71339D9776B
SHA1:	F1A9815E7F459FE2531CFAC550C699B2D4C854B3
SHA-256:	98331A01EEC3188712470E65CC70670C4FE687A2D73BC2B45D70E1A5D7AA6F3A
SHA-512:	AA5F917D6AFD150153F3108ADC0F87F52512369A794FA74FA316C181DCB4DEFCB2037DC6EDE22FCD2A3609F193AAECC1B4C82CEA59181EB27D6F63786D9DB6A7
Malicious:	false
Preview:	# This is private data. Do not parse..NAME=gdm.STATE=online.STOPPING=no.RUNTIME=/run/user/127.REALTIME=1736209446443709.MONOTONIC=199102904.SESSIONS=c2.SEATS=seat0.ACTIVE_SESSIONS=c2.ONLINE_SESSIONS=c2.ACTIVE_SEATS=seat0.ONLINE_SEATS=seat0.

/run/systemd/users/.#1272TpeWX

Download File

Process:	/lib/systemd/systemd-logind
File Type:	ASCII text
Category:	dropped
Size (bytes):	238
Entropy (8bit):	5.138486118422102
Encrypted:	false
SSDEEP:	6:SbFuFyL3BVgdL87iesnAiyaSfgD8/gAG2thQc2pb02nmD2p9rwC:qgFq30dAL/ixegD8/thQHtPnmDq9x
MD5:	65DA876E9E7FB4CD8C0E039FF1513075
SHA1:	27F9C64FDB7DE94AB54306C5580BDFFF0DB6738F
SHA-256:	39BA4CB1F3C11C49801850C443A4CF588A4379CB4374226048B897E069A139D9
SHA-512:	AE1A45312CF10E3427788332C2EB0D4CC4C4217C7D464E3B8B7D99AFEC9CCFEC9F535ACBBE8F71F5FFEEF8CED3F69688D35143E39544A517C159A088B9DAC821
Malicious:	false
Preview:	# This is private data. Do not parse..NAME=gdm.STATE=closing.STOPPING=no.RUNTIME=/run/user/127.DISPLAY=c1.REALTIME=1736209446443709.MONOTONIC=199102904.SESSIONS=c1.SEATS=seat0.ACTIVE_SESSIONS=.ONLINE_SESSIONS=.ACTIVE_SEATS=.ONLINE_SEATS=.

/run/systemd/users/.#127DsGOTU

Download File

Process:	/lib/systemd/systemd-logind
File Type:	ASCII text
Category:	dropped
Size (bytes):	251
Entropy (8bit):	5.14788392717979
Encrypted:	false
SSDEEP:	6:SbFuFyL3BVgL4q1c7iesnAiyaSfgD8/gAG2thQc2x9sS02/g2owB:qgFq30z1cL/ixegD8/thQHxbPYA
MD5:	12C1800A129DA2377DB4AB7BE7C2110E
SHA1:	D89CB227BE5BE6DA9DF3CCDA0DB3B53D00BB32B5
SHA-256:	983380AAD0F28E17E68E1832F9DDA5B8906C69E11213EAED08003BC9BE4BF694
SHA-512:	258607C4103200E5E9A86A5BD21954C269F7FB88164DE9E07D30D10B40BD298DEC0274CCF1163339F29FC4C38247E4CA99A34FE6772228650061A7009318BAC4
Malicious:	false
Preview:	# This is private data. Do not parse..NAME=gdm.STATE=online.STOPPING=no.RUNTIME=/run/user/127.DISPLAY=c1.REALTIME=1736209446443709.MONOTONIC=199102904.SESSIONS=c1.SEATS=seat0.ACTIVE_SESSIONS=c1.ONLINE_SESSIONS=c1.ACTIVE_SEATS=seat0.ONLINE_SEATS=seat0.

/run/systemd/users/.#127PJk1HU

Download File

Process:	/lib/systemd/systemd-logind
File Type:	ASCII text
Category:	dropped
Size (bytes):	251
Entropy (8bit):	5.136343700278435
Encrypted:	false
SSDEEP:	6:SbFuFyL3BVgNz7iesnAiyaSaTgD8/gAG2z5c2zw02zb2owB:qgFq30NzL/ixxTgD8/z5HzwPzbA
MD5:	A192A28A97CC24F14EE56BACE44C8E86
SHA1:	035C45D314EB9E88A985C49635EC546697BF15CD
SHA-256:	A6793E58C9A6F693F4FCC550DD064B3B0070FEF9E29E50A4C796652EEF7583C2
SHA-512:	069C58092ACB04835C6EEDA2E61B004983E2514F3E3A7445A464437935124D120999770BF357EBDF2C9DFE34F2CEA2F14F8C064CB0D1D42460A1783D82943AC9
Malicious:	false
Preview:	# This is private data. Do not parse..NAME=gdm.STATE=active.STOPPING=no.RUNTIME=/run/user/127.DISPLAY=c2.REALTIME=1736209446443709.MONOTONIC=199102904.SESSIONS=c2.SEATS=seat0.ACTIVE_SESSIONS=c2.ONLINE_SESSIONS=c2.ACTIVE_SEATS=seat0.ONLINE_SEATS=seat0.

/run/systemd/users/.#127QKzkVU

Download File

Process:	/lib/systemd/systemd-logind
File Type:	ASCII text
Category:	dropped
Size (bytes):	251
Entropy (8bit):	5.152279955258516
Encrypted:	false
SSDEEP:	6:SbFuFyL3BVgL4q1c7iesnAiyaSaTgD8/gAG2z5c2zw02zb2owB:qgFq30z1cL/ixxTgD8/z5HzwPzbA
MD5:	4345B15D9036E0A8D7B03BE6628BEF24
SHA1:	8E3E64D1EC58609E56D095FD5F04C35D6B9C9EC7
SHA-256:	E9007ACAB422065F5AB323B0C750C06D684B9D17D18AE5138667E84E7085C32D
SHA-512:	439CF64ADC632717E6DBE44C3693961F293923B8EAADBCA0E7421B87B55D4A1CA5DD143A0A240A84530CC35C5F7CDE3079A1ADE9730BDF23178679BFC9A1B6BA
Malicious:	false
Preview:	# This is private data. Do not parse..NAME=gdm.STATE=online.STOPPING=no.RUNTIME=/run/user/127.DISPLAY=c2.REALTIME=1736209446443709.MONOTONIC=199102904.SESSIONS=c2.SEATS=seat0.ACTIVE_SESSIONS=c2.ONLINE_SESSIONS=c2.ACTIVE_SEATS=seat0.ONLINE_SEATS=seat0.

/run/systemd/users/.#127cCvMoW

Download File

Process:	/lib/systemd/systemd-logind
File Type:	ASCII text
Category:	dropped
Size (bytes):	188
Entropy (8bit):	4.928997328913428
Encrypted:	false
SSDEEP:	3:SbFVVmFyinKMs5BuSgVuMI2sKiYiesnAv/XS12K2hwEY8mTQ2pJi22sQ2KkmD2pi:SbFuFyL3BVgVuR257iesnAi12thQc2p4
MD5:	065A3AD1A34A9903F536410ECA748105
SHA1:	21CD684DF60D569FA96EEEB66A0819EAC1B2B1A4
SHA-256:	E80554BF0FF4E32C61D4FA3054F8EFB27A26F1C37C91AE4EA94445C400693941
SHA-512:	DB3C42E893640BAEE9F0001BDE6E93ED40CC33198AC2B47328F577D3C71E2C2E986AAAFEF5BD8ADBC639B5C24ADF715D87034AE24B697331FF6FEC5962630064
Malicious:	false
Preview:	# This is private data. Do not parse..NAME=gdm.STATE=opening.STOPPING=no.RUNTIME=/run/user/127.SESSIONS=c1.SEATS=seat0.ACTIVE_SESSIONS=.ONLINE_SESSIONS=c1.ACTIVE_SEATS=.ONLINE_SEATS=seat0.

/run/systemd/users/.#127fdPkGX

Download File

Process:	/lib/systemd/systemd-logind
File Type:	ASCII text
Category:	dropped
Size (bytes):	299
Entropy (8bit):	5.313699994938474
Encrypted:	false
SSDEEP:	6:SbFuFyL3BVgVuR257iesnAir/0IxffkYfgD8/gAG2thQc2x9sS02/g2owB:qgFq30VuR8L/ibBDgD8/thQHxbPYA
MD5:	E7F4E04B39D9A3C533EBCA7178D63993
SHA1:	219EBB966F788F97E1F08825E2EC4219B7D548AE
SHA-256:	EFF728585D2C83099CB076A441F7F93C109650D53694D13225357CDB67DDD789
SHA-512:	6B247067C0B9A8B4C9913A240F1A771822FEB982420C23CFF08A82527FC3575AE38566DA17A2CC15C09C1D616A812A9CFABC31BC7DFE544E7A3BCACCC0546271
Malicious:	false
Preview:	# This is private data. Do not parse..NAME=gdm.STATE=opening.STOPPING=no.RUNTIME=/run/user/127.SERVICE_JOB=/org/freedesktop/systemd1/job/8342.DISPLAY=c1.REALTIME=1736209446443709.MONOTONIC=199102904.SESSIONS=c1.SEATS=seat0.ACTIVE_SESSIONS=c1.ONLINE_SESSIONS=c1.ACTIVE_SEATS=seat0.ONLINE_SEATS=seat0.

/run/systemd/users/.#127i6waaX

Download File

Process:	/lib/systemd/systemd-logind
File Type:	ASCII text
Category:	dropped
Size (bytes):	245
Entropy (8bit):	5.150699110882269
Encrypted:	false
SSDEEP:	6:SbFuFyL3BVgdL87iesnAiyaSfgD8/gAG2thQc2x9sS02nmD2owC:qgFq30dAL/ixegD8/thQHxbPnmDd
MD5:	73F39AC5B625F471B673B2C3DAD69D87
SHA1:	A2A60BDDB80B32B1EF00345A22CD00D6E7E58060
SHA-256:	6CFD935DFA5608745FCBED3A140F35E3BF468663EBF11F4A96A632B88F3ECCC2
SHA-512:	868D149C64306FB9D37725C5482F4BE02DCCEC9C541E254568E98F99DE27B1B24FDAF2E4DBD8C1FD84E70D4FA119150044EE42D5FA8A59D92C3E2AFCF89EBAB6
Malicious:	false
Preview:	# This is private data. Do not parse..NAME=gdm.STATE=closing.STOPPING=no.RUNTIME=/run/user/127.DISPLAY=c1.REALTIME=1736209446443709.MONOTONIC=199102904.SESSIONS=c1.SEATS=seat0.ACTIVE_SESSIONS=c1.ONLINE_SESSIONS=.ACTIVE_SEATS=seat0.ONLINE_SEATS=.

/run/systemd/users/.#127qOOfcV

Download File

Process:	/lib/systemd/systemd-logind
File Type:	ASCII text
Category:	dropped
Size (bytes):	251
Entropy (8bit):	5.1319476721997095
Encrypted:	false
SSDEEP:	6:SbFuFyL3BVgNz7iesnAiyaSfgD8/gAG2thQc2x9sS02/g2owB:qgFq30NzL/ixegD8/thQHxbPYA
MD5:	4DCD1CF690CE822000AD942EF1902DD3
SHA1:	FA846AF824491066E98A10984C63923BD9B3A218
SHA-256:	327611CF09C2F386261EE9DE84E79D0514F3580E0C7D89B504375F93C2C523DA
SHA-512:	A8617D436A4B6F6D1CFA54DD27F6A7C492DA2057CF619A7EE38631E7183783AB2FE059EE849D488847D08784FBCC6E54ED376AC1BF4E67D848295D0FF6EA637B
Malicious:	false
Preview:	# This is private data. Do not parse..NAME=gdm.STATE=active.STOPPING=no.RUNTIME=/run/user/127.DISPLAY=c1.REALTIME=1736209446443709.MONOTONIC=199102904.SESSIONS=c1.SEATS=seat0.ACTIVE_SESSIONS=c1.ONLINE_SESSIONS=c1.ACTIVE_SEATS=seat0.ONLINE_SEATS=seat0.

/run/systemd/users/.#127sLSS5T

Download File

Process:	/lib/systemd/systemd-logind
File Type:	ASCII text
Category:	dropped
Size (bytes):	238
Entropy (8bit):	5.138486118422102
Encrypted:	false
SSDEEP:	6:SbFuFyL3BVgdL87iesnAiyaSfgD8/gAG2thQc2pb02nmD2p9rwC:qgFq30dAL/ixegD8/thQHtPnmDq9x
MD5:	65DA876E9E7FB4CD8C0E039FF1513075
SHA1:	27F9C64FDB7DE94AB54306C5580BDFFF0DB6738F
SHA-256:	39BA4CB1F3C11C49801850C443A4CF588A4379CB4374226048B897E069A139D9
SHA-512:	AE1A45312CF10E3427788332C2EB0D4CC4C4217C7D464E3B8B7D99AFEC9CCFEC9F535ACBBE8F71F5FFEEF8CED3F69688D35143E39544A517C159A088B9DAC821
Malicious:	false
Preview:	# This is private data. Do not parse..NAME=gdm.STATE=closing.STOPPING=no.RUNTIME=/run/user/127.DISPLAY=c1.REALTIME=1736209446443709.MONOTONIC=199102904.SESSIONS=c1.SEATS=seat0.ACTIVE_SESSIONS=.ONLINE_SESSIONS=.ACTIVE_SEATS=.ONLINE_SEATS=.

/run/systemd/users/.#127uyXbPT

Download File

Process:	/lib/systemd/systemd-logind
File Type:	ASCII text
Category:	dropped
Size (bytes):	281
Entropy (8bit):	5.290426175622522
Encrypted:	false
SSDEEP:	6:SbFuFyL3BVgVuR257iesnAir/0IxffegD8/gAG2thQc2pb02/g2p9rwB:qgFq30VuR8L/ibBWgD8/thQHtPYq9M
MD5:	83422C18498BBA3DFD6C7F6A8B84EFF3
SHA1:	C04ACAFC20486694D3F5406671177D0B79D0820F
SHA-256:	7956FB9B23109CBBBD98FD54CEE59E7E14B84AFFD967920A52FE49354A9ECFF8
SHA-512:	35CF43A09F97CA73D91101948BCA6FC1F70C56B5DCBF179BA772EF42E8CA563462208ECAB5148498D2930FD5C4450E51D964DFE4FCF34AB804A4D8ADC1E419F6
Malicious:	false
Preview:	# This is private data. Do not parse..NAME=gdm.STATE=opening.STOPPING=no.RUNTIME=/run/user/127.SERVICE_JOB=/org/freedesktop/systemd1/job/8342.REALTIME=1736209446443709.MONOTONIC=199102904.SESSIONS=c1.SEATS=seat0.ACTIVE_SESSIONS=.ONLINE_SESSIONS=c1.ACTIVE_SEATS=.ONLINE_SEATS=seat0.

/run/systemd/users/.#127yM2R9T

Download File

Process:	/lib/systemd/systemd-logind
File Type:	ASCII text
Category:	dropped
Size (bytes):	288
Entropy (8bit):	5.293453470478108
Encrypted:	false
SSDEEP:	6:SbFuFyL3BVgVuR257iesnAir/0IxffegD8/gAG2thQc2x9sS02/g2owB:qgFq30VuR8L/ibBWgD8/thQHxbPYA
MD5:	6690A9DFD63BF5723C8DB3495BDF42F5
SHA1:	7C5B4B20E03D45A258FC9E560AC86001063D4092
SHA-256:	9134AE95038C2B11BE9C753627EFB877AF16496D5A12ADB6F703DC0004C8A32D
SHA-512:	45578A49F8B023857F1939E2390FCF7D862B31F8FD47F97E24D6CEFE6535B9A8FBD6F4E0C047B76B6EF23B74DF793E25BF56846569042988C78A8B85D745B6A1
Malicious:	false
Preview:	# This is private data. Do not parse..NAME=gdm.STATE=opening.STOPPING=no.RUNTIME=/run/user/127.SERVICE_JOB=/org/freedesktop/systemd1/job/8342.REALTIME=1736209446443709.MONOTONIC=199102904.SESSIONS=c1.SEATS=seat0.ACTIVE_SESSIONS=c1.ONLINE_SESSIONS=c1.ACTIVE_SEATS=seat0.ONLINE_SEATS=seat0.

/run/user/1000/pulse/pid

Download File

Process:	/usr/bin/pulseaudio
File Type:	ASCII text
Category:	dropped
Size (bytes):	5
Entropy (8bit):	1.9219280948873623
Encrypted:	false
SSDEEP:	3:JF:L
MD5:	651346E56DCD5C5BBE67937B42D6163E
SHA1:	3AAD8B087B9B8EA1356EFAE91D464F4CBBD1F10E
SHA-256:	032024734F0BA053E4D4A75B874EA44C8DB860B1C9C827B59D71F217DEE17EBB
SHA-512:	58C646BA38B0E3A7E4EB09EEADA955BC94C02D786E630B6E1B8573890D38BBF50DC7556A05E9EF7D259EAF0A57E1EF41BBDC99E2BA6AA1D37350BD390F92E645
Malicious:	false
Preview:	6990.

/run/user/127/ICEauthority

Download File

Process:	/usr/libexec/gnome-session-binary
File Type:	TTComp archive data, binary, 1K dictionary
Category:	dropped
Size (bytes):	1304
Entropy (8bit):	6.019766135831049
Encrypted:	false
SSDEEP:	12:OxPSRlBOveY+SblxP5+FveY+5+AgxP1e/qOveY+1e5exPcYGwoveY+cYyOOveY+I:z/IV31qeYvq7fgdON
MD5:	D8DE7BC28BC30E10E187217EB81FE79E
SHA1:	9F9A4A690D2AE1016CB2B737E6D5975F4A704478
SHA-256:	B9B50A2A5216441C754DA4DB4BC7B77B66E588C0C2740BBC4BB13B7580F947E7
SHA-512:	300F99C484949EC0C6064457D57D3E9CCD9C7F6DB218A8FF556C95B358ADB07DFEEFB075728C8E8674AC7DB3F7B433A708E3F3B9B46D1CC03A393BFA8E9752C2
Malicious:	false
Preview:	..XSMP...!unix/galassia:/tmp/.ICE-unix/6185..MIT-MAGIC-COOKIE-1....O.\|@DV...w..E..XSMP...#local/galassia:@/tmp/.ICE-unix/6185..MIT-MAGIC-COOKIE-1..?..}.A.......ICE...!unix/galassia:/tmp/.ICE-unix/6132..MIT-MAGIC-COOKIE-1..N....)}..........ICE...#local/galassia:@/tmp/.ICE-unix/6132..MIT-MAGIC-COOKIE-1..`%(....?...8.X...XSMP...!unix/galassia:/tmp/.ICE-unix/1498..MIT-MAGIC-COOKIE-1....d....2A..A p....XSMP...#local/galassia:@/tmp/.ICE-unix/1498..MIT-MAGIC-COOKIE-1...td.).-..7...C&..ICE...!unix/galassia:/tmp/.ICE-unix/1444..MIT-MAGIC-COOKIE-1.. ..a.<...k#8..U..ICE...#local/galassia:@/tmp/.ICE-unix/1444..MIT-MAGIC-COOKIE-1.....e....N`.R.H/..XSMP...#local/galassia:@/tmp/.ICE-unix/1444..MIT-MAGIC-COOKIE-1..0].".y..-=.#s....XSMP...!unix/galassia:/tmp/.ICE-unix/1444..MIT-MAGIC-COOKIE-1.._.,.m'.z.W..,.....ICE...#local/galassia:@/tmp/.ICE-unix/1498..MIT-MAGIC-COOKIE-1....s..<.....z...ICE...!unix/galassia:/tmp/.ICE-unix/1498..MIT-MAGIC-COOKIE-1.........@>.....9..XSMP...#local/galass

/run/user/127/dconf/user

Download File

Process:	/usr/libexec/gsd-power
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	93B885ADFE0DA089CDF634904FD59F71
SHA1:	5BA93C9DB0CFF93F52B521D7420E43F6EDA2784F
SHA-256:	6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D
SHA-512:	B8244D028981D693AF7B456AF8EFA4CAD63D282E19FF14942C246E50D9351D22704A802A71C3580B6370DE4CEB293C324A8423342557D4E5C38438F0E36910EE
Malicious:	false
Preview:	.

/run/user/127/gdm/Xauthority

Download File

Process:	/usr/lib/gdm3/gdm-x-session
File Type:	X11 Xauthority data
Category:	dropped
Size (bytes):	104
Entropy (8bit):	4.983294787198871
Encrypted:	false
SSDEEP:	3:rg/WFllasO93SQ5UCgWFllasO93SQ5a:rg/WFl275sWFl275a
MD5:	E90544B5422FCFEEA5EDB2484724ADE7
SHA1:	C8DF477C923FC41CBF20128E03332BFBC402AB4E
SHA-256:	E9E528777DE9A051157BCC55ADA7B4D82A7FE1E858D2DD09F94E9A5CAFF2ED9F
SHA-512:	E7C53BEBD4E8830F92AB60E9C5A6237D7DE8108E4EA3CC5978F41358EFC42484CC5C4CF9BB22425D9F37E4F4D56B92594AA9B7F39CD6D5039A3F77F7B05E15FB
Malicious:	false
Preview:	....galassia....MIT-MAGIC-COOKIE-1..Q...PVD'tu..&......galassia....MIT-MAGIC-COOKIE-1..Q...PVD'tu..&..

/run/user/127/pulse/pid

Download File

Process:	/usr/bin/pulseaudio
File Type:	ASCII text
Category:	dropped
Size (bytes):	5
Entropy (8bit):	2.321928094887362
Encrypted:	false
SSDEEP:	3:v:v
MD5:	5B81CA14B90E7B3A37E5DBEAE5B8B5A0
SHA1:	524915704C8B40CB7ABA60A920A93C2127BA4D6B
SHA-256:	686E35170B5E9811CD1DD848DF1FE3714FE30378D55654BEEA9FFBEED49EBCC3
SHA-512:	0C4BA033BD4185D4240972F6A7714116FB2C44E24B23F64CB0D0A31F42595454630D1BD06CB55B88732B8128305521732C408C094A3CDC68EC9161C39E742B3E
Malicious:	false
Preview:	6451.

/run/utmp

Download File

Process:	/sbin/agetty
File Type:	data
Category:	dropped
Size (bytes):	384
Entropy (8bit):	0.6667178117422345
Encrypted:	false
SSDEEP:	3:Nc1sXlXEWtl/rwanrX:Nv+ylj3nr
MD5:	D23DFE2D3D92A4947C0EF7E60F6819ED
SHA1:	6C99D81DF3B12E22F1F36051D1E3BC55A989B26A
SHA-256:	A4A454A577B7E92A81130BF0E2AE001F1912BD7EF65FC162ACDAA7DD59545E4E
SHA-512:	20027DF37F8752BA352EE2A7D048D2947B0504256A5DE779BD6AF8B69F31F41FEA1474848A2ACD7BAC4454ADD9B951540818CD9CC818825FC17EE6C3D80A7CEF
Malicious:	false
Preview:	....5...tty2.tty2.......................tty2LOGIN...............................................................................................................................................................................................................................................................................................5....t\|gn.......................................

/tmp/qemu-open.n4tOc4 (deleted)

Download File

Process:	/tmp/wrjkngh4.elf
File Type:	data
Category:	dropped
Size (bytes):	28
Entropy (8bit):	4.137537511266052
Encrypted:	false
SSDEEP:	3:TgksX5oHJN:TgkSaJN
MD5:	500BB981854AB7530C25A26861A73B8B
SHA1:	4F653C8FC4AEC0264017DBCD5AC7E43CE9AF025B
SHA-256:	017E9ED277BB3CC9E1DCEAFF39150957AE64102C15AB6CD8926E92F818E9EEE3
SHA-512:	4C0F5BBD326252A5B45BABD6797837E9E838A3F81D451963FFE54D63B484E1E610474F85DA66F49E9681F8074CCB4A0AD2034572C01766F303E68DBDE45230C1
Malicious:	false
Preview:	/tmp/wrjkngh4.elf.nwlrbbmqbh

/tmp/server-0.xkm

Download File

Process:	/usr/bin/xkbcomp
File Type:	Compiled XKB Keymap: lsb, version 15
Category:	dropped
Size (bytes):	12060
Entropy (8bit):	4.8492493153178975
Encrypted:	false
SSDEEP:	192:tDyb2zOmnECQmwTVFfLaSLus4UVcqLkjoqdD//HJeCQ1+JdDx0s2T:tDyAxvYhFf+S6tUzmp7/1MJ
MD5:	B4E3EB0B8B6B0FC1F46740C573E18D86
SHA1:	7D35426357695EBA77850757E8939A62DCEFF2D1
SHA-256:	7951135CC89A6E89493E3A9997C3D9054439459F8BFCE3DDEC76B943DA79FA91
SHA-512:	8196A23E2B5E525A5581562A2D7F2EE4FF5B694FEF3E218206D52EA9BFE80600BB0C6AA8968CA58E93E1AAD478FA05E157D08DB6D4D1224DDEA6754E377BE001
Malicious:	false
Preview:	.mkx..............D.......................h.......<.....P.@%.......&......D.......NumLock.....Alt.....LevelThree..LAlt....RAlt....RControl....LControl....ScrollLock..LevelFive...AltGr...Meta....Super...Hyper...........evdev+aliases(qwerty)...!.....ESC.AE01AE02AE03AE04AE05AE06AE07AE08AE09AE10AE11AE12BKSPTAB.AD01AD02AD03AD04AD05AD06AD07AD08AD09AD10AD11AD12RTRNLCTLAC01AC02AC03AC04AC05AC06AC07AC08AC09AC10AC11TLDELFSHBKSLAB01AB02AB03AB04AB05AB06AB07AB08AB09AB10RTSHKPMULALTSPCECAPSFK01FK02FK03FK04FK05FK06FK07FK08FK09FK10NMLKSCLKKP7.KP8.KP9.KPSUKP4.KP5.KP6.KPADKP1.KP2.KP3.KP0.KPDLLVL3....LSGTFK11FK12AB11KATAHIRAHENKHKTGMUHEJPCMKPENRCTLKPDVPRSCRALTLNFDHOMEUP..PGUPLEFTRGHTEND.DOWNPGDNINS.DELEI120MUTEVOL-VOL+POWRKPEQI126PAUSI128I129HNGLHJCVAE13LWINRWINCOMPSTOPAGAIPROPUNDOFRNTCOPYOPENPASTFINDCUT.HELPI147I148I149I150I151I152I153I154I155I156I157I158I159I160I161I162I163I164I165I166I167I168I169I170I171I172I173I174I175I176I177I178I179I180I181I182I183I184I185I186I187I188I189I190FK13FK14FK15FK16FK17FK18

/var/lib/AccountsService/users/gdm.E610Z2

Download File

Process:	/usr/lib/accountsservice/accounts-daemon
File Type:	ASCII text
Category:	dropped
Size (bytes):	61
Entropy (8bit):	4.66214589518167
Encrypted:	false
SSDEEP:	3:urzMQvNT+PzKLrAan4R8AKn:gzMQIzKLrAa4M
MD5:	542BA3FB41206AE43928AF1C5E61FEBC
SHA1:	F56F574DAF50D609526B36B5B54FDD59EA4D6A26
SHA-256:	730D9509D4EAA7266829A8F5A8CFEBA6BBDDD5873FC2BD580AD464F4A237E11A
SHA-512:	D774B8F191A5C65228D1B3CA1181701CFCD07A3D91C5571B0DDF32AD3E241C2D7BDFC0697AB97DC10441EF9CDC8AEE5B19BC34E13E5C8B0B91AD06EEF42F5AEA
Malicious:	false
Preview:	[User].XSession=.Icon=/var/lib/gdm3/.face.SystemAccount=true.

/var/lib/AccountsService/users/gdm.ZSQTZ2

Download File

Process:	/usr/lib/accountsservice/accounts-daemon
File Type:	ASCII text
Category:	dropped
Size (bytes):	61
Entropy (8bit):	4.66214589518167
Encrypted:	false
SSDEEP:	3:urzMQvNT+PzKLrAan4R8AKn:gzMQIzKLrAa4M
MD5:	542BA3FB41206AE43928AF1C5E61FEBC
SHA1:	F56F574DAF50D609526B36B5B54FDD59EA4D6A26
SHA-256:	730D9509D4EAA7266829A8F5A8CFEBA6BBDDD5873FC2BD580AD464F4A237E11A
SHA-512:	D774B8F191A5C65228D1B3CA1181701CFCD07A3D91C5571B0DDF32AD3E241C2D7BDFC0697AB97DC10441EF9CDC8AEE5B19BC34E13E5C8B0B91AD06EEF42F5AEA
Malicious:	false
Preview:	[User].XSession=.Icon=/var/lib/gdm3/.face.SystemAccount=true.

/var/lib/gdm3/.config/ibus/bus/ee49dfd4fa47433baee88884e2d7de7c-unix-0

Download File

Process:	/usr/bin/ibus-daemon
File Type:	ASCII text
Category:	dropped
Size (bytes):	381
Entropy (8bit):	5.08050678891458
Encrypted:	false
SSDEEP:	6:SbF4b2sONeZVkSoQ65EfqFFAU+qmnQT23msRvkTFacecf8h/zKLGWWQJCPuHeSag:q5sU3LWfLUDmQymqSFbfomSfPu+SafI
MD5:	1A72402779F2829858F0CDD9EEF85F56
SHA1:	3C0384243003EED43396CBB205CD2E09D0698BC2
SHA-256:	C73B0E5CAF653AC0029ABFD38D6F5CAB006A1ACBD014D311ED8D0A99DC352535
SHA-512:	5836379C98AE3FD369CF49C91BDE94CA865E3163B676DE5342A49E91C6CA1C28E95D1EAD85B8E81D2128CC9F6C6EA9B788640113052EC69114184BC8F9557582
Malicious:	false
Preview:	# This file is created by ibus-daemon, please do not modify it..# This file allows processes on the machine to find the.# ibus session bus with the below address..# If the IBUS_ADDRESS environment variable is set, it will.# be used rather than this file..IBUS_ADDRESS=unix:abstract=/var/lib/gdm3/.cache/ibus/dbus-gfAqasuG,guid=26e615ae0e0efbbf5afb7dc7677c744a.IBUS_DAEMON_PID=6357.

/var/lib/gdm3/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-sink

Download File

Process:	/usr/bin/pulseaudio
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:v:v
MD5:	68B329DA9893E34099C7D8AD5CB9C940
SHA1:	ADC83B19E793491B1C6EA0FD8B46CD9F32E592FC
SHA-256:	01BA4719C80B6FE911B091A7C05124B64EEECE964E09C058EF8F9805DACA546B
SHA-512:	BE688838CA8686E5C90689BF2AB585CEF1137C999B48C70B92F67A5C34DC15697B5D11C982ED6D71BE1E1E7F7B4E0733884AA97C3F7A339A8ED03577CF74BE09
Malicious:	false
Preview:	.

/var/lib/gdm3/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-source

Download File

Process:	/usr/bin/pulseaudio
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:v:v
MD5:	68B329DA9893E34099C7D8AD5CB9C940
SHA1:	ADC83B19E793491B1C6EA0FD8B46CD9F32E592FC
SHA-256:	01BA4719C80B6FE911B091A7C05124B64EEECE964E09C058EF8F9805DACA546B
SHA-512:	BE688838CA8686E5C90689BF2AB585CEF1137C999B48C70B92F67A5C34DC15697B5D11C982ED6D71BE1E1E7F7B4E0733884AA97C3F7A339A8ED03577CF74BE09
Malicious:	false
Preview:	.

/var/lib/ubuntu-drivers-common/last_gfx_boot

Download File

Process:	/usr/bin/gpu-manager
File Type:	ASCII text
Category:	dropped
Size (bytes):	25
Entropy (8bit):	2.7550849518197795
Encrypted:	false
SSDEEP:	3:JoT/V9fDVbn:M/V3n
MD5:	078760523943E160756979906B85FB5E
SHA1:	0962643266F4C5537F7D125046F28F21D6DD0C89
SHA-256:	048416AC7A9A99690B8B53718CD39F32F637B55CC8DD8E67E58E5AEF060DD41C
SHA-512:	DEFAAE8F8B54C61A716A0B0B4884358FEB8EB44DFEA01AAA5A687FDA7182792B7DEBB34AA840672EB3B40EB59FD0186749E08E47D181786C7FAA8C8F73F0104D
Malicious:	false
Preview:	15ad:0405;0000:00:0f:0;1.

/var/log/Xorg.0.log

Download File

Process:	/usr/lib/xorg/Xorg
File Type:	JSON data
Category:	dropped
Size (bytes):	41347
Entropy (8bit):	5.27651984065863
Encrypted:	false
SSDEEP:	384:kcw5vyPmx8qoMadjd2dpVdIdpdldId7dwdadYdEdIdQdqdZgdnd6dvd6d7JdB/dg:n4vJZPTspURTMBEKbIZjPLQhbp
MD5:	CB7A95DB344A48C12F6E88C9D027456A
SHA1:	C7744FD1850A5C2873AC1BDF0486147B70722C79
SHA-256:	4C86CAA298547650A1C64BCCE8CEBC398FA04518E46CA57EF309D53E85D76BCC
SHA-512:	5FF92A7DCE46BBE0DFB35797A23C717536CBCD1FB8944643B084E14501D5B8B648A47D95E63F3BF8B79AF65196843E0E1CE3A8EE2FAAB14BF7444C294142C94E
Malicious:	false
Preview:	[ 207.009] (--) Log file renamed from "/var/log/Xorg.pid-6169.log" to "/var/log/Xorg.0.log".[ 207.034] .X.Org X Server 1.20.11.X Protocol Version 11, Revision 0.[ 207.047] Build Operating System: linux Ubuntu.[ 207.055] Current Operating System: Linux galassia 5.4.0-72-generic #80-Ubuntu SMP Mon Apr 12 17:35:00 UTC 2021 x86_64.[ 207.061] Kernel command line: Patched by Joe: BOOT_IMAGE=/vmlinuz-5.4.0-72-generic root=/dev/mapper/ubuntu--vg-ubuntu--lv ro maybe-ubiquity.[ 207.078] Build Date: 06 July 2021 10:17:51AM.[ 207.084] xorg-server 2:1.20.11-1ubuntu1~20.04.2 (For technical support please see http://www.ubuntu.com/support) .[ 207.090] Current version of pixman: 0.38.4.[ 207.099] .Before reporting problems, check http://wiki.x.org..to make sure that you have the latest version..[ 207.114] Markers: (--) probed, (**) from config file, (==) default setting,..(++) from command line, (!!) notice, (II) informational,..(WW) warning, (EE) error, (NI) not implemented, (??)

/var/log/auth.log

Download File

Process:	/usr/sbin/rsyslogd
File Type:	ASCII text
Category:	dropped
Size (bytes):	2210
Entropy (8bit):	4.996009789043484
Encrypted:	false
SSDEEP:	24:AZ4IdZedzZXzP2AvNA2+VajfAFd+fU2IdcXju1NurrboQ5rCQ2rCQU:zvSfVafG+ftnzrrboorCjrCn
MD5:	ED65D23AD70A55D582CA6FA40A098961
SHA1:	890DB01940AB7CDD8BFB8DDE839087947592A429
SHA-256:	81ADFB16F74C68C669559D892C259450F7676B2A3DF215CE8485FE9462496C89
SHA-512:	158CBAFA554FD6851D9C51867664760E2AE2979C8F8A535C2C3A114421B4285ACBDE70E7F118632FA9EA408B026DAA48B1EBBA804B724666D339E7CFAB4130F0
Malicious:	false
Preview:	Jan 6 18:23:54 galassia systemd-logind[6027]: Failed to add user by file name 127, ignoring: Invalid argument.Jan 6 18:23:54 galassia systemd-logind[6027]: Failed to add user by file name 1000, ignoring: Invalid argument.Jan 6 18:23:54 galassia systemd-logind[6027]: User enumeration failed: Invalid argument.Jan 6 18:23:54 galassia systemd-logind[6027]: User of session c2 not known..Jan 6 18:23:54 galassia systemd-logind[6027]: User of session 2 not known..Jan 6 18:23:54 galassia systemd-logind[6027]: Session enumeration failed: No such file or directory.Jan 6 18:23:54 galassia systemd-logind[6027]: Watching system buttons on /dev/input/event0 (Power Button).Jan 6 18:23:54 galassia systemd-logind[6027]: Watching system buttons on /dev/input/event1 (AT Translated Set 2 keyboard).Jan 6 18:23:54 galassia systemd-logind[6027]: New seat seat0..Jan 6 18:24:06 galassia gdm-launch-environment]: pam_unix(gdm-launch-environment:session): session opened for user gdm by (uid=0).Jan 6 18:

/var/log/gpu-manager.log

Download File

Process:	/usr/bin/gpu-manager
File Type:	ASCII text
Category:	dropped
Size (bytes):	1371
Entropy (8bit):	4.8296848499188485
Encrypted:	false
SSDEEP:	24:wPXXX9uV6BNu3WDF3GF3XFFxFFed2uk2HUvJlfWkpPpx7uvvAdow9555cJz:wPXXXe6vejpeC2HUR5WkpPpcvAdow95O
MD5:	3AF77E630DA00B3BE24F4E8AA5D78B13
SHA1:	BCF2D99E002F6DE2413A183227B011CFBEF5673D
SHA-256:	EB1CBBA20845237B4409274D693FEAE13F835274DA3337B7A9D14F4D7FDF9DEA
SHA-512:	8524B1E8A761F962B32F396812099B9B0B2DCF3C9FCA8605424753CFCFF4DC67EDC5EE1D8C91B9C0ED7FAE6BB1E752898B8D514B7C421D1839D6FEDA609C593C
Malicious:	false
Preview:	log_file: /var/log/gpu-manager.log.last_boot_file: /var/lib/ubuntu-drivers-common/last_gfx_boot.new_boot_file: /var/lib/ubuntu-drivers-common/last_gfx_boot.can't access /run/u-d-c-nvidia-was-loaded file.can't get module info via kmodcan't access /opt/amdgpu-pro/bin/amdgpu-pro-px.Looking for nvidia modules in /lib/modules/5.4.0-72-generic/kernel.Looking for nvidia modules in /lib/modules/5.4.0-72-generic/updates/dkms.Looking for amdgpu modules in /lib/modules/5.4.0-72-generic/kernel.Looking for amdgpu modules in /lib/modules/5.4.0-72-generic/updates/dkms.Is nvidia loaded? no.Was nvidia unloaded? no.Is nvidia blacklisted? no.Is intel loaded? no.Is radeon loaded? no.Is radeon blacklisted? no.Is amdgpu loaded? no.Is amdgpu blacklisted? no.Is amdgpu versioned? no.Is amdgpu pro stack? no.Is nouveau loaded? no.Is nouveau blacklisted? no.Is nvidia kernel module available? no.Is amdgpu kernel module available? no.Vendor/Device Id: 15ad:405.BusID "PCI:0@0:15:0".Is boot vga? yes.Error: can't acce

/var/log/journal/ee49dfd4fa47433baee88884e2d7de7c/system.journal

Download File

Process:	/lib/systemd/systemd-journald
File Type:	data
Category:	dropped
Size (bytes):	240
Entropy (8bit):	1.459526019450492
Encrypted:	false
SSDEEP:	3:F31HleyMh4yMhh:F3PM
MD5:	E5855F33BAD9ECF6DABBD33176B8E6A0
SHA1:	A904A4F9DB95EFB80A44D2FC852A0F15008E1B03
SHA-256:	443F06CDB67A51A892F1811B3A9596ECC86B7556B569240E0FF65558FD9337F8
SHA-512:	B7671C501957322367C2D30F1FAAF52B2DCC5412280F0098B992D85764B88D1D026A0448F01E48EEF65DB1D0C709E18B31F9DA7FA4E0C7B9752A6D13089C5579
Malicious:	false
Preview:	LPKSHHRH......................J....+.......................................J....+.........................................................................................................................................................

/var/log/journal/ee49dfd4fa47433baee88884e2d7de7c/user-1000.journal

Download File

Process:	/lib/systemd/systemd-journald
File Type:	data
Category:	dropped
Size (bytes):	240
Entropy (8bit):	1.4428593527838256
Encrypted:	false
SSDEEP:	3:F31HlPR/cTgtR/cTgb/:F3Zr7r
MD5:	9953EA1B9B38906AAD46940C2AA0ED92
SHA1:	22FA5791046C6EF748C711E1861FBD67521F8A1B
SHA-256:	D0D35DED34CE962057E00919A78AF1DE2CF39D6BCB7C9322D15056ACF767A5DC
SHA-512:	D5F1158C120E75C7A9D11D33EF8B82C8B639FC0B3F49187A89DB72D71E43A3D55F802397A6D64155D75B5BC7EFE7FE83E212DB387A84DF388BFB1494C68DB355
Malicious:	false
Preview:	LPKSHHRH................%o...D..o.,6.................................%o...D..o.,6.........................................................................................................................................................

/var/log/kern.log

Download File

Process:	/usr/sbin/rsyslogd
File Type:	ASCII text
Category:	dropped
Size (bytes):	41855
Entropy (8bit):	4.686624783657465
Encrypted:	false
SSDEEP:	384:DwB9qFVGV8DkfJWdcGp5wdr70hrYQqnUpVI:NdEdr70hrYZUpm
MD5:	27E4D3DB6A61020C2C7C163BBD8B4451
SHA1:	015E8540947C2035164071B48A0C7804DA93B511
SHA-256:	BA232DCBD86D48D592D75A580B63DC457225F2AA03ABF7966D688E56926CDD5E
SHA-512:	8F6A2E6300E508AF108EA8483293EB038A616139DE7849BAC1800AA9C7589FE833C10E0E652D69B0B5A5A172D4EB5EB438621EEC76157346E6D5A5BEA09E6999
Malicious:	false
Preview:	Jan 6 18:23:50 galassia kernel: [ 181.634298] blocking signal 19: 5822 -> 3220.Jan 6 18:23:50 galassia kernel: [ 181.859251] blocking signal 9: 5822 -> 658.Jan 6 18:23:50 galassia kernel: [ 181.874149] blocking signal 9: 5822 -> 723.Jan 6 18:23:50 galassia kernel: [ 181.876568] New task spawned: old: (tgid 5943, tid 5943), new (tgid: 6023, tid: 6023).Jan 6 18:23:50 galassia kernel: [ 181.889956] blocking signal 9: 5822 -> 764.Jan 6 18:23:50 galassia kernel: [ 181.903779] blocking signal 9: 5822 -> 766.Jan 6 18:23:50 galassia kernel: [ 181.915353] New task spawned: old: (tgid 6023, tid 6023), new (tgid: 6024, tid: 6024).Jan 6 18:23:50 galassia kernel: [ 181.917260] blocking signal 9: 5822 -> 777.Jan 6 18:23:50 galassia kernel: [ 181.932052] blocking signal 9: 5822 -> 933.Jan 6 18:23:50 galassia kernel: [ 181.946655] blocking signal 9: 5822 -> 1431.Jan 6 18:23:50 galassia kernel: [ 181.961195] blocking signal 9: 5822 -> 1432.Jan 6 18:23:50 galassia kernel: [ 181.9

/var/log/syslog

Download File

Process:	/usr/sbin/rsyslogd
File Type:	ASCII text
Category:	dropped
Size (bytes):	156440
Entropy (8bit):	5.184614175143752
Encrypted:	false
SSDEEP:	768:tiWpVbHkYWMfb1sJMbub3P3r3FdyW4fHLMoideYm87qBlPY/iq2KLDFu31Rfcw2W:8heA7XR/LAkwszdr70hrZhpRZ
MD5:	D3C79CC7B39B1CBB1DA81C8929ED3B19
SHA1:	E47AE200D8845766FAD0B262E81003598FA6E573
SHA-256:	9DAF1E48B390AD93484790BA6F2AF3F3293A7528DB106D37626604A09FA3A6F5
SHA-512:	FC3B37197A68E777BD8FAD1FB87EC45556D8C763320B378703561567A71121E598BEC377CB20B9A7E74FC906B04230FA8BC0B70EDD3B3AB7176B3AB7BE758258
Malicious:	false
Preview:	Jan 6 18:23:50 galassia kernel: [ 181.634298] blocking signal 19: 5822 -> 3220.Jan 6 18:23:50 galassia kernel: [ 181.842370] systemd[1]: systemd-journald.service: Scheduled restart job, restart counter is at 1..Jan 6 18:23:50 galassia kernel: [ 181.842820] systemd[1]: Stopping Flush Journal to Persistent Storage....Jan 6 18:23:50 galassia kernel: [ 181.859251] blocking signal 9: 5822 -> 658.Jan 6 18:23:50 galassia kernel: [ 181.874149] blocking signal 9: 5822 -> 723.Jan 6 18:23:50 galassia kernel: [ 181.876568] New task spawned: old: (tgid 5943, tid 5943), new (tgid: 6023, tid: 6023).Jan 6 18:23:50 galassia kernel: [ 181.889956] blocking signal 9: 5822 -> 764.Jan 6 18:23:50 galassia kernel: [ 181.903779] blocking signal 9: 5822 -> 766.Jan 6 18:23:50 galassia kernel: [ 181.915353] New task spawned: old: (tgid 6023, tid 6023), new (tgid: 6024, tid: 6024).Jan 6 18:23:50 galassia kernel: [ 181.917260] blocking signal 9: 5822 -> 777.Jan 6 18:23:50 galassia kernel: [ 18

/var/log/wtmp

Download File

Process:	/sbin/agetty
File Type:	data
Category:	dropped
Size (bytes):	384
Entropy (8bit):	0.6667178117422345
Encrypted:	false
SSDEEP:	3:Nc1sXlXEWtl/rwanrX:Nv+ylj3nr
MD5:	D23DFE2D3D92A4947C0EF7E60F6819ED
SHA1:	6C99D81DF3B12E22F1F36051D1E3BC55A989B26A
SHA-256:	A4A454A577B7E92A81130BF0E2AE001F1912BD7EF65FC162ACDAA7DD59545E4E
SHA-512:	20027DF37F8752BA352EE2A7D048D2947B0504256A5DE779BD6AF8B69F31F41FEA1474848A2ACD7BAC4454ADD9B951540818CD9CC818825FC17EE6C3D80A7CEF
Malicious:	true
Preview:	....5...tty2.tty2.......................tty2LOGIN...............................................................................................................................................................................................................................................................................................5....t\|gn.......................................

Static File Info

General

File type:	ELF 32-bit LSB executable, Renesas SH, version 1 (SYSV), statically linked, stripped
Entropy (8bit):	6.261521711285425
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	wrjkngh4.elf
File size:	129'828 bytes
MD5:	ba0dff6489cdd0b797968fe5e7d4dba1
SHA1:	84e6f3cbf9c7be24def18289c8600fc52f83a52e
SHA256:	b6d784ecc666b8316490eaffc564e994685f2b52f3516734ca8fe665c82c0c35
SHA512:	ef2c8d3cfeb2d0bead7cc09c1ade6b642b916b73830af9fedd68553e81aa82917b74dc995f02df18feaac6c9a344e4e91fbc4c0bc58e5baca769007534798237
SSDEEP:	1536:ZaR9eGSwWGZYB/zcCsKDdRiJFlyLdNcavWGClskkbeUXCVSiu:ZO9eGfWGZYB/4KDclyLPDvWDlsxbXF
TLSH:	80C36B73CC696F98D628D1B4B0748F791B93D91681874FBE1967C2788083E8DF6463B8
File Content Preview:	.ELF.....................@.4...l.......4. ...(...............@...@...........................B...B.(I..............Q.td............................././"O.n........#.@........#.*@.....o&O.n...l..............................././.../.a"O.!...n...a.b("...q.

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	<unknown>
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x4001a0
Flags:	0x9
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	129388
Section Header Size:	40
Number of Section Headers:	11
Header String Table Index:	10

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x400094	0x94	0x30	0x0	0x6	AX	4
.text	PROGBITS	0x4000e0	0xe0	0x181c0	0x0	0x6	AX	32
.fini	PROGBITS	0x4182a0	0x182a0	0x24	0x0	0x6	AX	4
.rodata	PROGBITS	0x4182c4	0x182c4	0x2af8	0x0	0x2	A	4
.ctors	PROGBITS	0x42b000	0x1b000	0xc	0x0	0x3	WA	4
.dtors	PROGBITS	0x42b00c	0x1b00c	0x8	0x0	0x3	WA	4
.data	PROGBITS	0x42b020	0x1b020	0x48f4	0x0	0x3	WA	32
.got	PROGBITS	0x42f914	0x1f914	0x14	0x4	0x3	WA	4
.bss	NOBITS	0x42f928	0x1f928	0x4580	0x0	0x3	WA	4
.shstrtab	STRTAB	0x0	0x1f928	0x43	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x400000	0x400000	0x1adbc	0x1adbc	6.8929	0x5	R E	0x10000	.init .text .fini .rodata
LOAD	0x1b000	0x42b000	0x42b000	0x4928	0x8ea8	0.4284	0x6	RW	0x10000	.ctors .dtors .data .got .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x7	RWE	0x4

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 7, 2025 01:23:42.676836014 CET	39064	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:23:42.681688070 CET	33966	39064	178.215.238.112	192.168.2.15
Jan 7, 2025 01:23:42.681730032 CET	39064	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:23:42.684066057 CET	39064	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:23:42.688880920 CET	33966	39064	178.215.238.112	192.168.2.15
Jan 7, 2025 01:23:42.688934088 CET	39064	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:23:42.693743944 CET	33966	39064	178.215.238.112	192.168.2.15
Jan 7, 2025 01:23:43.168872118 CET	37436	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:43.173949957 CET	7733	37436	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:43.174010038 CET	37436	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:43.175662994 CET	37436	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:43.180430889 CET	7733	37436	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:43.314349890 CET	33966	39064	178.215.238.112	192.168.2.15
Jan 7, 2025 01:23:43.314410925 CET	39064	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:23:43.314570904 CET	39064	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:23:43.408730030 CET	39068	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:23:43.413487911 CET	33966	39068	178.215.238.112	192.168.2.15
Jan 7, 2025 01:23:43.413557053 CET	39068	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:23:43.415628910 CET	39068	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:23:43.420412064 CET	33966	39068	178.215.238.112	192.168.2.15
Jan 7, 2025 01:23:43.420454979 CET	39068	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:23:43.425296068 CET	33966	39068	178.215.238.112	192.168.2.15
Jan 7, 2025 01:23:43.505125046 CET	37440	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:43.509941101 CET	7733	37440	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:43.510003090 CET	37440	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:43.511217117 CET	37440	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:43.516020060 CET	7733	37440	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:43.869931936 CET	37442	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:43.874752045 CET	7733	37442	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:43.874813080 CET	37442	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:43.876096010 CET	37442	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:43.877985954 CET	37444	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:43.880871058 CET	7733	37442	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:43.882797003 CET	7733	37444	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:43.882855892 CET	37444	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:43.884213924 CET	37444	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:43.887511969 CET	37446	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:43.889029980 CET	7733	37444	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:43.892365932 CET	7733	37446	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:43.892426968 CET	37446	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:43.893661022 CET	37446	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:43.895663977 CET	37448	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:43.898463011 CET	7733	37446	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:43.900511026 CET	7733	37448	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:43.900561094 CET	37448	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:43.901792049 CET	37448	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:43.904697895 CET	37450	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:43.906569958 CET	7733	37448	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:43.909542084 CET	7733	37450	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:43.909605980 CET	37450	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:43.910736084 CET	37450	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:43.915546894 CET	7733	37450	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:43.966948032 CET	37452	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:43.972435951 CET	7733	37452	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:43.978184938 CET	37452	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:44.022181034 CET	37452	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:44.026992083 CET	7733	37452	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:44.066760063 CET	33966	39068	178.215.238.112	192.168.2.15
Jan 7, 2025 01:23:44.066884041 CET	39068	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:23:44.066884041 CET	39068	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:23:44.092792034 CET	37454	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:44.097603083 CET	7733	37454	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:44.098244905 CET	37454	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:44.124660969 CET	37454	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:44.129522085 CET	7733	37454	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:44.160056114 CET	37456	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:44.164851904 CET	7733	37456	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:44.165230989 CET	37456	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:44.167085886 CET	37456	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:44.171873093 CET	7733	37456	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:44.176400900 CET	37458	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:44.181236982 CET	7733	37458	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:44.181282997 CET	37458	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:44.183418989 CET	37458	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:44.186404943 CET	37460	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:44.188204050 CET	7733	37458	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:44.191245079 CET	7733	37460	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:44.191339970 CET	37460	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:44.193099022 CET	37460	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:44.197514057 CET	37462	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:44.197935104 CET	7733	37460	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:44.202318907 CET	7733	37462	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:44.202372074 CET	37462	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:44.204142094 CET	37462	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:44.208056927 CET	37464	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:44.208966970 CET	7733	37462	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:44.213136911 CET	7733	37464	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:44.213182926 CET	37464	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:44.215645075 CET	37464	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:44.218678951 CET	37466	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:44.220380068 CET	7733	37464	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:44.222589970 CET	39098	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:23:44.223519087 CET	7733	37466	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:44.223556042 CET	37466	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:44.225281954 CET	37466	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:44.227430105 CET	33966	39098	178.215.238.112	192.168.2.15
Jan 7, 2025 01:23:44.227485895 CET	39098	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:23:44.230093002 CET	7733	37466	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:44.269836903 CET	37472	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:44.270456076 CET	39098	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:23:44.274648905 CET	7733	37472	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:44.274712086 CET	37472	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:44.275305986 CET	33966	39098	178.215.238.112	192.168.2.15
Jan 7, 2025 01:23:44.275350094 CET	39098	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:23:44.280153036 CET	33966	39098	178.215.238.112	192.168.2.15
Jan 7, 2025 01:23:44.283724070 CET	37472	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:44.288512945 CET	7733	37472	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:44.294020891 CET	37474	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:44.298856020 CET	7733	37474	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:44.298933983 CET	37474	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:44.305058956 CET	37474	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:44.309869051 CET	7733	37474	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:44.314959049 CET	37476	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:44.319780111 CET	7733	37476	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:44.319837093 CET	37476	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:44.326091051 CET	37476	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:44.331370115 CET	7733	37476	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:44.341681004 CET	37478	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:44.346537113 CET	7733	37478	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:44.346607924 CET	37478	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:44.353044987 CET	37478	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:44.357886076 CET	7733	37478	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:44.364101887 CET	37480	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:44.368912935 CET	7733	37480	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:44.368962049 CET	37480	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:44.375128031 CET	37480	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:44.379955053 CET	7733	37480	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:44.395407915 CET	37482	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:44.400299072 CET	7733	37482	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:44.400357008 CET	37482	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:44.406039953 CET	37482	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:44.410850048 CET	7733	37482	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:44.419552088 CET	37484	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:44.424452066 CET	7733	37484	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:44.424496889 CET	37484	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:44.428776026 CET	37484	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:44.435564995 CET	37486	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:44.644098997 CET	37484	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:44.652561903 CET	7733	37484	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:44.652575970 CET	7733	37486	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:44.652585030 CET	7733	37484	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:44.652621984 CET	37486	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:44.655170918 CET	37486	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:44.660034895 CET	7733	37486	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:44.660455942 CET	37488	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:44.665290117 CET	7733	37488	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:44.665350914 CET	37488	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:44.667748928 CET	37488	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:44.672561884 CET	7733	37488	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:44.850914955 CET	33966	39098	178.215.238.112	192.168.2.15
Jan 7, 2025 01:23:44.850967884 CET	39098	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:23:44.850990057 CET	39098	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:23:44.954252005 CET	39120	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:23:44.959037066 CET	33966	39120	178.215.238.112	192.168.2.15
Jan 7, 2025 01:23:44.959119081 CET	39120	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:23:44.962543011 CET	39120	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:23:44.967318058 CET	33966	39120	178.215.238.112	192.168.2.15
Jan 7, 2025 01:23:44.967382908 CET	39120	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:23:44.972228050 CET	33966	39120	178.215.238.112	192.168.2.15
Jan 7, 2025 01:23:45.603296995 CET	33966	39120	178.215.238.112	192.168.2.15
Jan 7, 2025 01:23:45.603403091 CET	39120	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:23:45.603403091 CET	39120	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:23:45.767255068 CET	39122	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:23:45.772056103 CET	33966	39122	178.215.238.112	192.168.2.15
Jan 7, 2025 01:23:45.772108078 CET	39122	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:23:45.774775982 CET	39122	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:23:45.779618025 CET	33966	39122	178.215.238.112	192.168.2.15
Jan 7, 2025 01:23:45.779747009 CET	39122	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:23:45.784595013 CET	33966	39122	178.215.238.112	192.168.2.15
Jan 7, 2025 01:23:46.395968914 CET	33966	39122	178.215.238.112	192.168.2.15
Jan 7, 2025 01:23:46.396035910 CET	39122	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:23:46.396081924 CET	39122	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:23:46.492563009 CET	39124	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:23:46.497395039 CET	33966	39124	178.215.238.112	192.168.2.15
Jan 7, 2025 01:23:46.497493982 CET	39124	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:23:46.499938011 CET	39124	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:23:46.504681110 CET	33966	39124	178.215.238.112	192.168.2.15
Jan 7, 2025 01:23:46.504757881 CET	39124	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:23:46.509562969 CET	33966	39124	178.215.238.112	192.168.2.15
Jan 7, 2025 01:23:46.652848005 CET	37496	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:46.657699108 CET	7733	37496	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:46.657752037 CET	37496	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:46.663727045 CET	37496	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:46.668517113 CET	7733	37496	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:46.725131989 CET	37498	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:46.729981899 CET	7733	37498	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:46.730134010 CET	37498	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:46.735440969 CET	37498	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:46.740231037 CET	7733	37498	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:46.767481089 CET	37500	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:46.772331953 CET	7733	37500	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:46.772397041 CET	37500	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:46.776185989 CET	37500	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:46.780946970 CET	7733	37500	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:46.795651913 CET	37502	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:46.800506115 CET	7733	37502	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:46.800590992 CET	37502	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:46.803781986 CET	37502	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:46.808573008 CET	7733	37502	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:46.835066080 CET	37504	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:46.839898109 CET	7733	37504	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:46.839957952 CET	37504	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:46.841378927 CET	37504	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:46.843661070 CET	37506	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:46.846210957 CET	7733	37504	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:46.848495007 CET	7733	37506	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:46.848551989 CET	37506	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:46.849845886 CET	37506	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:46.851854086 CET	37508	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:46.854648113 CET	7733	37506	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:46.856699944 CET	7733	37508	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:46.860196114 CET	37508	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:46.862087011 CET	37508	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:46.864160061 CET	37510	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:46.866859913 CET	7733	37508	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:46.868972063 CET	7733	37510	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:46.869035959 CET	37510	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:46.870342016 CET	37510	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:46.872977972 CET	37512	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:46.875144958 CET	7733	37510	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:46.877845049 CET	7733	37512	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:46.877897978 CET	37512	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:46.879163027 CET	37512	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:46.883371115 CET	37514	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:46.883970976 CET	7733	37512	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:46.888145924 CET	7733	37514	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:46.888191938 CET	37514	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:46.889411926 CET	37514	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:46.891686916 CET	37516	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:46.894188881 CET	7733	37514	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:46.896473885 CET	7733	37516	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:46.896526098 CET	37516	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:46.897823095 CET	37516	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:46.899859905 CET	37518	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:46.902625084 CET	7733	37516	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:46.904692888 CET	7733	37518	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:46.904751062 CET	37518	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:46.905977964 CET	37518	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:46.908204079 CET	37520	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:46.910737991 CET	7733	37518	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:46.913029909 CET	7733	37520	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:46.913158894 CET	37520	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:46.914402008 CET	37520	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:46.916960001 CET	37522	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:46.919214010 CET	7733	37520	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:46.921804905 CET	7733	37522	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:46.921870947 CET	37522	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:46.923338890 CET	37522	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:46.925607920 CET	37524	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:46.928073883 CET	7733	37522	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:46.930385113 CET	7733	37524	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:46.930463076 CET	37524	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:46.932436943 CET	37524	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:46.935605049 CET	37526	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:46.937225103 CET	7733	37524	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:46.940488100 CET	7733	37526	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:46.940535069 CET	37526	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:46.942194939 CET	37526	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:46.944325924 CET	37528	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:46.946971893 CET	7733	37526	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:46.949090004 CET	7733	37528	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:46.949136019 CET	37528	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:46.950440884 CET	37528	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:46.953236103 CET	37530	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:46.955159903 CET	7733	37528	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:46.957978010 CET	7733	37530	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:46.958034039 CET	37530	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:46.959245920 CET	37530	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:46.961529970 CET	37532	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:46.964061022 CET	7733	37530	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:46.966274977 CET	7733	37532	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:46.966335058 CET	37532	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:46.968158007 CET	37532	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:46.971541882 CET	37534	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:46.972974062 CET	7733	37532	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:46.976372004 CET	7733	37534	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:46.976417065 CET	37534	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:46.977773905 CET	37534	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:46.979948997 CET	37536	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:46.982589006 CET	7733	37534	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:46.984791994 CET	7733	37536	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:46.984870911 CET	37536	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:46.986211061 CET	37536	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:46.988693953 CET	37538	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:46.990988016 CET	7733	37536	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:46.993434906 CET	7733	37538	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:46.993505955 CET	37538	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:46.994807005 CET	37538	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:46.998022079 CET	37540	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:46.999562979 CET	7733	37538	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.002774000 CET	7733	37540	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.002826929 CET	37540	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.004215002 CET	37540	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.006372929 CET	37542	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.009013891 CET	7733	37540	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.011193037 CET	7733	37542	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.011236906 CET	37542	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.013226986 CET	37542	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.016207933 CET	37544	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.018038988 CET	7733	37542	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.020998001 CET	7733	37544	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.021044016 CET	37544	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.022269964 CET	37544	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.025074005 CET	37546	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.027076006 CET	7733	37544	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.030220032 CET	7733	37546	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.030280113 CET	37546	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.031527996 CET	37546	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.033564091 CET	37548	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.036349058 CET	7733	37546	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.038395882 CET	7733	37548	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.038438082 CET	37548	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.040257931 CET	37548	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.043600082 CET	37550	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.045041084 CET	7733	37548	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.048444986 CET	7733	37550	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.048546076 CET	37550	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.049992085 CET	37550	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.052099943 CET	37552	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.054771900 CET	7733	37550	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.056955099 CET	7733	37552	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.056999922 CET	37552	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.058350086 CET	37552	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.061187029 CET	37554	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.063159943 CET	7733	37552	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.066024065 CET	7733	37554	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.066090107 CET	37554	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.067553043 CET	37554	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.069668055 CET	37556	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.072370052 CET	7733	37554	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.074557066 CET	7733	37556	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.074614048 CET	37556	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.076531887 CET	37556	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.079684973 CET	37558	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.081295967 CET	7733	37556	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.084572077 CET	7733	37558	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.084621906 CET	37558	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.085897923 CET	37558	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.090655088 CET	7733	37558	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.104414940 CET	37560	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.109236002 CET	7733	37560	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.109298944 CET	37560	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.110639095 CET	37560	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.115830898 CET	7733	37560	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.117713928 CET	37562	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.123008966 CET	7733	37562	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.123065948 CET	37562	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.125042915 CET	37562	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.128422022 CET	33966	39124	178.215.238.112	192.168.2.15
Jan 7, 2025 01:23:47.128528118 CET	39124	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:23:47.128528118 CET	39124	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:23:47.129913092 CET	7733	37562	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.139816046 CET	37564	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.144613028 CET	7733	37564	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.144654036 CET	37564	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.146425009 CET	37564	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.149188042 CET	37566	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.151191950 CET	7733	37564	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.153970957 CET	7733	37566	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.154027939 CET	37566	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.155292988 CET	37566	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.157434940 CET	37568	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.160094976 CET	7733	37566	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.162158966 CET	7733	37568	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.162209988 CET	37568	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.164089918 CET	37568	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.168272018 CET	37570	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.168804884 CET	7733	37568	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.173105955 CET	7733	37570	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.173150063 CET	37570	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.174496889 CET	37570	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.177696943 CET	37572	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.179328918 CET	7733	37570	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.182502031 CET	7733	37572	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.182547092 CET	37572	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.185833931 CET	37572	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.189896107 CET	37574	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.190640926 CET	7733	37572	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.194642067 CET	7733	37574	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.194714069 CET	37574	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.196019888 CET	37574	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.198211908 CET	37576	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.200825930 CET	7733	37574	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.203418016 CET	7733	37576	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.203475952 CET	37576	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.205404997 CET	37576	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.206984997 CET	39208	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:23:47.209067106 CET	37580	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.211219072 CET	7733	37576	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.212863922 CET	33966	39208	178.215.238.112	192.168.2.15
Jan 7, 2025 01:23:47.212938070 CET	39208	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:23:47.213900089 CET	39208	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:23:47.214569092 CET	7733	37580	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.214627981 CET	37580	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.216069937 CET	37580	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.218182087 CET	37582	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.219556093 CET	33966	39208	178.215.238.112	192.168.2.15
Jan 7, 2025 01:23:47.219599009 CET	39208	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:23:47.220791101 CET	7733	37580	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.222999096 CET	7733	37582	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.223032951 CET	37582	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.224354982 CET	33966	39208	178.215.238.112	192.168.2.15
Jan 7, 2025 01:23:47.225034952 CET	37582	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.227694035 CET	37584	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.229861975 CET	7733	37582	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.232542038 CET	7733	37584	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.232608080 CET	37584	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.234024048 CET	37584	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.236095905 CET	37586	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.238765001 CET	7733	37584	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.240832090 CET	7733	37586	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.240869045 CET	37586	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.242151976 CET	37586	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.245028019 CET	37588	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.246926069 CET	7733	37586	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.249870062 CET	7733	37588	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.249933004 CET	37588	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.251363039 CET	37588	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.253438950 CET	37590	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.256113052 CET	7733	37588	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.258266926 CET	7733	37590	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.258323908 CET	37590	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.260338068 CET	37590	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.263498068 CET	37592	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.265104055 CET	7733	37590	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.268290997 CET	7733	37592	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.268348932 CET	37592	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.269643068 CET	37592	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.271775007 CET	37594	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.274405003 CET	7733	37592	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.276635885 CET	7733	37594	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.276701927 CET	37594	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.278038025 CET	37594	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.280069113 CET	37596	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.282860994 CET	7733	37594	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.284923077 CET	7733	37596	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.284975052 CET	37596	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.286344051 CET	37596	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.288678885 CET	37598	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.291106939 CET	7733	37596	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.293494940 CET	7733	37598	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.293538094 CET	37598	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.294756889 CET	37598	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.297236919 CET	37600	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.299581051 CET	7733	37598	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.302042007 CET	7733	37600	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.302084923 CET	37600	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.303416967 CET	37600	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.305347919 CET	37602	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.308188915 CET	7733	37600	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.310146093 CET	7733	37602	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.310194969 CET	37602	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.312067986 CET	37602	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.315232992 CET	37604	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.316807985 CET	7733	37602	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.320071936 CET	7733	37604	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.320123911 CET	37604	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.321911097 CET	37604	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.323991060 CET	37606	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.326646090 CET	7733	37604	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.328778028 CET	7733	37606	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.328823090 CET	37606	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.330087900 CET	37606	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.332214117 CET	37608	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.334862947 CET	7733	37606	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.337007999 CET	7733	37608	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.337048054 CET	37608	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.338388920 CET	37608	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.340797901 CET	37610	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.343163013 CET	7733	37608	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.345629930 CET	7733	37610	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.345670938 CET	37610	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.347017050 CET	37610	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.350791931 CET	37612	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.351794004 CET	7733	37610	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.355581999 CET	7733	37612	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.355643034 CET	37612	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.356765985 CET	37612	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.358850002 CET	37614	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.361532927 CET	7733	37612	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.363678932 CET	7733	37614	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.363759041 CET	37614	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.365446091 CET	37614	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.367564917 CET	37616	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.370213032 CET	7733	37614	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.372401953 CET	7733	37616	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.372448921 CET	37616	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.373800039 CET	37616	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.375972986 CET	37618	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.378549099 CET	7733	37616	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.380783081 CET	7733	37618	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.380841017 CET	37618	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.382050991 CET	37618	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.384040117 CET	37620	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.386796951 CET	7733	37618	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.388890982 CET	7733	37620	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.388963938 CET	37620	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.390182972 CET	37620	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.392755985 CET	37622	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.394968987 CET	7733	37620	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.397548914 CET	7733	37622	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.397617102 CET	37622	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.398848057 CET	37622	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.403605938 CET	7733	37622	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.405977964 CET	37624	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.410780907 CET	7733	37624	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.410826921 CET	37624	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.412873983 CET	37624	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.417694092 CET	7733	37624	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.429649115 CET	37626	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.434449911 CET	7733	37626	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.434539080 CET	37626	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.436402082 CET	37626	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.441195965 CET	7733	37626	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.544569016 CET	37628	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.549422979 CET	7733	37628	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.549480915 CET	37628	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.550549030 CET	37628	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.555344105 CET	7733	37628	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.567835093 CET	37630	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.572612047 CET	7733	37630	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.573092937 CET	37630	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.575622082 CET	37630	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.580395937 CET	7733	37630	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.603686094 CET	37632	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.608462095 CET	7733	37632	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.608542919 CET	37632	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.612673044 CET	37632	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:47.617456913 CET	7733	37632	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:47.861041069 CET	33966	39208	178.215.238.112	192.168.2.15
Jan 7, 2025 01:23:47.861190081 CET	39208	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:23:47.861190081 CET	39208	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:23:47.983078957 CET	39264	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:23:47.987898111 CET	33966	39264	178.215.238.112	192.168.2.15
Jan 7, 2025 01:23:47.987958908 CET	39264	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:23:47.993041992 CET	39264	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:23:47.997800112 CET	33966	39264	178.215.238.112	192.168.2.15
Jan 7, 2025 01:23:47.997848034 CET	39264	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:23:48.002612114 CET	33966	39264	178.215.238.112	192.168.2.15
Jan 7, 2025 01:23:48.624171019 CET	33966	39264	178.215.238.112	192.168.2.15
Jan 7, 2025 01:23:48.624227047 CET	39264	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:23:48.624294996 CET	39264	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:23:48.725096941 CET	39266	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:23:48.729893923 CET	33966	39266	178.215.238.112	192.168.2.15
Jan 7, 2025 01:23:48.729990005 CET	39266	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:23:48.735008955 CET	39266	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:23:48.739835024 CET	33966	39266	178.215.238.112	192.168.2.15
Jan 7, 2025 01:23:48.739881992 CET	39266	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:23:48.744695902 CET	33966	39266	178.215.238.112	192.168.2.15
Jan 7, 2025 01:23:49.857219934 CET	37638	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:49.862049103 CET	7733	37638	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:49.862123966 CET	37638	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:49.864479065 CET	37638	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:49.869328022 CET	7733	37638	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:49.875231028 CET	37640	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:49.880112886 CET	7733	37640	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:49.880173922 CET	37640	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:49.883469105 CET	37640	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:49.888282061 CET	7733	37640	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:49.890111923 CET	37642	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:49.894972086 CET	7733	37642	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:49.895028114 CET	37642	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:49.898509979 CET	37642	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:49.903325081 CET	7733	37642	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:49.904910088 CET	37644	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:49.909784079 CET	7733	37644	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:49.909842014 CET	37644	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:49.914184093 CET	37644	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:49.918955088 CET	7733	37644	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:49.920249939 CET	37646	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:49.925056934 CET	7733	37646	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:49.925097942 CET	37646	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:49.928550005 CET	37646	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:49.933280945 CET	7733	37646	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:49.933898926 CET	37648	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:49.938729048 CET	7733	37648	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:49.938787937 CET	37648	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:49.942011118 CET	37648	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:49.946830988 CET	7733	37648	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:49.947954893 CET	37650	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:49.952826023 CET	7733	37650	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:49.952941895 CET	37650	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:49.956629992 CET	37650	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:49.961455107 CET	7733	37650	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:49.962941885 CET	37652	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:49.967814922 CET	7733	37652	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:49.967856884 CET	37652	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:49.971297026 CET	37652	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:49.976093054 CET	7733	37652	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:49.977631092 CET	37654	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:49.982455015 CET	7733	37654	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:49.982497931 CET	37654	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:49.985690117 CET	37654	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:49.990499973 CET	7733	37654	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:49.992403030 CET	37656	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:49.997174025 CET	7733	37656	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:49.997226954 CET	37656	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:50.000447035 CET	37656	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:50.005251884 CET	7733	37656	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:50.008622885 CET	37658	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:50.013487101 CET	7733	37658	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:50.013550043 CET	37658	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:50.016423941 CET	37658	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:50.021235943 CET	7733	37658	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:50.021481991 CET	37660	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:50.026308060 CET	7733	37660	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:50.026351929 CET	37660	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:50.030006886 CET	37660	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:50.034830093 CET	7733	37660	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:50.035897017 CET	37662	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:50.040750027 CET	7733	37662	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:50.040786028 CET	37662	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:50.044267893 CET	37662	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:50.049093008 CET	7733	37662	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:50.050746918 CET	37664	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:50.055536985 CET	7733	37664	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:50.055592060 CET	37664	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:50.058923960 CET	37664	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:50.063743114 CET	7733	37664	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:50.065329075 CET	37666	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:50.070118904 CET	7733	37666	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:50.070168018 CET	37666	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:50.073162079 CET	37666	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:50.077981949 CET	7733	37666	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:50.102941036 CET	37668	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:50.107747078 CET	7733	37668	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:50.107798100 CET	37668	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:50.112674952 CET	37668	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:50.117484093 CET	7733	37668	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:50.121572018 CET	37670	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:50.126362085 CET	7733	37670	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:50.126413107 CET	37670	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:50.130264044 CET	37670	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:50.135072947 CET	7733	37670	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:50.136629105 CET	37672	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:50.141465902 CET	7733	37672	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:50.141516924 CET	37672	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:50.145570993 CET	37672	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:50.150361061 CET	7733	37672	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:50.152276039 CET	37674	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:50.157074928 CET	7733	37674	89.190.156.145	192.168.2.15
Jan 7, 2025 01:23:50.157130957 CET	37674	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:50.159914970 CET	37674	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:23:50.164648056 CET	7733	37674	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:04.566561937 CET	7733	37436	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:04.567570925 CET	37436	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:04.895622015 CET	7733	37440	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:04.899557114 CET	37440	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:05.267503023 CET	7733	37446	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:05.267659903 CET	7733	37448	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:05.269382954 CET	7733	37444	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:05.271548986 CET	37444	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:05.271548986 CET	37446	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:05.271549940 CET	37448	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:05.271702051 CET	7733	37442	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:05.275542021 CET	37442	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:05.318265915 CET	7733	37450	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:05.319540024 CET	37450	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:05.346508026 CET	7733	37452	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:05.347532988 CET	37452	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:05.455100060 CET	7733	37454	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:05.455562115 CET	37454	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:05.565399885 CET	7733	37456	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:05.567537069 CET	37456	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:05.568443060 CET	7733	37460	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:05.571543932 CET	37460	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:05.584021091 CET	7733	37462	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:05.585772991 CET	7733	37458	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:05.587527990 CET	37458	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:05.587527990 CET	37462	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:05.596442938 CET	7733	37464	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:05.603537083 CET	37464	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:05.615235090 CET	7733	37466	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:05.619538069 CET	37466	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:05.643460989 CET	7733	37472	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:05.643518925 CET	37472	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:05.689603090 CET	7733	37474	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:05.690136909 CET	7733	37478	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:05.691529036 CET	37474	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:05.691553116 CET	37478	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:05.693226099 CET	7733	37476	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:05.695521116 CET	37476	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:05.740231991 CET	7733	37480	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:05.743524075 CET	37480	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:05.768261909 CET	7733	37482	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:05.771517992 CET	37482	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:06.002053976 CET	7733	37484	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:06.003509998 CET	37484	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:06.016968966 CET	7733	37486	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:06.019511938 CET	37486	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:06.037004948 CET	7733	37488	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:06.039520025 CET	37488	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:08.037163019 CET	7733	37496	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:08.039470911 CET	37496	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:08.128686905 CET	7733	37500	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:08.132627964 CET	7733	37498	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:08.135468960 CET	37500	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:08.135476112 CET	37498	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:08.189506054 CET	7733	37502	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:08.189572096 CET	7733	37504	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:08.191462994 CET	37504	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:08.191497087 CET	37502	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:08.224607944 CET	7733	37506	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:08.227459908 CET	37506	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:08.236427069 CET	7733	37510	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:08.239456892 CET	37510	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:08.251959085 CET	7733	37514	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:08.252039909 CET	7733	37516	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:08.255469084 CET	37516	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:08.255475998 CET	37514	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:08.256225109 CET	7733	37512	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:08.259455919 CET	37512	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:08.271459103 CET	7733	37520	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:08.273408890 CET	7733	37508	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:08.275460005 CET	37520	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:08.275465012 CET	37508	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:08.284085035 CET	7733	37522	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:08.287024021 CET	7733	37518	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:08.287453890 CET	37522	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:08.287455082 CET	37518	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:08.298321962 CET	7733	37524	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:08.299458981 CET	37524	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:08.314470053 CET	7733	37532	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:08.315458059 CET	37532	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:08.331957102 CET	7733	37528	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:08.335449934 CET	37528	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:08.335722923 CET	7733	37530	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:08.339474916 CET	37530	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:08.349536896 CET	7733	37536	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:08.349608898 CET	7733	37526	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:08.351454020 CET	37526	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:08.351469040 CET	37536	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:08.361495972 CET	7733	37534	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:08.363451004 CET	37534	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:08.367042065 CET	7733	37538	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:08.367451906 CET	37538	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:08.376936913 CET	7733	37542	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:08.377012014 CET	7733	37540	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:08.379456997 CET	37540	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:08.379456997 CET	37542	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:08.396486998 CET	7733	37544	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:08.399449110 CET	37544	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:08.412431955 CET	7733	37548	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:08.413079023 CET	7733	37546	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:08.415441036 CET	37548	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:08.415458918 CET	37546	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:08.427717924 CET	7733	37552	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:08.431452036 CET	37552	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:08.440308094 CET	7733	37558	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:08.441421032 CET	7733	37554	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:08.442708969 CET	7733	37556	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:08.443413973 CET	7733	37550	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:08.443450928 CET	37554	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:08.443454981 CET	37556	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:08.443454981 CET	37558	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:08.447489023 CET	37550	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:08.490230083 CET	7733	37560	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:08.491450071 CET	37560	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:08.501893044 CET	7733	37564	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:08.503446102 CET	37564	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:08.517149925 CET	7733	37568	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:08.519450903 CET	37568	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:08.522330999 CET	7733	37562	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:08.523467064 CET	37562	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:08.533176899 CET	7733	37566	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:08.535449982 CET	37566	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:08.550606966 CET	7733	37570	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:08.551449060 CET	37570	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:08.566183090 CET	7733	37576	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:08.567445993 CET	37576	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:08.568516970 CET	7733	37574	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:08.571443081 CET	37574	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:08.579530954 CET	7733	37580	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:08.583444118 CET	37580	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:08.584342003 CET	7733	37572	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:08.591444016 CET	37572	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:08.601310015 CET	7733	37582	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:08.603446007 CET	37582	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:08.613365889 CET	7733	37586	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:08.615449905 CET	37586	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:08.616180897 CET	7733	37584	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:08.619442940 CET	37584	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:08.630773067 CET	7733	37588	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:08.631448030 CET	37588	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:08.642613888 CET	7733	37596	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:08.646367073 CET	7733	37592	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:08.647440910 CET	37592	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:08.647449017 CET	37596	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:08.648185015 CET	7733	37590	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:08.655453920 CET	37590	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:08.658901930 CET	7733	37594	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:08.659457922 CET	37594	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:08.677763939 CET	7733	37606	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:08.679444075 CET	37606	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:08.679641008 CET	7733	37600	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:08.687464952 CET	37600	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:08.689495087 CET	7733	37608	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:08.691437960 CET	37608	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:08.692646027 CET	7733	37604	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:08.695276022 CET	7733	37602	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:08.695445061 CET	37604	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:08.699471951 CET	37602	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:08.709006071 CET	7733	37598	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:08.711446047 CET	37598	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:08.736429930 CET	7733	37614	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:08.738137007 CET	7733	37610	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:08.739373922 CET	7733	37616	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:08.739444017 CET	37614	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:08.739447117 CET	37610	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:08.739447117 CET	37616	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:08.756176949 CET	7733	37612	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:08.757564068 CET	7733	37618	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:08.759443045 CET	37618	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:08.759452105 CET	37612	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:08.767661095 CET	7733	37620	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:08.769399881 CET	7733	37622	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:08.771442890 CET	37622	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:08.771442890 CET	37620	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:08.783242941 CET	7733	37624	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:08.783441067 CET	37624	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:08.786349058 CET	7733	37626	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:08.787439108 CET	37626	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:08.925909042 CET	7733	37628	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:08.927437067 CET	37628	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:08.939445972 CET	7733	37630	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:08.943439007 CET	37630	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:09.008033037 CET	7733	37632	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:09.015439034 CET	37632	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:11.267513037 CET	7733	37644	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:11.267889023 CET	7733	37640	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:11.271378994 CET	37644	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:11.271416903 CET	37640	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:11.272635937 CET	7733	37638	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:11.275383949 CET	37638	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:11.302201986 CET	7733	37642	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:11.303384066 CET	37642	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:11.314593077 CET	7733	37646	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:11.315371990 CET	37646	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:11.350133896 CET	7733	37648	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:11.351422071 CET	37648	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:11.365217924 CET	7733	37654	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:11.366410017 CET	7733	37652	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:11.367067099 CET	7733	37650	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:11.367384911 CET	37652	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:11.367384911 CET	37654	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:11.367412090 CET	37650	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:11.380069971 CET	7733	37656	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:11.383378029 CET	37656	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:11.392596960 CET	7733	37660	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:11.395370960 CET	37660	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:11.396425009 CET	7733	37658	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:11.399367094 CET	37658	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:11.444582939 CET	7733	37666	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:11.444673061 CET	7733	37662	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:11.444683075 CET	7733	37664	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:11.447376966 CET	37662	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:11.447385073 CET	37664	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:11.447385073 CET	37666	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:11.486531973 CET	7733	37672	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:11.487364054 CET	37672	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:11.488220930 CET	7733	37670	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:11.491381884 CET	37670	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:11.506196976 CET	7733	37668	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:11.507371902 CET	37668	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:11.517683983 CET	7733	37674	89.190.156.145	192.168.2.15
Jan 7, 2025 01:24:11.519392014 CET	37674	7733	192.168.2.15	89.190.156.145
Jan 7, 2025 01:24:58.782511950 CET	39266	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:24:58.787442923 CET	33966	39266	178.215.238.112	192.168.2.15
Jan 7, 2025 01:25:01.190901041 CET	33966	39266	178.215.238.112	192.168.2.15
Jan 7, 2025 01:25:01.191044092 CET	39266	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:01.195928097 CET	33966	39266	178.215.238.112	192.168.2.15
Jan 7, 2025 01:25:02.505402088 CET	39306	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:02.510211945 CET	33966	39306	178.215.238.112	192.168.2.15
Jan 7, 2025 01:25:02.510255098 CET	39306	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:02.534271002 CET	39306	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:02.539053917 CET	33966	39306	178.215.238.112	192.168.2.15
Jan 7, 2025 01:25:02.539097071 CET	39306	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:02.543920994 CET	33966	39306	178.215.238.112	192.168.2.15
Jan 7, 2025 01:25:03.158396959 CET	33966	39306	178.215.238.112	192.168.2.15
Jan 7, 2025 01:25:03.158560991 CET	39306	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:03.158560991 CET	39306	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:03.380821943 CET	39308	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:03.385674000 CET	33966	39308	178.215.238.112	192.168.2.15
Jan 7, 2025 01:25:03.385731936 CET	39308	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:03.398071051 CET	39308	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:03.402858973 CET	33966	39308	178.215.238.112	192.168.2.15
Jan 7, 2025 01:25:03.402895927 CET	39308	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:03.407722950 CET	33966	39308	178.215.238.112	192.168.2.15
Jan 7, 2025 01:25:04.038078070 CET	33966	39308	178.215.238.112	192.168.2.15
Jan 7, 2025 01:25:04.038259983 CET	39308	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:04.038259983 CET	39308	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:04.218081951 CET	39310	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:04.223156929 CET	33966	39310	178.215.238.112	192.168.2.15
Jan 7, 2025 01:25:04.223241091 CET	39310	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:04.234818935 CET	39310	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:04.239780903 CET	33966	39310	178.215.238.112	192.168.2.15
Jan 7, 2025 01:25:04.239890099 CET	39310	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:04.244890928 CET	33966	39310	178.215.238.112	192.168.2.15
Jan 7, 2025 01:25:05.410352945 CET	33966	39310	178.215.238.112	192.168.2.15
Jan 7, 2025 01:25:05.410379887 CET	33966	39310	178.215.238.112	192.168.2.15
Jan 7, 2025 01:25:05.410413980 CET	39310	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:05.410414934 CET	39310	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:05.410439968 CET	33966	39310	178.215.238.112	192.168.2.15
Jan 7, 2025 01:25:05.410481930 CET	39310	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:05.410481930 CET	39310	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:05.647330999 CET	39312	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:05.652174950 CET	33966	39312	178.215.238.112	192.168.2.15
Jan 7, 2025 01:25:05.652224064 CET	39312	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:05.663563967 CET	39312	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:05.668381929 CET	33966	39312	178.215.238.112	192.168.2.15
Jan 7, 2025 01:25:05.668437958 CET	39312	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:05.673634052 CET	33966	39312	178.215.238.112	192.168.2.15
Jan 7, 2025 01:25:06.280723095 CET	33966	39312	178.215.238.112	192.168.2.15
Jan 7, 2025 01:25:06.280837059 CET	39312	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:06.280837059 CET	39312	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:06.554162025 CET	39314	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:06.559035063 CET	33966	39314	178.215.238.112	192.168.2.15
Jan 7, 2025 01:25:06.559083939 CET	39314	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:06.576281071 CET	39314	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:06.581104994 CET	33966	39314	178.215.238.112	192.168.2.15
Jan 7, 2025 01:25:06.581150055 CET	39314	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:06.585985899 CET	33966	39314	178.215.238.112	192.168.2.15
Jan 7, 2025 01:25:07.218108892 CET	33966	39314	178.215.238.112	192.168.2.15
Jan 7, 2025 01:25:07.218209028 CET	39314	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:07.218209028 CET	39314	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:07.402369022 CET	39316	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:07.407244921 CET	33966	39316	178.215.238.112	192.168.2.15
Jan 7, 2025 01:25:07.407289028 CET	39316	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:07.416877985 CET	39316	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:07.421708107 CET	33966	39316	178.215.238.112	192.168.2.15
Jan 7, 2025 01:25:07.421849012 CET	39316	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:07.426641941 CET	33966	39316	178.215.238.112	192.168.2.15
Jan 7, 2025 01:25:08.035208941 CET	33966	39316	178.215.238.112	192.168.2.15
Jan 7, 2025 01:25:08.035283089 CET	39316	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:08.035320044 CET	39316	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:08.294091940 CET	39318	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:08.298974991 CET	33966	39318	178.215.238.112	192.168.2.15
Jan 7, 2025 01:25:08.299034119 CET	39318	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:08.315294027 CET	39318	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:08.320094109 CET	33966	39318	178.215.238.112	192.168.2.15
Jan 7, 2025 01:25:08.320146084 CET	39318	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:08.324978113 CET	33966	39318	178.215.238.112	192.168.2.15
Jan 7, 2025 01:25:08.933336020 CET	33966	39318	178.215.238.112	192.168.2.15
Jan 7, 2025 01:25:08.933459044 CET	39318	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:08.933459044 CET	39318	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:09.195955992 CET	39320	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:09.201693058 CET	33966	39320	178.215.238.112	192.168.2.15
Jan 7, 2025 01:25:09.201739073 CET	39320	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:09.235064983 CET	39320	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:09.239815950 CET	33966	39320	178.215.238.112	192.168.2.15
Jan 7, 2025 01:25:09.239857912 CET	39320	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:09.244683981 CET	33966	39320	178.215.238.112	192.168.2.15
Jan 7, 2025 01:25:09.868797064 CET	33966	39320	178.215.238.112	192.168.2.15
Jan 7, 2025 01:25:09.868850946 CET	39320	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:09.868892908 CET	39320	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:10.139440060 CET	39322	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:10.144294024 CET	33966	39322	178.215.238.112	192.168.2.15
Jan 7, 2025 01:25:10.144340992 CET	39322	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:10.159056902 CET	39322	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:10.163880110 CET	33966	39322	178.215.238.112	192.168.2.15
Jan 7, 2025 01:25:10.164016962 CET	39322	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:10.168849945 CET	33966	39322	178.215.238.112	192.168.2.15
Jan 7, 2025 01:25:10.767555952 CET	33966	39322	178.215.238.112	192.168.2.15
Jan 7, 2025 01:25:10.767616987 CET	39322	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:10.767657995 CET	39322	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:10.975943089 CET	39324	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:10.980721951 CET	33966	39324	178.215.238.112	192.168.2.15
Jan 7, 2025 01:25:10.981710911 CET	39324	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:10.998445988 CET	39324	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:11.003567934 CET	33966	39324	178.215.238.112	192.168.2.15
Jan 7, 2025 01:25:11.003618002 CET	39324	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:11.008394003 CET	33966	39324	178.215.238.112	192.168.2.15
Jan 7, 2025 01:25:11.633699894 CET	33966	39324	178.215.238.112	192.168.2.15
Jan 7, 2025 01:25:11.633806944 CET	39324	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:11.633867025 CET	39324	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:11.844345093 CET	39326	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:11.851917982 CET	33966	39326	178.215.238.112	192.168.2.15
Jan 7, 2025 01:25:11.852000952 CET	39326	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:11.864278078 CET	39326	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:11.871877909 CET	33966	39326	178.215.238.112	192.168.2.15
Jan 7, 2025 01:25:11.871923923 CET	39326	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:11.879514933 CET	33966	39326	178.215.238.112	192.168.2.15
Jan 7, 2025 01:25:12.476639986 CET	33966	39326	178.215.238.112	192.168.2.15
Jan 7, 2025 01:25:12.476732016 CET	39326	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:12.476811886 CET	39326	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:12.654654980 CET	39328	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:12.659555912 CET	33966	39328	178.215.238.112	192.168.2.15
Jan 7, 2025 01:25:12.659610033 CET	39328	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:12.669569016 CET	39328	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:12.675189972 CET	33966	39328	178.215.238.112	192.168.2.15
Jan 7, 2025 01:25:12.675235987 CET	39328	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:12.680818081 CET	33966	39328	178.215.238.112	192.168.2.15
Jan 7, 2025 01:25:13.302680016 CET	33966	39328	178.215.238.112	192.168.2.15
Jan 7, 2025 01:25:13.302736998 CET	39328	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:13.302797079 CET	39328	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:13.483695030 CET	39330	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:13.488517046 CET	33966	39330	178.215.238.112	192.168.2.15
Jan 7, 2025 01:25:13.488564968 CET	39330	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:13.496169090 CET	39330	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:13.500931025 CET	33966	39330	178.215.238.112	192.168.2.15
Jan 7, 2025 01:25:13.500977039 CET	39330	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:13.505768061 CET	33966	39330	178.215.238.112	192.168.2.15
Jan 7, 2025 01:25:14.112543106 CET	33966	39330	178.215.238.112	192.168.2.15
Jan 7, 2025 01:25:14.112603903 CET	39330	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:14.112637997 CET	39330	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:14.375092983 CET	39332	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:14.379920006 CET	33966	39332	178.215.238.112	192.168.2.15
Jan 7, 2025 01:25:14.379971027 CET	39332	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:14.397473097 CET	39332	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:14.402292013 CET	33966	39332	178.215.238.112	192.168.2.15
Jan 7, 2025 01:25:14.402339935 CET	39332	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:14.407183886 CET	33966	39332	178.215.238.112	192.168.2.15
Jan 7, 2025 01:25:24.405478954 CET	39332	33966	192.168.2.15	178.215.238.112
Jan 7, 2025 01:25:24.410422087 CET	33966	39332	178.215.238.112	192.168.2.15

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 7, 2025 01:23:42.563776970 CET	48142	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:42.569969893 CET	53	48142	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:42.614963055 CET	51371	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:42.621248007 CET	53	51371	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:42.625274897 CET	33910	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:42.631217003 CET	53	33910	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:42.642179966 CET	37144	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:42.648583889 CET	53	37144	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:42.658710957 CET	50447	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:42.665117025 CET	53	50447	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:42.668656111 CET	56356	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:42.675301075 CET	53	56356	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:43.316483021 CET	56080	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:43.324285984 CET	53	56080	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:43.326410055 CET	51413	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:43.334206104 CET	53	51413	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:43.336219072 CET	34351	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:43.344487906 CET	53	34351	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:43.346520901 CET	47490	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:43.354233027 CET	53	47490	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:43.356652021 CET	58635	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:43.364861965 CET	53	58635	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:43.366941929 CET	44376	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:43.373181105 CET	53	44376	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:43.375457048 CET	42340	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:43.381953955 CET	53	42340	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:43.384386063 CET	55648	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:43.391043901 CET	53	55648	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:43.393170118 CET	59335	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:43.399209023 CET	53	59335	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:43.401175022 CET	35663	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:43.407866001 CET	53	35663	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:44.090620995 CET	44016	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:44.097548008 CET	53	44016	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:44.120476961 CET	47694	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:44.127074003 CET	53	47694	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:44.153645992 CET	48564	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:44.159857988 CET	53	48564	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:44.161595106 CET	44827	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:44.167932987 CET	53	44827	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:44.174294949 CET	53646	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:44.180385113 CET	53	53646	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:44.182491064 CET	36340	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:44.188764095 CET	53	36340	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:44.190237999 CET	56103	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:44.196486950 CET	53	56103	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:44.198378086 CET	34992	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:44.204739094 CET	53	34992	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:44.207138062 CET	43055	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:44.213648081 CET	53	43055	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:44.215845108 CET	40500	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:44.222055912 CET	53	40500	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:44.854855061 CET	40035	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:44.861280918 CET	53	40035	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:44.864633083 CET	45030	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:44.870939016 CET	53	45030	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:44.874301910 CET	45250	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:44.880673885 CET	53	45250	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:44.884514093 CET	57564	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:44.891244888 CET	53	57564	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:44.895098925 CET	40195	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:44.901782036 CET	53	40195	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:44.906419992 CET	40003	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:44.912820101 CET	53	40003	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:44.916488886 CET	38408	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:44.922544956 CET	53	38408	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:44.926255941 CET	48197	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:44.932440042 CET	53	48197	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:44.936180115 CET	43016	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:44.942493916 CET	53	43016	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:44.946393013 CET	49080	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:44.952322960 CET	53	49080	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:45.605802059 CET	52040	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:45.613894939 CET	53	52040	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:45.615470886 CET	45034	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:45.621737957 CET	53	45034	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:45.623001099 CET	56933	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:45.629465103 CET	53	56933	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:45.630851984 CET	51230	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:45.637126923 CET	53	51230	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:45.638483047 CET	44957	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:45.644761086 CET	53	44957	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:45.646265030 CET	39034	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:45.652379990 CET	53	39034	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:45.682416916 CET	41014	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:45.688672066 CET	53	41014	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:45.705038071 CET	55209	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:45.711359978 CET	53	55209	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:45.721986055 CET	33157	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:45.728915930 CET	53	33157	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:45.737809896 CET	58839	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:45.744131088 CET	53	58839	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:46.398751020 CET	52602	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:46.405234098 CET	53	52602	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:46.407533884 CET	58733	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:46.413625002 CET	53	58733	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:46.416666031 CET	59418	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:46.423427105 CET	53	59418	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:46.426047087 CET	58880	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:46.432598114 CET	53	58880	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:46.435030937 CET	47579	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:46.441199064 CET	53	47579	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:46.443919897 CET	41601	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:46.451484919 CET	53	41601	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:46.454483032 CET	43325	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:46.460798025 CET	53	43325	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:46.463303089 CET	45119	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:46.470674038 CET	53	45119	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:46.473781109 CET	36195	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:46.481385946 CET	53	36195	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:46.485127926 CET	51528	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:46.491341114 CET	53	51528	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:47.129900932 CET	47254	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:47.136321068 CET	53	47254	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:47.137818098 CET	38249	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:47.144040108 CET	53	38249	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:47.145282984 CET	40496	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:47.151515007 CET	53	40496	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:47.152924061 CET	56603	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:47.159348965 CET	53	56603	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:47.160247087 CET	50164	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:47.166492939 CET	53	50164	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:47.168405056 CET	42236	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:47.174663067 CET	53	42236	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:47.176258087 CET	48152	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:47.182557106 CET	53	48152	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:47.184510946 CET	36642	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:47.190754890 CET	53	36642	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:47.192115068 CET	58310	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:47.198484898 CET	53	58310	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:47.199444056 CET	51422	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:47.206355095 CET	53	51422	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:47.865509033 CET	40488	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:47.871846914 CET	53	40488	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:47.876323938 CET	43208	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:47.882703066 CET	53	43208	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:47.888025045 CET	45529	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:47.894318104 CET	53	45529	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:47.904562950 CET	38663	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:47.910872936 CET	53	38663	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:47.916976929 CET	45272	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:47.923259974 CET	53	45272	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:47.929249048 CET	32988	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:47.935472965 CET	53	32988	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:47.941482067 CET	36298	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:47.947690964 CET	53	36298	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:47.952191114 CET	41535	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:47.958509922 CET	53	41535	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:47.963481903 CET	53114	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:47.969670057 CET	53	53114	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:47.974164009 CET	35071	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:47.980714083 CET	53	35071	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:48.627358913 CET	42549	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:48.633745909 CET	53	42549	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:48.637371063 CET	49916	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:48.643352032 CET	53	49916	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:48.645982027 CET	52018	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:48.652448893 CET	53	52018	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:48.657183886 CET	44475	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:48.663609982 CET	53	44475	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:48.667617083 CET	45161	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:48.673968077 CET	53	45161	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:48.676501989 CET	40137	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:48.682562113 CET	53	40137	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:48.685183048 CET	55265	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:48.691354990 CET	53	55265	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:48.694484949 CET	42484	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:48.700592041 CET	53	42484	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:48.705965042 CET	54869	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:48.712028980 CET	53	54869	8.8.8.8	192.168.2.15
Jan 7, 2025 01:23:48.717293024 CET	44541	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:23:48.723582983 CET	53	44541	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:02.227055073 CET	44352	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:02.233387947 CET	53	44352	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:02.255125046 CET	38820	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:02.261394978 CET	53	38820	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:02.300307989 CET	44540	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:02.306516886 CET	53	44540	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:02.326564074 CET	37218	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:02.332743883 CET	53	37218	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:02.352210999 CET	48545	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:02.358936071 CET	53	48545	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:02.381802082 CET	33301	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:02.388164043 CET	53	33301	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:02.410939932 CET	33966	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:02.417535067 CET	53	33966	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:02.437072992 CET	39284	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:02.443445921 CET	53	39284	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:02.463346004 CET	47091	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:02.469477892 CET	53	47091	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:02.489579916 CET	49557	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:02.495807886 CET	53	49557	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:03.176647902 CET	42536	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:03.183182001 CET	53	42536	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:03.205339909 CET	32821	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:03.211472988 CET	53	32821	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:03.230231047 CET	53608	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:03.236457109 CET	53	53608	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:03.252120972 CET	57989	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:03.258352041 CET	53	57989	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:03.271106005 CET	57577	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:03.277451038 CET	53	57577	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:03.292309046 CET	40403	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:03.298628092 CET	53	40403	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:03.310894012 CET	32936	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:03.317110062 CET	53	32936	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:03.330998898 CET	41010	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:03.337179899 CET	53	41010	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:03.350797892 CET	43426	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:03.357125998 CET	53	43426	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:03.369071960 CET	50920	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:03.375416994 CET	53	50920	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:04.047583103 CET	57822	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:04.053857088 CET	53	57822	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:04.062794924 CET	36657	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:04.069088936 CET	53	36657	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:04.077147961 CET	44236	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:04.084161043 CET	53	44236	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:04.092744112 CET	33638	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:04.098975897 CET	53	33638	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:04.112015963 CET	43645	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:04.118418932 CET	53	43645	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:04.132736921 CET	52472	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:04.139067888 CET	53	52472	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:04.150475979 CET	39156	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:04.157088041 CET	53	39156	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:04.169809103 CET	42126	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:04.176166058 CET	53	42126	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:04.187376022 CET	48683	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:04.194350004 CET	53	48683	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:04.206588984 CET	50065	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:04.212941885 CET	53	50065	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:05.425070047 CET	54652	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:05.431298018 CET	53	54652	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:05.446253061 CET	39529	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:05.452574015 CET	53	39529	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:05.469396114 CET	35105	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:05.476942062 CET	53	35105	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:05.500356913 CET	37868	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:05.506479979 CET	53	37868	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:05.536428928 CET	55481	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:05.542608023 CET	53	55481	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:05.558839083 CET	54047	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:05.565068007 CET	53	54047	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:05.581286907 CET	60847	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:05.587548971 CET	53	60847	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:05.598490000 CET	33032	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:05.604528904 CET	53	33032	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:05.615979910 CET	44783	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:05.622195959 CET	53	44783	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:05.635106087 CET	39606	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:05.641159058 CET	53	39606	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:06.293764114 CET	38823	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:06.300081968 CET	53	38823	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:06.311219931 CET	49391	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:06.317241907 CET	53	49391	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:06.327116013 CET	49106	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:06.333493948 CET	53	49106	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:06.348618031 CET	44539	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:06.354784012 CET	53	44539	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:06.372097969 CET	40567	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:06.378312111 CET	53	40567	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:06.412178040 CET	47173	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:06.418822050 CET	53	47173	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:06.440670967 CET	51354	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:06.446959019 CET	53	51354	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:06.469466925 CET	38001	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:06.478193998 CET	53	38001	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:06.504167080 CET	47647	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:06.510494947 CET	53	47647	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:06.535698891 CET	47258	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:06.542001963 CET	53	47258	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:07.231393099 CET	42198	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:07.238323927 CET	53	42198	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:07.249654055 CET	45462	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:07.256041050 CET	53	45462	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:07.267646074 CET	60276	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:07.273869991 CET	53	60276	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:07.282928944 CET	51055	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:07.289258003 CET	53	51055	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:07.300571918 CET	41171	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:07.307157993 CET	53	41171	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:07.318485022 CET	59775	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:07.324894905 CET	53	59775	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:07.336520910 CET	44087	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:07.343221903 CET	53	44087	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:07.354461908 CET	37061	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:07.360686064 CET	53	37061	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:07.371576071 CET	50571	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:07.377898932 CET	53	50571	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:07.391063929 CET	33395	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:07.397469997 CET	53	33395	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:08.060025930 CET	56280	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:08.066483974 CET	53	56280	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:08.089531898 CET	58964	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:08.096012115 CET	53	58964	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:08.134491920 CET	43116	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:08.140894890 CET	53	43116	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:08.163487911 CET	55426	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:08.169909000 CET	53	55426	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:08.181659937 CET	56079	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:08.188472033 CET	53	56079	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:08.199289083 CET	42092	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:08.205667019 CET	53	42092	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:08.216640949 CET	48386	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:08.222934008 CET	53	48386	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:08.235409021 CET	40667	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:08.241605043 CET	53	40667	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:08.258625031 CET	42535	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:08.264915943 CET	53	42535	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:08.280728102 CET	40169	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:08.286854029 CET	53	40169	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:08.949736118 CET	50494	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:08.956892014 CET	53	50494	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:08.971334934 CET	41299	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:08.978648901 CET	53	41299	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:08.991915941 CET	59370	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:08.998929024 CET	53	59370	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:09.012517929 CET	39077	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:09.019948959 CET	53	39077	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:09.031342983 CET	60129	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:09.038512945 CET	53	60129	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:09.050194979 CET	34160	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:09.058006048 CET	53	34160	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:09.082833052 CET	56224	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:09.092245102 CET	53	56224	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:09.114763975 CET	35763	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:09.121938944 CET	53	35763	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:09.145339966 CET	56038	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:09.152817965 CET	53	56038	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:09.176917076 CET	53416	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:09.184945107 CET	53	53416	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:09.891392946 CET	33366	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:09.897819042 CET	53	33366	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:09.922703028 CET	53349	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:09.931598902 CET	53	53349	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:09.963309050 CET	37209	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:09.972155094 CET	53	37209	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:09.995357037 CET	43099	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:10.003540993 CET	53	43099	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:10.017293930 CET	58012	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:10.023607016 CET	53	58012	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:10.035415888 CET	55582	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:10.044027090 CET	53	55582	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:10.057842970 CET	44379	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:10.064131975 CET	53	44379	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:10.080238104 CET	53875	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:10.086457968 CET	53	53875	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:10.101816893 CET	35064	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:10.108067036 CET	53	35064	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:10.125468016 CET	37555	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:10.131711960 CET	53	37555	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:10.781498909 CET	56106	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:10.788079023 CET	53	56106	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:10.800772905 CET	34617	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:10.807064056 CET	53	34617	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:10.823688030 CET	48338	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:10.829885960 CET	53	48338	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:10.841499090 CET	36795	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:10.847959042 CET	53	36795	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:10.863715887 CET	55887	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:10.870121002 CET	53	55887	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:10.878422022 CET	52986	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:10.884687901 CET	53	52986	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:10.892879009 CET	53537	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:10.899177074 CET	53	53537	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:10.914659977 CET	55655	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:10.920928955 CET	53	55655	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:10.934704065 CET	55316	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:10.940898895 CET	53	55316	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:10.963336945 CET	51494	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:10.969528913 CET	53	51494	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:11.644097090 CET	34605	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:11.652704954 CET	53	34605	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:11.664134026 CET	36737	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:11.673101902 CET	53	36737	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:11.684889078 CET	36567	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:11.693392992 CET	53	36567	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:11.705787897 CET	44265	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:11.714637041 CET	53	44265	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:11.725336075 CET	38218	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:11.734198093 CET	53	38218	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:11.747946978 CET	54059	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:11.756891966 CET	53	54059	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:11.771797895 CET	50293	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:11.783380032 CET	53	50293	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:11.795530081 CET	48557	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:11.804754019 CET	53	48557	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:11.814346075 CET	48821	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:11.823381901 CET	53	48821	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:11.831064939 CET	53294	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:11.840264082 CET	53	53294	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:12.486782074 CET	60176	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:12.493422031 CET	53	60176	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:12.503956079 CET	53241	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:12.510314941 CET	53	53241	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:12.521039963 CET	58635	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:12.527657986 CET	53	58635	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:12.539525032 CET	35214	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:12.545878887 CET	53	35214	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:12.558398962 CET	55322	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:12.564702988 CET	53	55322	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:12.575524092 CET	46620	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:12.581734896 CET	53	46620	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:12.592698097 CET	52908	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:12.599108934 CET	53	52908	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:12.609999895 CET	46323	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:12.616383076 CET	53	46323	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:12.627130985 CET	45371	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:12.633344889 CET	53	45371	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:12.644043922 CET	47648	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:12.650317907 CET	53	47648	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:13.313275099 CET	41188	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:13.319719076 CET	53	41188	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:13.330168962 CET	52015	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:13.336456060 CET	53	52015	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:13.348299980 CET	52154	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:13.355849028 CET	53	52154	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:13.368525028 CET	47128	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:13.374874115 CET	53	47128	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:13.385397911 CET	50758	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:13.391608953 CET	53	50758	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:13.403204918 CET	45442	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:13.409579039 CET	53	45442	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:13.419286013 CET	60029	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:13.425693989 CET	53	60029	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:13.436206102 CET	34622	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:13.444781065 CET	53	34622	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:13.455651045 CET	41891	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:13.464025974 CET	53	41891	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:13.472265959 CET	36853	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:13.478940964 CET	53	36853	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:14.170804024 CET	46752	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:14.177263021 CET	53	46752	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:14.192806959 CET	41610	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:14.199027061 CET	53	41610	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:14.215419054 CET	38567	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:14.221838951 CET	53	38567	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:14.238658905 CET	57928	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:14.245325089 CET	53	57928	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:14.254487038 CET	57773	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:14.260617018 CET	53	57773	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:14.270905018 CET	36264	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:14.277307987 CET	53	36264	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:14.288788080 CET	57113	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:14.295022011 CET	53	57113	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:14.308013916 CET	46096	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:14.315431118 CET	53	46096	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:14.337282896 CET	54557	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:14.343494892 CET	53	54557	8.8.8.8	192.168.2.15
Jan 7, 2025 01:25:14.360935926 CET	41331	53	192.168.2.15	8.8.8.8
Jan 7, 2025 01:25:14.367223024 CET	53	41331	8.8.8.8	192.168.2.15

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Jan 7, 2025 01:23:52.850991011 CET	192.168.2.15	192.168.2.1	827b	(Port unreachable)	Destination Unreachable
Jan 7, 2025 01:25:12.862476110 CET	192.168.2.15	192.168.2.1	827b	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 7, 2025 01:23:42.563776970 CET	192.168.2.15	8.8.8.8	0x226c	Standard query (0)	fingwi.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Jan 7, 2025 01:23:42.614963055 CET	192.168.2.15	8.8.8.8	0x5dc4	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	270	false
Jan 7, 2025 01:23:42.625274897 CET	192.168.2.15	8.8.8.8	0x5dc4	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	270	false
Jan 7, 2025 01:23:42.642179966 CET	192.168.2.15	8.8.8.8	0x5dc4	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	270	false
Jan 7, 2025 01:23:42.658710957 CET	192.168.2.15	8.8.8.8	0x5dc4	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	270	false
Jan 7, 2025 01:23:42.668656111 CET	192.168.2.15	8.8.8.8	0x5dc4	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	270	false
Jan 7, 2025 01:23:43.366941929 CET	192.168.2.15	8.8.8.8	0x5f6	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	271	false
Jan 7, 2025 01:23:43.375457048 CET	192.168.2.15	8.8.8.8	0x5f6	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	271	false
Jan 7, 2025 01:23:43.384386063 CET	192.168.2.15	8.8.8.8	0x5f6	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	271	false
Jan 7, 2025 01:23:43.393170118 CET	192.168.2.15	8.8.8.8	0x5f6	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	271	false
Jan 7, 2025 01:23:43.401175022 CET	192.168.2.15	8.8.8.8	0x5f6	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	271	false
Jan 7, 2025 01:23:44.182491064 CET	192.168.2.15	8.8.8.8	0xdf1a	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	272	false
Jan 7, 2025 01:23:44.190237999 CET	192.168.2.15	8.8.8.8	0xdf1a	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	272	false
Jan 7, 2025 01:23:44.198378086 CET	192.168.2.15	8.8.8.8	0xdf1a	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	272	false
Jan 7, 2025 01:23:44.207138062 CET	192.168.2.15	8.8.8.8	0xdf1a	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	272	false
Jan 7, 2025 01:23:44.215845108 CET	192.168.2.15	8.8.8.8	0xdf1a	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	272	false
Jan 7, 2025 01:23:44.906419992 CET	192.168.2.15	8.8.8.8	0x3ec4	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	272	false
Jan 7, 2025 01:23:44.916488886 CET	192.168.2.15	8.8.8.8	0x3ec4	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	272	false
Jan 7, 2025 01:23:44.926255941 CET	192.168.2.15	8.8.8.8	0x3ec4	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	272	false
Jan 7, 2025 01:23:44.936180115 CET	192.168.2.15	8.8.8.8	0x3ec4	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	272	false
Jan 7, 2025 01:23:44.946393013 CET	192.168.2.15	8.8.8.8	0x3ec4	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	272	false
Jan 7, 2025 01:23:45.646265030 CET	192.168.2.15	8.8.8.8	0x64eb	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	273	false
Jan 7, 2025 01:23:45.682416916 CET	192.168.2.15	8.8.8.8	0x64eb	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	273	false
Jan 7, 2025 01:23:45.705038071 CET	192.168.2.15	8.8.8.8	0x64eb	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	273	false
Jan 7, 2025 01:23:45.721986055 CET	192.168.2.15	8.8.8.8	0x64eb	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	273	false
Jan 7, 2025 01:23:45.737809896 CET	192.168.2.15	8.8.8.8	0x64eb	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	273	false
Jan 7, 2025 01:23:46.443919897 CET	192.168.2.15	8.8.8.8	0xe817	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	274	false
Jan 7, 2025 01:23:46.454483032 CET	192.168.2.15	8.8.8.8	0xe817	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	274	false
Jan 7, 2025 01:23:46.463303089 CET	192.168.2.15	8.8.8.8	0xe817	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	274	false
Jan 7, 2025 01:23:46.473781109 CET	192.168.2.15	8.8.8.8	0xe817	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	274	false
Jan 7, 2025 01:23:46.485127926 CET	192.168.2.15	8.8.8.8	0xe817	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	274	false
Jan 7, 2025 01:23:47.168405056 CET	192.168.2.15	8.8.8.8	0xaa72	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	275	false
Jan 7, 2025 01:23:47.176258087 CET	192.168.2.15	8.8.8.8	0xaa72	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	275	false
Jan 7, 2025 01:23:47.184510946 CET	192.168.2.15	8.8.8.8	0xaa72	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	275	false
Jan 7, 2025 01:23:47.192115068 CET	192.168.2.15	8.8.8.8	0xaa72	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	275	false
Jan 7, 2025 01:23:47.199444056 CET	192.168.2.15	8.8.8.8	0xaa72	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	275	false
Jan 7, 2025 01:23:47.929249048 CET	192.168.2.15	8.8.8.8	0xc58d	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	275	false
Jan 7, 2025 01:23:47.941482067 CET	192.168.2.15	8.8.8.8	0xc58d	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	275	false
Jan 7, 2025 01:23:47.952191114 CET	192.168.2.15	8.8.8.8	0xc58d	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	275	false
Jan 7, 2025 01:23:47.963481903 CET	192.168.2.15	8.8.8.8	0xc58d	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	275	false
Jan 7, 2025 01:23:47.974164009 CET	192.168.2.15	8.8.8.8	0xc58d	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	275	false
Jan 7, 2025 01:23:48.676501989 CET	192.168.2.15	8.8.8.8	0x567c	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	276	false
Jan 7, 2025 01:23:48.685183048 CET	192.168.2.15	8.8.8.8	0x567c	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	276	false
Jan 7, 2025 01:23:48.694484949 CET	192.168.2.15	8.8.8.8	0x567c	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	276	false
Jan 7, 2025 01:23:48.705965042 CET	192.168.2.15	8.8.8.8	0x567c	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	276	false
Jan 7, 2025 01:23:48.717293024 CET	192.168.2.15	8.8.8.8	0x567c	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	276	false
Jan 7, 2025 01:25:02.381802082 CET	192.168.2.15	8.8.8.8	0xbf85	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	350	false
Jan 7, 2025 01:25:02.410939932 CET	192.168.2.15	8.8.8.8	0xbf85	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	350	false
Jan 7, 2025 01:25:02.437072992 CET	192.168.2.15	8.8.8.8	0xbf85	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	350	false
Jan 7, 2025 01:25:02.463346004 CET	192.168.2.15	8.8.8.8	0xbf85	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	350	false
Jan 7, 2025 01:25:02.489579916 CET	192.168.2.15	8.8.8.8	0xbf85	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	350	false
Jan 7, 2025 01:25:03.292309046 CET	192.168.2.15	8.8.8.8	0xcfa6	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	351	false
Jan 7, 2025 01:25:03.310894012 CET	192.168.2.15	8.8.8.8	0xcfa6	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	351	false
Jan 7, 2025 01:25:03.330998898 CET	192.168.2.15	8.8.8.8	0xcfa6	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	351	false
Jan 7, 2025 01:25:03.350797892 CET	192.168.2.15	8.8.8.8	0xcfa6	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	351	false
Jan 7, 2025 01:25:03.369071960 CET	192.168.2.15	8.8.8.8	0xcfa6	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	351	false
Jan 7, 2025 01:25:04.132736921 CET	192.168.2.15	8.8.8.8	0x8aff	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	352	false
Jan 7, 2025 01:25:04.150475979 CET	192.168.2.15	8.8.8.8	0x8aff	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	352	false
Jan 7, 2025 01:25:04.169809103 CET	192.168.2.15	8.8.8.8	0x8aff	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	352	false
Jan 7, 2025 01:25:04.187376022 CET	192.168.2.15	8.8.8.8	0x8aff	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	352	false
Jan 7, 2025 01:25:04.206588984 CET	192.168.2.15	8.8.8.8	0x8aff	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	352	false
Jan 7, 2025 01:25:05.558839083 CET	192.168.2.15	8.8.8.8	0x68fd	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	353	false
Jan 7, 2025 01:25:05.581286907 CET	192.168.2.15	8.8.8.8	0x68fd	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	353	false
Jan 7, 2025 01:25:05.598490000 CET	192.168.2.15	8.8.8.8	0x68fd	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	353	false
Jan 7, 2025 01:25:05.615979910 CET	192.168.2.15	8.8.8.8	0x68fd	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	353	false
Jan 7, 2025 01:25:05.635106087 CET	192.168.2.15	8.8.8.8	0x68fd	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	353	false
Jan 7, 2025 01:25:06.412178040 CET	192.168.2.15	8.8.8.8	0x56d2	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	354	false
Jan 7, 2025 01:25:06.440670967 CET	192.168.2.15	8.8.8.8	0x56d2	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	354	false
Jan 7, 2025 01:25:06.469466925 CET	192.168.2.15	8.8.8.8	0x56d2	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	354	false
Jan 7, 2025 01:25:06.504167080 CET	192.168.2.15	8.8.8.8	0x56d2	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	354	false
Jan 7, 2025 01:25:06.535698891 CET	192.168.2.15	8.8.8.8	0x56d2	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	354	false
Jan 7, 2025 01:25:07.318485022 CET	192.168.2.15	8.8.8.8	0xcd77	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	355	false
Jan 7, 2025 01:25:07.336520910 CET	192.168.2.15	8.8.8.8	0xcd77	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	355	false
Jan 7, 2025 01:25:07.354461908 CET	192.168.2.15	8.8.8.8	0xcd77	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	355	false
Jan 7, 2025 01:25:07.371576071 CET	192.168.2.15	8.8.8.8	0xcd77	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	355	false
Jan 7, 2025 01:25:07.391063929 CET	192.168.2.15	8.8.8.8	0xcd77	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	355	false
Jan 7, 2025 01:25:08.199289083 CET	192.168.2.15	8.8.8.8	0x1104	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	356	false
Jan 7, 2025 01:25:08.216640949 CET	192.168.2.15	8.8.8.8	0x1104	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	356	false
Jan 7, 2025 01:25:08.235409021 CET	192.168.2.15	8.8.8.8	0x1104	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	356	false
Jan 7, 2025 01:25:08.258625031 CET	192.168.2.15	8.8.8.8	0x1104	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	356	false
Jan 7, 2025 01:25:08.280728102 CET	192.168.2.15	8.8.8.8	0x1104	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	356	false
Jan 7, 2025 01:25:09.050194979 CET	192.168.2.15	8.8.8.8	0xf12c	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	357	false
Jan 7, 2025 01:25:09.082833052 CET	192.168.2.15	8.8.8.8	0xf12c	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	357	false
Jan 7, 2025 01:25:09.114763975 CET	192.168.2.15	8.8.8.8	0xf12c	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	357	false
Jan 7, 2025 01:25:09.145339966 CET	192.168.2.15	8.8.8.8	0xf12c	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	357	false
Jan 7, 2025 01:25:09.176917076 CET	192.168.2.15	8.8.8.8	0xf12c	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	357	false
Jan 7, 2025 01:25:10.035415888 CET	192.168.2.15	8.8.8.8	0x9730	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	358	false
Jan 7, 2025 01:25:10.057842970 CET	192.168.2.15	8.8.8.8	0x9730	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	358	false
Jan 7, 2025 01:25:10.080238104 CET	192.168.2.15	8.8.8.8	0x9730	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	358	false
Jan 7, 2025 01:25:10.101816893 CET	192.168.2.15	8.8.8.8	0x9730	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	358	false
Jan 7, 2025 01:25:10.125468016 CET	192.168.2.15	8.8.8.8	0x9730	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	358	false
Jan 7, 2025 01:25:10.878422022 CET	192.168.2.15	8.8.8.8	0xcce7	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	358	false
Jan 7, 2025 01:25:10.892879009 CET	192.168.2.15	8.8.8.8	0xcce7	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	358	false
Jan 7, 2025 01:25:10.914659977 CET	192.168.2.15	8.8.8.8	0xcce7	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	358	false
Jan 7, 2025 01:25:10.934704065 CET	192.168.2.15	8.8.8.8	0xcce7	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	358	false
Jan 7, 2025 01:25:10.963336945 CET	192.168.2.15	8.8.8.8	0xcce7	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	358	false
Jan 7, 2025 01:25:11.747946978 CET	192.168.2.15	8.8.8.8	0xacfb	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	359	false
Jan 7, 2025 01:25:11.771797895 CET	192.168.2.15	8.8.8.8	0xacfb	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	359	false
Jan 7, 2025 01:25:11.795530081 CET	192.168.2.15	8.8.8.8	0xacfb	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	359	false
Jan 7, 2025 01:25:11.814346075 CET	192.168.2.15	8.8.8.8	0xacfb	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	359	false
Jan 7, 2025 01:25:11.831064939 CET	192.168.2.15	8.8.8.8	0xacfb	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	359	false
Jan 7, 2025 01:25:12.575524092 CET	192.168.2.15	8.8.8.8	0x650a	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	360	false
Jan 7, 2025 01:25:12.592698097 CET	192.168.2.15	8.8.8.8	0x650a	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	360	false
Jan 7, 2025 01:25:12.609999895 CET	192.168.2.15	8.8.8.8	0x650a	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	360	false
Jan 7, 2025 01:25:12.627130985 CET	192.168.2.15	8.8.8.8	0x650a	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	360	false
Jan 7, 2025 01:25:12.644043922 CET	192.168.2.15	8.8.8.8	0x650a	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	360	false
Jan 7, 2025 01:25:13.403204918 CET	192.168.2.15	8.8.8.8	0x23bf	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	361	false
Jan 7, 2025 01:25:13.419286013 CET	192.168.2.15	8.8.8.8	0x23bf	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	361	false
Jan 7, 2025 01:25:13.436206102 CET	192.168.2.15	8.8.8.8	0x23bf	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	361	false
Jan 7, 2025 01:25:13.455651045 CET	192.168.2.15	8.8.8.8	0x23bf	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	361	false
Jan 7, 2025 01:25:13.472265959 CET	192.168.2.15	8.8.8.8	0x23bf	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	361	false
Jan 7, 2025 01:25:14.270905018 CET	192.168.2.15	8.8.8.8	0x5a62	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	362	false
Jan 7, 2025 01:25:14.288788080 CET	192.168.2.15	8.8.8.8	0x5a62	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	362	false
Jan 7, 2025 01:25:14.308013916 CET	192.168.2.15	8.8.8.8	0x5a62	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	362	false
Jan 7, 2025 01:25:14.337282896 CET	192.168.2.15	8.8.8.8	0x5a62	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	362	false
Jan 7, 2025 01:25:14.360935926 CET	192.168.2.15	8.8.8.8	0x5a62	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	362	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 7, 2025 01:23:42.569969893 CET	8.8.8.8	192.168.2.15	0x226c	No error (0)	fingwi.cardiacpure.ru		178.215.238.112	A (IP address)	IN (0x0001)	false

System Behavior

Analysis Process: wrjkngh4.elf PID: 5817, Parent PID: 5745

General

Start time (UTC):	00:23:41
Start date (UTC):	07/01/2025
Path:	/tmp/wrjkngh4.elf
Arguments:	/tmp/wrjkngh4.elf
File size:	4139976 bytes
MD5 hash:	8943e5f8f8c280467b4472c15ae93ba9

Chronological Activities

Analysis Process: wrjkngh4.elf PID: 5820, Parent PID: 5817

General

Start time (UTC):	00:23:41
Start date (UTC):	07/01/2025
Path:	/tmp/wrjkngh4.elf
Arguments:	-
File size:	4139976 bytes
MD5 hash:	8943e5f8f8c280467b4472c15ae93ba9

Chronological Activities

Analysis Process: wrjkngh4.elf PID: 5822, Parent PID: 5820

General

Start time (UTC):	00:23:41
Start date (UTC):	07/01/2025
Path:	/tmp/wrjkngh4.elf
Arguments:	-
File size:	4139976 bytes
MD5 hash:	8943e5f8f8c280467b4472c15ae93ba9

Chronological Activities

Analysis Process: gnome-session-binary PID: 5824, Parent PID: 1498

General

Start time (UTC):	00:23:42
Start date (UTC):	07/01/2025
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Chronological Activities

Analysis Process: sh PID: 5824, Parent PID: 1498

General

Start time (UTC):	00:23:42
Start date (UTC):	07/01/2025
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: gsd-rfkill PID: 5824, Parent PID: 1498

General

Start time (UTC):	00:23:42
Start date (UTC):	07/01/2025
Path:	/usr/libexec/gsd-rfkill
Arguments:	/usr/libexec/gsd-rfkill
File size:	51808 bytes
MD5 hash:	88a16a3c0aba1759358c06215ecfb5cc

Chronological Activities

Analysis Process: systemd PID: 5859, Parent PID: 1

General

Start time (UTC):	00:23:43
Start date (UTC):	07/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: dbus-daemon PID: 5859, Parent PID: 1

General

Start time (UTC):	00:23:43
Start date (UTC):	07/01/2025
Path:	/usr/bin/dbus-daemon
Arguments:	/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: gvfsd-fuse PID: 5860, Parent PID: 3210

General

Start time (UTC):	00:23:43
Start date (UTC):	07/01/2025
Path:	/usr/libexec/gvfsd-fuse
Arguments:	-
File size:	47632 bytes
MD5 hash:	d18fbf1cbf8eb57b17fac48b7b4be933

Chronological Activities

Analysis Process: fusermount PID: 5860, Parent PID: 3210

General

Start time (UTC):	00:23:43
Start date (UTC):	07/01/2025
Path:	/bin/fusermount
Arguments:	fusermount -u -q -z -- /run/user/1000/gvfs
File size:	39144 bytes
MD5 hash:	576a1b135c82bdcbc97a91acea900566

Chronological Activities

Analysis Process: systemd PID: 5861, Parent PID: 3044

General

Start time (UTC):	00:23:43
Start date (UTC):	07/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: pulseaudio PID: 5861, Parent PID: 3044

General

Start time (UTC):	00:23:43
Start date (UTC):	07/01/2025
Path:	/usr/bin/pulseaudio
Arguments:	/usr/bin/pulseaudio --daemonize=no --log-target=journal
File size:	100832 bytes
MD5 hash:	0c3b4c789d8ffb12b25507f27e14c186

Chronological Activities

Analysis Process: systemd PID: 5862, Parent PID: 1

General

Start time (UTC):	00:23:43
Start date (UTC):	07/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: rsyslogd PID: 5862, Parent PID: 1

General

Start time (UTC):	00:23:43
Start date (UTC):	07/01/2025
Path:	/usr/sbin/rsyslogd
Arguments:	/usr/sbin/rsyslogd -n -iNONE
File size:	727248 bytes
MD5 hash:	0b8087fc907c42eb3c81a691db258e33

Chronological Activities

Analysis Process: systemd PID: 5863, Parent PID: 1

General

Start time (UTC):	00:23:43
Start date (UTC):	07/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: dbus-daemon PID: 5863, Parent PID: 1

General

Start time (UTC):	00:23:43
Start date (UTC):	07/01/2025
Path:	/usr/bin/dbus-daemon
Arguments:	/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: systemd PID: 5867, Parent PID: 1

General

Start time (UTC):	00:23:44
Start date (UTC):	07/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: rsyslogd PID: 5867, Parent PID: 1

General

Start time (UTC):	00:23:44
Start date (UTC):	07/01/2025
Path:	/usr/sbin/rsyslogd
Arguments:	/usr/sbin/rsyslogd -n -iNONE
File size:	727248 bytes
MD5 hash:	0b8087fc907c42eb3c81a691db258e33

Chronological Activities

Analysis Process: systemd PID: 5877, Parent PID: 1

General

Start time (UTC):	00:23:45
Start date (UTC):	07/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: systemd-logind PID: 5877, Parent PID: 1

General

Start time (UTC):	00:23:45
Start date (UTC):	07/01/2025
Path:	/lib/systemd/systemd-logind
Arguments:	/lib/systemd/systemd-logind
File size:	268576 bytes
MD5 hash:	8dd58a1b4c12f7a1d5fe3ce18b2aaeef

Chronological Activities

Analysis Process: systemd PID: 5936, Parent PID: 1

General

Start time (UTC):	00:23:45
Start date (UTC):	07/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: agetty PID: 5936, Parent PID: 1

General

Start time (UTC):	00:23:45
Start date (UTC):	07/01/2025
Path:	/sbin/agetty
Arguments:	/sbin/agetty -o "-p -- \\u" --noclear tty2 linux
File size:	69000 bytes
MD5 hash:	3a374724ba7e863768139bdd60ca36f7

Chronological Activities

Analysis Process: gdm3 PID: 5937, Parent PID: 1333

General

Start time (UTC):	00:23:45
Start date (UTC):	07/01/2025
Path:	/usr/sbin/gdm3
Arguments:	-
File size:	453296 bytes
MD5 hash:	2492e2d8d34f9377e3e530a61a15674f

Chronological Activities

Analysis Process: Default PID: 5937, Parent PID: 1333

General

Start time (UTC):	00:23:45
Start date (UTC):	07/01/2025
Path:	/etc/gdm3/PrimeOff/Default
Arguments:	/etc/gdm3/PrimeOff/Default
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: gdm3 PID: 5938, Parent PID: 1333

General

Start time (UTC):	00:23:46
Start date (UTC):	07/01/2025
Path:	/usr/sbin/gdm3
Arguments:	-
File size:	453296 bytes
MD5 hash:	2492e2d8d34f9377e3e530a61a15674f

Chronological Activities

Analysis Process: Default PID: 5938, Parent PID: 1333

General

Start time (UTC):	00:23:46
Start date (UTC):	07/01/2025
Path:	/etc/gdm3/PrimeOff/Default
Arguments:	/etc/gdm3/PrimeOff/Default
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: gdm3 PID: 5939, Parent PID: 1333

General

Start time (UTC):	00:23:46
Start date (UTC):	07/01/2025
Path:	/usr/sbin/gdm3
Arguments:	-
File size:	453296 bytes
MD5 hash:	2492e2d8d34f9377e3e530a61a15674f

Chronological Activities

Analysis Process: Default PID: 5939, Parent PID: 1333

General

Start time (UTC):	00:23:46
Start date (UTC):	07/01/2025
Path:	/etc/gdm3/PrimeOff/Default
Arguments:	/etc/gdm3/PrimeOff/Default
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: systemd PID: 5940, Parent PID: 1

General

Start time (UTC):	00:23:46
Start date (UTC):	07/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: dbus-daemon PID: 5940, Parent PID: 1

General

Start time (UTC):	00:23:46
Start date (UTC):	07/01/2025
Path:	/usr/bin/dbus-daemon
Arguments:	/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: systemd PID: 5941, Parent PID: 1

General

Start time (UTC):	00:23:46
Start date (UTC):	07/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: agetty PID: 5941, Parent PID: 1

General

Start time (UTC):	00:23:46
Start date (UTC):	07/01/2025
Path:	/sbin/agetty
Arguments:	/sbin/agetty -o "-p -- \\u" --noclear tty2 linux
File size:	69000 bytes
MD5 hash:	3a374724ba7e863768139bdd60ca36f7

Chronological Activities

Analysis Process: systemd PID: 5942, Parent PID: 1

General

Start time (UTC):	00:23:47
Start date (UTC):	07/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: rsyslogd PID: 5942, Parent PID: 1

General

Start time (UTC):	00:23:47
Start date (UTC):	07/01/2025
Path:	/usr/sbin/rsyslogd
Arguments:	/usr/sbin/rsyslogd -n -iNONE
File size:	727248 bytes
MD5 hash:	0b8087fc907c42eb3c81a691db258e33

Chronological Activities

Analysis Process: systemd PID: 5943, Parent PID: 1

General

Start time (UTC):	00:23:47
Start date (UTC):	07/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: gpu-manager PID: 5943, Parent PID: 1

General

Start time (UTC):	00:23:47
Start date (UTC):	07/01/2025
Path:	/usr/bin/gpu-manager
Arguments:	/usr/bin/gpu-manager --log /var/log/gpu-manager.log
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Chronological Activities

Analysis Process: gpu-manager PID: 5944, Parent PID: 5943

General

Start time (UTC):	00:23:47
Start date (UTC):	07/01/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Chronological Activities

Analysis Process: sh PID: 5944, Parent PID: 5943

General

Start time (UTC):	00:23:47
Start date (UTC):	07/01/2025
Path:	/bin/sh
Arguments:	sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5945, Parent PID: 5944

General

Start time (UTC):	00:23:47
Start date (UTC):	07/01/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: grep PID: 5945, Parent PID: 5944

General

Start time (UTC):	00:23:47
Start date (UTC):	07/01/2025
Path:	/usr/bin/grep
Arguments:	grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
File size:	199136 bytes
MD5 hash:	1e6ebb9dd094f774478f72727bdba0f5

Chronological Activities

Analysis Process: gpu-manager PID: 5949, Parent PID: 5943

General

Start time (UTC):	00:23:47
Start date (UTC):	07/01/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Chronological Activities

Analysis Process: sh PID: 5949, Parent PID: 5943

General

Start time (UTC):	00:23:47
Start date (UTC):	07/01/2025
Path:	/bin/sh
Arguments:	sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5950, Parent PID: 5949

General

Start time (UTC):	00:23:47
Start date (UTC):	07/01/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: grep PID: 5950, Parent PID: 5949

General

Start time (UTC):	00:23:47
Start date (UTC):	07/01/2025
Path:	/usr/bin/grep
Arguments:	grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
File size:	199136 bytes
MD5 hash:	1e6ebb9dd094f774478f72727bdba0f5

Chronological Activities

Analysis Process: gpu-manager PID: 5951, Parent PID: 5943

General

Start time (UTC):	00:23:47
Start date (UTC):	07/01/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Chronological Activities

Analysis Process: sh PID: 5951, Parent PID: 5943

General

Start time (UTC):	00:23:47
Start date (UTC):	07/01/2025
Path:	/bin/sh
Arguments:	sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5952, Parent PID: 5951

General

Start time (UTC):	00:23:48
Start date (UTC):	07/01/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: grep PID: 5952, Parent PID: 5951

General

Start time (UTC):	00:23:48
Start date (UTC):	07/01/2025
Path:	/usr/bin/grep
Arguments:	grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
File size:	199136 bytes
MD5 hash:	1e6ebb9dd094f774478f72727bdba0f5

Chronological Activities

Analysis Process: gpu-manager PID: 5953, Parent PID: 5943

General

Start time (UTC):	00:23:48
Start date (UTC):	07/01/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Chronological Activities

Analysis Process: sh PID: 5953, Parent PID: 5943

General

Start time (UTC):	00:23:48
Start date (UTC):	07/01/2025
Path:	/bin/sh
Arguments:	sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5954, Parent PID: 5953

General

Start time (UTC):	00:23:48
Start date (UTC):	07/01/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: grep PID: 5954, Parent PID: 5953

General

Start time (UTC):	00:23:48
Start date (UTC):	07/01/2025
Path:	/usr/bin/grep
Arguments:	grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
File size:	199136 bytes
MD5 hash:	1e6ebb9dd094f774478f72727bdba0f5

Chronological Activities

Analysis Process: gpu-manager PID: 5955, Parent PID: 5943

General

Start time (UTC):	00:23:48
Start date (UTC):	07/01/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Chronological Activities

Analysis Process: sh PID: 5955, Parent PID: 5943

General

Start time (UTC):	00:23:48
Start date (UTC):	07/01/2025
Path:	/bin/sh
Arguments:	sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5956, Parent PID: 5955

General

Start time (UTC):	00:23:48
Start date (UTC):	07/01/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: grep PID: 5956, Parent PID: 5955

General

Start time (UTC):	00:23:48
Start date (UTC):	07/01/2025
Path:	/usr/bin/grep
Arguments:	grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
File size:	199136 bytes
MD5 hash:	1e6ebb9dd094f774478f72727bdba0f5

Chronological Activities

Analysis Process: gpu-manager PID: 6018, Parent PID: 5943

General

Start time (UTC):	00:23:48
Start date (UTC):	07/01/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Chronological Activities

Analysis Process: sh PID: 6018, Parent PID: 5943

General

Start time (UTC):	00:23:48
Start date (UTC):	07/01/2025
Path:	/bin/sh
Arguments:	sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /lib/modprobe.d/*.conf"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 6019, Parent PID: 6018

General

Start time (UTC):	00:23:48
Start date (UTC):	07/01/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: grep PID: 6019, Parent PID: 6018

General

Start time (UTC):	00:23:48
Start date (UTC):	07/01/2025
Path:	/usr/bin/grep
Arguments:	grep -G ^blacklist.amdgpu[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
File size:	199136 bytes
MD5 hash:	1e6ebb9dd094f774478f72727bdba0f5

Chronological Activities

Analysis Process: gpu-manager PID: 6023, Parent PID: 5943

General

Start time (UTC):	00:23:49
Start date (UTC):	07/01/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Chronological Activities

Analysis Process: sh PID: 6023, Parent PID: 5943

General

Start time (UTC):	00:23:49
Start date (UTC):	07/01/2025
Path:	/bin/sh
Arguments:	sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /etc/modprobe.d/*.conf"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 6024, Parent PID: 6023

General

Start time (UTC):	00:23:49
Start date (UTC):	07/01/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: grep PID: 6024, Parent PID: 6023

General

Start time (UTC):	00:23:49
Start date (UTC):	07/01/2025
Path:	/usr/bin/grep
Arguments:	grep -G ^blacklist.nouveau[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
File size:	199136 bytes
MD5 hash:	1e6ebb9dd094f774478f72727bdba0f5

Chronological Activities

Analysis Process: gpu-manager PID: 6087, Parent PID: 5943

General

Start time (UTC):	00:23:49
Start date (UTC):	07/01/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Chronological Activities

Analysis Process: sh PID: 6087, Parent PID: 5943

General

Start time (UTC):	00:23:49
Start date (UTC):	07/01/2025
Path:	/bin/sh
Arguments:	sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /lib/modprobe.d/*.conf"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 6088, Parent PID: 6087

General

Start time (UTC):	00:23:49
Start date (UTC):	07/01/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: grep PID: 6088, Parent PID: 6087

General

Start time (UTC):	00:23:49
Start date (UTC):	07/01/2025
Path:	/usr/bin/grep
Arguments:	grep -G ^blacklist.nouveau[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
File size:	199136 bytes
MD5 hash:	1e6ebb9dd094f774478f72727bdba0f5

Chronological Activities

Analysis Process: systemd PID: 5959, Parent PID: 1

General

Start time (UTC):	00:23:48
Start date (UTC):	07/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: systemd-logind PID: 5959, Parent PID: 1

General

Start time (UTC):	00:23:48
Start date (UTC):	07/01/2025
Path:	/lib/systemd/systemd-logind
Arguments:	/lib/systemd/systemd-logind
File size:	268576 bytes
MD5 hash:	8dd58a1b4c12f7a1d5fe3ce18b2aaeef

Chronological Activities

Analysis Process: systemd PID: 6022, Parent PID: 1

General

Start time (UTC):	00:23:49
Start date (UTC):	07/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: journalctl PID: 6022, Parent PID: 1

General

Start time (UTC):	00:23:49
Start date (UTC):	07/01/2025
Path:	/usr/bin/journalctl
Arguments:	/usr/bin/journalctl --smart-relinquish-var
File size:	80120 bytes
MD5 hash:	bf3a987344f3bacafc44efd882abda8b

Chronological Activities

Analysis Process: systemd PID: 6027, Parent PID: 1

General

Start time (UTC):	00:23:49
Start date (UTC):	07/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: systemd-logind PID: 6027, Parent PID: 1

General

Start time (UTC):	00:23:49
Start date (UTC):	07/01/2025
Path:	/lib/systemd/systemd-logind
Arguments:	/lib/systemd/systemd-logind
File size:	268576 bytes
MD5 hash:	8dd58a1b4c12f7a1d5fe3ce18b2aaeef

Chronological Activities

Analysis Process: systemd PID: 6037, Parent PID: 1

General

Start time (UTC):	00:23:49
Start date (UTC):	07/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: systemd-journald PID: 6037, Parent PID: 1

General

Start time (UTC):	00:23:49
Start date (UTC):	07/01/2025
Path:	/lib/systemd/systemd-journald
Arguments:	/lib/systemd/systemd-journald
File size:	162032 bytes
MD5 hash:	474667ece6cecb5e04c6eb897a1d0d9e

Chronological Activities

Analysis Process: systemd PID: 6089, Parent PID: 1

General

Start time (UTC):	00:23:49
Start date (UTC):	07/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: rsyslogd PID: 6089, Parent PID: 1

General

Start time (UTC):	00:23:49
Start date (UTC):	07/01/2025
Path:	/usr/sbin/rsyslogd
Arguments:	/usr/sbin/rsyslogd -n -iNONE
File size:	727248 bytes
MD5 hash:	0b8087fc907c42eb3c81a691db258e33

Chronological Activities

Analysis Process: systemd PID: 6090, Parent PID: 1

General

Start time (UTC):	00:23:50
Start date (UTC):	07/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: dbus-daemon PID: 6090, Parent PID: 1

General

Start time (UTC):	00:23:50
Start date (UTC):	07/01/2025
Path:	/usr/bin/dbus-daemon
Arguments:	/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: systemd PID: 6094, Parent PID: 1

General

Start time (UTC):	00:23:51
Start date (UTC):	07/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: generate-config PID: 6094, Parent PID: 1

General

Start time (UTC):	00:23:51
Start date (UTC):	07/01/2025
Path:	/usr/share/gdm/generate-config
Arguments:	/usr/share/gdm/generate-config
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: generate-config PID: 6095, Parent PID: 6094

General

Start time (UTC):	00:23:51
Start date (UTC):	07/01/2025
Path:	/usr/share/gdm/generate-config
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: pkill PID: 6095, Parent PID: 6094

General

Start time (UTC):	00:23:51
Start date (UTC):	07/01/2025
Path:	/usr/bin/pkill
Arguments:	pkill --signal HUP --uid gdm dconf-service
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Chronological Activities

Analysis Process: systemd PID: 6096, Parent PID: 1

General

Start time (UTC):	00:23:53
Start date (UTC):	07/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: gdm-wait-for-drm PID: 6096, Parent PID: 1

General

Start time (UTC):	00:23:53
Start date (UTC):	07/01/2025
Path:	/usr/lib/gdm3/gdm-wait-for-drm
Arguments:	/usr/lib/gdm3/gdm-wait-for-drm
File size:	14640 bytes
MD5 hash:	82043ba752c6930b4e6aaea2f7747545

Chronological Activities

Analysis Process: systemd PID: 6097, Parent PID: 1

General

Start time (UTC):	00:23:53
Start date (UTC):	07/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: journalctl PID: 6097, Parent PID: 1

General

Start time (UTC):	00:23:53
Start date (UTC):	07/01/2025
Path:	/usr/bin/journalctl
Arguments:	/usr/bin/journalctl --flush
File size:	80120 bytes
MD5 hash:	bf3a987344f3bacafc44efd882abda8b

Chronological Activities

Analysis Process: systemd PID: 6103, Parent PID: 1

General

Start time (UTC):	00:24:03
Start date (UTC):	07/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: gdm3 PID: 6103, Parent PID: 1

General

Start time (UTC):	00:24:03
Start date (UTC):	07/01/2025
Path:	/usr/sbin/gdm3
Arguments:	/usr/sbin/gdm3
File size:	453296 bytes
MD5 hash:	2492e2d8d34f9377e3e530a61a15674f

Chronological Activities

Analysis Process: gdm3 PID: 6106, Parent PID: 6103

General

Start time (UTC):	00:24:03
Start date (UTC):	07/01/2025
Path:	/usr/sbin/gdm3
Arguments:	-
File size:	453296 bytes
MD5 hash:	2492e2d8d34f9377e3e530a61a15674f

Chronological Activities

Analysis Process: plymouth PID: 6106, Parent PID: 6103

General

Start time (UTC):	00:24:03
Start date (UTC):	07/01/2025
Path:	/usr/bin/plymouth
Arguments:	plymouth --ping
File size:	51352 bytes
MD5 hash:	87003efd8dad470042f5e75360a8f49f

Chronological Activities

Analysis Process: gdm3 PID: 6122, Parent PID: 6103

General

Start time (UTC):	00:24:05
Start date (UTC):	07/01/2025
Path:	/usr/sbin/gdm3
Arguments:	-
File size:	453296 bytes
MD5 hash:	2492e2d8d34f9377e3e530a61a15674f

Chronological Activities

Analysis Process: gdm-session-worker PID: 6122, Parent PID: 6103

General

Start time (UTC):	00:24:05
Start date (UTC):	07/01/2025
Path:	/usr/lib/gdm3/gdm-session-worker
Arguments:	"gdm-session-worker [pam/gdm-launch-environment]"
File size:	293360 bytes
MD5 hash:	692243754bd9f38fe9bd7e230b5c060a

Chronological Activities

Analysis Process: gdm-session-worker PID: 6126, Parent PID: 6122

General

Start time (UTC):	00:24:06
Start date (UTC):	07/01/2025
Path:	/usr/lib/gdm3/gdm-session-worker
Arguments:	-
File size:	293360 bytes
MD5 hash:	692243754bd9f38fe9bd7e230b5c060a

Chronological Activities

Analysis Process: gdm-wayland-session PID: 6126, Parent PID: 6122

General

Start time (UTC):	00:24:06
Start date (UTC):	07/01/2025
Path:	/usr/lib/gdm3/gdm-wayland-session
Arguments:	/usr/lib/gdm3/gdm-wayland-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"
File size:	76368 bytes
MD5 hash:	d3def63cf1e83f7fb8a0f13b1744ff7c

Chronological Activities

Analysis Process: gdm-wayland-session PID: 6130, Parent PID: 6126

General

Start time (UTC):	00:24:07
Start date (UTC):	07/01/2025
Path:	/usr/lib/gdm3/gdm-wayland-session
Arguments:	-
File size:	76368 bytes
MD5 hash:	d3def63cf1e83f7fb8a0f13b1744ff7c

Chronological Activities

Analysis Process: dbus-run-session PID: 6130, Parent PID: 6126

General

Start time (UTC):	00:24:07
Start date (UTC):	07/01/2025
Path:	/usr/bin/dbus-run-session
Arguments:	dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart
File size:	14480 bytes
MD5 hash:	245f3ef6a268850b33b0225a8753b7f4

Chronological Activities

Analysis Process: dbus-run-session PID: 6131, Parent PID: 6130

General

Start time (UTC):	00:24:07
Start date (UTC):	07/01/2025
Path:	/usr/bin/dbus-run-session
Arguments:	-
File size:	14480 bytes
MD5 hash:	245f3ef6a268850b33b0225a8753b7f4

Chronological Activities

Analysis Process: dbus-daemon PID: 6131, Parent PID: 6130

General

Start time (UTC):	00:24:07
Start date (UTC):	07/01/2025
Path:	/usr/bin/dbus-daemon
Arguments:	dbus-daemon --nofork --print-address 4 --session
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: dbus-daemon PID: 6135, Parent PID: 6131

General

Start time (UTC):	00:24:08
Start date (UTC):	07/01/2025
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: dbus-daemon PID: 6136, Parent PID: 6135

General

Start time (UTC):	00:24:08
Start date (UTC):	07/01/2025
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: false PID: 6136, Parent PID: 6135

General

Start time (UTC):	00:24:08
Start date (UTC):	07/01/2025
Path:	/bin/false
Arguments:	/bin/false
File size:	39256 bytes
MD5 hash:	3177546c74e4f0062909eae43d948bfc

Chronological Activities

Analysis Process: dbus-daemon PID: 6138, Parent PID: 6131

General

Start time (UTC):	00:24:08
Start date (UTC):	07/01/2025
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: dbus-daemon PID: 6139, Parent PID: 6138

General

Start time (UTC):	00:24:08
Start date (UTC):	07/01/2025
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: false PID: 6139, Parent PID: 6138

General

Start time (UTC):	00:24:08
Start date (UTC):	07/01/2025
Path:	/bin/false
Arguments:	/bin/false
File size:	39256 bytes
MD5 hash:	3177546c74e4f0062909eae43d948bfc

Chronological Activities

Analysis Process: dbus-daemon PID: 6140, Parent PID: 6131

General

Start time (UTC):	00:24:08
Start date (UTC):	07/01/2025
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: dbus-daemon PID: 6141, Parent PID: 6140

General

Start time (UTC):	00:24:08
Start date (UTC):	07/01/2025
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: false PID: 6141, Parent PID: 6140

General

Start time (UTC):	00:24:08
Start date (UTC):	07/01/2025
Path:	/bin/false
Arguments:	/bin/false
File size:	39256 bytes
MD5 hash:	3177546c74e4f0062909eae43d948bfc

Chronological Activities

Analysis Process: dbus-daemon PID: 6142, Parent PID: 6131

General

Start time (UTC):	00:24:08
Start date (UTC):	07/01/2025
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: dbus-daemon PID: 6143, Parent PID: 6142

General

Start time (UTC):	00:24:08
Start date (UTC):	07/01/2025
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: false PID: 6143, Parent PID: 6142

General

Start time (UTC):	00:24:08
Start date (UTC):	07/01/2025
Path:	/bin/false
Arguments:	/bin/false
File size:	39256 bytes
MD5 hash:	3177546c74e4f0062909eae43d948bfc

Chronological Activities

Analysis Process: dbus-daemon PID: 6144, Parent PID: 6131

General

Start time (UTC):	00:24:08
Start date (UTC):	07/01/2025
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: dbus-daemon PID: 6145, Parent PID: 6144

General

Start time (UTC):	00:24:08
Start date (UTC):	07/01/2025
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: false PID: 6145, Parent PID: 6144

General

Start time (UTC):	00:24:08
Start date (UTC):	07/01/2025
Path:	/bin/false
Arguments:	/bin/false
File size:	39256 bytes
MD5 hash:	3177546c74e4f0062909eae43d948bfc

Chronological Activities

Analysis Process: dbus-daemon PID: 6146, Parent PID: 6131

General

Start time (UTC):	00:24:08
Start date (UTC):	07/01/2025
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: dbus-daemon PID: 6147, Parent PID: 6146

General

Start time (UTC):	00:24:08
Start date (UTC):	07/01/2025
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: false PID: 6147, Parent PID: 6146

General

Start time (UTC):	00:24:08
Start date (UTC):	07/01/2025
Path:	/bin/false
Arguments:	/bin/false
File size:	39256 bytes
MD5 hash:	3177546c74e4f0062909eae43d948bfc

Chronological Activities

Analysis Process: dbus-daemon PID: 6151, Parent PID: 6131

General

Start time (UTC):	00:24:09
Start date (UTC):	07/01/2025
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: dbus-daemon PID: 6152, Parent PID: 6151

General

Start time (UTC):	00:24:09
Start date (UTC):	07/01/2025
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: false PID: 6152, Parent PID: 6151

General

Start time (UTC):	00:24:09
Start date (UTC):	07/01/2025
Path:	/bin/false
Arguments:	/bin/false
File size:	39256 bytes
MD5 hash:	3177546c74e4f0062909eae43d948bfc

Chronological Activities

Analysis Process: dbus-run-session PID: 6132, Parent PID: 6130

General

Start time (UTC):	00:24:07
Start date (UTC):	07/01/2025
Path:	/usr/bin/dbus-run-session
Arguments:	-
File size:	14480 bytes
MD5 hash:	245f3ef6a268850b33b0225a8753b7f4

Chronological Activities

Analysis Process: gnome-session PID: 6132, Parent PID: 6130

General

Start time (UTC):	00:24:07
Start date (UTC):	07/01/2025
Path:	/usr/bin/gnome-session
Arguments:	gnome-session --autostart /usr/share/gdm/greeter/autostart
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: gnome-session-binary PID: 6132, Parent PID: 6130

General

Start time (UTC):	00:24:07
Start date (UTC):	07/01/2025
Path:	/usr/libexec/gnome-session-binary
Arguments:	/usr/libexec/gnome-session-binary --systemd --autostart /usr/share/gdm/greeter/autostart
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Chronological Activities

Analysis Process: gnome-session-binary PID: 6153, Parent PID: 6132

General

Start time (UTC):	00:24:09
Start date (UTC):	07/01/2025
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Chronological Activities

Analysis Process: session-migration PID: 6153, Parent PID: 6132

General

Start time (UTC):	00:24:09
Start date (UTC):	07/01/2025
Path:	/usr/bin/session-migration
Arguments:	session-migration
File size:	22680 bytes
MD5 hash:	5227af42ebf14ac2fe2acddb002f68dc

Chronological Activities

Analysis Process: gnome-session-binary PID: 6154, Parent PID: 6132

General

Start time (UTC):	00:24:09
Start date (UTC):	07/01/2025
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Chronological Activities

Analysis Process: sh PID: 6154, Parent PID: 6132

General

Start time (UTC):	00:24:09
Start date (UTC):	07/01/2025
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: gnome-shell PID: 6154, Parent PID: 6132

General

Start time (UTC):	00:24:10
Start date (UTC):	07/01/2025
Path:	/usr/bin/gnome-shell
Arguments:	/usr/bin/gnome-shell
File size:	23168 bytes
MD5 hash:	da7a257239677622fe4b3a65972c9e87

Chronological Activities

Analysis Process: gdm3 PID: 6160, Parent PID: 6103

General

Start time (UTC):	00:24:12
Start date (UTC):	07/01/2025
Path:	/usr/sbin/gdm3
Arguments:	-
File size:	453296 bytes
MD5 hash:	2492e2d8d34f9377e3e530a61a15674f

Chronological Activities

Analysis Process: gdm-session-worker PID: 6160, Parent PID: 6103

General

Start time (UTC):	00:24:12
Start date (UTC):	07/01/2025
Path:	/usr/lib/gdm3/gdm-session-worker
Arguments:	"gdm-session-worker [pam/gdm-launch-environment]"
File size:	293360 bytes
MD5 hash:	692243754bd9f38fe9bd7e230b5c060a

Chronological Activities

Analysis Process: gdm-session-worker PID: 6165, Parent PID: 6160

General

Start time (UTC):	00:24:13
Start date (UTC):	07/01/2025
Path:	/usr/lib/gdm3/gdm-session-worker
Arguments:	-
File size:	293360 bytes
MD5 hash:	692243754bd9f38fe9bd7e230b5c060a

Chronological Activities

Analysis Process: gdm-x-session PID: 6165, Parent PID: 6160

General

Start time (UTC):	00:24:14
Start date (UTC):	07/01/2025
Path:	/usr/lib/gdm3/gdm-x-session
Arguments:	/usr/lib/gdm3/gdm-x-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"
File size:	96944 bytes
MD5 hash:	498a824333f1c1ec7767f4612d1887cc

Chronological Activities

Analysis Process: gdm-x-session PID: 6169, Parent PID: 6165

General

Start time (UTC):	00:24:14
Start date (UTC):	07/01/2025
Path:	/usr/lib/gdm3/gdm-x-session
Arguments:	-
File size:	96944 bytes
MD5 hash:	498a824333f1c1ec7767f4612d1887cc

Chronological Activities

Analysis Process: Xorg PID: 6169, Parent PID: 6165

General

Start time (UTC):	00:24:14
Start date (UTC):	07/01/2025
Path:	/usr/bin/Xorg
Arguments:	/usr/bin/Xorg vt1 -displayfd 3 -auth /run/user/127/gdm/Xauthority -background none -noreset -keeptty -verbose 3
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: Xorg.wrap PID: 6169, Parent PID: 6165

General

Start time (UTC):	00:24:14
Start date (UTC):	07/01/2025
Path:	/usr/lib/xorg/Xorg.wrap
Arguments:	/usr/lib/xorg/Xorg.wrap vt1 -displayfd 3 -auth /run/user/127/gdm/Xauthority -background none -noreset -keeptty -verbose 3
File size:	14488 bytes
MD5 hash:	48993830888200ecf19dd7def0884dfd

Chronological Activities

Analysis Process: Xorg PID: 6169, Parent PID: 6165

General

Start time (UTC):	00:24:14
Start date (UTC):	07/01/2025
Path:	/usr/lib/xorg/Xorg
Arguments:	/usr/lib/xorg/Xorg vt1 -displayfd 3 -auth /run/user/127/gdm/Xauthority -background none -noreset -keeptty -verbose 3
File size:	2448840 bytes
MD5 hash:	730cf4c45a7ee8bea88abf165463b7f8

Chronological Activities

Analysis Process: Xorg PID: 6176, Parent PID: 6169

General

Start time (UTC):	00:24:21
Start date (UTC):	07/01/2025
Path:	/usr/lib/xorg/Xorg
Arguments:	-
File size:	2448840 bytes
MD5 hash:	730cf4c45a7ee8bea88abf165463b7f8

Chronological Activities

Analysis Process: sh PID: 6176, Parent PID: 6169

General

Start time (UTC):	00:24:21
Start date (UTC):	07/01/2025
Path:	/bin/sh
Arguments:	sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 6177, Parent PID: 6176

General

Start time (UTC):	00:24:21
Start date (UTC):	07/01/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: xkbcomp PID: 6177, Parent PID: 6176

General

Start time (UTC):	00:24:21
Start date (UTC):	07/01/2025
Path:	/usr/bin/xkbcomp
Arguments:	/usr/bin/xkbcomp -w 1 -R/usr/share/X11/xkb -xkm - -em1 "The XKEYBOARD keymap compiler (xkbcomp) reports:" -emp "> " -eml "Errors from xkbcomp are not fatal to the X server" /tmp/server-0.xkm
File size:	217184 bytes
MD5 hash:	c5f953aec4c00d2a1cc27acb75d62c9b

Chronological Activities

Analysis Process: Xorg PID: 6401, Parent PID: 6169

General

Start time (UTC):	00:24:42
Start date (UTC):	07/01/2025
Path:	/usr/lib/xorg/Xorg
Arguments:	-
File size:	2448840 bytes
MD5 hash:	730cf4c45a7ee8bea88abf165463b7f8

Chronological Activities

Analysis Process: sh PID: 6401, Parent PID: 6169

General

Start time (UTC):	00:24:42
Start date (UTC):	07/01/2025
Path:	/bin/sh
Arguments:	sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 6402, Parent PID: 6401

General

Start time (UTC):	00:24:42
Start date (UTC):	07/01/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: xkbcomp PID: 6402, Parent PID: 6401

General

Start time (UTC):	00:24:42
Start date (UTC):	07/01/2025
Path:	/usr/bin/xkbcomp
Arguments:	/usr/bin/xkbcomp -w 1 -R/usr/share/X11/xkb -xkm - -em1 "The XKEYBOARD keymap compiler (xkbcomp) reports:" -emp "> " -eml "Errors from xkbcomp are not fatal to the X server" /tmp/server-0.xkm
File size:	217184 bytes
MD5 hash:	c5f953aec4c00d2a1cc27acb75d62c9b

Chronological Activities

Analysis Process: gdm-x-session PID: 6182, Parent PID: 6165

General

Start time (UTC):	00:24:25
Start date (UTC):	07/01/2025
Path:	/usr/lib/gdm3/gdm-x-session
Arguments:	-
File size:	96944 bytes
MD5 hash:	498a824333f1c1ec7767f4612d1887cc

Chronological Activities

Analysis Process: Default PID: 6182, Parent PID: 6165

General

Start time (UTC):	00:24:25
Start date (UTC):	07/01/2025
Path:	/etc/gdm3/Prime/Default
Arguments:	/etc/gdm3/Prime/Default
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: gdm-x-session PID: 6183, Parent PID: 6165

General

Start time (UTC):	00:24:25
Start date (UTC):	07/01/2025
Path:	/usr/lib/gdm3/gdm-x-session
Arguments:	-
File size:	96944 bytes
MD5 hash:	498a824333f1c1ec7767f4612d1887cc

Chronological Activities

Analysis Process: dbus-run-session PID: 6183, Parent PID: 6165

General

Start time (UTC):	00:24:25
Start date (UTC):	07/01/2025
Path:	/usr/bin/dbus-run-session
Arguments:	dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart
File size:	14480 bytes
MD5 hash:	245f3ef6a268850b33b0225a8753b7f4

Chronological Activities

Analysis Process: dbus-run-session PID: 6184, Parent PID: 6183

General

Start time (UTC):	00:24:25
Start date (UTC):	07/01/2025
Path:	/usr/bin/dbus-run-session
Arguments:	-
File size:	14480 bytes
MD5 hash:	245f3ef6a268850b33b0225a8753b7f4

Chronological Activities

Analysis Process: dbus-daemon PID: 6184, Parent PID: 6183

General

Start time (UTC):	00:24:25
Start date (UTC):	07/01/2025
Path:	/usr/bin/dbus-daemon
Arguments:	dbus-daemon --nofork --print-address 4 --session
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: dbus-daemon PID: 6197, Parent PID: 6184

General

Start time (UTC):	00:24:29
Start date (UTC):	07/01/2025
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: dbus-daemon PID: 6198, Parent PID: 6197

General

Start time (UTC):	00:24:29
Start date (UTC):	07/01/2025
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: at-spi-bus-launcher PID: 6198, Parent PID: 6197

General

Start time (UTC):	00:24:29
Start date (UTC):	07/01/2025
Path:	/usr/libexec/at-spi-bus-launcher
Arguments:	/usr/libexec/at-spi-bus-launcher
File size:	27008 bytes
MD5 hash:	1563f274acd4e7ba530a55bdc4c95682

Chronological Activities

Analysis Process: at-spi-bus-launcher PID: 6203, Parent PID: 6198

General

Start time (UTC):	00:24:29
Start date (UTC):	07/01/2025
Path:	/usr/libexec/at-spi-bus-launcher
Arguments:	-
File size:	27008 bytes
MD5 hash:	1563f274acd4e7ba530a55bdc4c95682

Chronological Activities

Analysis Process: dbus-daemon PID: 6203, Parent PID: 6198

General

Start time (UTC):	00:24:29
Start date (UTC):	07/01/2025
Path:	/usr/bin/dbus-daemon
Arguments:	/usr/bin/dbus-daemon --config-file=/usr/share/defaults/at-spi2/accessibility.conf --nofork --print-address 3
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: dbus-daemon PID: 6566, Parent PID: 6203

General

Start time (UTC):	00:24:45
Start date (UTC):	07/01/2025
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: dbus-daemon PID: 6567, Parent PID: 6566

General

Start time (UTC):	00:24:45
Start date (UTC):	07/01/2025
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: at-spi2-registryd PID: 6567, Parent PID: 6566

General

Start time (UTC):	00:24:45
Start date (UTC):	07/01/2025
Path:	/usr/libexec/at-spi2-registryd
Arguments:	/usr/libexec/at-spi2-registryd --use-gnome-session
File size:	100224 bytes
MD5 hash:	1d904c2693452edebc7ede3a9e24d440

Chronological Activities

Analysis Process: dbus-daemon PID: 6224, Parent PID: 6184

General

Start time (UTC):	00:24:31
Start date (UTC):	07/01/2025
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: dbus-daemon PID: 6225, Parent PID: 6224

General

Start time (UTC):	00:24:31
Start date (UTC):	07/01/2025
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: false PID: 6225, Parent PID: 6224

General

Start time (UTC):	00:24:31
Start date (UTC):	07/01/2025
Path:	/bin/false
Arguments:	/bin/false
File size:	39256 bytes
MD5 hash:	3177546c74e4f0062909eae43d948bfc

Chronological Activities

Analysis Process: dbus-daemon PID: 6227, Parent PID: 6184

General

Start time (UTC):	00:24:31
Start date (UTC):	07/01/2025
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: dbus-daemon PID: 6228, Parent PID: 6227

General

Start time (UTC):	00:24:31
Start date (UTC):	07/01/2025
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: false PID: 6228, Parent PID: 6227

General

Start time (UTC):	00:24:31
Start date (UTC):	07/01/2025
Path:	/bin/false
Arguments:	/bin/false
File size:	39256 bytes
MD5 hash:	3177546c74e4f0062909eae43d948bfc

Chronological Activities

Analysis Process: dbus-daemon PID: 6229, Parent PID: 6184

General

Start time (UTC):	00:24:31
Start date (UTC):	07/01/2025
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: dbus-daemon PID: 6230, Parent PID: 6229

General

Start time (UTC):	00:24:31
Start date (UTC):	07/01/2025
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: false PID: 6230, Parent PID: 6229

General

Start time (UTC):	00:24:31
Start date (UTC):	07/01/2025
Path:	/bin/false
Arguments:	/bin/false
File size:	39256 bytes
MD5 hash:	3177546c74e4f0062909eae43d948bfc

Chronological Activities

Analysis Process: dbus-daemon PID: 6231, Parent PID: 6184

General

Start time (UTC):	00:24:31
Start date (UTC):	07/01/2025
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: dbus-daemon PID: 6232, Parent PID: 6231

General

Start time (UTC):	00:24:31
Start date (UTC):	07/01/2025
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: false PID: 6232, Parent PID: 6231

General

Start time (UTC):	00:24:31
Start date (UTC):	07/01/2025
Path:	/bin/false
Arguments:	/bin/false
File size:	39256 bytes
MD5 hash:	3177546c74e4f0062909eae43d948bfc

Chronological Activities

Analysis Process: dbus-daemon PID: 6233, Parent PID: 6184

General

Start time (UTC):	00:24:31
Start date (UTC):	07/01/2025
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: dbus-daemon PID: 6234, Parent PID: 6233

General

Start time (UTC):	00:24:31
Start date (UTC):	07/01/2025
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: false PID: 6234, Parent PID: 6233

General

Start time (UTC):	00:24:31
Start date (UTC):	07/01/2025
Path:	/bin/false
Arguments:	/bin/false
File size:	39256 bytes
MD5 hash:	3177546c74e4f0062909eae43d948bfc

Chronological Activities

Analysis Process: dbus-daemon PID: 6235, Parent PID: 6184

General

Start time (UTC):	00:24:31
Start date (UTC):	07/01/2025
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: dbus-daemon PID: 6236, Parent PID: 6235

General

Start time (UTC):	00:24:31
Start date (UTC):	07/01/2025
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: false PID: 6236, Parent PID: 6235

General

Start time (UTC):	00:24:31
Start date (UTC):	07/01/2025
Path:	/bin/false
Arguments:	/bin/false
File size:	39256 bytes
MD5 hash:	3177546c74e4f0062909eae43d948bfc

Chronological Activities

Analysis Process: dbus-daemon PID: 6238, Parent PID: 6184

General

Start time (UTC):	00:24:32
Start date (UTC):	07/01/2025
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: dbus-daemon PID: 6239, Parent PID: 6238

General

Start time (UTC):	00:24:32
Start date (UTC):	07/01/2025
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: false PID: 6239, Parent PID: 6238

General

Start time (UTC):	00:24:32
Start date (UTC):	07/01/2025
Path:	/bin/false
Arguments:	/bin/false
File size:	39256 bytes
MD5 hash:	3177546c74e4f0062909eae43d948bfc

Chronological Activities

Analysis Process: dbus-daemon PID: 6403, Parent PID: 6184

General

Start time (UTC):	00:24:42
Start date (UTC):	07/01/2025
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: dbus-daemon PID: 6404, Parent PID: 6403

General

Start time (UTC):	00:24:42
Start date (UTC):	07/01/2025
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: ibus-portal PID: 6404, Parent PID: 6403

General

Start time (UTC):	00:24:42
Start date (UTC):	07/01/2025
Path:	/usr/libexec/ibus-portal
Arguments:	/usr/libexec/ibus-portal
File size:	92536 bytes
MD5 hash:	562ad55bd9a4d54bd7b76746b01e37d3

Chronological Activities

Analysis Process: dbus-daemon PID: 6579, Parent PID: 6184

General

Start time (UTC):	00:24:47
Start date (UTC):	07/01/2025
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: dbus-daemon PID: 6580, Parent PID: 6579

General

Start time (UTC):	00:24:47
Start date (UTC):	07/01/2025
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: gjs PID: 6580, Parent PID: 6579

General

Start time (UTC):	00:24:47
Start date (UTC):	07/01/2025
Path:	/usr/bin/gjs
Arguments:	/usr/bin/gjs /usr/share/gnome-shell/org.gnome.Shell.Notifications
File size:	23128 bytes
MD5 hash:	5f3eceb792bb65c22f23d1efb4fde3ad

Chronological Activities

Analysis Process: dbus-daemon PID: 6773, Parent PID: 6184

General

Start time (UTC):	00:24:58
Start date (UTC):	07/01/2025
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: dbus-daemon PID: 6774, Parent PID: 6773

General

Start time (UTC):	00:24:58
Start date (UTC):	07/01/2025
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: false PID: 6774, Parent PID: 6773

General

Start time (UTC):	00:24:58
Start date (UTC):	07/01/2025
Path:	/bin/false
Arguments:	/bin/false
File size:	39256 bytes
MD5 hash:	3177546c74e4f0062909eae43d948bfc

Chronological Activities

Analysis Process: dbus-run-session PID: 6185, Parent PID: 6183

General

Start time (UTC):	00:24:25
Start date (UTC):	07/01/2025
Path:	/usr/bin/dbus-run-session
Arguments:	-
File size:	14480 bytes
MD5 hash:	245f3ef6a268850b33b0225a8753b7f4

Chronological Activities

Analysis Process: gnome-session PID: 6185, Parent PID: 6183

General

Start time (UTC):	00:24:25
Start date (UTC):	07/01/2025
Path:	/usr/bin/gnome-session
Arguments:	gnome-session --autostart /usr/share/gdm/greeter/autostart
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: gnome-session-binary PID: 6185, Parent PID: 6183

General

Start time (UTC):	00:24:25
Start date (UTC):	07/01/2025
Path:	/usr/libexec/gnome-session-binary
Arguments:	/usr/libexec/gnome-session-binary --systemd --autostart /usr/share/gdm/greeter/autostart
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Analysis Process: gnome-session-binary PID: 6186, Parent PID: 6185

General

Start time (UTC):	00:24:25
Start date (UTC):	07/01/2025
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Analysis Process: gnome-session-check-accelerated PID: 6186, Parent PID: 6185

General

Start time (UTC):	00:24:25
Start date (UTC):	07/01/2025
Path:	/usr/libexec/gnome-session-check-accelerated
Arguments:	/usr/libexec/gnome-session-check-accelerated
File size:	18752 bytes
MD5 hash:	a64839518af85b2b9de31aca27646396

Analysis Process: gnome-session-check-accelerated PID: 6204, Parent PID: 6186

General

Start time (UTC):	00:24:29
Start date (UTC):	07/01/2025
Path:	/usr/libexec/gnome-session-check-accelerated
Arguments:	-
File size:	18752 bytes
MD5 hash:	a64839518af85b2b9de31aca27646396

Analysis Process: gnome-session-check-accelerated-gl-helper PID: 6204, Parent PID: 6186

General

Start time (UTC):	00:24:29
Start date (UTC):	07/01/2025
Path:	/usr/libexec/gnome-session-check-accelerated-gl-helper
Arguments:	/usr/libexec/gnome-session-check-accelerated-gl-helper --print-renderer
File size:	22920 bytes
MD5 hash:	b1ab9a384f9e98a39ae5c36037dd5e78

Analysis Process: gnome-session-check-accelerated PID: 6213, Parent PID: 6186

General

Start time (UTC):	00:24:30
Start date (UTC):	07/01/2025
Path:	/usr/libexec/gnome-session-check-accelerated
Arguments:	-
File size:	18752 bytes
MD5 hash:	a64839518af85b2b9de31aca27646396

Analysis Process: gnome-session-check-accelerated-gles-helper PID: 6213, Parent PID: 6186

General

Start time (UTC):	00:24:30
Start date (UTC):	07/01/2025
Path:	/usr/libexec/gnome-session-check-accelerated-gles-helper
Arguments:	/usr/libexec/gnome-session-check-accelerated-gles-helper --print-renderer
File size:	14728 bytes
MD5 hash:	1bd78885765a18e60c05ed1fb5fa3bf8

Analysis Process: gnome-session-binary PID: 6240, Parent PID: 6185

General

Start time (UTC):	00:24:32
Start date (UTC):	07/01/2025
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Analysis Process: session-migration PID: 6240, Parent PID: 6185

General

Start time (UTC):	00:24:32
Start date (UTC):	07/01/2025
Path:	/usr/bin/session-migration
Arguments:	session-migration
File size:	22680 bytes
MD5 hash:	5227af42ebf14ac2fe2acddb002f68dc

Analysis Process: gnome-session-binary PID: 6241, Parent PID: 6185

General

Start time (UTC):	00:24:32
Start date (UTC):	07/01/2025
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Analysis Process: sh PID: 6241, Parent PID: 6185

General

Start time (UTC):	00:24:32
Start date (UTC):	07/01/2025
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: gnome-shell PID: 6241, Parent PID: 6185

General

Start time (UTC):	00:24:32
Start date (UTC):	07/01/2025
Path:	/usr/bin/gnome-shell
Arguments:	/usr/bin/gnome-shell
File size:	23168 bytes
MD5 hash:	da7a257239677622fe4b3a65972c9e87

Analysis Process: gnome-shell PID: 6357, Parent PID: 6241

General

Start time (UTC):	00:24:41
Start date (UTC):	07/01/2025
Path:	/usr/bin/gnome-shell
Arguments:	-
File size:	23168 bytes
MD5 hash:	da7a257239677622fe4b3a65972c9e87

Analysis Process: ibus-daemon PID: 6357, Parent PID: 6241

General

Start time (UTC):	00:24:41
Start date (UTC):	07/01/2025
Path:	/usr/bin/ibus-daemon
Arguments:	ibus-daemon --panel disable --xim
File size:	199088 bytes
MD5 hash:	1e00fb9860b198c73f6e364e3ff16f31

Analysis Process: ibus-daemon PID: 6397, Parent PID: 6357

General

Start time (UTC):	00:24:42
Start date (UTC):	07/01/2025
Path:	/usr/bin/ibus-daemon
Arguments:	-
File size:	199088 bytes
MD5 hash:	1e00fb9860b198c73f6e364e3ff16f31

Analysis Process: ibus-memconf PID: 6397, Parent PID: 6357

General

Start time (UTC):	00:24:42
Start date (UTC):	07/01/2025
Path:	/usr/libexec/ibus-memconf
Arguments:	/usr/libexec/ibus-memconf
File size:	22904 bytes
MD5 hash:	523e939905910d06598e66385761a822

Analysis Process: ibus-daemon PID: 6398, Parent PID: 6357

General

Start time (UTC):	00:24:42
Start date (UTC):	07/01/2025
Path:	/usr/bin/ibus-daemon
Arguments:	-
File size:	199088 bytes
MD5 hash:	1e00fb9860b198c73f6e364e3ff16f31

Analysis Process: ibus-daemon PID: 6399, Parent PID: 6398

General

Start time (UTC):	00:24:42
Start date (UTC):	07/01/2025
Path:	/usr/bin/ibus-daemon
Arguments:	-
File size:	199088 bytes
MD5 hash:	1e00fb9860b198c73f6e364e3ff16f31

Analysis Process: ibus-x11 PID: 6399, Parent PID: 1

General

Start time (UTC):	00:24:42
Start date (UTC):	07/01/2025
Path:	/usr/libexec/ibus-x11
Arguments:	/usr/libexec/ibus-x11 --kill-daemon
File size:	100352 bytes
MD5 hash:	2aa1e54666191243814c2733d6992dbd

Analysis Process: ibus-daemon PID: 6622, Parent PID: 6357

General

Start time (UTC):	00:24:55
Start date (UTC):	07/01/2025
Path:	/usr/bin/ibus-daemon
Arguments:	-
File size:	199088 bytes
MD5 hash:	1e00fb9860b198c73f6e364e3ff16f31

Analysis Process: ibus-engine-simple PID: 6622, Parent PID: 6357

General

Start time (UTC):	00:24:55
Start date (UTC):	07/01/2025
Path:	/usr/libexec/ibus-engine-simple
Arguments:	/usr/libexec/ibus-engine-simple
File size:	14712 bytes
MD5 hash:	0238866d5e8802a0ce1b1b9af8cb1376

Analysis Process: gnome-session-binary PID: 6596, Parent PID: 6185

General

Start time (UTC):	00:24:51
Start date (UTC):	07/01/2025
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Analysis Process: sh PID: 6596, Parent PID: 6185

General

Start time (UTC):	00:24:51
Start date (UTC):	07/01/2025
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: gsd-sharing PID: 6596, Parent PID: 6185

General

Start time (UTC):	00:24:51
Start date (UTC):	07/01/2025
Path:	/usr/libexec/gsd-sharing
Arguments:	/usr/libexec/gsd-sharing
File size:	35424 bytes
MD5 hash:	e29d9025d98590fbb69f89fdbd4438b3

Analysis Process: gnome-session-binary PID: 6598, Parent PID: 6185

General

Start time (UTC):	00:24:51
Start date (UTC):	07/01/2025
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Analysis Process: sh PID: 6598, Parent PID: 6185

General

Start time (UTC):	00:24:51
Start date (UTC):	07/01/2025
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-wacom
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: gsd-wacom PID: 6598, Parent PID: 6185

General

Start time (UTC):	00:24:51
Start date (UTC):	07/01/2025
Path:	/usr/libexec/gsd-wacom
Arguments:	/usr/libexec/gsd-wacom
File size:	39520 bytes
MD5 hash:	13778dd1a23a4e94ddc17ac9caa4fcc1

Analysis Process: gnome-session-binary PID: 6600, Parent PID: 6185

General

Start time (UTC):	00:24:51
Start date (UTC):	07/01/2025
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Analysis Process: sh PID: 6600, Parent PID: 6185

General

Start time (UTC):	00:24:51
Start date (UTC):	07/01/2025
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-color
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: gsd-color PID: 6600, Parent PID: 6185

General

Start time (UTC):	00:24:51
Start date (UTC):	07/01/2025
Path:	/usr/libexec/gsd-color
Arguments:	/usr/libexec/gsd-color
File size:	92832 bytes
MD5 hash:	ac2861ad93ce047283e8e87cefef9a19

Analysis Process: gnome-session-binary PID: 6601, Parent PID: 6185

General

Start time (UTC):	00:24:51
Start date (UTC):	07/01/2025
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Analysis Process: sh PID: 6601, Parent PID: 6185

General

Start time (UTC):	00:24:51
Start date (UTC):	07/01/2025
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-keyboard
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: gsd-keyboard PID: 6601, Parent PID: 6185

General

Start time (UTC):	00:24:52
Start date (UTC):	07/01/2025
Path:	/usr/libexec/gsd-keyboard
Arguments:	/usr/libexec/gsd-keyboard
File size:	39760 bytes
MD5 hash:	8e288fd17c80bb0a1148b964b2ac2279

Analysis Process: gnome-session-binary PID: 6602, Parent PID: 6185

General

Start time (UTC):	00:24:52
Start date (UTC):	07/01/2025
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Analysis Process: sh PID: 6602, Parent PID: 6185

General

Start time (UTC):	00:24:52
Start date (UTC):	07/01/2025
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: gsd-print-notifications PID: 6602, Parent PID: 6185

General

Start time (UTC):	00:24:52
Start date (UTC):	07/01/2025
Path:	/usr/libexec/gsd-print-notifications
Arguments:	/usr/libexec/gsd-print-notifications
File size:	51840 bytes
MD5 hash:	71539698aa691718cee775d6b9450ae2

Analysis Process: gsd-print-notifications PID: 6775, Parent PID: 6602

General

Start time (UTC):	00:24:59
Start date (UTC):	07/01/2025
Path:	/usr/libexec/gsd-print-notifications
Arguments:	-
File size:	51840 bytes
MD5 hash:	71539698aa691718cee775d6b9450ae2

Analysis Process: gsd-print-notifications PID: 6776, Parent PID: 6775

General

Start time (UTC):	00:24:59
Start date (UTC):	07/01/2025
Path:	/usr/libexec/gsd-print-notifications
Arguments:	-
File size:	51840 bytes
MD5 hash:	71539698aa691718cee775d6b9450ae2

Analysis Process: gsd-printer PID: 6776, Parent PID: 1

General

Start time (UTC):	00:24:59
Start date (UTC):	07/01/2025
Path:	/usr/libexec/gsd-printer
Arguments:	/usr/libexec/gsd-printer
File size:	31120 bytes
MD5 hash:	7995828cf98c315fd55f2ffb3b22384d

Analysis Process: gnome-session-binary PID: 6604, Parent PID: 6185

General

Start time (UTC):	00:24:52
Start date (UTC):	07/01/2025
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Analysis Process: sh PID: 6604, Parent PID: 6185

General

Start time (UTC):	00:24:52
Start date (UTC):	07/01/2025
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: gsd-rfkill PID: 6604, Parent PID: 6185

General

Start time (UTC):	00:24:52
Start date (UTC):	07/01/2025
Path:	/usr/libexec/gsd-rfkill
Arguments:	/usr/libexec/gsd-rfkill
File size:	51808 bytes
MD5 hash:	88a16a3c0aba1759358c06215ecfb5cc

Analysis Process: gnome-session-binary PID: 6605, Parent PID: 6185

General

Start time (UTC):	00:24:52
Start date (UTC):	07/01/2025
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Analysis Process: sh PID: 6605, Parent PID: 6185

General

Start time (UTC):	00:24:52
Start date (UTC):	07/01/2025
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-smartcard
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: gsd-smartcard PID: 6605, Parent PID: 6185

General

Start time (UTC):	00:24:53
Start date (UTC):	07/01/2025
Path:	/usr/libexec/gsd-smartcard
Arguments:	/usr/libexec/gsd-smartcard
File size:	109152 bytes
MD5 hash:	ea1fbd7f62e4cd0331eae2ef754ee605

Analysis Process: gnome-session-binary PID: 6608, Parent PID: 6185

General

Start time (UTC):	00:24:53
Start date (UTC):	07/01/2025
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Analysis Process: sh PID: 6608, Parent PID: 6185

General

Start time (UTC):	00:24:53
Start date (UTC):	07/01/2025
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-datetime
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: gsd-datetime PID: 6608, Parent PID: 6185

General

Start time (UTC):	00:24:53
Start date (UTC):	07/01/2025
Path:	/usr/libexec/gsd-datetime
Arguments:	/usr/libexec/gsd-datetime
File size:	76736 bytes
MD5 hash:	d80d39745740de37d6634d36e344d4bc

Analysis Process: gnome-session-binary PID: 6609, Parent PID: 6185

General

Start time (UTC):	00:24:53
Start date (UTC):	07/01/2025
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Analysis Process: sh PID: 6609, Parent PID: 6185

General

Start time (UTC):	00:24:53
Start date (UTC):	07/01/2025
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-media-keys
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: gsd-media-keys PID: 6609, Parent PID: 6185

General

Start time (UTC):	00:24:53
Start date (UTC):	07/01/2025
Path:	/usr/libexec/gsd-media-keys
Arguments:	/usr/libexec/gsd-media-keys
File size:	232936 bytes
MD5 hash:	a425448c135afb4b8bfd79cc0b6b74da

Analysis Process: gnome-session-binary PID: 6610, Parent PID: 6185

General

Start time (UTC):	00:24:53
Start date (UTC):	07/01/2025
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Analysis Process: sh PID: 6610, Parent PID: 6185

General

Start time (UTC):	00:24:53
Start date (UTC):	07/01/2025
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-screensaver-proxy
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: gsd-screensaver-proxy PID: 6610, Parent PID: 6185

General

Start time (UTC):	00:24:54
Start date (UTC):	07/01/2025
Path:	/usr/libexec/gsd-screensaver-proxy
Arguments:	/usr/libexec/gsd-screensaver-proxy
File size:	27232 bytes
MD5 hash:	77e309450c87dceee43f1a9e50cc0d02

Analysis Process: gnome-session-binary PID: 6612, Parent PID: 6185

General

Start time (UTC):	00:24:54
Start date (UTC):	07/01/2025
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Analysis Process: sh PID: 6612, Parent PID: 6185

General

Start time (UTC):	00:24:54
Start date (UTC):	07/01/2025
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sound
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: gsd-sound PID: 6612, Parent PID: 6185

General

Start time (UTC):	00:24:54
Start date (UTC):	07/01/2025
Path:	/usr/libexec/gsd-sound
Arguments:	/usr/libexec/gsd-sound
File size:	31248 bytes
MD5 hash:	4c7d3fb993463337b4a0eb5c80c760ee

Analysis Process: gnome-session-binary PID: 6617, Parent PID: 6185

General

Start time (UTC):	00:24:54
Start date (UTC):	07/01/2025
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Analysis Process: sh PID: 6617, Parent PID: 6185

General

Start time (UTC):	00:24:54
Start date (UTC):	07/01/2025
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-a11y-settings
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: gsd-a11y-settings PID: 6617, Parent PID: 6185

General

Start time (UTC):	00:24:54
Start date (UTC):	07/01/2025
Path:	/usr/libexec/gsd-a11y-settings
Arguments:	/usr/libexec/gsd-a11y-settings
File size:	23056 bytes
MD5 hash:	18e243d2cf30ecee7ea89d1462725c5c

Analysis Process: gnome-session-binary PID: 6620, Parent PID: 6185

General

Start time (UTC):	00:24:54
Start date (UTC):	07/01/2025
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Analysis Process: sh PID: 6620, Parent PID: 6185

General

Start time (UTC):	00:24:55
Start date (UTC):	07/01/2025
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-housekeeping
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: gsd-housekeeping PID: 6620, Parent PID: 6185

General

Start time (UTC):	00:24:55
Start date (UTC):	07/01/2025
Path:	/usr/libexec/gsd-housekeeping
Arguments:	/usr/libexec/gsd-housekeeping
File size:	51840 bytes
MD5 hash:	b55f3394a84976ddb92a2915e5d76914

Analysis Process: gnome-session-binary PID: 6624, Parent PID: 6185

General

Start time (UTC):	00:24:55
Start date (UTC):	07/01/2025
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Analysis Process: sh PID: 6624, Parent PID: 6185

General

Start time (UTC):	00:24:55
Start date (UTC):	07/01/2025
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-power
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: gsd-power PID: 6624, Parent PID: 6185

General

Start time (UTC):	00:24:56
Start date (UTC):	07/01/2025
Path:	/usr/libexec/gsd-power
Arguments:	/usr/libexec/gsd-power
File size:	88672 bytes
MD5 hash:	28b8e1b43c3e7f1db6741ea1ecd978b7

Analysis Process: gnome-session-binary PID: 6951, Parent PID: 6185

General

Start time (UTC):	00:25:12
Start date (UTC):	07/01/2025
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Analysis Process: sh PID: 6951, Parent PID: 6185

General

Start time (UTC):	00:25:13
Start date (UTC):	07/01/2025
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/spice-vdagent
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: spice-vdagent PID: 6951, Parent PID: 6185

General

Start time (UTC):	00:25:13
Start date (UTC):	07/01/2025
Path:	/usr/bin/spice-vdagent
Arguments:	/usr/bin/spice-vdagent
File size:	80664 bytes
MD5 hash:	80fb7f613aa78d1b8a229dbcf4577a9d

Analysis Process: gnome-session-binary PID: 6998, Parent PID: 6185

General

Start time (UTC):	00:25:15
Start date (UTC):	07/01/2025
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Analysis Process: sh PID: 6998, Parent PID: 6185

General

Start time (UTC):	00:25:15
Start date (UTC):	07/01/2025
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh xbrlapi -q
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: xbrlapi PID: 6998, Parent PID: 6185

General

Start time (UTC):	00:25:16
Start date (UTC):	07/01/2025
Path:	/usr/bin/xbrlapi
Arguments:	xbrlapi -q
File size:	166384 bytes
MD5 hash:	0cfe25df39d38af32d6265ed947ca5b9

Analysis Process: gdm3 PID: 6161, Parent PID: 6103

General

Start time (UTC):	00:24:12
Start date (UTC):	07/01/2025
Path:	/usr/sbin/gdm3
Arguments:	-
File size:	453296 bytes
MD5 hash:	2492e2d8d34f9377e3e530a61a15674f

Analysis Process: Default PID: 6161, Parent PID: 6103

General

Start time (UTC):	00:24:12
Start date (UTC):	07/01/2025
Path:	/etc/gdm3/PrimeOff/Default
Arguments:	/etc/gdm3/PrimeOff/Default
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: gdm3 PID: 6162, Parent PID: 6103

General

Start time (UTC):	00:24:12
Start date (UTC):	07/01/2025
Path:	/usr/sbin/gdm3
Arguments:	-
File size:	453296 bytes
MD5 hash:	2492e2d8d34f9377e3e530a61a15674f

Analysis Process: Default PID: 6162, Parent PID: 6103

General

Start time (UTC):	00:24:12
Start date (UTC):	07/01/2025
Path:	/etc/gdm3/PrimeOff/Default
Arguments:	/etc/gdm3/PrimeOff/Default
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: systemd PID: 6107, Parent PID: 1

General

Start time (UTC):	00:24:03
Start date (UTC):	07/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Analysis Process: accounts-daemon PID: 6107, Parent PID: 1

General

Start time (UTC):	00:24:03
Start date (UTC):	07/01/2025
Path:	/usr/lib/accountsservice/accounts-daemon
Arguments:	/usr/lib/accountsservice/accounts-daemon
File size:	203192 bytes
MD5 hash:	01a899e3fb5e7e434bea1290255a1f30

Analysis Process: accounts-daemon PID: 6111, Parent PID: 6107

General

Start time (UTC):	00:24:03
Start date (UTC):	07/01/2025
Path:	/usr/lib/accountsservice/accounts-daemon
Arguments:	-
File size:	203192 bytes
MD5 hash:	01a899e3fb5e7e434bea1290255a1f30

Analysis Process: language-validate PID: 6111, Parent PID: 6107

General

Start time (UTC):	00:24:03
Start date (UTC):	07/01/2025
Path:	/usr/share/language-tools/language-validate
Arguments:	/usr/share/language-tools/language-validate en_US.UTF-8
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: language-validate PID: 6112, Parent PID: 6111

General

Start time (UTC):	00:24:03
Start date (UTC):	07/01/2025
Path:	/usr/share/language-tools/language-validate
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: language-options PID: 6112, Parent PID: 6111

General

Start time (UTC):	00:24:03
Start date (UTC):	07/01/2025
Path:	/usr/share/language-tools/language-options
Arguments:	/usr/share/language-tools/language-options
File size:	3478464 bytes
MD5 hash:	16a21f464119ea7fad1d3660de963637

Analysis Process: language-options PID: 6113, Parent PID: 6112

General

Start time (UTC):	00:24:03
Start date (UTC):	07/01/2025
Path:	/usr/share/language-tools/language-options
Arguments:	-
File size:	3478464 bytes
MD5 hash:	16a21f464119ea7fad1d3660de963637

Analysis Process: sh PID: 6113, Parent PID: 6112

General

Start time (UTC):	00:24:03
Start date (UTC):	07/01/2025
Path:	/bin/sh
Arguments:	sh -c "locale -a \| grep -F .utf8 "
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 6114, Parent PID: 6113

General

Start time (UTC):	00:24:03
Start date (UTC):	07/01/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: locale PID: 6114, Parent PID: 6113

General

Start time (UTC):	00:24:03
Start date (UTC):	07/01/2025
Path:	/usr/bin/locale
Arguments:	locale -a
File size:	58944 bytes
MD5 hash:	c72a78792469db86d91369c9057f20d2

Analysis Process: sh PID: 6115, Parent PID: 6113

General

Start time (UTC):	00:24:03
Start date (UTC):	07/01/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: grep PID: 6115, Parent PID: 6113

General

Start time (UTC):	00:24:03
Start date (UTC):	07/01/2025
Path:	/usr/bin/grep
Arguments:	grep -F .utf8
File size:	199136 bytes
MD5 hash:	1e6ebb9dd094f774478f72727bdba0f5

Analysis Process: systemd PID: 6118, Parent PID: 1

General

Start time (UTC):	00:24:04
Start date (UTC):	07/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Analysis Process: polkitd PID: 6118, Parent PID: 1

General

Start time (UTC):	00:24:04
Start date (UTC):	07/01/2025
Path:	/usr/lib/policykit-1/polkitd
Arguments:	/usr/lib/policykit-1/polkitd --no-debug
File size:	121504 bytes
MD5 hash:	8efc9b4b5b524210ad2ea1954a9d0e69

Analysis Process: systemd PID: 6128, Parent PID: 1431

General

Start time (UTC):	00:24:07
Start date (UTC):	07/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Analysis Process: dbus-daemon PID: 6128, Parent PID: 1431

General

Start time (UTC):	00:24:07
Start date (UTC):	07/01/2025
Path:	/usr/bin/dbus-daemon
Arguments:	/usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Analysis Process: systemd PID: 6263, Parent PID: 1

General

Start time (UTC):	00:24:41
Start date (UTC):	07/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Analysis Process: systemd-localed PID: 6263, Parent PID: 1

General

Start time (UTC):	00:24:41
Start date (UTC):	07/01/2025
Path:	/lib/systemd/systemd-localed
Arguments:	/lib/systemd/systemd-localed
File size:	43232 bytes
MD5 hash:	1244af9646256d49594f2a8203329aa9

Analysis Process: systemd PID: 6411, Parent PID: 1

General

Start time (UTC):	00:24:43
Start date (UTC):	07/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Analysis Process: upowerd PID: 6411, Parent PID: 1

General

Start time (UTC):	00:24:43
Start date (UTC):	07/01/2025
Path:	/usr/lib/upower/upowerd
Arguments:	/usr/lib/upower/upowerd
File size:	260328 bytes
MD5 hash:	1253eea2fe5fe4017069664284e326cd

Analysis Process: systemd PID: 6451, Parent PID: 1431

General

Start time (UTC):	00:24:43
Start date (UTC):	07/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Analysis Process: pulseaudio PID: 6451, Parent PID: 1431

General

Start time (UTC):	00:24:43
Start date (UTC):	07/01/2025
Path:	/usr/bin/pulseaudio
Arguments:	/usr/bin/pulseaudio --daemonize=no --log-target=journal
File size:	100832 bytes
MD5 hash:	0c3b4c789d8ffb12b25507f27e14c186

Analysis Process: systemd PID: 6456, Parent PID: 1

General

Start time (UTC):	00:24:44
Start date (UTC):	07/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Analysis Process: geoclue PID: 6456, Parent PID: 1

General

Start time (UTC):	00:24:44
Start date (UTC):	07/01/2025
Path:	/usr/libexec/geoclue
Arguments:	/usr/libexec/geoclue
File size:	301544 bytes
MD5 hash:	30ac5455f3c598dde91dc87477fb19f7

Analysis Process: systemd PID: 6564, Parent PID: 1

General

Start time (UTC):	00:24:44
Start date (UTC):	07/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Analysis Process: rtkit-daemon PID: 6564, Parent PID: 1

General

Start time (UTC):	00:24:44
Start date (UTC):	07/01/2025
Path:	/usr/libexec/rtkit-daemon
Arguments:	/usr/libexec/rtkit-daemon
File size:	68096 bytes
MD5 hash:	df0cacf1db4ec95ac70f5b6e06b8ffd7

Analysis Process: systemd PID: 6575, Parent PID: 1

General

Start time (UTC):	00:24:46
Start date (UTC):	07/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Analysis Process: wpa_supplicant PID: 6575, Parent PID: 1

General

Start time (UTC):	00:24:46
Start date (UTC):	07/01/2025
Path:	/sbin/wpa_supplicant
Arguments:	/sbin/wpa_supplicant -u -s -O /run/wpa_supplicant
File size:	2893136 bytes
MD5 hash:	2a5acf2a7a908a1388a09991ed7881e1

Analysis Process: systemd PID: 6576, Parent PID: 1

General

Start time (UTC):	00:24:46
Start date (UTC):	07/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Analysis Process: avahi-daemon PID: 6576, Parent PID: 1

General

Start time (UTC):	00:24:46
Start date (UTC):	07/01/2025
Path:	/usr/sbin/avahi-daemon
Arguments:	/usr/sbin/avahi-daemon -s
File size:	141832 bytes
MD5 hash:	0125e88392fec809934928f8638511ff

Analysis Process: avahi-daemon PID: 6581, Parent PID: 6576

General

Start time (UTC):	00:24:47
Start date (UTC):	07/01/2025
Path:	/usr/sbin/avahi-daemon
Arguments:	-
File size:	141832 bytes
MD5 hash:	0125e88392fec809934928f8638511ff

Analysis Process: systemd PID: 6577, Parent PID: 1

General

Start time (UTC):	00:24:46
Start date (UTC):	07/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Analysis Process: packagekitd PID: 6577, Parent PID: 1

General

Start time (UTC):	00:24:46
Start date (UTC):	07/01/2025
Path:	/usr/lib/packagekit/packagekitd
Arguments:	/usr/lib/packagekit/packagekitd
File size:	289288 bytes
MD5 hash:	46b0c31f013b71a0eb63b1c040f11c86

Analysis Process: packagekitd PID: 6603, Parent PID: 6577

General

Start time (UTC):	00:24:52
Start date (UTC):	07/01/2025
Path:	/usr/lib/packagekit/packagekitd
Arguments:	-
File size:	289288 bytes
MD5 hash:	46b0c31f013b71a0eb63b1c040f11c86

Analysis Process: dpkg PID: 6603, Parent PID: 6577

General

Start time (UTC):	00:24:52
Start date (UTC):	07/01/2025
Path:	/usr/bin/dpkg
Arguments:	/usr/bin/dpkg --print-foreign-architectures
File size:	309944 bytes
MD5 hash:	5e18156b434fc45062eec2f28b9147be

Analysis Process: systemd PID: 6639, Parent PID: 1

General

Start time (UTC):	00:24:58
Start date (UTC):	07/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Analysis Process: systemd-hostnamed PID: 6639, Parent PID: 1

General

Start time (UTC):	00:24:58
Start date (UTC):	07/01/2025
Path:	/lib/systemd/systemd-hostnamed
Arguments:	/lib/systemd/systemd-hostnamed
File size:	35040 bytes
MD5 hash:	2cc8a5576629a2d5bd98e49a4b8bef65

Analysis Process: systemd PID: 6810, Parent PID: 1

General

Start time (UTC):	00:25:05
Start date (UTC):	07/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Analysis Process: colord PID: 6810, Parent PID: 1

General

Start time (UTC):	00:25:05
Start date (UTC):	07/01/2025
Path:	/usr/libexec/colord
Arguments:	/usr/libexec/colord
File size:	346632 bytes
MD5 hash:	70861d1b2818c9279cd4a5c9035dac1f

Analysis Process: colord PID: 6999, Parent PID: 6810

General

Start time (UTC):	00:25:15
Start date (UTC):	07/01/2025
Path:	/usr/libexec/colord
Arguments:	-
File size:	346632 bytes
MD5 hash:	70861d1b2818c9279cd4a5c9035dac1f

Analysis Process: colord-sane PID: 6999, Parent PID: 6810

General

Start time (UTC):	00:25:15
Start date (UTC):	07/01/2025
Path:	/usr/libexec/colord-sane
Arguments:	/usr/libexec/colord-sane
File size:	18736 bytes
MD5 hash:	5f98d754a07bf1385c3ff001cde3882e

Analysis Process: systemd PID: 6822, Parent PID: 1

General

Start time (UTC):	00:25:06
Start date (UTC):	07/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Analysis Process: fprintd PID: 6822, Parent PID: 1

General

Start time (UTC):	00:25:06
Start date (UTC):	07/01/2025
Path:	/usr/libexec/fprintd
Arguments:	/usr/libexec/fprintd
File size:	125312 bytes
MD5 hash:	b0d8829f05cd028529b84b061b660e84

Analysis Process: systemd PID: 6954, Parent PID: 1

General

Start time (UTC):	00:25:13
Start date (UTC):	07/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Analysis Process: ModemManager PID: 6954, Parent PID: 1

General

Start time (UTC):	00:25:13
Start date (UTC):	07/01/2025
Path:	/usr/sbin/ModemManager
Arguments:	/usr/sbin/ModemManager --filter-policy=strict
File size:	1588448 bytes
MD5 hash:	24379bf705a8ff3b2379314585843d4f

Analysis Process: systemd PID: 6989, Parent PID: 3044

General

Start time (UTC):	00:25:13
Start date (UTC):	07/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Analysis Process: dbus-daemon PID: 6989, Parent PID: 3044

General

Start time (UTC):	00:25:13
Start date (UTC):	07/01/2025
Path:	/usr/bin/dbus-daemon
Arguments:	/usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Analysis Process: systemd PID: 6990, Parent PID: 3044

General

Start time (UTC):	00:25:13
Start date (UTC):	07/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Analysis Process: pulseaudio PID: 6990, Parent PID: 3044

General

Start time (UTC):	00:25:13
Start date (UTC):	07/01/2025
Path:	/usr/bin/pulseaudio
Arguments:	/usr/bin/pulseaudio --daemonize=no --log-target=journal
File size:	100832 bytes
MD5 hash:	0c3b4c789d8ffb12b25507f27e14c186

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file or directory permissions/attributes to evade access control lists (ACLs) and access protected files.File and directory permissions are commonly managed by ACLs configured by the file or directory owner, or users with the appropriate permissions. File and directory ACL implementations vary by platform, but generally explicitly designate which users or groups can perform which actions (read, write, execute, etc.).
Tactics:	Defense Evasion
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, File: File Metadata, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete or modify artifacts generated within systems to remove evidence of their presence or hinder defenses. Various artifacts may be created by an adversary or something that can be attributed to an adversary’s actions. Typically these artifacts are used as defensive indicators related to monitored events, such as strings from downloaded files, logs that are generated from user actions, and other data analyzed by defenders. Location, format, and type of artifact (such as command or login history) are often specific to each platform.
Tactics:	Defense Evasion
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Deletion, File: File Metadata, File: File Modification, Firewall: Firewall Rule Modification, Network Traffic: Network Traffic Content, Process: OS API Execution, Process: Process Creation, Scheduled Job: Scheduled Job Modification, User Account: User Account Authentication, User Account: User Account Deletion, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, Google Workspace, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may stop or disable services on a system to render those services unavailable to legitimate users. Stopping critical services or processes can inhibit or stop response to an incident or aid in the adversary's overall objectives to cause damage to the environment.
Tactics:	Impact
Data Sources:	Command: Command Execution, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Termination, Service: Service Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report wrjkngh4.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Yara Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Bitcoin Miner

Spreading

Networking

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

/home/saturnino/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-sink

/home/saturnino/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-source

/proc/6136/oom_score_adj

/proc/6139/oom_score_adj

/proc/6141/oom_score_adj

/proc/6143/oom_score_adj

/proc/6145/oom_score_adj

/proc/6147/oom_score_adj

/proc/6152/oom_score_adj

/proc/6198/oom_score_adj

/proc/6225/oom_score_adj

/proc/6228/oom_score_adj

/proc/6230/oom_score_adj

/proc/6232/oom_score_adj

/proc/6234/oom_score_adj

/proc/6236/oom_score_adj

/proc/6239/oom_score_adj

/proc/6404/oom_score_adj

/proc/6567/oom_score_adj

/proc/6580/oom_score_adj

/proc/6774/oom_score_adj

/run/avahi-daemon/pid

/run/gdm3.pid

/run/systemd/inhibit/.#1QmNHhV

/run/systemd/inhibit/.#2D8962X

/run/systemd/inhibit/.#3j9WrNV

/run/systemd/inhibit/.#4xiH8fU

/run/systemd/inhibit/.#5hQgS0U

/run/systemd/journal/streams/.#9:65402uG00FF

/run/systemd/journal/streams/.#9:65403GqpgOG

/run/systemd/journal/streams/.#9:65404Wg979H

Linux Analysis Report
wrjkngh4.elf