Joe Sandbox Cloud Basic Analysis Report
Create Interactive Tour

Linux Analysis Report
morte.sh4.elf

Overview

General Information

Sample name:morte.sh4.elf
Analysis ID:1646185
MD5:42b2d15d32b87dfbab5daf1b76d7ce76
SHA1:7c3d3dd043b5ff31aebec14b14be9c498b6679d1
SHA256:131f936760e0d6bd8a91765fdf63bc55a668f77e05e86ba29e14ae265118c037
Tags:elfuser-abuse_ch
Infos:

Detection

Gafgyt, Okiru
Score:84
Range:0 - 100

Signatures

Multi AV Scanner detection for submitted file
Sample tries to kill a massive number of system processes
Yara detected Gafgyt
Yara detected Okiru
Reads system files that contain records of logged in users
Sample reads /proc/mounts (often used for finding a writable filesystem)
Sample tries to kill multiple processes (SIGKILL)
Creates hidden files and/or directories
Deletes log files
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Executes commands using a shell command-line interpreter
Executes the "grep" command used to find patterns in files or piped streams
Executes the "kill" or "pkill" command typically used to terminate processes
Found strings indicative of a multi-platform dropper
HTTP GET or POST without a user agent
Reads CPU information from /sys indicative of miner or evasive malware
Reads system information from the proc file system
Reads system version information
Reads the 'hosts' file potentially containing internal network hosts
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample has stripped symbol table
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Sample tries to set the executable flag
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

General Information

Joe Sandbox version:42.0.0 Malachite
Analysis ID:1646185
Start date and time:2025-03-23 15:27:10 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 23s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:morte.sh4.elf
Detection:MAL
Classification:mal84.spre.troj.linELF@0/47@3/0
  • Connection to analysis system has been lost, crash info: Unknown
  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Runtime Messages

Command:/tmp/morte.sh4.elf
PID:6239
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
lzrd cock fest"/proc/"/exe
Standard Error:

Process Tree

  • system is lnxubuntu20
  • systemd New Fork (PID: 6254, Parent: 1)
  • journalctl (PID: 6254, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --smart-relinquish-var
  • systemd New Fork (PID: 6275, Parent: 1)
  • dbus-daemon (PID: 6275, Parent: 1, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
  • systemd New Fork (PID: 6289, Parent: 1)
  • rsyslogd (PID: 6289, Parent: 1, MD5: 0b8087fc907c42eb3c81a691db258e33) Arguments: /usr/sbin/rsyslogd -n -iNONE
  • systemd New Fork (PID: 6290, Parent: 1860)
  • pulseaudio (PID: 6290, Parent: 1860, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal
  • fusermount (PID: 6291, Parent: 2038, MD5: 576a1b135c82bdcbc97a91acea900566) Arguments: fusermount -u -q -z -- /run/user/1000/gvfs
  • systemd New Fork (PID: 6296, Parent: 1)
  • systemd-journald (PID: 6296, Parent: 1, MD5: 474667ece6cecb5e04c6eb897a1d0d9e) Arguments: /lib/systemd/systemd-journald
  • systemd New Fork (PID: 6298, Parent: 1)
  • dbus-daemon (PID: 6298, Parent: 1, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
  • systemd New Fork (PID: 6301, Parent: 1)
  • rsyslogd (PID: 6301, Parent: 1, MD5: 0b8087fc907c42eb3c81a691db258e33) Arguments: /usr/sbin/rsyslogd -n -iNONE
  • systemd New Fork (PID: 6310, Parent: 1)
  • systemd-logind (PID: 6310, Parent: 1, MD5: 8dd58a1b4c12f7a1d5fe3ce18b2aaeef) Arguments: /lib/systemd/systemd-logind
  • gdm3 New Fork (PID: 6370, Parent: 1320)
  • Default (PID: 6370, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 6371, Parent: 1320)
  • Default (PID: 6371, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 6372, Parent: 1320)
  • Default (PID: 6372, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • systemd New Fork (PID: 6375, Parent: 1)
  • agetty (PID: 6375, Parent: 1, MD5: 3a374724ba7e863768139bdd60ca36f7) Arguments: /sbin/agetty -o "-p -- \\u" --noclear tty2 linux
  • systemd New Fork (PID: 6376, Parent: 1)
  • gpu-manager (PID: 6376, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log
    • sh (PID: 6377, Parent: 6376, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 6378, Parent: 6377)
      • grep (PID: 6378, Parent: 6377, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 6379, Parent: 6376, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 6380, Parent: 6379)
      • grep (PID: 6380, Parent: 6379, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 6381, Parent: 6376, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 6382, Parent: 6381)
      • grep (PID: 6382, Parent: 6381, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 6383, Parent: 6376, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 6384, Parent: 6383)
      • grep (PID: 6384, Parent: 6383, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 6385, Parent: 6376, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 6386, Parent: 6385)
      • grep (PID: 6386, Parent: 6385, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 6387, Parent: 6376, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 6388, Parent: 6387)
      • grep (PID: 6388, Parent: 6387, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 6389, Parent: 6376, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 6390, Parent: 6389)
      • grep (PID: 6390, Parent: 6389, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 6392, Parent: 6376, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 6393, Parent: 6392)
      • grep (PID: 6393, Parent: 6392, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
  • systemd New Fork (PID: 6394, Parent: 1)
  • journalctl (PID: 6394, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --flush
  • systemd New Fork (PID: 6399, Parent: 1)
  • generate-config (PID: 6399, Parent: 1, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/gdm/generate-config
    • pkill (PID: 6400, Parent: 6399, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill --signal HUP --uid gdm dconf-service
  • systemd New Fork (PID: 6401, Parent: 1)
  • gdm-wait-for-drm (PID: 6401, Parent: 1, MD5: 82043ba752c6930b4e6aaea2f7747545) Arguments: /usr/lib/gdm3/gdm-wait-for-drm
  • systemd New Fork (PID: 6406, Parent: 1)
  • gdm3 (PID: 6406, Parent: 1, MD5: 2492e2d8d34f9377e3e530a61a15674f) Arguments: /usr/sbin/gdm3
    • gdm3 New Fork (PID: 6409, Parent: 6406)
    • plymouth (PID: 6409, Parent: 6406, MD5: 87003efd8dad470042f5e75360a8f49f) Arguments: plymouth --ping
    • gdm3 New Fork (PID: 6425, Parent: 6406)
    • gdm-session-worker (PID: 6425, Parent: 6406, MD5: 692243754bd9f38fe9bd7e230b5c060a) Arguments: "gdm-session-worker [pam/gdm-launch-environment]"
      • gdm-wayland-session (PID: 6429, Parent: 6425, MD5: d3def63cf1e83f7fb8a0f13b1744ff7c) Arguments: /usr/lib/gdm3/gdm-wayland-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"
        • dbus-daemon (PID: 6431, Parent: 6429, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: dbus-daemon --print-address 3 --session
          • dbus-daemon New Fork (PID: 6433, Parent: 6431)
            • false (PID: 6434, Parent: 6433, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
        • dbus-run-session (PID: 6435, Parent: 6429, MD5: 245f3ef6a268850b33b0225a8753b7f4) Arguments: dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart
          • dbus-daemon (PID: 6438, Parent: 6435, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: dbus-daemon --nofork --print-address 4 --session
    • gdm3 New Fork (PID: 6439, Parent: 6406)
    • Default (PID: 6439, Parent: 6406, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
    • gdm3 New Fork (PID: 6440, Parent: 6406)
    • Default (PID: 6440, Parent: 6406, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • systemd New Fork (PID: 6410, Parent: 1)
  • accounts-daemon (PID: 6410, Parent: 1, MD5: 01a899e3fb5e7e434bea1290255a1f30) Arguments: /usr/lib/accountsservice/accounts-daemon
    • language-validate (PID: 6416, Parent: 6410, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/language-tools/language-validate en_US.UTF-8
      • language-options (PID: 6417, Parent: 6416, MD5: 16a21f464119ea7fad1d3660de963637) Arguments: /usr/share/language-tools/language-options
        • sh (PID: 6418, Parent: 6417, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "locale -a | grep -F .utf8 "
          • sh New Fork (PID: 6419, Parent: 6418)
          • locale (PID: 6419, Parent: 6418, MD5: c72a78792469db86d91369c9057f20d2) Arguments: locale -a
          • sh New Fork (PID: 6420, Parent: 6418)
          • grep (PID: 6420, Parent: 6418, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -F .utf8
  • systemd New Fork (PID: 6421, Parent: 1)
  • polkitd (PID: 6421, Parent: 1, MD5: 8efc9b4b5b524210ad2ea1954a9d0e69) Arguments: /usr/lib/policykit-1/polkitd --no-debug
  • systemd New Fork (PID: 6464, Parent: 1860)
  • dbus-daemon (PID: 6464, Parent: 1860, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
  • systemd New Fork (PID: 6467, Parent: 1860)
  • pulseaudio (PID: 6467, Parent: 1860, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal
  • systemd New Fork (PID: 6468, Parent: 1)
  • rtkit-daemon (PID: 6468, Parent: 1, MD5: df0cacf1db4ec95ac70f5b6e06b8ffd7) Arguments: /usr/libexec/rtkit-daemon
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Bashlite, GafgytBashlite is a malware family which infects Linux systems in order to launch distributed denial-of-service attacks (DDoS). Originally it was also known under the name Bashdoor, but this term now refers to the exploit method used by the malware. It has been used to launch attacks of up to 400 Gbps.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.bashlite

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
morte.sh4.elfJoeSecurity_GafgytYara detected GafgytJoe Security
    morte.sh4.elfJoeSecurity_OkiruYara detected OkiruJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      6248.1.00007fb8f8400000.00007fb8f841a000.r-x.sdmpJoeSecurity_GafgytYara detected GafgytJoe Security
        6248.1.00007fb8f8400000.00007fb8f841a000.r-x.sdmpJoeSecurity_OkiruYara detected OkiruJoe Security
          6241.1.00007fb8f8400000.00007fb8f841a000.r-x.sdmpJoeSecurity_GafgytYara detected GafgytJoe Security
            6241.1.00007fb8f8400000.00007fb8f841a000.r-x.sdmpJoeSecurity_OkiruYara detected OkiruJoe Security
              6247.1.00007fb8f8400000.00007fb8f841a000.r-x.sdmpJoeSecurity_GafgytYara detected GafgytJoe Security
                Click to see the 7 entries

                Suricata Signatures

                No Suricata rule has matched

                Joe Sandbox Signatures

                • AV Detection
                • Bitcoin Miner
                • Spreading
                • Networking
                • System Summary
                • Persistence and Installation Behavior
                • Malware Analysis System Evasion
                • Language, Device and Operating System Detection
                • Stealing of Sensitive Information
                • Remote Access Functionality

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Source: morte.sh4.elfVirustotal: Detection: 45%Perma Link
                Source: morte.sh4.elfReversingLabs: Detection: 36%
                Source: /usr/bin/pkill (PID: 6400)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
                Source: /usr/bin/pulseaudio (PID: 6467)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
                Source: morte.sh4.elfString: lbyte/proc/%d/net/tcp %*d: %*x:%x/proc//proc/%s/exe/proc/self/exe/proc/proc/%d/cmdlinenetstatwgettftpftpcurlbusybox/bin/busyboxvar/Challengeapp/hi3511gmDVRiboxusr/dvr_main _8182T_1108mnt/mtd/app/guivar/Kylinl0 c/udevdanko-app/ankosample _8182T_1104var/tmp/soniahicorestm_hi3511_dvr/usr/lib/systemd/systemd/usr/libexec/openssh/sftp-serverusr/shellmnt/sys/bin/boot/media/srv/var/run/sbin/lib/etc/dev/home/Davincitelnetsshwatchdog/var/spool/var/Sofiasshd/usr/compress/bin//compress/bin/compress/usr/bashhttpdtelnetddropbearropbearencodersystem/root/dvr_gui//root/dvr_app//anko-app//opt/soraJoshohajime902i13BzSxLxBxeYHOHO-LUGO7HOHO-U79OLJuYfouyf87NiGGeR69xdSO190Ij1XLOLKIKEEEDDEekjheory98escansh4MDMAfdevalvexscanspcMELTEDNINJAREALZflexsonskidsscanx86MISAKI-U79OLfoAxi102kxeswodjwodjwojMmKiy7f87lfreecookiex86sysgpufrgegesysupdater0DnAzepdNiGGeRD0nks69frgreu0x766f6964NiGGeRd0nks1337gafturasgbsigboa120i3UI49OaF3geaevaiolmao123123aOfurain0n4H34DggTrexewwasads1293194hjXDOthLaLosnggtwget-log1337SoraLOADERSAIAKINAggtq1378bfp919GRB1Q2SAIAKUSOggtr14FaSEXSLAVE1337ggtt1902a3u912u3u4haetrghbr19ju3dSORAojkf120hehahejeje922U2JDJA901F91SlaVLav12helpmedaddthhhhh2wgg9qphbqSlav3Th3seD3viceshzSmYZjYMQ5GbfSoRAxD123LOLiaGv5aA3SoRAxD420LOLinsomni640277SoraBeReppin1337ipcamCache66tlGg9QjUYfouyf876ke3TOKYO3lyEeaXul2dULCVxh93OfjHZ2zTY2gD6MZvKc7KU6rmMkiy6f87lA023UU4U24UIUTheWeekndmioribitchesA5p9TheWeekndsmnblkjpoiAbAdTokyosnebAkiruU8inTznetstatsAlexW9RCAKM20TnewnetwordAyo215WordnloadsBAdAsVWordmanenotyakuzaaBelchWordnetsobpBigN0gg0r420X0102I34fofhasfhiafhoiX19I239124UIUoismXSHJEHHEIIHWOolsVNwo12DeportedDeportedXkTer0GbA1onry0v03FortniteDownLOLZY0urM0mGaypussyfartlmaojkGrAcEnIgGeRaNnYvdGkqndCOqGeoRBe6BEGuiltyCrownZEuS69s4beBsEQhdHOHO-KSNDOZEuz69sat1234aj93hJ23scanHAalie293z0k2LscanJoshoARMHellInSideayyyGangShitscanJoshoARM5HighFryb1glscanJoshoARM6IWhPyucDbJboatnetzscanJoshoARM7IuYgujeIqnbtbatrtahzexsexscanJoshoM68KJJDUHEWBBBIBscanJoshoMIPSJSDGIEVIVAVIGcKbVkzGOPascanJoshoMPSLccADscanJoshoPPCKAZEN-OIU97chickenxingsscanJoshoSH4yakuskzm8KAZEN-PO78HcleanerscanJoshoSPCKAZEN-U79OLdbeefscanJoshoX86yakuz4c24KETASHI32ddrwelperscanarm5zPnr6HpQj2Kaishi-Iz90Ydeexecscanarm6zdrtfxcgyKatrina32doCP3fVjscanarm7zxcfhuioKsif91je39scanm68kKuasadvrhelperl33t_feetl33tl33tfeetscanmipsKuasaBinsMateeQnOhRk85rscanmpslLOLHHHOHOHBUIeXK20CL12ZnyamezyQBotBladeSPOOKYhikariwasherep4029x91xx32uhj4gbejhwizardzhra.outboatnetdbgcondiheroshimaskid.dbglzrdPownedSecurity69.aresfxlyazsxhyUNSTABLEunstable_is_the_story_of_the_universemoobotjnsd9sdoilayourmomgaeissdfjiougsiojOasisSEGRJIJHFVNHSNHEIHFOSapep999KOWAI-BAdAsVKOWAI-SADjHKipU7Ylairdropmalwareyour_verry_fucking_gayBig-Bro-Brightsefaexecshirololieagle.For-Gai-Mezy0x6axNLcloqkisvspookymythSwergjmioGKILLEJW(IU(JIWERGFJGJWJRGHetrhwewrtheIuFdKssCxzjSDFJIjioOnrYoXd666ewrtkjokethajbdf89wu823AAaasrdgsWsGA4@F6FGhostWuzHere666BOGOMIPSbeastmodedvrHelperbestmodesfc6aJfIuYDemon.xeno-is-godICY-P-0ODIJgSHUIHIfhwrgLhu87VhvQPzlunadakuexecbinTacoBellGodYololigangExecutionorbitclientAmne
                Source: global trafficTCP traffic: 192.168.2.23:46292 -> 176.65.142.252:7575
                Source: global trafficHTTP traffic detected: POST /9aadafe2051348cd32033e1cad68f0a5fe46fba3240ac1e6e42158f31b8a1371790c09baf3996b4979fe8e533446c7dedf30f654c68b25357334c66911dc6a9e HTTP/1.1Host: daisy.ubuntu.comAccept: */*Content-Type: application/octet-streamX-Whoopsie-Version: 0.2.69ubuntu0.3Content-Length: 164887Expect: 100-continue
                Source: /usr/sbin/rsyslogd (PID: 6301)Reads hosts file: /etc/hostsJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6241)Socket: 127.0.0.1:65407Jump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)Socket: unknown address familyJump to behavior
                Source: /usr/sbin/gdm3 (PID: 6406)Socket: unknown address familyJump to behavior
                Source: /usr/bin/dbus-daemon (PID: 6431)Socket: unknown address familyJump to behavior
                Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.252
                Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.252
                Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.252
                Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.252
                Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
                Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
                Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.252
                Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.252
                Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
                Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
                Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
                Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficDNS traffic detected: DNS query: daisy.ubuntu.com
                Source: unknownHTTP traffic detected: POST /9aadafe2051348cd32033e1cad68f0a5fe46fba3240ac1e6e42158f31b8a1371790c09baf3996b4979fe8e533446c7dedf30f654c68b25357334c66911dc6a9e HTTP/1.1Host: daisy.ubuntu.comAccept: */*Content-Type: application/octet-streamX-Whoopsie-Version: 0.2.69ubuntu0.3Content-Length: 164887Expect: 100-continue
                Source: syslog.35.drString found in binary or memory: https://www.rsyslog.com
                Source: unknownNetwork traffic detected: HTTP traffic on port 53070 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53070
                Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443

                System Summary

                barindex
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 1 (init), result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 491, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 658, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 720, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 721, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 759, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 761, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 772, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 774, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 777, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 785, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 793, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 797, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 936, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 2, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 3, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 4, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 6, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 9, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 10, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 11, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 12, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 13, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 14, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 15, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 16, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 17, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 18, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 20, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 21, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 22, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 23, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 24, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 25, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 26, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 27, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 28, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 29, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 30, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 35, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 77, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 78, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 79, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 80, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 81, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 82, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 83, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 84, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 85, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 88, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 89, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 91, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 92, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 93, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 94, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 95, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 96, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 97, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 98, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 99, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 100, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 101, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 102, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 103, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 104, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 105, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 106, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 107, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 108, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 109, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 110, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 111, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 112, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 113, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 114, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 115, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 116, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 117, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 118, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 119, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 120, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 121, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 122, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 123, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 124, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 125, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 126, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 127, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 128, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 130, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 132, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 141, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 144, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 157, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 201, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 202, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 203, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 204, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 205, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 206, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 207, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 208, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 209, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 210, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 211, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 212, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 213, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 214, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 215, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 216, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 217, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 218, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 219, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 220, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 221, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 222, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 223, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 224, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 225, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 226, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 227, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 228, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 229, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 230, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 231, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 232, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 233, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 234, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 235, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 236, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 237, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 243, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 248, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 249, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 250, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 251, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 252, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 253, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 254, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 255, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 256, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 257, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 258, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 259, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 260, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 261, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 262, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 263, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 264, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 265, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 266, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 267, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 269, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 270, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 272, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 274, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 278, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 281, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 286, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 322, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 324, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 326, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 327, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 328, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 333, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 346, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 379, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 419, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 420, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 517, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 654, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 655, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 656, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 657, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 667, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 670, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 674, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 675, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 676, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 677, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 896, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent to PID below 1000: pid: 910, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 1 (init), result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 491, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 658, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 720, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 721, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 759, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 761, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 772, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 774, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 777, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 785, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 793, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 797, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 936, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 1320, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 1334, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 1335, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 1344, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 1389, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 1476, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 1601, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 1809, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 1860, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 1872, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 1886, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 1983, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 2038, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 2048, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 4509, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 6074, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 6222, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 6223, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 6254, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 6275, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 6288, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 6289, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 6290, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 2, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 3, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 4, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 6, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 9, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 10, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 11, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 12, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 13, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 14, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 15, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 16, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 17, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 18, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 20, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 21, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 22, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 23, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 24, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 25, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 26, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 27, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 28, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 29, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 30, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 35, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 77, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 78, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 79, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 80, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 81, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 82, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 83, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 84, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 85, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 88, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 89, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 91, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 92, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 93, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 94, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 95, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 96, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 97, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 98, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 99, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 100, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 101, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 102, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 103, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 104, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 105, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 106, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 107, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 108, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 109, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 110, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 111, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 112, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 113, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 114, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 115, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 116, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 117, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 118, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 119, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 120, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 121, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 122, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 123, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 124, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 125, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 126, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 127, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 128, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 130, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 132, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 141, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 144, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 157, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 201, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 202, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 203, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 204, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 205, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 206, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 207, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 208, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 209, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 210, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 211, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 212, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 213, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 214, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 215, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 216, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 217, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 218, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 219, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 220, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 221, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 222, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 223, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 224, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 225, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 226, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 227, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 228, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 229, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 230, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 231, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 232, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 233, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 234, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 235, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 236, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 237, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 243, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 248, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 249, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 250, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 251, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 252, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 253, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 254, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 255, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 256, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 257, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 258, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 259, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 260, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 261, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 262, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 263, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 264, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 265, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 266, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 267, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 269, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 270, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 272, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 274, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 278, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 281, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 286, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 322, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 324, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 326, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 327, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 328, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 333, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 346, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 379, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 419, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 420, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 517, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 654, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 655, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 656, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 657, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 667, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 670, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 674, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 675, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 676, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 677, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 896, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 910, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 1207, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 2009, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 2014, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 2018, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 2033, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 2128, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 2180, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 2208, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 2281, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 2285, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 2289, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 2294, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 2302, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 2307, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 2746, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 2749, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 2761, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 2882, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 3021, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 3088, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 4442, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 4443, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 4444, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 4445, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 4476, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 4481, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 4487, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 6085, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 6187, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 6195, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 6241, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 6247, result: unknownJump to behavior
                Source: Initial sampleString containing 'busybox' found: busybox
                Source: Initial sampleString containing 'busybox' found: /bin/busybox
                Source: Initial sampleString containing 'busybox' found: busyboxxx
                Source: Initial sampleString containing 'busybox' found: busyboxx
                Source: Initial sampleString containing 'busybox' found: lbyte/proc/%d/net/tcp %*d: %*x:%x/proc//proc/%s/exe/proc/self/exe/proc/proc/%d/cmdlinenetstatwgettftpftpcurlbusybox/bin/busyboxvar/Challengeapp/hi3511gmDVRiboxusr/dvr_main _8182T_1108mnt/mtd/app/guivar/Kylinl0 c/udevdanko-app/ankosample _8182T_1104var/tmp/soniahicorestm_hi3511_dvr/usr/lib/systemd/systemd/usr/libexec/openssh/sftp-serverusr/shellmnt/sys/bin/boot/media/srv/var/run/sbin/lib/etc/dev/home/Davincitelnetsshwatchdog/var/spool/var/Sofiasshd/usr/compress/bin//compress/bin/compress/usr/bashhttpdtelnetddropbearropbearencodersystem/root/dvr_gui//root/dvr_app//anko-app//opt/soraJoshohajime902i13BzSxLxBxeYHOHO-LUGO7HOHO-U79OLJuYfouyf87NiGGeR69xdSO190Ij1XLOLKIKEEEDDEekjheory98escansh4MDMAfdevalvexscanspcMELTEDNINJAREALZflexsonskidsscanx86MISAKI-U79OLfoAxi102kxeswodjwodjwojMmKiy7f87lfreecookiex86sysgpufrgegesysupdater0DnAzepdNiGGeRD0nks69frgreu0x766f6964NiGGeRd0nks1337gafturasgbsigboa120i3UI49OaF3geaevaiolmao123123aOfurain0n4H34DggTrexewwasads1293194hjXDOthLaLosnggtwget-log1337SoraLOADERSAIAKINAggtq1378bfp919
                Source: ELF static info symbol of initial sample.symtab present: no
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 1 (init), result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 491, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 658, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 720, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 721, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 759, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 761, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 772, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 774, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 777, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 785, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 793, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 797, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 936, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 1320, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 1334, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 1335, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 1344, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 1389, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 1476, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 1601, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 1809, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 1860, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 1872, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 1886, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 1983, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 2038, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 2048, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 4509, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 6074, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 6222, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 6223, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 6254, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 6275, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 6288, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 6289, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 6290, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 2, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 3, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 4, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 6, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 9, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 10, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 11, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 12, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 13, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 14, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 15, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 16, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 17, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 18, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 20, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 21, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 22, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 23, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 24, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 25, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 26, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 27, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 28, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 29, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 30, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 35, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 77, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 78, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 79, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 80, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 81, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 82, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 83, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 84, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 85, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 88, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 89, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 91, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 92, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 93, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 94, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 95, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 96, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 97, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 98, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 99, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 100, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 101, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 102, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 103, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 104, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 105, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 106, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 107, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 108, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 109, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 110, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 111, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 112, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 113, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 114, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 115, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 116, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 117, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 118, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 119, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 120, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 121, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 122, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 123, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 124, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 125, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 126, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 127, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 128, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 130, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 132, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 141, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 144, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 157, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 201, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 202, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 203, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 204, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 205, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 206, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 207, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 208, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 209, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 210, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 211, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 212, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 213, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 214, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 215, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 216, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 217, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 218, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 219, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 220, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 221, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 222, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 223, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 224, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 225, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 226, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 227, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 228, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 229, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 230, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 231, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 232, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 233, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 234, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 235, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 236, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 237, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 243, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 248, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 249, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 250, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 251, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 252, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 253, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 254, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 255, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 256, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 257, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 258, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 259, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 260, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 261, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 262, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 263, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 264, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 265, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 266, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 267, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 269, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 270, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 272, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 274, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 278, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 281, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 286, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 322, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 324, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 326, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 327, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 328, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 333, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 346, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 379, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 419, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 420, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 517, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 654, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 655, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 656, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 657, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 667, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 670, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 674, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 675, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 676, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 677, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 896, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 910, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 1207, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 2009, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 2014, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 2018, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 2033, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 2128, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 2180, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 2208, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 2281, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 2285, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 2289, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 2294, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 2302, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 2307, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 2746, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 2749, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 2761, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 2882, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 3021, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 3088, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 4442, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 4443, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 4444, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 4445, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 4476, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 4481, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 4487, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 6085, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 6187, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 6195, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 6241, result: successfulJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6247)SIGKILL sent: pid: 6247, result: unknownJump to behavior
                Source: classification engineClassification label: mal84.spre.troj.linELF@0/47@3/0

                Persistence and Installation Behavior

                barindex
                Source: /usr/bin/dbus-daemon (PID: 6275)File: /proc/6275/mountsJump to behavior
                Source: /bin/fusermount (PID: 6291)File: /proc/6291/mountsJump to behavior
                Source: /usr/bin/dbus-daemon (PID: 6298)File: /proc/6298/mountsJump to behavior
                Source: /usr/bin/dbus-daemon (PID: 6431)File: /proc/6431/mountsJump to behavior
                Source: /usr/bin/dbus-daemon (PID: 6464)File: /proc/6464/mountsJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File: /run/systemd/journal/streams/.#9:76531GFWutiJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File: /run/systemd/journal/streams/.#9:76610sDBuSgJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File: /run/systemd/journal/streams/.#9:76620I5GD6gJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File: /run/systemd/journal/streams/.#9:76621rjD9ciJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File: /run/systemd/journal/streams/.#9:76622JO1t7fJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File: /run/systemd/journal/streams/.#9:76624eNVj4gJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File: /run/systemd/journal/streams/.#9:76625Tl3DHgJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File: /run/systemd/journal/streams/.#9:76632fZ7LGiJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File: /run/systemd/journal/streams/.#9:76633K89hHfJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File: /run/systemd/journal/streams/.#9:76647EfPwifJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File: /run/systemd/journal/streams/.#9:76648XfDYAfJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File: /run/systemd/journal/streams/.#9:76649AUzQXfJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File: /run/systemd/journal/streams/.#9:76650LveVTfJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File: /run/systemd/journal/streams/.#9:76687OS5GhiJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File: /run/systemd/journal/streams/.#9:766991C4kBgJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File: /run/systemd/journal/streams/.#9:76791zGQ3PhJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File: /run/systemd/journal/streams/.#9:76918QjljrhJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File: /run/systemd/journal/streams/.#9:76965fvg5EfJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File: /run/systemd/journal/streams/.#9:76967Yn15fiJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File: /run/systemd/journal/streams/.#9:770038a79xgJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File: /run/systemd/journal/streams/.#9:770091D6kAiJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File: /run/systemd/journal/streams/.#9:77904KLEqjgJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File: /run/systemd/journal/streams/.#9:779460YxjtfJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File: /run/systemd/journal/streams/.#9:78056JoETziJump to behavior
                Source: /lib/systemd/systemd-logind (PID: 6310)Directory: <invalid fd (18)>/..Jump to behavior
                Source: /lib/systemd/systemd-logind (PID: 6310)Directory: <invalid fd (17)>/..Jump to behavior
                Source: /lib/systemd/systemd-logind (PID: 6310)File: /run/systemd/seats/.#seat05OYkglJump to behavior
                Source: /lib/systemd/systemd-logind (PID: 6310)File: /run/systemd/users/.#127hbZwcmJump to behavior
                Source: /lib/systemd/systemd-logind (PID: 6310)File: /run/systemd/users/.#127TzGpgjJump to behavior
                Source: /lib/systemd/systemd-logind (PID: 6310)File: /run/systemd/seats/.#seat0KhdCRmJump to behavior
                Source: /lib/systemd/systemd-logind (PID: 6310)File: /run/systemd/users/.#127CKbOEiJump to behavior
                Source: /lib/systemd/systemd-logind (PID: 6310)File: /run/systemd/users/.#127lR5bxmJump to behavior
                Source: /lib/systemd/systemd-logind (PID: 6310)File: /run/systemd/users/.#127K84VbjJump to behavior
                Source: /lib/systemd/systemd-logind (PID: 6310)File: /run/systemd/users/.#127OBxvTkJump to behavior
                Source: /usr/lib/gdm3/gdm-wayland-session (PID: 6429)Directory: /var/lib/gdm3/.cacheJump to behavior
                Source: /usr/lib/accountsservice/accounts-daemon (PID: 6410)Directory: /var/lib/gdm3/.pam_environmentJump to behavior
                Source: /usr/lib/accountsservice/accounts-daemon (PID: 6410)Directory: /root/.cacheJump to behavior
                Source: /usr/lib/policykit-1/polkitd (PID: 6421)Directory: /root/.cacheJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6296/cmdlineJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6296/statusJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6296/attr/currentJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6296/sessionidJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6296/loginuidJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6296/cgroupJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6298/commJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6298/cmdlineJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6298/statusJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6298/attr/currentJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6298/sessionidJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6298/loginuidJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6298/cgroupJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6298/commJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6298/cmdlineJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6298/statusJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6298/attr/currentJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6298/sessionidJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6298/loginuidJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6298/cgroupJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6298/commJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6298/cmdlineJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6298/statusJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6298/attr/currentJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6298/sessionidJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6298/loginuidJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6298/cgroupJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6298/commJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6298/cmdlineJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6298/statusJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6298/attr/currentJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6298/sessionidJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6298/loginuidJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6298/cgroupJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6410/commJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6410/cmdlineJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6410/statusJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6410/attr/currentJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6410/sessionidJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6410/loginuidJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6410/cgroupJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6310/commJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6310/cmdlineJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6310/statusJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6310/attr/currentJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6310/sessionidJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6310/loginuidJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6310/cgroupJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6310/commJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6310/cmdlineJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6310/statusJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6310/attr/currentJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6310/sessionidJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6310/loginuidJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6310/cgroupJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6431/commJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6431/cmdlineJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6431/statusJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6431/attr/currentJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6431/sessionidJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6431/loginuidJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6431/cgroupJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/2078/commJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/2078/cmdlineJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/2078/statusJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/2078/attr/currentJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/2078/sessionidJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/2078/loginuidJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/2078/cgroupJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/2033/commJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/2033/cmdlineJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/2033/statusJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/2033/attr/currentJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/2033/sessionidJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/2033/loginuidJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/2033/cgroupJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/2077/commJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/2077/cmdlineJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/2077/statusJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/2077/attr/currentJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/2077/sessionidJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/2077/loginuidJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/2077/cgroupJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/2097/commJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/2097/cmdlineJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/2097/statusJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/2097/attr/currentJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/2097/sessionidJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/2097/loginuidJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/2097/cgroupJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/2074/commJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/2074/cmdlineJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/2074/statusJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/2074/attr/currentJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/2074/sessionidJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/2074/loginuidJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/2074/cgroupJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6391/commJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6391/cmdlineJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6391/statusJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6391/attr/currentJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6391/sessionidJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6391/loginuidJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/6391/cgroupJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/2050/commJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/2050/cmdlineJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/2050/statusJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/2050/attr/currentJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/2050/sessionidJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/2050/loginuidJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)File opened: /proc/2050/cgroupJump to behavior
                Source: /usr/bin/gpu-manager (PID: 6377)Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"Jump to behavior
                Source: /usr/bin/gpu-manager (PID: 6379)Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"Jump to behavior
                Source: /usr/bin/gpu-manager (PID: 6381)Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"Jump to behavior
                Source: /usr/bin/gpu-manager (PID: 6383)Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"Jump to behavior
                Source: /usr/bin/gpu-manager (PID: 6385)Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"Jump to behavior
                Source: /usr/bin/gpu-manager (PID: 6387)Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"Jump to behavior
                Source: /usr/bin/gpu-manager (PID: 6389)Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"Jump to behavior
                Source: /usr/bin/gpu-manager (PID: 6392)Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"Jump to behavior
                Source: /usr/share/language-tools/language-options (PID: 6418)Shell command executed: sh -c "locale -a | grep -F .utf8 "Jump to behavior
                Source: /bin/sh (PID: 6378)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.confJump to behavior
                Source: /bin/sh (PID: 6380)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.confJump to behavior
                Source: /bin/sh (PID: 6382)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.confJump to behavior
                Source: /bin/sh (PID: 6384)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.confJump to behavior
                Source: /bin/sh (PID: 6386)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.confJump to behavior
                Source: /bin/sh (PID: 6388)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.confJump to behavior
                Source: /bin/sh (PID: 6390)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.confJump to behavior
                Source: /bin/sh (PID: 6393)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.confJump to behavior
                Source: /bin/sh (PID: 6420)Grep executable: /usr/bin/grep -> grep -F .utf8Jump to behavior
                Source: /usr/share/gdm/generate-config (PID: 6400)Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-serviceJump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)Reads from proc file: /proc/meminfoJump to behavior
                Source: /sbin/agetty (PID: 6375)Reads version info: /etc/issueJump to behavior
                Source: /usr/sbin/gdm3 (PID: 6406)File: /var/run/gdm3 (bits: - usr: -x grp: x all: rwx)Jump to behavior
                Source: /usr/sbin/gdm3 (PID: 6406)File: /var/log/gdm3 (bits: - usr: -x grp: x all: rwx)Jump to behavior
                Source: /usr/lib/accountsservice/accounts-daemon (PID: 6410)File: /var/lib/AccountsService/icons (bits: - usr: rx grp: rwx all: rwx)Jump to behavior
                Source: /usr/lib/accountsservice/accounts-daemon (PID: 6410)File: /var/lib/AccountsService/users (bits: - usr: - grp: - all: rwx)Jump to behavior
                Source: /usr/sbin/rsyslogd (PID: 6301)Log file created: /var/log/kern.logJump to dropped file
                Source: /usr/sbin/rsyslogd (PID: 6301)Log file created: /var/log/auth.logJump to dropped file
                Source: /usr/bin/gpu-manager (PID: 6376)Log file created: /var/log/gpu-manager.logJump to dropped file
                Source: /usr/bin/gpu-manager (PID: 6376)Truncated file: /var/log/gpu-manager.logJump to behavior
                Source: /usr/bin/pkill (PID: 6400)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
                Source: /usr/bin/pulseaudio (PID: 6467)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
                Source: /tmp/morte.sh4.elf (PID: 6239)Queries kernel information via 'uname': Jump to behavior
                Source: /usr/sbin/rsyslogd (PID: 6289)Queries kernel information via 'uname': Jump to behavior
                Source: /lib/systemd/systemd-journald (PID: 6296)Queries kernel information via 'uname': Jump to behavior
                Source: /usr/sbin/rsyslogd (PID: 6301)Queries kernel information via 'uname': Jump to behavior
                Source: /sbin/agetty (PID: 6375)Queries kernel information via 'uname': Jump to behavior
                Source: /usr/bin/gpu-manager (PID: 6376)Queries kernel information via 'uname': Jump to behavior
                Source: /usr/lib/gdm3/gdm-session-worker (PID: 6425)Queries kernel information via 'uname': Jump to behavior
                Source: /usr/bin/pulseaudio (PID: 6467)Queries kernel information via 'uname': Jump to behavior
                Source: morte.sh4.elf, 6239.1.00007ffea3bfd000.00007ffea3c1e000.rw-.sdmp, morte.sh4.elf, 6241.1.00007ffea3bfd000.00007ffea3c1e000.rw-.sdmp, morte.sh4.elf, 6247.1.00007ffea3bfd000.00007ffea3c1e000.rw-.sdmp, morte.sh4.elf, 6248.1.00007ffea3bfd000.00007ffea3c1e000.rw-.sdmpBinary or memory string: /usr/bin/qemu-sh4
                Source: morte.sh4.elf, 6239.1.00007ffea3bfd000.00007ffea3c1e000.rw-.sdmp, morte.sh4.elf, 6241.1.00007ffea3bfd000.00007ffea3c1e000.rw-.sdmp, morte.sh4.elf, 6247.1.00007ffea3bfd000.00007ffea3c1e000.rw-.sdmp, morte.sh4.elf, 6248.1.00007ffea3bfd000.00007ffea3c1e000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-sh4/tmp/morte.sh4.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/morte.sh4.elf
                Source: morte.sh4.elf, 6239.1.000055c88c8ec000.000055c88c94f000.rw-.sdmp, morte.sh4.elf, 6241.1.000055c88c8ec000.000055c88c94f000.rw-.sdmp, morte.sh4.elf, 6247.1.000055c88c8ec000.000055c88c94f000.rw-.sdmp, morte.sh4.elf, 6248.1.000055c88c8ec000.000055c88c94f000.rw-.sdmpBinary or memory string: U5!/etc/qemu-binfmt/sh4
                Source: morte.sh4.elf, 6247.1.00007ffea3bfd000.00007ffea3c1e000.rw-.sdmpBinary or memory string: U/tmp/qemu-open.kjxufA
                Source: morte.sh4.elf, 6239.1.000055c88c8ec000.000055c88c94f000.rw-.sdmp, morte.sh4.elf, 6241.1.000055c88c8ec000.000055c88c94f000.rw-.sdmp, morte.sh4.elf, 6247.1.000055c88c8ec000.000055c88c94f000.rw-.sdmp, morte.sh4.elf, 6248.1.000055c88c8ec000.000055c88c94f000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/sh4
                Source: morte.sh4.elf, 6247.1.00007ffea3bfd000.00007ffea3c1e000.rw-.sdmpBinary or memory string: /tmp/qemu-open.kjxufA

                Language, Device and Operating System Detection

                barindex
                Source: /usr/lib/accountsservice/accounts-daemon (PID: 6410)Logged in records file read: /var/log/wtmpJump to behavior

                Stealing of Sensitive Information

                barindex
                Source: Yara matchFile source: morte.sh4.elf, type: SAMPLE
                Source: Yara matchFile source: 6248.1.00007fb8f8400000.00007fb8f841a000.r-x.sdmp, type: MEMORY
                Source: Yara matchFile source: 6241.1.00007fb8f8400000.00007fb8f841a000.r-x.sdmp, type: MEMORY
                Source: Yara matchFile source: 6247.1.00007fb8f8400000.00007fb8f841a000.r-x.sdmp, type: MEMORY
                Source: Yara matchFile source: 6239.1.00007fb8f8400000.00007fb8f841a000.r-x.sdmp, type: MEMORY
                Source: Yara matchFile source: morte.sh4.elf, type: SAMPLE
                Source: Yara matchFile source: 6248.1.00007fb8f8400000.00007fb8f841a000.r-x.sdmp, type: MEMORY
                Source: Yara matchFile source: 6241.1.00007fb8f8400000.00007fb8f841a000.r-x.sdmp, type: MEMORY
                Source: Yara matchFile source: 6247.1.00007fb8f8400000.00007fb8f841a000.r-x.sdmp, type: MEMORY
                Source: Yara matchFile source: 6239.1.00007fb8f8400000.00007fb8f841a000.r-x.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: morte.sh4.elf PID: 6239, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: morte.sh4.elf PID: 6241, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: morte.sh4.elf PID: 6247, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: morte.sh4.elf PID: 6248, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Source: Yara matchFile source: morte.sh4.elf, type: SAMPLE
                Source: Yara matchFile source: 6248.1.00007fb8f8400000.00007fb8f841a000.r-x.sdmp, type: MEMORY
                Source: Yara matchFile source: 6241.1.00007fb8f8400000.00007fb8f841a000.r-x.sdmp, type: MEMORY
                Source: Yara matchFile source: 6247.1.00007fb8f8400000.00007fb8f841a000.r-x.sdmp, type: MEMORY
                Source: Yara matchFile source: 6239.1.00007fb8f8400000.00007fb8f841a000.r-x.sdmp, type: MEMORY
                Source: Yara matchFile source: morte.sh4.elf, type: SAMPLE
                Source: Yara matchFile source: 6248.1.00007fb8f8400000.00007fb8f841a000.r-x.sdmp, type: MEMORY
                Source: Yara matchFile source: 6241.1.00007fb8f8400000.00007fb8f841a000.r-x.sdmp, type: MEMORY
                Source: Yara matchFile source: 6247.1.00007fb8f8400000.00007fb8f841a000.r-x.sdmp, type: MEMORY
                Source: Yara matchFile source: 6239.1.00007fb8f8400000.00007fb8f841a000.r-x.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: morte.sh4.elf PID: 6239, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: morte.sh4.elf PID: 6241, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: morte.sh4.elf PID: 6247, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: morte.sh4.elf PID: 6248, type: MEMORYSTR

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity Information2
                Scripting                		Valid AccountsWindows Management Instrumentation2
                Scripting                		Path Interception1
                File and Directory Permissions Modification                		1
                OS Credential Dumping                		11
                Security Software Discovery                		Remote ServicesData from Local System1
                Encrypted Channel                		Exfiltration Over Other Network Medium2
                Service Stop
                CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
                Disable or Modify Tools                		LSASS Memory1
                System Owner/User Discovery                		Remote Desktop ProtocolData from Removable Media1
                Non-Standard Port                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
                Hidden Files and Directories                		Security Account Manager11
                File and Directory Discovery                		SMB/Windows Admin SharesData from Network Shared Drive2
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                Indicator Removal                		NTDS3
                System Information Discovery                		Distributed Component Object ModelInput Capture3
                Application Layer Protocol                		Traffic DuplicationData Destruction

                Malware Configuration

                No configs have been found

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Number of created Files
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1646185 Sample: morte.sh4.elf Startdate: 23/03/2025 Architecture: LINUX Score: 84 77 176.65.142.252, 46292, 7575 WEBTRAFFICDE Germany 2->77 79 109.202.202.202, 80 INIT7CH Switzerland 2->79 81 4 other IPs or domains 2->81 87 Multi AV Scanner detection for submitted file 2->87 89 Yara detected Okiru 2->89 91 Yara detected Gafgyt 2->91 11 systemd gdm3 2->11         started        13 systemd gpu-manager 2->13         started        15 morte.sh4.elf 2->15         started        17 21 other processes 2->17 signatures3 process4 file5 21 gdm3 gdm-session-worker 11->21         started        35 3 other processes 11->35 23 gpu-manager sh 13->23         started        25 gpu-manager sh 13->25         started        27 gpu-manager sh 13->27         started        37 5 other processes 13->37 29 morte.sh4.elf 15->29         started        75 /var/log/wtmp, data 17->75 dropped 83 Sample reads /proc/mounts (often used for finding a writable filesystem) 17->83 85 Reads system files that contain records of logged in users 17->85 31 accounts-daemon language-validate 17->31         started        33 generate-config pkill 17->33         started        signatures6 process7 process8 39 gdm-session-worker gdm-wayland-session 21->39         started        41 sh grep 23->41         started        43 sh grep 25->43         started        45 sh grep 27->45         started        47 morte.sh4.elf 29->47         started        50 morte.sh4.elf 29->50         started        52 language-validate language-options 31->52         started        54 sh grep 37->54         started        56 4 other processes 37->56 signatures9 58 gdm-wayland-session dbus-daemon 39->58         started        61 gdm-wayland-session dbus-run-session 39->61         started        95 Sample tries to kill a massive number of system processes 47->95 97 Sample tries to kill multiple processes (SIGKILL) 47->97 63 language-options sh 52->63         started        process10 signatures11 93 Sample reads /proc/mounts (often used for finding a writable filesystem) 58->93 65 dbus-daemon 58->65         started        67 dbus-run-session dbus-daemon 61->67         started        69 sh locale 63->69         started        71 sh grep 63->71         started        process12 process13 73 dbus-daemon false 65->73         started       

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                morte.sh4.elf45%VirustotalBrowse
                morte.sh4.elf36%ReversingLabsLinux.Trojan.Mirai

                Dropped Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                No Antivirus matches

                Domains and IPs

                Download Network PCAP: filteredfull

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                daisy.ubuntu.com
                		162.213.35.24
                		truefalse
                  		high

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  https://daisy.ubuntu.com/9aadafe2051348cd32033e1cad68f0a5fe46fba3240ac1e6e42158f31b8a1371790c09baf3996b4979fe8e533446c7dedf30f654c68b25357334c66911dc6a9efalse
                    		high
                    NameSourceMaliciousAntivirus DetectionReputation
                    https://www.rsyslog.comsyslog.35.drfalse
                      		high

                      World Map of Contacted IPs

                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs

                      Public IPs

                      IPDomainCountryFlagASNASN NameMalicious
                      162.213.35.25
                      		unknownUnited States
                      		41231CANONICAL-ASGBfalse
                      176.65.142.252
                      		unknownGermany
                      		8649WEBTRAFFICDEfalse
                      109.202.202.202
                      		unknownSwitzerland
                      		13030INIT7CHfalse
                      91.189.91.43
                      		unknownUnited Kingdom
                      		41231CANONICAL-ASGBfalse
                      91.189.91.42
                      		unknownUnited Kingdom
                      		41231CANONICAL-ASGBfalse

                      Joe Sandbox View / Context

                      IPs

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      162.213.35.25morte.arm.elfGet hashmaliciousGafgyt, OkiruBrowse
                        rjfe686.elfGet hashmaliciousUnknownBrowse
                          weje64.elfGet hashmaliciousUnknownBrowse
                            vjwe68k.elfGet hashmaliciousUnknownBrowse
                              eehah4.elfGet hashmaliciousUnknownBrowse
                                drea4.elfGet hashmaliciousUnknownBrowse
                                  rrrdsl.elfGet hashmaliciousUnknownBrowse
                                    Aqua.arm7.elfGet hashmaliciousMiraiBrowse
                                      weje64.elfGet hashmaliciousUnknownBrowse
                                        efefa7.elfGet hashmaliciousMiraiBrowse
                                          176.65.142.252morte.mips.elfGet hashmaliciousGafgyt, OkiruBrowse
                                            morte.arm.elfGet hashmaliciousGafgyt, OkiruBrowse
                                              morte.x86.elfGet hashmaliciousOkiruBrowse
                                                morte.m68k.elfGet hashmaliciousGafgyt, OkiruBrowse
                                                  morte.ppc.elfGet hashmaliciousOkiruBrowse
                                                    morte.mpsl.elfGet hashmaliciousGafgyt, OkiruBrowse
                                                      morte.x64.elfGet hashmaliciousGafgyt, OkiruBrowse
                                                        morte.ppc.elfGet hashmaliciousUnknownBrowse
                                                          morte.mpsl.elfGet hashmaliciousUnknownBrowse
                                                            raw_cbot.exeGet hashmaliciousUnknownBrowse
                                                              109.202.202.202kpLwzBouH4.elfGet hashmaliciousUnknownBrowse
                                                              • ch.archive.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_92.0%2bbuild3-0ubuntu0.20.04.1_amd64.deb
                                                              91.189.91.43morte.arm5.elfGet hashmaliciousOkiruBrowse
                                                                na.elfGet hashmaliciousPrometeiBrowse
                                                                  na.elfGet hashmaliciousPrometeiBrowse
                                                                    miner.elfGet hashmaliciousUnknownBrowse
                                                                      morte.arm.elfGet hashmaliciousGafgyt, OkiruBrowse
                                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                                          na.elfGet hashmaliciousPrometeiBrowse
                                                                            na.elfGet hashmaliciousPrometeiBrowse
                                                                              Aqua.mips.elfGet hashmaliciousUnknownBrowse
                                                                                na.elfGet hashmaliciousPrometeiBrowse

                                                                                  Domains

                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                  daisy.ubuntu.commorte.arm.elfGet hashmaliciousGafgyt, OkiruBrowse
                                                                                  • 162.213.35.24
                                                                                  morte.arm6.elfGet hashmaliciousGafgyt, OkiruBrowse
                                                                                  • 162.213.35.24
                                                                                  morte.m68k.elfGet hashmaliciousGafgyt, OkiruBrowse
                                                                                  • 162.213.35.25
                                                                                  sshd.elfGet hashmaliciousUnknownBrowse
                                                                                  • 162.213.35.25
                                                                                  arm6.elfGet hashmaliciousMiraiBrowse
                                                                                  • 162.213.35.24
                                                                                  .i.elfGet hashmaliciousUnknownBrowse
                                                                                  • 162.213.35.25
                                                                                  drea4.elfGet hashmaliciousUnknownBrowse
                                                                                  • 162.213.35.25
                                                                                  efea6.elfGet hashmaliciousUnknownBrowse
                                                                                  • 162.213.35.25
                                                                                  boatnet.ppc.elfGet hashmaliciousMiraiBrowse
                                                                                  • 162.213.35.25
                                                                                  boatnet.m68k.elfGet hashmaliciousMiraiBrowse
                                                                                  • 162.213.35.24

                                                                                  ASNs

                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                  CANONICAL-ASGBmorte.arm5.elfGet hashmaliciousOkiruBrowse
                                                                                  • 91.189.91.42
                                                                                  na.elfGet hashmaliciousPrometeiBrowse
                                                                                  • 91.189.91.42
                                                                                  na.elfGet hashmaliciousPrometeiBrowse
                                                                                  • 91.189.91.42
                                                                                  miner.elfGet hashmaliciousUnknownBrowse
                                                                                  • 91.189.91.42
                                                                                  morte.arm.elfGet hashmaliciousGafgyt, OkiruBrowse
                                                                                  • 91.189.91.42
                                                                                  na.elfGet hashmaliciousPrometeiBrowse
                                                                                  • 91.189.91.42
                                                                                  na.elfGet hashmaliciousPrometeiBrowse
                                                                                  • 91.189.91.42
                                                                                  na.elfGet hashmaliciousPrometeiBrowse
                                                                                  • 91.189.91.42
                                                                                  Aqua.mips.elfGet hashmaliciousUnknownBrowse
                                                                                  • 91.189.91.42
                                                                                  na.elfGet hashmaliciousPrometeiBrowse
                                                                                  • 91.189.91.42
                                                                                  WEBTRAFFICDEmorte.mips.elfGet hashmaliciousGafgyt, OkiruBrowse
                                                                                  • 176.65.142.252
                                                                                  morte.arm.elfGet hashmaliciousGafgyt, OkiruBrowse
                                                                                  • 176.65.142.252
                                                                                  morte.x86.elfGet hashmaliciousOkiruBrowse
                                                                                  • 176.65.142.252
                                                                                  morte.m68k.elfGet hashmaliciousGafgyt, OkiruBrowse
                                                                                  • 176.65.142.252
                                                                                  morte.ppc.elfGet hashmaliciousOkiruBrowse
                                                                                  • 176.65.142.252
                                                                                  morte.mpsl.elfGet hashmaliciousGafgyt, OkiruBrowse
                                                                                  • 176.65.142.252
                                                                                  morte.x64.elfGet hashmaliciousGafgyt, OkiruBrowse
                                                                                  • 176.65.142.252
                                                                                  morte.ppc.elfGet hashmaliciousUnknownBrowse
                                                                                  • 176.65.142.252
                                                                                  morte.mpsl.elfGet hashmaliciousUnknownBrowse
                                                                                  • 176.65.142.252
                                                                                  file2.bin.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                  • 176.65.142.216
                                                                                  INIT7CHmorte.arm5.elfGet hashmaliciousOkiruBrowse
                                                                                  • 109.202.202.202
                                                                                  na.elfGet hashmaliciousPrometeiBrowse
                                                                                  • 109.202.202.202
                                                                                  na.elfGet hashmaliciousPrometeiBrowse
                                                                                  • 109.202.202.202
                                                                                  miner.elfGet hashmaliciousUnknownBrowse
                                                                                  • 109.202.202.202
                                                                                  morte.arm.elfGet hashmaliciousGafgyt, OkiruBrowse
                                                                                  • 109.202.202.202
                                                                                  na.elfGet hashmaliciousPrometeiBrowse
                                                                                  • 109.202.202.202
                                                                                  na.elfGet hashmaliciousPrometeiBrowse
                                                                                  • 109.202.202.202
                                                                                  na.elfGet hashmaliciousPrometeiBrowse
                                                                                  • 109.202.202.202
                                                                                  Aqua.mips.elfGet hashmaliciousUnknownBrowse
                                                                                  • 109.202.202.202
                                                                                  na.elfGet hashmaliciousPrometeiBrowse
                                                                                  • 109.202.202.202
                                                                                  CANONICAL-ASGBmorte.arm5.elfGet hashmaliciousOkiruBrowse
                                                                                  • 91.189.91.42
                                                                                  na.elfGet hashmaliciousPrometeiBrowse
                                                                                  • 91.189.91.42
                                                                                  na.elfGet hashmaliciousPrometeiBrowse
                                                                                  • 91.189.91.42
                                                                                  miner.elfGet hashmaliciousUnknownBrowse
                                                                                  • 91.189.91.42
                                                                                  morte.arm.elfGet hashmaliciousGafgyt, OkiruBrowse
                                                                                  • 91.189.91.42
                                                                                  na.elfGet hashmaliciousPrometeiBrowse
                                                                                  • 91.189.91.42
                                                                                  na.elfGet hashmaliciousPrometeiBrowse
                                                                                  • 91.189.91.42
                                                                                  na.elfGet hashmaliciousPrometeiBrowse
                                                                                  • 91.189.91.42
                                                                                  Aqua.mips.elfGet hashmaliciousUnknownBrowse
                                                                                  • 91.189.91.42
                                                                                  na.elfGet hashmaliciousPrometeiBrowse
                                                                                  • 91.189.91.42

                                                                                  JA3 Fingerprints

                                                                                  No context

                                                                                  Dropped Files

                                                                                  No context

                                                                                  Created / dropped Files

                                                                                  Process:/usr/bin/pulseaudio
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):10
                                                                                  Entropy (8bit):2.9219280948873623
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:5bkPn:pkP
                                                                                  MD5:FF001A15CE15CF062A3704CEA2991B5F
                                                                                  SHA1:B06F6855F376C3245B82212AC73ADED55DFE5DEF
                                                                                  SHA-256:C54830B41ECFA1B6FBDC30397188DDA86B7B200E62AEAC21AE694A6192DCC38A
                                                                                  SHA-512:65EBF7C31F6F65713CE01B38A112E97D0AE64A6BD1DA40CE4C1B998F10CD3912EE1A48BB2B279B24493062118AAB3B8753742E2AF28E56A31A7AAB27DE80E7BF
                                                                                  Malicious:false
                                                                                  Reputation:moderate, very likely benign file
                                                                                  Preview:auto_null.
                                                                                  Process:/usr/bin/pulseaudio
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):18
                                                                                  Entropy (8bit):3.4613201402110088
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:5bkrIZsXvn:pkckv
                                                                                  MD5:28FE6435F34B3367707BB1C5D5F6B430
                                                                                  SHA1:EB8FE2D16BD6BBCCE106C94E4D284543B2573CF6
                                                                                  SHA-256:721A37C69E555799B41D308849E8F8125441883AB021B723FED90A9B744F36C0
                                                                                  SHA-512:6B6AB7C0979629D0FEF6BE47C5C6BCC367EDD0AAE3FC973F4DE2FD5F0A819C89E7656DB65D453B1B5398E54012B27EDFE02894AD87A7E0AF3A9C5F2EB24A9919
                                                                                  Malicious:false
                                                                                  Reputation:moderate, very likely benign file
                                                                                  Preview:auto_null.monitor.
                                                                                  Process:/usr/bin/dbus-daemon
                                                                                  File Type:very short file (no magic)
                                                                                  Category:dropped
                                                                                  Size (bytes):1
                                                                                  Entropy (8bit):0.0
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:V:V
                                                                                  MD5:CFCD208495D565EF66E7DFF9F98764DA
                                                                                  SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                                                                                  SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                                                                                  SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                                                                                  Malicious:false
                                                                                  Reputation:high, very likely benign file
                                                                                  Preview:0
                                                                                  Process:/usr/sbin/gdm3
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):5
                                                                                  Entropy (8bit):1.9219280948873623
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:z:z
                                                                                  MD5:1E46AAD31C48AA19358BF6ED971A11DE
                                                                                  SHA1:501A2DB1A6604E467EE5B1BF8152355E683CD5F1
                                                                                  SHA-256:CEA58BF40567DAD536BD18577B1A5495187F40280EF42A5439A38B24F5C64643
                                                                                  SHA-512:C7378A2C11F781B5A732F5BAFED6384BB6B1676DF47AF0268E5406F4264F820BA196C3F6ABBB24DBCE4D91B89F6EAE43BBEB17E94E906182CF5F5F3276559BD0
                                                                                  Malicious:false
                                                                                  Reputation:low
                                                                                  Preview:6406.
                                                                                  Process:/lib/systemd/systemd-journald
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):223
                                                                                  Entropy (8bit):5.535578696166821
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxmsInVTATEBwpeMqjsv:SbFuFyLVIg1BG+f+MsI5jEeZji4s
                                                                                  MD5:92841FD80876D43F91ADA416781412E7
                                                                                  SHA1:301DD54AAAA9193B963BC9B808489675824F22A4
                                                                                  SHA-256:8E2136CF6A06FAC1C3B6E15E3097F6F9DF42B532B99C48EB6116CC2927FE2686
                                                                                  SHA-512:BB716F31D9F68BAB6E3EA2F63748ACD0261D7C4FFD05C31CA171EB02890B7DB0A72F1E2B9E0683A03178EA057B1B883490BC87A6DCCA9184D15234B17599BE2C
                                                                                  Malicious:false
                                                                                  Reputation:low
                                                                                  Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=f14bc5067fb5476a8f863011f42de4e8.IDENTIFIER=journalctl.UNIT=systemd-journal-flush.service.
                                                                                  Process:/lib/systemd/systemd-journald
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):207
                                                                                  Entropy (8bit):5.384204921705607
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxmsHGXBAd0TQGFrxsjx:SbFuFyLVIg1BG+f+MsHWAqs6rqjosQu
                                                                                  MD5:90F4E888789D6862E7E82BE7747E5D02
                                                                                  SHA1:D93752825DEE04BAEE8FCED1335F874C1EB8C072
                                                                                  SHA-256:92FDFA1FD6A9992DC7C5799E7ACBD38CB3B4786EF7158DD69DBF5277249EBD35
                                                                                  SHA-512:E2A5B31809A6E1CE14C7E0F9B02AC0D3355EE10DB22599D31785D707FB80B5DC54917F09255B5598004112F250FA779EA3FD1534C8990B6CAFD72C08AF613192
                                                                                  Malicious:false
                                                                                  Reputation:low
                                                                                  Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=fbd4c33a55cd4e338d448e6b06b6f14a.IDENTIFIER=dbus-daemon.UNIT=dbus.service.
                                                                                  Process:/lib/systemd/systemd-journald
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):200
                                                                                  Entropy (8bit):5.442702357833203
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:SbFuFyLVK6g7/+BG+f+M6bLIYJQXqjFmzXvn:qgFqo6g7/+0+f+M2IRIQXvn
                                                                                  MD5:CFA27422E3E5DFCBA33B08698D37E073
                                                                                  SHA1:810FC570874E0A8F32AD0886C14A7154FA6C6E5E
                                                                                  SHA-256:D568A454240BA6AF306630D9B14E46DF42C9FA27E09B040A6D74BF7DB402986C
                                                                                  SHA-512:6A83657C19963A6FBC4656526897A413D8326601FB539D785B776CEC417E9925532EF0F5806EC4EF14A46A77D15E5D171AF01D0368CEBCE5CC4731EFA0E56483
                                                                                  Malicious:false
                                                                                  Preview:# This is private data. Do not parse.PRIORITY=6.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=0970ccf3531a425987f9506e3e92762d.IDENTIFIER=org.gnome.Shell.desktop.
                                                                                  Process:/lib/systemd/systemd-journald
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):200
                                                                                  Entropy (8bit):5.428717875026685
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:SbFuFyLVI6g7/+BG+f+Mo8VUWgRvpjFmzXvn:qgFqdg7/+0+f+MofQXvn
                                                                                  MD5:3A877B7417983A34809A77C60AA358DE
                                                                                  SHA1:4AFA681F7EEC60720C3FA4498967A964A78E0255
                                                                                  SHA-256:2C82504FADECA948C9EB32F86FF6EF93BB7E272E0EDC7605F6622E5B81FD39FB
                                                                                  SHA-512:BAFEAC766F03C92D723CE14C2713702040E172A63FDC75BA5E6F0D0C9A814E85F98651D082D387F239460E732C7A3960FECA43AA8DF9066B7CC3BF56B66E2834
                                                                                  Malicious:false
                                                                                  Preview:# This is private data. Do not parse.PRIORITY=4.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=b37c801381824b5a87a8d19e95ecd27e.IDENTIFIER=org.gnome.Shell.desktop.
                                                                                  Process:/lib/systemd/systemd-journald
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):208
                                                                                  Entropy (8bit):5.418384592344694
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxm4qqQ7QcsyDKe2rqje:SbFuFyLVIg1BG+f+M4oo2jdCLKzK
                                                                                  MD5:3344055780DC6670A5EA0B0C31B6FCA8
                                                                                  SHA1:51FB4BC3AEB4E0F6A88E6B7B72A697D28511A298
                                                                                  SHA-256:6E081BF4C4EEF0A2368F04ED07A3EF158F6B7189C4AF47A77013A73F2E215D3C
                                                                                  SHA-512:6A09203D1CE2427E1C47785A10DD1438DFC731042CF33057BB599F767183776110F564C93B1A9083551C8B99F6FD38315DD72564D936495ECB5DEB28895C9066
                                                                                  Malicious:false
                                                                                  Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=270843d62ebb4859bf541f2369101eb8.IDENTIFIER=whoopsie.UNIT=whoopsie.service.
                                                                                  Process:/lib/systemd/systemd-journald
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):188
                                                                                  Entropy (8bit):5.374671860019451
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxm9FuRX6nsvRVYuqjsO:SbFuFyLVIg1BG+f+MsWSV5qjtWL0
                                                                                  MD5:F80AA5011A1A663FFF7DFD4EDD85DBE2
                                                                                  SHA1:74889D070969AAC5D8FE8425F3F7A01F84A76F80
                                                                                  SHA-256:4362540AEC839465BEB30599A2A13778C7F17A34D40FEAAFD5FE2E2A86087E04
                                                                                  SHA-512:69BD16629A291DBF11D21248DED6E760C689DA45EF154D4E729C0F0CDAF09CC75A3C239EEC6EE098B22FA0B4735CB695E7144D2EEA68C6B5352BDA6E94ECE699
                                                                                  Malicious:false
                                                                                  Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=78b21a9540e24993a6bec690f3f1efc9.IDENTIFIER=pulseaudio.
                                                                                  Process:/lib/systemd/systemd-journald
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):207
                                                                                  Entropy (8bit):5.4432181747066855
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxmvyu9T5k4GAhVQZjsc:SbFuFyLVIg1BG+f+MaOyLAhyjosQu
                                                                                  MD5:9E22E5CC196CA1B6BCD1AAD8F400B617
                                                                                  SHA1:2C9002CADBA6F5EE4C8D1B9A305FBD5F1E2F7A0C
                                                                                  SHA-256:8E4C1C98C246CF23DE1EE7B283037469073476B0CE49D11A3D2560E8F49AE23D
                                                                                  SHA-512:A2F2BD6873EC868C30CAF48770EAA4E70A6FEB5DE3AAC90536F898ED8EF07A7B2AE0C6E553175A316C0235FC17D347C9DF206CB8E13172F9EA54346D4B97E76A
                                                                                  Malicious:false
                                                                                  Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=e847ff89c52745d6a2c740fa4ce85706.IDENTIFIER=dbus-daemon.UNIT=dbus.service.
                                                                                  Process:/lib/systemd/systemd-journald
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):208
                                                                                  Entropy (8bit):5.346098234461725
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxm9hnBTBuhUSoeMxsje:SbFuFyLVIg1BG+f+MTuhUjeMqjdCLKzK
                                                                                  MD5:B6B9DF5910CAF6D85F9355873D5CA9E6
                                                                                  SHA1:70E2DEA09C6C79BDDDC59E7B1E5C821C36AE942F
                                                                                  SHA-256:0AABB136250163FAD8080EF6401553456979D397954CCD8BFD749A813699DD29
                                                                                  SHA-512:1A6927821E2A23D7A0DD93DC008DEE7E4D756F3932522F41ACF7A502C34FC0FDDAC55883815620A5EA53841FAB1C00D1A94871CED9EB2AFECA56A2423B8F590F
                                                                                  Malicious:false
                                                                                  Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=7c5d93d6db7c49b0b3a6a51740a0acac.IDENTIFIER=whoopsie.UNIT=whoopsie.service.
                                                                                  Process:/lib/systemd/systemd-journald
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):220
                                                                                  Entropy (8bit):5.471568106326144
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:SbFuFyLVIg1BG+f+MJVS/qA1ZjZcHcljX+:qgFq6g10+f+MCqomAu
                                                                                  MD5:64DD72B75BD35D2A49908C4A95D968A9
                                                                                  SHA1:2FE236FF20BFD3F0E3D492334A686673D27C3BDF
                                                                                  SHA-256:1ED7135AC2E91396AB503F4730162BE8B5CAC9774A69DE0416F7AE0439F0545C
                                                                                  SHA-512:677ABF1C78C07D4CDA82B66765B2C6091DB67FF7F6EDAEB5F92E2BCCFD6CC2B5937568D4C31B2DAF9F290676B0078E9A64A8E36B9AB8DE4F5450D6C7EC30B92A
                                                                                  Malicious:false
                                                                                  Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=9a0a207b73bd4cc592f490e5f9bfce5f.IDENTIFIER=systemd-logind.UNIT=systemd-logind.service.
                                                                                  Process:/lib/systemd/systemd-journald
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):228
                                                                                  Entropy (8bit):5.4692969353582646
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:SbFuFyLVIg1BG+f+M6iG5Fq0ZjdCt/rRMtq:qgFq6g10+f+MPGK03CDL
                                                                                  MD5:251FB94CC7D93B780C9DD4CE5EC57CF5
                                                                                  SHA1:92E55C1CA6E973D5CF6ADE50499AFB67549EE0C2
                                                                                  SHA-256:2B3511EFB4238106D7F98A7FE4900197F6CBC0C22C78650F620FBFB5DB5A8430
                                                                                  SHA-512:29969C0A10753ACA22C9D77AA7EE380770BD77D8551038E13C05AF9789B192FC92CC79F9EBB5DBD3A584ADB106F48308ADCF1BBA4CF583614F98289CA03A2D21
                                                                                  Malicious:false
                                                                                  Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=074c4f07f9d84fff89154c5651924ed8.IDENTIFIER=whoopsie-upload-all.UNIT=apport-autoreport.service.
                                                                                  Process:/lib/systemd/systemd-journald
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):223
                                                                                  Entropy (8bit):5.542536628831814
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxm/ARVjdzDDCSHQBYgp:SbFuFyLVIg1BG+f+M4R/1HQqji4s
                                                                                  MD5:930B5FE28ED3FD6BF0EE8F305E28B7C7
                                                                                  SHA1:A75CE9FB3675E587D4E22D03A1F9454E48771D03
                                                                                  SHA-256:57B9FD8FD58C434FBFC626EA580A7C85F614C2192EE4C31272DE03FB8C1ED4E6
                                                                                  SHA-512:9617DA6F8B60E947AB8B5E2A7838BF7DB65CC77E2A9C458C897C036B0DEA5E333854E131B1FA11E72DC21EBE5A4B2455F85FC7D061B37C77FF1CF0F3CE97AA03
                                                                                  Malicious:false
                                                                                  Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=55040d518f9640638d7f7f32275752cc.IDENTIFIER=journalctl.UNIT=systemd-journal-flush.service.
                                                                                  Process:/lib/systemd/systemd-journald
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):208
                                                                                  Entropy (8bit):5.414678342666008
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxmo2gDgHQBHoPALdTj+:SbFuFyLVIg1BG+f+Mo2lwiP6dTjLkGq
                                                                                  MD5:56B66BE6054E0DA54A035284BB96BC21
                                                                                  SHA1:4D122DBBB7633C224B8FC4CAA935AC73FFD24D27
                                                                                  SHA-256:56D446133EA724308919A98CC27F1531AB53D6985463865B02E3194AB8369DF6
                                                                                  SHA-512:430C578D718A57633D68C77D5993C8AD5BA37D44BD4F2341689C34C1B60AF3AD83976CD17D786EDB77E579F4195C67B2B2276885BA82E5E850BC6FCC8E85772B
                                                                                  Malicious:false
                                                                                  Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=b45bef94b5eb47169f1086350501fe29.IDENTIFIER=agetty.UNIT=getty@tty2.service.
                                                                                  Process:/lib/systemd/systemd-journald
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):210
                                                                                  Entropy (8bit):5.422852064974869
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLCHh6KV+h6CQzuxm7utNyTGwUB7Tjs2ALAQ:SbFuFyLVIg1BAf+MnChTjNALyAZD
                                                                                  MD5:98424A40296CF89828AEAF1CCC624113
                                                                                  SHA1:712013C0989EA4C7959AC7379299505CCD9C8C89
                                                                                  SHA-256:F32BA5EE3E02C5E26F77A2E95303F741EB2F00209B91EB4FC5B198B66D06DA26
                                                                                  SHA-512:D62F902AE077747D509BE4085F57D5600CB16978DCD4FBCE3724774B777DAB0A345E47286B050F33121E1D7ACB734609C9B6D648DC85E02EAD2FD1DCF7BCF15A
                                                                                  Malicious:false
                                                                                  Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=1.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=136e5aafcc964ad6b47cb51db7b39006.IDENTIFIER=generate-config.UNIT=gdm.service.
                                                                                  Process:/lib/systemd/systemd-journald
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):211
                                                                                  Entropy (8bit):5.443210281307249
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:SbFuFyLVIg1BAf+M6IiITiNgZ0jNdQIeXD:qgFq6g1af+M4ITiNS22D
                                                                                  MD5:F70073646AEA9E5C17FF14241A855C1A
                                                                                  SHA1:2A8726B9C18A8C4A1784AC3B5030B1503D6FC1E8
                                                                                  SHA-256:285B015D2BB46C9EEA519CDB32E96DA39B54AABD5FFCF502BDF3DB03B2027B85
                                                                                  SHA-512:44E746C042C2A804B435983AEC29218A0033BBA5E075D00A53FEC5B561F93E045D15B606824C71526511F0D51246EAD456F854C7BAAC7452E9F8995D601E9BAD
                                                                                  Malicious:false
                                                                                  Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=1.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=014bc0103fa64a76bf14787453ce4160.IDENTIFIER=gdm-wait-for-drm.UNIT=gdm.service.
                                                                                  Process:/lib/systemd/systemd-journald
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):199
                                                                                  Entropy (8bit):5.395356057058239
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLCHh6KV+h6CQzuxmrKp/ERVQVvXVlbuqjsa:SbFuFyLVIg1BAf+MGNERVQRVFTjNTZD
                                                                                  MD5:F446C64236F76C4524B99561310C84D1
                                                                                  SHA1:190BA255980EA863B3F9B9F5970623FEDB15736F
                                                                                  SHA-256:AE4994DA14ADF8017EA5A0DB18FE491D240EC6252C170334F3DFC9E2A45F6439
                                                                                  SHA-512:E2B1632CE91220DB66F8AA35179184CFB8BD9C94CB3FCDAF60F570B012FFD041D48D31E96BF920291C7874299D1980BE4D33A17EDB8D877CAD550A3C95BAB6CD
                                                                                  Malicious:false
                                                                                  Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=1.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=af3ac6a947ca4050ab3112044c2678c6.IDENTIFIER=gdm3.UNIT=gdm.service.
                                                                                  Process:/lib/systemd/systemd-journald
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):222
                                                                                  Entropy (8bit):5.420064388587053
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxmrw/xyDBVHFZjswxJm:SbFuFyLVIg1BG+f+MEyD7FZjLTTIWTIL
                                                                                  MD5:26A7E7C9E390142EFBAEEEDD1F375380
                                                                                  SHA1:B450ADCE2359A275AA91F4ED6B3BF1373876D163
                                                                                  SHA-256:479FD90A13617D15BB396B23880D58C6551F54C486B81FC5FBC232C46F46ACFA
                                                                                  SHA-512:72D2EC8F74BC758F9A579FB04317FD629A085A4D8857B4CFD1990F5CD00B726920DCC9255CA3B50C8D72D7094932A4920D87BF128D410D3AC0E3AB9938402E79
                                                                                  Malicious:false
                                                                                  Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=ac2b6c2b94e14b40b76d439fce40b3f6.IDENTIFIER=accounts-daemon.UNIT=accounts-daemon.service.
                                                                                  Process:/lib/systemd/systemd-journald
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):205
                                                                                  Entropy (8bit):5.399122538516876
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:SbFuFyLVIg1BG+f+MeF38bBXBx1vF2jbVC:qgFq6g10+f+MyMbBJ9
                                                                                  MD5:E3085D8498DA096D082A1E4B61F531E0
                                                                                  SHA1:737AE1552003E2EE28A74FED0FF34AE29437DE37
                                                                                  SHA-256:F2920EB26628780B23E0545E85A26AB65958E745EF367232D57EC490E3F21C98
                                                                                  SHA-512:F0C86166D73D944DC2D489A706B1A78D0AAD70FEE057265BF577C35762E883F2254A828D2A7C4F10BA49DF7090A22FC749B47017635D273471F9B637CFAF323A
                                                                                  Malicious:false
                                                                                  Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=3350676d244d4a039b2619211fdde1b0.IDENTIFIER=polkitd.UNIT=polkit.service.
                                                                                  Process:/lib/systemd/systemd-journald
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):195
                                                                                  Entropy (8bit):5.396287442115349
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:SbFVVmFyinKMsPOdvP69ms947z+h6SnLAqC+h6KV+h6CQzuxmoEERG/hUGp+5Qlr:SbFuFyLVK6g7/+BG+f+MoPArQ5Ql8jNq
                                                                                  MD5:04E23592E2D84CDCD7D5BE9FB01B6805
                                                                                  SHA1:4CE954ECFE0B8CDC139BA72BD85A57AF86A141D4
                                                                                  SHA-256:AAC0369BE330D6B7FC8A55F0A3BC7AB53B02FF8977748A3EFF4321A3460E8A26
                                                                                  SHA-512:3DE582DBE8A7AD5CB3E4030D5908286A41B216911A2342C2D14FB6581B18AC01AC6F142DF641E7A3C1444380E9BAC56C35413014912B9E48036DA24CB5DB36AC
                                                                                  Malicious:false
                                                                                  Preview:# This is private data. Do not parse.PRIORITY=6.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=ba544c004b1c406e9cf1663a55bc8b30.IDENTIFIER=gdm-session-worker.
                                                                                  Process:/lib/systemd/systemd-journald
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):195
                                                                                  Entropy (8bit):5.386675631956749
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:SbFVVmFyinKMsPOfvP69ms947z+h6SnLAqC+h6KV+h6CQzuxm58dfiArsjs2BDf8:SbFuFyLVI6g7/+BG+f+MedfKjNq
                                                                                  MD5:96DDA35254F7B179DAF13287FD03DF02
                                                                                  SHA1:356B5FA99914A68406A5E744F7A4B3EF8A182405
                                                                                  SHA-256:C8DACEE3C6EFB6950B24A411409BA7C77C621D95C526C8BEDDFE4BB6C950700B
                                                                                  SHA-512:BD169643F4A2B1D92003319202967DA22B7FBD58D7947423E719F288A3A79EE3F7B3EDB7D2CD55E4B3EA1C592F60AA7CA517503A50EDB890157B3AB89C9A6241
                                                                                  Malicious:false
                                                                                  Preview:# This is private data. Do not parse.PRIORITY=4.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=3a02a644565c488584c5a421c0e3b5fa.IDENTIFIER=gdm-session-worker.
                                                                                  Process:/lib/systemd/systemd-journald
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):210
                                                                                  Entropy (8bit):5.509275634901302
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:SbFVVmFyinKMsPOdvP69ms947z+h6SnLAqC+h6KV+h6CQzuxmrBaVFh1oTRHNlsC:SbFuFyLVK6g7/+BG+f+MJt2jFQMzKaBu
                                                                                  MD5:B346BDCD4F6579BC35B5A0DBABAAD46D
                                                                                  SHA1:A4E8CCA7D0A8A00FCB7ED6EC548C1C5763327C20
                                                                                  SHA-256:BD1B7547BF9EF3BA6F6DF506CA03672248D07991F6063D7D6ECA68D67816667F
                                                                                  SHA-512:90BE1C090E89D1E1C7091B2196D5958B39AA136E7F18BD2E40A623C789230E32D101F19A62848F3C7067F88C33FBEA18D79617ED9F2C1399605AE98D4690991C
                                                                                  Malicious:false
                                                                                  Preview:# This is private data. Do not parse.PRIORITY=6.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=a34c5cfc69b043208b9593668da9564b.IDENTIFIER=/usr/lib/gdm3/gdm-wayland-session.
                                                                                  Process:/lib/systemd/systemd-journald
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):210
                                                                                  Entropy (8bit):5.484498951859888
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:SbFuFyLVI6g7/+BG+f+M+bmgSBz/w8jFQMzKaBu:qgFqdg7/+0+f+M1Bz/w2Tmh
                                                                                  MD5:831C31052ED309755248F492AF5B4335
                                                                                  SHA1:E961751BBC06EFB3C399BDED7ADB49E28AA2A687
                                                                                  SHA-256:EAD1A1A4D731F442F81097B55D156B7AB761901377F00C33F65316E799BC60A7
                                                                                  SHA-512:91B6A1131451B2C34D279BA9C2F0391664241C5CEDD65AF9861024F1F74ABDED8C073775CF21F331674395B2A18D4A2B50F9318D9F7906C2C303D85FA72DC1D0
                                                                                  Malicious:false
                                                                                  Preview:# This is private data. Do not parse.PRIORITY=4.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=4cd9d5f54b2047d3b3370c308aa258ae.IDENTIFIER=/usr/lib/gdm3/gdm-wayland-session.
                                                                                  Process:/lib/systemd/systemd-journald
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):189
                                                                                  Entropy (8bit):5.345164842477111
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxm635fMaA2Bhgrqjs16:SbFuFyLVIg1BG+f+M6K+hTjoa
                                                                                  MD5:E59D4CDE5A1A95D2808DE88FA73DB341
                                                                                  SHA1:A06E5C06771523F3A206EE3A70CF9DBD7D48BBA5
                                                                                  SHA-256:9081AE696FA055F5E774AFE0F88A8E214AC2F3318ED07500CE663D46D3CA6F87
                                                                                  SHA-512:005A5B3633CB39C1B403E9A97C50680D2F7C78C6D42141A794090E7C1BE8DC6C9236532B6D483322D06DD3E6C6EB29CB77A712796CDB335A68A115023FABE53C
                                                                                  Malicious:false
                                                                                  Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=02d4e92b12e24f3bb429e092edf678e8.IDENTIFIER=dbus-daemon.
                                                                                  Process:/lib/systemd/systemd-journald
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):188
                                                                                  Entropy (8bit):5.325495729711812
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxm80T2d8tdtGZjshQJT:SbFuFyLVIg1BG+f+M8q2dYWjtWL0
                                                                                  MD5:CB3C26C9857646EF5CE192E6429499E8
                                                                                  SHA1:8C023F6423B95592B3D360E875348C55605C6B96
                                                                                  SHA-256:FC5F04D1E9AAB36C0C26D346341ED13314566DF84DE7833A05C04FF93479191A
                                                                                  SHA-512:21E7E89909D29F897BACCEEC133AE9FF980791D4CA59772DFDE5F3D4C4E0C94C4A7911078E545ED243AFC66074408F1C4D927422F7C94ACDAAC5A23E9A9CEA8F
                                                                                  Malicious:false
                                                                                  Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=6265d461dd264f3e8d1542736a0b613d.IDENTIFIER=pulseaudio.
                                                                                  Process:/lib/systemd/systemd-journald
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):216
                                                                                  Entropy (8bit):5.402247844688111
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxmon3E6EGDiW0ZjsjOA:SbFuFyLVIg1BG+f+Mon3+UiTjNE
                                                                                  MD5:B1CFB1C1E05664F508F6D65DE736A3CB
                                                                                  SHA1:C0B085BAA0B42CED160E8CEB20F540F33A4DA7F2
                                                                                  SHA-256:9402E4D7913849A5F428AAF0124D07377C1B9D847EF9BAD0F73EE8E7E5BA9145
                                                                                  SHA-512:F12A4620BC6C929A2CE9DA7CCE49624C80675CC01F7BD71285AB56AFB5C9B00D9CE31238A5F9B9B639A57FC1FB1B39A9BF42673A119B4EBC892232C06AD3F497
                                                                                  Malicious:false
                                                                                  Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=b52e4a7694f744a49cab0ada1cf74a99.IDENTIFIER=rtkit-daemon.UNIT=rtkit-daemon.service.
                                                                                  Process:/lib/systemd/systemd-logind
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):95
                                                                                  Entropy (8bit):4.921230646592726
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:SbFVVmFyinKMsuH47rLg205vmLUbr+v:SbFuFyLwH47Pg20ggWv
                                                                                  MD5:BE58CCABC942125F5E27AF6EB1BA2F88
                                                                                  SHA1:07C20F55E36EE48869B223B8FC4DBC227C7353AC
                                                                                  SHA-256:551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
                                                                                  SHA-512:E5A270995FDE80530927E0BACD3BF76EE820C968AABD55D2E34579326F388AFD6DE7FB8C5D54F69D3F6AC30A5B587FD3B0456FC60326E7DF4F45789A900D046C
                                                                                  Malicious:false
                                                                                  Preview:# This is private data. Do not parse..IS_SEAT0=1.CAN_MULTI_SESSION=1.CAN_TTY=1.CAN_GRAPHICAL=0.
                                                                                  Process:/lib/systemd/systemd-logind
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):116
                                                                                  Entropy (8bit):4.957035419463244
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:SbFVVmFyinKMsuH47rLg205vmLUbr+ugKQ2KwshcXSv:SbFuFyLwH47Pg20ggWunQ2rNXc
                                                                                  MD5:66D114877B3B4DB3BDD8A3AD4F5E7421
                                                                                  SHA1:62E0CB0F51E0E3F97BE251CB917968DFF69ED344
                                                                                  SHA-256:A922628916A7DDBE2BAA33F421C82250527EA3C28E429749353A1C75C0C18860
                                                                                  SHA-512:5651247FA236DCF020A3C8456E4A9A74A85C5B9B3CCE94A3CF8F85FD4D66465C9F97DF7A1822E6CA4553C02BE149F3021D58DCC0C8CB6DCF37F915BD0A158187
                                                                                  Malicious:false
                                                                                  Preview:# This is private data. Do not parse..IS_SEAT0=1.CAN_MULTI_SESSION=1.CAN_TTY=1.CAN_GRAPHICAL=0.SESSIONS=c1.UIDS=127.
                                                                                  Process:/lib/systemd/systemd-logind
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):282
                                                                                  Entropy (8bit):5.292630421204709
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:SbFuFyL3BVgVuR257iesnAir/0Ixff6z0glacL5psQ2thQc2pb02/g2p9rwB:qgFq30VuR8L/ibBnglXLXsjthQHtPYqi
                                                                                  MD5:8E47F9F108690AC06DE1D42116C7D0FD
                                                                                  SHA1:769EB5791639777C9B1344EE7951934F020064D0
                                                                                  SHA-256:235746E334C9CCACB3D3874430C77FF320A32C19D22E0D7707D4D7FB51FDB408
                                                                                  SHA-512:BA0ACA44AA7D5F6FE14B564CD37B27D7CAB5D0A2029E6A8447E88271DD0EE783FA0155DACD28CF99FB33B7E70F3326C6F9E0AAE3F0DAC69633F0BF5760DB828C
                                                                                  Malicious:false
                                                                                  Preview:# This is private data. Do not parse..NAME=gdm.STATE=opening.STOPPING=no.RUNTIME=/run/user/127.SERVICE_JOB=/org/freedesktop/systemd1/job/12409.REALTIME=1742740109189165.MONOTONIC=448165562.SESSIONS=c1.SEATS=seat0.ACTIVE_SESSIONS=.ONLINE_SESSIONS=c1.ACTIVE_SEATS=.ONLINE_SEATS=seat0.
                                                                                  Process:/lib/systemd/systemd-logind
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):223
                                                                                  Entropy (8bit):5.451346987985608
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:SbFuFyL3BVgdL87ynAir/0Ixff6tzglacL5rit6Fr:qgFq30dABibBCglXLwIFr
                                                                                  MD5:923453B9385538CE3BB002354FE64E47
                                                                                  SHA1:ACDABDED7E0AFCBE1E24517476AD3ACE60173400
                                                                                  SHA-256:1349E01FB9C9F3B494935A17429693187750A3F71CB7D83246FAF210E6277DF0
                                                                                  SHA-512:297B474E1FB1A1983B8FB2D83530B779BB323F0F1161F2B151714F2196D1C2702F0F11E94451580C43E1AE58D5F2584BED49BF2D337F379C93B72A59551640A0
                                                                                  Malicious:false
                                                                                  Preview:# This is private data. Do not parse..NAME=gdm.STATE=closing.STOPPING=yes.RUNTIME=/run/user/127.SERVICE_JOB=/org/freedesktop/systemd1/job/12471.REALTIME=1742740109189165.MONOTONIC=448165562.LAST_SESSION_TIMESTAMP=448274459.
                                                                                  Process:/lib/systemd/systemd-logind
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):223
                                                                                  Entropy (8bit):5.451346987985608
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:SbFuFyL3BVgdL87ynAir/0Ixff6tzglacL5rit6Fr:qgFq30dABibBCglXLwIFr
                                                                                  MD5:923453B9385538CE3BB002354FE64E47
                                                                                  SHA1:ACDABDED7E0AFCBE1E24517476AD3ACE60173400
                                                                                  SHA-256:1349E01FB9C9F3B494935A17429693187750A3F71CB7D83246FAF210E6277DF0
                                                                                  SHA-512:297B474E1FB1A1983B8FB2D83530B779BB323F0F1161F2B151714F2196D1C2702F0F11E94451580C43E1AE58D5F2584BED49BF2D337F379C93B72A59551640A0
                                                                                  Malicious:false
                                                                                  Preview:# This is private data. Do not parse..NAME=gdm.STATE=closing.STOPPING=yes.RUNTIME=/run/user/127.SERVICE_JOB=/org/freedesktop/systemd1/job/12471.REALTIME=1742740109189165.MONOTONIC=448165562.LAST_SESSION_TIMESTAMP=448274459.
                                                                                  Process:/lib/systemd/systemd-logind
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):282
                                                                                  Entropy (8bit):5.292630421204709
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:SbFuFyL3BVgVuR257iesnAir/0Ixff6z0glacL5psQ2thQc2pb02/g2p9rwB:qgFq30VuR8L/ibBnglXLXsjthQHtPYqi
                                                                                  MD5:8E47F9F108690AC06DE1D42116C7D0FD
                                                                                  SHA1:769EB5791639777C9B1344EE7951934F020064D0
                                                                                  SHA-256:235746E334C9CCACB3D3874430C77FF320A32C19D22E0D7707D4D7FB51FDB408
                                                                                  SHA-512:BA0ACA44AA7D5F6FE14B564CD37B27D7CAB5D0A2029E6A8447E88271DD0EE783FA0155DACD28CF99FB33B7E70F3326C6F9E0AAE3F0DAC69633F0BF5760DB828C
                                                                                  Malicious:false
                                                                                  Preview:# This is private data. Do not parse..NAME=gdm.STATE=opening.STOPPING=no.RUNTIME=/run/user/127.SERVICE_JOB=/org/freedesktop/systemd1/job/12409.REALTIME=1742740109189165.MONOTONIC=448165562.SESSIONS=c1.SEATS=seat0.ACTIVE_SESSIONS=.ONLINE_SESSIONS=c1.ACTIVE_SEATS=.ONLINE_SEATS=seat0.
                                                                                  Process:/lib/systemd/systemd-logind
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):188
                                                                                  Entropy (8bit):4.928997328913428
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:SbFVVmFyinKMs5BuSgVuMI2sKiYiesnAv/XS12K2hwEY8mTQ2pJi22sQ2KkmD2pi:SbFuFyL3BVgVuR257iesnAi12thQc2p4
                                                                                  MD5:065A3AD1A34A9903F536410ECA748105
                                                                                  SHA1:21CD684DF60D569FA96EEEB66A0819EAC1B2B1A4
                                                                                  SHA-256:E80554BF0FF4E32C61D4FA3054F8EFB27A26F1C37C91AE4EA94445C400693941
                                                                                  SHA-512:DB3C42E893640BAEE9F0001BDE6E93ED40CC33198AC2B47328F577D3C71E2C2E986AAAFEF5BD8ADBC639B5C24ADF715D87034AE24B697331FF6FEC5962630064
                                                                                  Malicious:false
                                                                                  Preview:# This is private data. Do not parse..NAME=gdm.STATE=opening.STOPPING=no.RUNTIME=/run/user/127.SESSIONS=c1.SEATS=seat0.ACTIVE_SESSIONS=.ONLINE_SESSIONS=c1.ACTIVE_SEATS=.ONLINE_SEATS=seat0.
                                                                                  Process:/lib/systemd/systemd-logind
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):174
                                                                                  Entropy (8bit):5.305142043422009
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:SbFVVmFyinKMs5BuSgdNR2sKiYiesnAv/XSHxJgldEcLfO4tpyW6H206qodMXi2e:SbFuFyL3BVgdL87iesnAiRJglacL5riK
                                                                                  MD5:794BB0BE5211ECA8805C69FC0E1585A3
                                                                                  SHA1:EE8A25D5A6E1481B1FE0A3999E0348CA22C0B72F
                                                                                  SHA-256:1B8612C2F8FF9AA92F762E4350AE063CAE89A34F4A82242CBA408C95C4481D0F
                                                                                  SHA-512:B27CD1D8EB8A6E7DA97ED9FE29FC1558358564D8605A0F6A253F40522676CD3F7C4321BF308B31596E6A572FBEF64C42D8086DD69626A0D8EEA38086B0C4B7C8
                                                                                  Malicious:false
                                                                                  Preview:# This is private data. Do not parse..NAME=gdm.STATE=closing.STOPPING=no.RUNTIME=/run/user/127.REALTIME=1742740109189165.MONOTONIC=448165562.LAST_SESSION_TIMESTAMP=448274459.
                                                                                  Process:/usr/bin/pulseaudio
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):5
                                                                                  Entropy (8bit):1.9219280948873623
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:W:W
                                                                                  MD5:5242A7D574D4F67E15E7D6D5DD275072
                                                                                  SHA1:B02C38EC4AFE371F25E57D366A5F2C0D0EF5B1B6
                                                                                  SHA-256:3D05056EFA744FA911B0D45658294DA0869744490872DB16CEC562D3B4CE819A
                                                                                  SHA-512:67CEEBF42A65E1A2E1FFB22E73538C1E56DD3B9826A965371088A0A7921B5263FEC676ED92416A95850084BFC96288E9191B9FD6A6BF164D3913AD830F5816C4
                                                                                  Malicious:false
                                                                                  Preview:6467.
                                                                                  Process:/sbin/agetty
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):384
                                                                                  Entropy (8bit):0.6775035134351415
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Mlc1sXlXEWtl/EB:8cQ+yl8
                                                                                  MD5:83E6E70838385B0E1CB39D9F08939A49
                                                                                  SHA1:EDD87810348EE943719056C0BE4366E2A10095B7
                                                                                  SHA-256:6C9EDE52C74DBC1210AAA23892F7BD37E1359C4BBA5730406D4D08DAA25BB124
                                                                                  SHA-512:1BFBD29DD2DF46509673618D57522FFC3A7C3BADC294865D4A2935FDB13E3A35238D64071011742F714F497AA1E2D9AB45778E249D6E0EE5EA69702EEDEE1B93
                                                                                  Malicious:false
                                                                                  Preview:........tty2.tty2.......................tty2LOGIN...................................................................................................................................................................................................................................................................................................z..g.'......................................
                                                                                  Process:/tmp/morte.sh4.elf
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):19
                                                                                  Entropy (8bit):3.7216117239699025
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:TgnRAUGn:TgnRAJn
                                                                                  MD5:B700D933DCFBB4B5AE00161B504F954C
                                                                                  SHA1:264ACCDB176AA8BD243DE7FCB48451A653F04965
                                                                                  SHA-256:CB6F6D0404B44E865D078C2B35DE55AA78CA0F780B0618AF6B9A2653BF4D2259
                                                                                  SHA-512:6FF7461FAA7572680FAF3A1D0903BAD88F2F2965F971AD6C5FDA62E2CBBB28AEE38BB25A1A3D762B61EC1ECD6B1FEF458EAB44B5B1A7D18D86CB093222297F72
                                                                                  Malicious:false
                                                                                  Preview:/tmp/morte.sh4.elf.
                                                                                  Process:/usr/lib/accountsservice/accounts-daemon
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):61
                                                                                  Entropy (8bit):4.66214589518167
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:urzMQvNT+PzKLrAan4R8AKn:gzMQIzKLrAa4M
                                                                                  MD5:542BA3FB41206AE43928AF1C5E61FEBC
                                                                                  SHA1:F56F574DAF50D609526B36B5B54FDD59EA4D6A26
                                                                                  SHA-256:730D9509D4EAA7266829A8F5A8CFEBA6BBDDD5873FC2BD580AD464F4A237E11A
                                                                                  SHA-512:D774B8F191A5C65228D1B3CA1181701CFCD07A3D91C5571B0DDF32AD3E241C2D7BDFC0697AB97DC10441EF9CDC8AEE5B19BC34E13E5C8B0B91AD06EEF42F5AEA
                                                                                  Malicious:false
                                                                                  Preview:[User].XSession=.Icon=/var/lib/gdm3/.face.SystemAccount=true.
                                                                                  Process:/usr/bin/gpu-manager
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):25
                                                                                  Entropy (8bit):2.7550849518197795
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:JoT/V9fDVbn:M/V3n
                                                                                  MD5:078760523943E160756979906B85FB5E
                                                                                  SHA1:0962643266F4C5537F7D125046F28F21D6DD0C89
                                                                                  SHA-256:048416AC7A9A99690B8B53718CD39F32F637B55CC8DD8E67E58E5AEF060DD41C
                                                                                  SHA-512:DEFAAE8F8B54C61A716A0B0B4884358FEB8EB44DFEA01AAA5A687FDA7182792B7DEBB34AA840672EB3B40EB59FD0186749E08E47D181786C7FAA8C8F73F0104D
                                                                                  Malicious:false
                                                                                  Preview:15ad:0405;0000:00:0f:0;1.
                                                                                  Process:/usr/sbin/rsyslogd
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):1963
                                                                                  Entropy (8bit):4.89260209082447
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:ptc3cfcqqxdZ4pdZeSuYmug4ugXug/4kXYAvPYA2+V14Ad0pYrOVJrp6wrCQU:Y3cfE742vEv1fVUYrwrpBrCn
                                                                                  MD5:F52413D28FD125B2CDC1B0CF2991ADCC
                                                                                  SHA1:C4E3EEC5CD898C50F0AE4B37DADB8B605639864B
                                                                                  SHA-256:184EE0A6F82666354626FDC19FB8EFD781BB70ACF41451A114C12A5E407CEAF8
                                                                                  SHA-512:DF04F7335E3805646618FC39018775C65A60443D20F9F7B902F861439B40C5A8EEFDE71D978E13FE983E1288084D27F50A6812A066923EC4F6F25DAF496A0434
                                                                                  Malicious:false
                                                                                  Preview:Mar 23 09:28:12 galassia gdm-launch-environment]: pam_unix(gdm-launch-environment:session): session closed for user gdm.Mar 23 09:28:12 galassia gdm-password]: pam_unix(gdm-password:session): session closed for user saturnino.Mar 23 09:28:13 galassia gdm-password]: pam_systemd(gdm-password:session): Failed to release session: No session '2' known.Mar 23 09:28:13 galassia systemd-logind[6310]: Failed to add user by file name 127, ignoring: Invalid argument.Mar 23 09:28:13 galassia systemd-logind[6310]: Failed to add user by file name 1000, ignoring: Invalid argument.Mar 23 09:28:13 galassia systemd-logind[6310]: User enumeration failed: Invalid argument.Mar 23 09:28:13 galassia systemd-logind[6310]: User of session c2 not known..Mar 23 09:28:13 galassia systemd-logind[6310]: User of session 2 not known..Mar 23 09:28:13 galassia systemd-logind[6310]: User of session c1 not known..Mar 23 09:28:13 galassia systemd-logind[6310]: Session enumeration failed: No such file or directory.Mar 23 0
                                                                                  Process:/usr/bin/gpu-manager
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):1371
                                                                                  Entropy (8bit):4.8296848499188485
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:wPXXX9uV6BNu3WDF3GF3XFFxFFed2uk2HUvJlfWkpPpx7uvvAdow9555cJz:wPXXXe6vejpeC2HUR5WkpPpcvAdow95O
                                                                                  MD5:3AF77E630DA00B3BE24F4E8AA5D78B13
                                                                                  SHA1:BCF2D99E002F6DE2413A183227B011CFBEF5673D
                                                                                  SHA-256:EB1CBBA20845237B4409274D693FEAE13F835274DA3337B7A9D14F4D7FDF9DEA
                                                                                  SHA-512:8524B1E8A761F962B32F396812099B9B0B2DCF3C9FCA8605424753CFCFF4DC67EDC5EE1D8C91B9C0ED7FAE6BB1E752898B8D514B7C421D1839D6FEDA609C593C
                                                                                  Malicious:false
                                                                                  Preview:log_file: /var/log/gpu-manager.log.last_boot_file: /var/lib/ubuntu-drivers-common/last_gfx_boot.new_boot_file: /var/lib/ubuntu-drivers-common/last_gfx_boot.can't access /run/u-d-c-nvidia-was-loaded file.can't get module info via kmodcan't access /opt/amdgpu-pro/bin/amdgpu-pro-px.Looking for nvidia modules in /lib/modules/5.4.0-72-generic/kernel.Looking for nvidia modules in /lib/modules/5.4.0-72-generic/updates/dkms.Looking for amdgpu modules in /lib/modules/5.4.0-72-generic/kernel.Looking for amdgpu modules in /lib/modules/5.4.0-72-generic/updates/dkms.Is nvidia loaded? no.Was nvidia unloaded? no.Is nvidia blacklisted? no.Is intel loaded? no.Is radeon loaded? no.Is radeon blacklisted? no.Is amdgpu loaded? no.Is amdgpu blacklisted? no.Is amdgpu versioned? no.Is amdgpu pro stack? no.Is nouveau loaded? no.Is nouveau blacklisted? no.Is nvidia kernel module available? no.Is amdgpu kernel module available? no.Vendor/Device Id: 15ad:405.BusID "PCI:0@0:15:0".Is boot vga? yes.Error: can't acce
                                                                                  Process:/lib/systemd/systemd-journald
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):240
                                                                                  Entropy (8bit):1.4595260194504922
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:F31Hl0HC2blll8HC2Tl:F3EHhKH
                                                                                  MD5:4637D9FCEF088474104CCFA32090C230
                                                                                  SHA1:3CBDAD328FF29C493C02ECC58E557B8BAA620543
                                                                                  SHA-256:10F35F1A91475746E322F5AB3232F0510307020A3307AC0A3CA912F779B01DAF
                                                                                  SHA-512:EBB2A573CB0103031395259EB5985DC683431F8E3C5115B87797E5F7E2B1745620AA8E83D345ED0ED38E2E8BD20B3BE7E65281D80EB99A8E593626C3E75B16DC
                                                                                  Malicious:false
                                                                                  Preview:LPKSHHRH.................X.f*.J..e..j.b4.................................X.f*.J..e..j.b4........................................................................................................................................................
                                                                                  Process:/usr/sbin/rsyslogd
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):9235
                                                                                  Entropy (8bit):4.7655329883040825
                                                                                  Encrypted:false
                                                                                  SSDEEP:48:uDP/8FG55H5lTO6QIULRpqOnKn3g9MhCg9Vgew+xrzZjWTm6rBTtiOutuARGTs/m:bFOQ8rYov9Hk6LHU/aEx
                                                                                  MD5:E791DEEA2407CFD27E427123B80FDD8C
                                                                                  SHA1:CAC6EB74D7772E8EE83F6E3FD06F9E4C7EBD1C95
                                                                                  SHA-256:87AAADE5BDB2E33F0A4E1F5885C64FE82FBE41FE85C4E3540E0372DED3299AD1
                                                                                  SHA-512:7989964F2C7520DF250D6BCE1533DD649292F6B128AF01CF669C2B84FD9A2E65CE9691C5035B6C7593B565ACCE4015FD60AA717EA017FC35AD65A3AEF5B24978
                                                                                  Malicious:false
                                                                                  Preview:Mar 23 09:28:01 galassia kernel: [ 418.869907] blocking signal 9: 6247 -> 797.Mar 23 09:28:01 galassia kernel: [ 418.889584] blocking signal 9: 6247 -> 936.Mar 23 09:28:01 galassia kernel: [ 418.905396] blocking signal 9: 6247 -> 1320.Mar 23 09:28:01 galassia kernel: [ 418.923831] blocking signal 9: 6247 -> 1334.Mar 23 09:28:01 galassia kernel: [ 418.941487] blocking signal 9: 6247 -> 1335.Mar 23 09:28:01 galassia kernel: [ 418.971477] blocking signal 9: 6247 -> 1389.Mar 23 09:28:01 galassia kernel: [ 418.996918] blocking signal 9: 6247 -> 1601.Mar 23 09:28:01 galassia kernel: [ 419.016022] blocking signal 9: 6247 -> 1809.Mar 23 09:28:01 galassia kernel: [ 419.030331] blocking signal 9: 6247 -> 1860.Mar 23 09:28:01 galassia kernel: [ 419.043416] blocking signal 9: 6247 -> 1872.Mar 23 09:28:01 galassia kernel: [ 419.154496] blocking signal 9: 6247 -> 1983.Mar 23 09:28:01 galassia kernel: [ 419.241542] blocking signal 9: 6247 -> 2048.Mar 23 09:28:01 galassia kernel: [ 419.71
                                                                                  Process:/usr/sbin/rsyslogd
                                                                                  File Type:ASCII text, with very long lines (317)
                                                                                  Category:dropped
                                                                                  Size (bytes):44191
                                                                                  Entropy (8bit):5.058285580467787
                                                                                  Encrypted:false
                                                                                  SSDEEP:768:ev8jyaQ02yQ02TQ02cFu/8Dmw0nlBDX59LFGMoe+vOiYH73tdfL9EKeoGMYiT5to:ev8ewdYV
                                                                                  MD5:CA2315C11E74329113ADA34571EA908B
                                                                                  SHA1:5099FF3C5608EB0AD776D446B3ECE8E743931D4D
                                                                                  SHA-256:8E23B73DC9D2A4C7A865CECAD03F8E40D923E8552151AE77F2AFACA0C42CB32E
                                                                                  SHA-512:C6DA449804A87591275104B54FB7F06FBB2613AFBF72C292ECDC34F1727ACA338BD014FA75319DFEBABDE2D8698DDEC0A933A88C4A127ADA1EE537F427DE6251
                                                                                  Malicious:false
                                                                                  Preview:Mar 23 09:28:01 galassia kernel: [ 418.865157] systemd[1]: rsyslog.service: Main process exited, code=killed, status=9/KILL.Mar 23 09:28:01 galassia kernel: [ 418.865424] systemd[1]: rsyslog.service: Failed with result 'signal'..Mar 23 09:28:01 galassia kernel: [ 418.869907] blocking signal 9: 6247 -> 797.Mar 23 09:28:01 galassia kernel: [ 418.889584] blocking signal 9: 6247 -> 936.Mar 23 09:28:01 galassia kernel: [ 418.905396] blocking signal 9: 6247 -> 1320.Mar 23 09:28:01 galassia kernel: [ 418.923831] blocking signal 9: 6247 -> 1334.Mar 23 09:28:01 galassia kernel: [ 418.941487] blocking signal 9: 6247 -> 1335.Mar 23 09:28:01 galassia kernel: [ 418.943958] systemd[1]: whoopsie.service: Scheduled restart job, restart counter is at 1..Mar 23 09:28:01 galassia kernel: [ 418.944212] systemd[1]: Stopped crash report submission daemon..Mar 23 09:28:01 galassia kernel: [ 418.945425] systemd[1]: Started crash report submission daemon..Mar 23 09:28:01 galassia kernel: [ 418.97147
                                                                                  Process:/sbin/agetty
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):384
                                                                                  Entropy (8bit):0.6775035134351415
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Mlc1sXlXEWtl/EB:8cQ+yl8
                                                                                  MD5:83E6E70838385B0E1CB39D9F08939A49
                                                                                  SHA1:EDD87810348EE943719056C0BE4366E2A10095B7
                                                                                  SHA-256:6C9EDE52C74DBC1210AAA23892F7BD37E1359C4BBA5730406D4D08DAA25BB124
                                                                                  SHA-512:1BFBD29DD2DF46509673618D57522FFC3A7C3BADC294865D4A2935FDB13E3A35238D64071011742F714F497AA1E2D9AB45778E249D6E0EE5EA69702EEDEE1B93
                                                                                  Malicious:true
                                                                                  Preview:........tty2.tty2.......................tty2LOGIN...................................................................................................................................................................................................................................................................................................z..g.'......................................

                                                                                  Static File Info

                                                                                  General

                                                                                  File type:ELF 32-bit LSB executable, Renesas SH, version 1 (SYSV), statically linked, stripped
                                                                                  Entropy (8bit):6.229463282315143
                                                                                  TrID:
                                                                                  • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                                                                                  File name:morte.sh4.elf
                                                                                  File size:127'760 bytes
                                                                                  MD5:42b2d15d32b87dfbab5daf1b76d7ce76
                                                                                  SHA1:7c3d3dd043b5ff31aebec14b14be9c498b6679d1
                                                                                  SHA256:131f936760e0d6bd8a91765fdf63bc55a668f77e05e86ba29e14ae265118c037
                                                                                  SHA512:be42734abf56ff0c010abfdf900fc7dcf70cd3ab72520775dd1f82ec67bea9ba47ee23b85176cd3edb1c1d18500eeb18c57847dbcb24f4d890aad3978b000806
                                                                                  SSDEEP:1536:SaChwt50KbR+qmDVzLC3NKyzVghkeAYUH0fWH8UWs63Q7Ckjcm6l61d6VXW:SPhEdvmDV/KUy5epGWWHuB3y3640X
                                                                                  TLSH:80C37C73CC256E69D664D1B8B070CFB81F53A52481875FBE56AAC2B48047D8DFA093B8
                                                                                  File Content Preview:.ELF..............*.......@.4...X.......4. ...(...............@...@.t...t.....................B...B..Q..............Q.td............................././"O.n........#.*@........#.*@,i...o&O.n...l..............................././.../.a"O.!...n...a.b("...q.

                                                                                  Static ELF Info

                                                                                  ELF header

                                                                                  Class:ELF32
                                                                                  Data:2's complement, little endian
                                                                                  Version:1 (current)
                                                                                  Machine:<unknown>
                                                                                  Version Number:0x1
                                                                                  Type:EXEC (Executable file)
                                                                                  OS/ABI:UNIX - System V
                                                                                  ABI Version:0
                                                                                  Entry Point Address:0x4001a0
                                                                                  Flags:0x9
                                                                                  ELF Header Size:52
                                                                                  Program Header Offset:52
                                                                                  Program Header Size:32
                                                                                  Number of Program Headers:3
                                                                                  Section Header Offset:127320
                                                                                  Section Header Size:40
                                                                                  Number of Section Headers:11
                                                                                  Header String Table Index:10

                                                                                  Sections

                                                                                  NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                                                                                  NULL0x00x00x00x00x0000
                                                                                  .initPROGBITS0x4000940x940x300x00x6AX004
                                                                                  .textPROGBITS0x4000e00xe00x169400x00x6AX0032
                                                                                  .finiPROGBITS0x416a200x16a200x240x00x6AX004
                                                                                  .rodataPROGBITS0x416a440x16a440x2f300x00x2A004
                                                                                  .ctorsPROGBITS0x42a0000x1a0000xc0x00x3WA004
                                                                                  .dtorsPROGBITS0x42a00c0x1a00c0x80x00x3WA004
                                                                                  .dataPROGBITS0x42a0200x1a0200x50e00x00x3WA0032
                                                                                  .gotPROGBITS0x42f1000x1f1000x140x40x3WA004
                                                                                  .bssNOBITS0x42f1140x1f1140x46c40x00x3WA004
                                                                                  .shstrtabSTRTAB0x00x1f1140x430x00x0001

                                                                                  Program Segments

                                                                                  TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                                                                  LOAD0x00x4000000x4000000x199740x199746.92830x5R E0x10000.init .text .fini .rodata
                                                                                  LOAD0x1a0000x42a0000x42a0000x51140x97d81.00780x6RW 0x10000.ctors .dtors .data .got .bss
                                                                                  GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

                                                                                  Network Behavior

                                                                                  Download Network PCAP: filteredfull

                                                                                  Network Port Distribution

                                                                                  • Total Packets: 47
                                                                                  • 7575 undefined
                                                                                  • 443 (HTTPS)
                                                                                  • 80 (HTTP)
                                                                                  • 53 (DNS)
                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                  Mar 23, 2025 15:28:00.336191893 CET462927575192.168.2.23176.65.142.252
                                                                                  Mar 23, 2025 15:28:00.540757895 CET757546292176.65.142.252192.168.2.23
                                                                                  Mar 23, 2025 15:28:00.540826082 CET462927575192.168.2.23176.65.142.252
                                                                                  Mar 23, 2025 15:28:00.591638088 CET462927575192.168.2.23176.65.142.252
                                                                                  Mar 23, 2025 15:28:00.796267986 CET757546292176.65.142.252192.168.2.23
                                                                                  Mar 23, 2025 15:28:00.796313047 CET462927575192.168.2.23176.65.142.252
                                                                                  Mar 23, 2025 15:28:00.999397039 CET757546292176.65.142.252192.168.2.23
                                                                                  Mar 23, 2025 15:28:03.717747927 CET42836443192.168.2.2391.189.91.43
                                                                                  Mar 23, 2025 15:28:04.485665083 CET4251680192.168.2.23109.202.202.202
                                                                                  Mar 23, 2025 15:28:04.836123943 CET462927575192.168.2.23176.65.142.252
                                                                                  Mar 23, 2025 15:28:05.039251089 CET757546292176.65.142.252192.168.2.23
                                                                                  Mar 23, 2025 15:28:05.039362907 CET462927575192.168.2.23176.65.142.252
                                                                                  Mar 23, 2025 15:28:05.377594948 CET53070443192.168.2.23162.213.35.25
                                                                                  Mar 23, 2025 15:28:05.377636909 CET44353070162.213.35.25192.168.2.23
                                                                                  Mar 23, 2025 15:28:05.377734900 CET53070443192.168.2.23162.213.35.25
                                                                                  Mar 23, 2025 15:28:08.155713081 CET53070443192.168.2.23162.213.35.25
                                                                                  Mar 23, 2025 15:28:08.155740976 CET44353070162.213.35.25192.168.2.23
                                                                                  Mar 23, 2025 15:28:08.369858980 CET44353070162.213.35.25192.168.2.23
                                                                                  Mar 23, 2025 15:28:08.370323896 CET53070443192.168.2.23162.213.35.25
                                                                                  Mar 23, 2025 15:28:08.370323896 CET53070443192.168.2.23162.213.35.25
                                                                                  Mar 23, 2025 15:28:08.370323896 CET53070443192.168.2.23162.213.35.25
                                                                                  Mar 23, 2025 15:28:08.370338917 CET44353070162.213.35.25192.168.2.23
                                                                                  Mar 23, 2025 15:28:08.370353937 CET44353070162.213.35.25192.168.2.23
                                                                                  Mar 23, 2025 15:28:08.370445013 CET44353070162.213.35.25192.168.2.23
                                                                                  Mar 23, 2025 15:28:08.370868921 CET53070443192.168.2.23162.213.35.25
                                                                                  Mar 23, 2025 15:28:08.370868921 CET53070443192.168.2.23162.213.35.25
                                                                                  Mar 23, 2025 15:28:08.370877028 CET44353070162.213.35.25192.168.2.23
                                                                                  Mar 23, 2025 15:28:08.370992899 CET53070443192.168.2.23162.213.35.25
                                                                                  Mar 23, 2025 15:28:08.416320086 CET44353070162.213.35.25192.168.2.23
                                                                                  Mar 23, 2025 15:28:08.552850962 CET44353070162.213.35.25192.168.2.23
                                                                                  Mar 23, 2025 15:28:08.552977085 CET53070443192.168.2.23162.213.35.25
                                                                                  Mar 23, 2025 15:28:08.552977085 CET53070443192.168.2.23162.213.35.25
                                                                                  Mar 23, 2025 15:28:08.552977085 CET53070443192.168.2.23162.213.35.25
                                                                                  Mar 23, 2025 15:28:08.552997112 CET44353070162.213.35.25192.168.2.23
                                                                                  Mar 23, 2025 15:28:08.553009033 CET44353070162.213.35.25192.168.2.23
                                                                                  Mar 23, 2025 15:28:08.553020000 CET53070443192.168.2.23162.213.35.25
                                                                                  Mar 23, 2025 15:28:08.553020954 CET53070443192.168.2.23162.213.35.25
                                                                                  Mar 23, 2025 15:28:08.553029060 CET44353070162.213.35.25192.168.2.23
                                                                                  Mar 23, 2025 15:28:08.553045988 CET44353070162.213.35.25192.168.2.23
                                                                                  Mar 23, 2025 15:28:08.553066015 CET53070443192.168.2.23162.213.35.25
                                                                                  Mar 23, 2025 15:28:08.553066015 CET53070443192.168.2.23162.213.35.25
                                                                                  Mar 23, 2025 15:28:08.553066015 CET53070443192.168.2.23162.213.35.25
                                                                                  Mar 23, 2025 15:28:08.553076982 CET44353070162.213.35.25192.168.2.23
                                                                                  Mar 23, 2025 15:28:08.553090096 CET53070443192.168.2.23162.213.35.25
                                                                                  Mar 23, 2025 15:28:08.553090096 CET53070443192.168.2.23162.213.35.25
                                                                                  Mar 23, 2025 15:28:08.553102970 CET44353070162.213.35.25192.168.2.23
                                                                                  Mar 23, 2025 15:28:08.553133011 CET53070443192.168.2.23162.213.35.25
                                                                                  Mar 23, 2025 15:28:08.553149939 CET53070443192.168.2.23162.213.35.25
                                                                                  Mar 23, 2025 15:28:08.553165913 CET53070443192.168.2.23162.213.35.25
                                                                                  Mar 23, 2025 15:28:08.553268909 CET44353070162.213.35.25192.168.2.23
                                                                                  Mar 23, 2025 15:28:08.553334951 CET53070443192.168.2.23162.213.35.25
                                                                                  Mar 23, 2025 15:28:08.553359032 CET53070443192.168.2.23162.213.35.25
                                                                                  Mar 23, 2025 15:28:08.553545952 CET44353070162.213.35.25192.168.2.23
                                                                                  Mar 23, 2025 15:28:08.553584099 CET53070443192.168.2.23162.213.35.25
                                                                                  Mar 23, 2025 15:28:08.553606033 CET53070443192.168.2.23162.213.35.25
                                                                                  Mar 23, 2025 15:28:08.553689957 CET44353070162.213.35.25192.168.2.23
                                                                                  Mar 23, 2025 15:28:08.553725004 CET44353070162.213.35.25192.168.2.23
                                                                                  Mar 23, 2025 15:28:08.553745985 CET53070443192.168.2.23162.213.35.25
                                                                                  Mar 23, 2025 15:28:08.553764105 CET44353070162.213.35.25192.168.2.23
                                                                                  Mar 23, 2025 15:28:08.553793907 CET53070443192.168.2.23162.213.35.25
                                                                                  Mar 23, 2025 15:28:08.553793907 CET53070443192.168.2.23162.213.35.25
                                                                                  Mar 23, 2025 15:28:08.553807020 CET44353070162.213.35.25192.168.2.23
                                                                                  Mar 23, 2025 15:28:08.553813934 CET44353070162.213.35.25192.168.2.23
                                                                                  Mar 23, 2025 15:28:08.963068962 CET44353070162.213.35.25192.168.2.23
                                                                                  Mar 23, 2025 15:28:08.963184118 CET53070443192.168.2.23162.213.35.25
                                                                                  Mar 23, 2025 15:28:08.963184118 CET53070443192.168.2.23162.213.35.25
                                                                                  Mar 23, 2025 15:28:08.963196039 CET44353070162.213.35.25192.168.2.23
                                                                                  Mar 23, 2025 15:28:08.963207006 CET44353070162.213.35.25192.168.2.23
                                                                                  Mar 23, 2025 15:28:08.963237047 CET44353070162.213.35.25192.168.2.23
                                                                                  Mar 23, 2025 15:28:08.964189053 CET53070443192.168.2.23162.213.35.25
                                                                                  Mar 23, 2025 15:28:18.819869995 CET43928443192.168.2.2391.189.91.42
                                                                                  Mar 23, 2025 15:28:31.106093884 CET42836443192.168.2.2391.189.91.43
                                                                                  Mar 23, 2025 15:28:35.201704979 CET4251680192.168.2.23109.202.202.202
                                                                                  Mar 23, 2025 15:28:59.774442911 CET43928443192.168.2.2391.189.91.42
                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                  Mar 23, 2025 15:28:04.640734911 CET5319853192.168.2.231.1.1.1
                                                                                  Mar 23, 2025 15:28:04.640789986 CET3725853192.168.2.231.1.1.1
                                                                                  Mar 23, 2025 15:28:04.740077019 CET53531981.1.1.1192.168.2.23
                                                                                  Mar 23, 2025 15:28:04.740220070 CET53372581.1.1.1192.168.2.23
                                                                                  Mar 23, 2025 15:28:05.261933088 CET5297753192.168.2.231.1.1.1
                                                                                  Mar 23, 2025 15:28:05.361345053 CET53529771.1.1.1192.168.2.23
                                                                                  TimestampSource IPDest IPChecksumCodeType
                                                                                  Mar 23, 2025 15:28:07.637255907 CET192.168.2.23192.168.2.18283(Port unreachable)Destination Unreachable
                                                                                  Mar 23, 2025 15:29:27.654041052 CET192.168.2.23192.168.2.18283(Port unreachable)Destination Unreachable

                                                                                  DNS Queries

                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                  Mar 23, 2025 15:28:04.640734911 CET192.168.2.231.1.1.10x37b1Standard query (0)daisy.ubuntu.comA (IP address)IN (0x0001)false
                                                                                  Mar 23, 2025 15:28:04.640789986 CET192.168.2.231.1.1.10x9e1Standard query (0)daisy.ubuntu.com28IN (0x0001)false
                                                                                  Mar 23, 2025 15:28:05.261933088 CET192.168.2.231.1.1.10xe074Standard query (0)daisy.ubuntu.com28IN (0x0001)false

                                                                                  DNS Answers

                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                  Mar 23, 2025 15:28:04.740077019 CET1.1.1.1192.168.2.230x37b1No error (0)daisy.ubuntu.com162.213.35.24A (IP address)IN (0x0001)false
                                                                                  Mar 23, 2025 15:28:04.740077019 CET1.1.1.1192.168.2.230x37b1No error (0)daisy.ubuntu.com162.213.35.25A (IP address)IN (0x0001)false

                                                                                  HTTP Request Dependency Graph

                                                                                  • daisy.ubuntu.com

                                                                                  HTTPS Proxied Packets

                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                  0192.168.2.2353070162.213.35.25443
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2025-03-23 14:28:08 UTC307OUTPOST /9aadafe2051348cd32033e1cad68f0a5fe46fba3240ac1e6e42158f31b8a1371790c09baf3996b4979fe8e533446c7dedf30f654c68b25357334c66911dc6a9e HTTP/1.1
                                                                                  Host: daisy.ubuntu.com
                                                                                  Accept: */*
                                                                                  Content-Type: application/octet-stream
                                                                                  X-Whoopsie-Version: 0.2.69ubuntu0.3
                                                                                  Content-Length: 164887
                                                                                  Expect: 100-continue
                                                                                  2025-03-23 14:28:08 UTC25INHTTP/1.1 100 Continue
                                                                                  2025-03-23 14:28:08 UTC16384OUTData Raw: 17 84 02 00 02 50 72 6f 63 45 6e 76 69 72 6f 6e 00 4e 00 00 00 50 41 54 48 3d 28 63 75 73 74 6f 6d 2c 20 6e 6f 20 75 73 65 72 29 0a 58 44 47 5f 52 55 4e 54 49 4d 45 5f 44 49 52 3d 3c 73 65 74 3e 0a 4c 41 4e 47 3d 65 6e 5f 55 53 2e 55 54 46 2d 38 0a 53 48 45 4c 4c 3d 2f 62 69 6e 2f 62 61 73 68 00 02 5f 4c 6f 67 69 6e 64 53 65 73 73 69 6f 6e 00 02 00 00 00 35 00 02 44 61 74 65 00 19 00 00 00 54 75 65 20 41 75 67 20 31 37 20 32 30 3a 31 38 3a 30 34 20 32 30 32 31 00 02 53 6f 75 72 63 65 50 61 63 6b 61 67 65 00 0d 00 00 00 6c 69 67 68 74 2d 6c 6f 63 6b 65 72 00 02 50 61 63 6b 61 67 65 41 72 63 68 69 74 65 63 74 75 72 65 00 06 00 00 00 61 6d 64 36 34 00 02 41 72 63 68 69 74 65 63 74 75 72 65 00 06 00 00 00 61 6d 64 36 34 00 02 44 69 73 74 72 6f 52 65 6c 65 61
                                                                                  Data Ascii: ProcEnvironNPATH=(custom, no user)XDG_RUNTIME_DIR=<set>LANG=en_US.UTF-8SHELL=/bin/bash_LogindSession5DateTue Aug 17 20:18:04 2021SourcePackagelight-lockerPackageArchitectureamd64Architectureamd64DistroRelea
                                                                                  2025-03-23 14:28:08 UTC16384OUTData Raw: 74 75 34 2e 31 0a 6c 69 62 70 61 6d 2d 72 75 6e 74 69 6d 65 20 31 2e 33 2e 31 2d 35 75 62 75 6e 74 75 34 2e 31 0a 6c 69 62 70 61 6d 2d 73 79 73 74 65 6d 64 20 32 34 35 2e 34 2d 34 75 62 75 6e 74 75 33 2e 31 31 0a 6c 69 62 70 61 6d 30 67 20 31 2e 33 2e 31 2d 35 75 62 75 6e 74 75 34 2e 31 0a 6c 69 62 70 61 6e 67 6f 2d 31 2e 30 2d 30 20 31 2e 34 34 2e 37 2d 32 75 62 75 6e 74 75 34 0a 6c 69 62 70 61 6e 67 6f 63 61 69 72 6f 2d 31 2e 30 2d 30 20 31 2e 34 34 2e 37 2d 32 75 62 75 6e 74 75 34 0a 6c 69 62 70 61 6e 67 6f 66 74 32 2d 31 2e 30 2d 30 20 31 2e 34 34 2e 37 2d 32 75 62 75 6e 74 75 34 0a 6c 69 62 70 61 6e 67 6f 78 66 74 2d 31 2e 30 2d 30 20 31 2e 34 34 2e 37 2d 32 75 62 75 6e 74 75 34 0a 6c 69 62 70 61 70 65 72 2d 75 74 69 6c 73 20 31 2e 31 2e 32 38 0a 6c
                                                                                  Data Ascii: tu4.1libpam-runtime 1.3.1-5ubuntu4.1libpam-systemd 245.4-4ubuntu3.11libpam0g 1.3.1-5ubuntu4.1libpango-1.0-0 1.44.7-2ubuntu4libpangocairo-1.0-0 1.44.7-2ubuntu4libpangoft2-1.0-0 1.44.7-2ubuntu4libpangoxft-1.0-0 1.44.7-2ubuntu4libpaper-utils 1.1.28l
                                                                                  2025-03-23 14:28:08 UTC16384OUTData Raw: 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 67 73 20 20 20 20 20 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 6b 30 20 20 20 20 20 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 6b 31 20 20 20 20 20 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 6b 32 20 20 20 20 20 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 6b 33 20 20 20 20 20 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 6b 34 20 20 20 20 20 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 6b 35 20
                                                                                  Data Ascii: 0x0 0gs 0x0 0k0 0x0 0k1 0x0 0k2 0x0 0k3 0x0 0k4 0x0 0k5
                                                                                  2025-03-23 14:28:08 UTC16384OUTData Raw: 20 20 20 20 20 20 20 20 20 2f 75 73 72 2f 6c 69 62 2f 78 38 36 5f 36 34 2d 6c 69 6e 75 78 2d 67 6e 75 2f 6c 69 62 78 63 62 2d 72 65 6e 64 65 72 2e 73 6f 2e 30 2e 30 2e 30 0a 37 66 37 39 31 63 30 37 34 30 30 30 2d 37 66 37 39 31 63 30 37 35 30 30 30 20 2d 2d 2d 70 20 30 30 30 30 63 30 30 30 20 66 64 3a 30 30 20 38 30 36 32 36 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2f 75 73 72 2f 6c 69 62 2f 78 38 36 5f 36 34 2d 6c 69 6e 75 78 2d 67 6e 75 2f 6c 69 62 78 63 62 2d 72 65 6e 64 65 72 2e 73 6f 2e 30 2e 30 2e 30 0a 37 66 37 39 31 63 30 37 35 30 30 30 2d 37 66 37 39 31 63 30 37 36 30 30 30 20 72 2d 2d 70 20 30 30 30 30 63 30 30 30 20 66 64 3a 30 30 20 38 30 36 32 36 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2f 75
                                                                                  Data Ascii: /usr/lib/x86_64-linux-gnu/libxcb-render.so.0.0.07f791c074000-7f791c075000 ---p 0000c000 fd:00 806260 /usr/lib/x86_64-linux-gnu/libxcb-render.so.0.0.07f791c075000-7f791c076000 r--p 0000c000 fd:00 806260 /u
                                                                                  2025-03-23 14:28:08 UTC16384OUTData Raw: 6e 75 78 2d 67 6e 75 2f 6c 69 62 67 64 6b 5f 70 69 78 62 75 66 2d 32 2e 30 2e 73 6f 2e 30 2e 34 30 30 30 2e 30 0a 37 66 37 39 31 63 37 37 33 30 30 30 2d 37 66 37 39 31 63 37 37 34 30 30 30 20 72 77 2d 70 20 30 30 30 32 36 30 30 30 20 66 64 3a 30 30 20 38 30 36 32 34 35 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2f 75 73 72 2f 6c 69 62 2f 78 38 36 5f 36 34 2d 6c 69 6e 75 78 2d 67 6e 75 2f 6c 69 62 67 64 6b 5f 70 69 78 62 75 66 2d 32 2e 30 2e 73 6f 2e 30 2e 34 30 30 30 2e 30 0a 37 66 37 39 31 63 37 37 34 30 30 30 2d 37 66 37 39 31 63 37 37 38 30 30 30 20 72 2d 2d 70 20 30 30 30 30 30 30 30 30 20 66 64 3a 30 30 20 38 30 36 32 36 38 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2f 75 73 72 2f 6c 69 62 2f 78 38 36 5f 36 34
                                                                                  Data Ascii: nux-gnu/libgdk_pixbuf-2.0.so.0.4000.07f791c773000-7f791c774000 rw-p 00026000 fd:00 806245 /usr/lib/x86_64-linux-gnu/libgdk_pixbuf-2.0.so.0.4000.07f791c774000-7f791c778000 r--p 00000000 fd:00 806268 /usr/lib/x86_64
                                                                                  2025-03-23 14:28:08 UTC16384OUTData Raw: 20 70 6c 61 74 66 6f 72 6d 20 65 69 73 61 2e 30 3a 20 43 61 6e 6e 6f 74 20 61 6c 6c 6f 63 61 74 65 20 72 65 73 6f 75 72 63 65 20 66 6f 72 20 45 49 53 41 20 73 6c 6f 74 20 37 0a 41 75 67 20 31 37 20 32 30 3a 32 34 3a 34 36 20 67 61 6c 61 73 73 69 61 20 6b 65 72 6e 65 6c 3a 20 70 6c 61 74 66 6f 72 6d 20 65 69 73 61 2e 30 3a 20 43 61 6e 6e 6f 74 20 61 6c 6c 6f 63 61 74 65 20 72 65 73 6f 75 72 63 65 20 66 6f 72 20 45 49 53 41 20 73 6c 6f 74 20 38 0a 41 75 67 20 31 37 20 32 30 3a 32 34 3a 34 36 20 67 61 6c 61 73 73 69 61 20 6b 65 72 6e 65 6c 3a 20 73 64 20 33 32 3a 30 3a 30 3a 30 3a 20 5b 73 64 61 5d 20 41 73 73 75 6d 69 6e 67 20 64 72 69 76 65 20 63 61 63 68 65 3a 20 77 72 69 74 65 20 74 68 72 6f 75 67 68 0a 41 75 67 20 31 37 20 32 30 3a 32 34 3a 34 37 20 67
                                                                                  Data Ascii: platform eisa.0: Cannot allocate resource for EISA slot 7Aug 17 20:24:46 galassia kernel: platform eisa.0: Cannot allocate resource for EISA slot 8Aug 17 20:24:46 galassia kernel: sd 32:0:0:0: [sda] Assuming drive cache: write throughAug 17 20:24:47 g
                                                                                  2025-03-23 14:28:08 UTC16384OUTData Raw: 35 35 31 5d 3a 20 28 49 49 29 20 4c 6f 61 64 4d 6f 64 75 6c 65 3a 20 22 66 62 64 65 76 68 77 22 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 34 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 49 49 29 20 4c 6f 61 64 69 6e 67 20 2f 75 73 72 2f 6c 69 62 2f 78 6f 72 67 2f 6d 6f 64 75 6c 65 73 2f 6c 69 62 66 62 64 65 76 68 77 2e 73 6f 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 34 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 49 49 29 20 4d 6f 64 75 6c 65 20 66 62 64 65 76 68 77 3a 20 76 65 6e 64 6f 72 3d 22 58 2e 4f 72 67 20 46 6f 75 6e 64 61 74 69 6f 6e 22 0a 41 75 67 20 31 37
                                                                                  Data Ascii: 551]: (II) LoadModule: "fbdevhw"Aug 17 20:25:04 galassia /usr/lib/gdm3/gdm-x-session[1551]: (II) Loading /usr/lib/xorg/modules/libfbdevhw.soAug 17 20:25:04 galassia /usr/lib/gdm3/gdm-x-session[1551]: (II) Module fbdevhw: vendor="X.Org Foundation"Aug 17
                                                                                  2025-03-23 14:28:08 UTC16384OUTData Raw: 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 49 49 29 20 76 6d 77 61 72 65 28 30 29 3a 20 4e 6f 74 20 75 73 69 6e 67 20 64 65 66 61 75 6c 74 20 6d 6f 64 65 20 22 31 39 32 30 78 31 32 30 30 22 20 28 69 6e 73 75 66 66 69 63 69 65 6e 74 20 6d 65 6d 6f 72 79 20 66 6f 72 20 6d 6f 64 65 29 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 35 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 49 49 29 20 76 6d 77 61 72 65 28 30 29 3a 20 4e 6f 74 20 75 73 69 6e 67 20 64 65 66 61 75 6c 74 20 6d 6f 64 65 20 22 39 36 30 78 36 30 30 22 20 28 62 61 64 20 6d 6f 64 65 20 63 6c 6f 63 6b 2f 69 6e 74 65 72 6c 61 63 65 2f 64 6f 75 62 6c 65 73
                                                                                  Data Ascii: /lib/gdm3/gdm-x-session[1551]: (II) vmware(0): Not using default mode "1920x1200" (insufficient memory for mode)Aug 17 20:25:05 galassia /usr/lib/gdm3/gdm-x-session[1551]: (II) vmware(0): Not using default mode "960x600" (bad mode clock/interlace/doubles
                                                                                  2025-03-23 14:28:08 UTC16384OUTData Raw: 20 31 33 33 36 20 31 35 32 30 20 20 38 36 34 20 38 36 35 20 38 36 38 20 38 39 35 20 2d 68 73 79 6e 63 20 2b 76 73 79 6e 63 20 28 35 33 2e 37 20 6b 48 7a 20 64 29 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 35 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 2a 2a 29 20 76 6d 77 61 72 65 28 30 29 3a 20 20 44 65 66 61 75 6c 74 20 6d 6f 64 65 20 22 31 30 32 34 78 37 36 38 22 3a 20 39 34 2e 35 20 4d 48 7a 2c 20 36 38 2e 37 20 6b 48 7a 2c 20 38 35 2e 30 20 48 7a 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 35 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 49 49 29 20 76 6d 77 61 72
                                                                                  Data Ascii: 1336 1520 864 865 868 895 -hsync +vsync (53.7 kHz d)Aug 17 20:25:05 galassia /usr/lib/gdm3/gdm-x-session[1551]: (**) vmware(0): Default mode "1024x768": 94.5 MHz, 68.7 kHz, 85.0 HzAug 17 20:25:05 galassia /usr/lib/gdm3/gdm-x-session[1551]: (II) vmwar
                                                                                  2025-03-23 14:28:08 UTC16384OUTData Raw: 65 64 20 53 65 74 20 32 20 6b 65 79 62 6f 61 72 64 3a 20 61 6c 77 61 79 73 20 72 65 70 6f 72 74 73 20 63 6f 72 65 20 65 76 65 6e 74 73 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 35 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 2a 2a 29 20 4f 70 74 69 6f 6e 20 22 44 65 76 69 63 65 22 20 22 2f 64 65 76 2f 69 6e 70 75 74 2f 65 76 65 6e 74 31 22 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 35 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 2a 2a 29 20 4f 70 74 69 6f 6e 20 22 5f 73 6f 75 72 63 65 22 20 22 73 65 72 76 65 72 2f 75 64 65 76 22 0a 41 75 67 20 31 37 20 32 30 3a 32 35
                                                                                  Data Ascii: ed Set 2 keyboard: always reports core eventsAug 17 20:25:05 galassia /usr/lib/gdm3/gdm-x-session[1551]: (**) Option "Device" "/dev/input/event1"Aug 17 20:25:05 galassia /usr/lib/gdm3/gdm-x-session[1551]: (**) Option "_source" "server/udev"Aug 17 20:25
                                                                                  2025-03-23 14:28:08 UTC279INHTTP/1.1 400 Bad Request
                                                                                  Date: Sun, 23 Mar 2025 14:28:08 GMT
                                                                                  Server: gunicorn/19.7.1
                                                                                  X-Daisy-Revision-Number: 979
                                                                                  X-Oops-Repository-Version: 0.0.0
                                                                                  Strict-Transport-Security: max-age=2592000
                                                                                  Connection: close
                                                                                  Transfer-Encoding: chunked
                                                                                  17
                                                                                  Crash already reported.
                                                                                  0


                                                                                  System Behavior

                                                                                  General

                                                                                  Start time (UTC):14:27:59
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/tmp/morte.sh4.elf
                                                                                  Arguments:/tmp/morte.sh4.elf
                                                                                  File size:4139976 bytes
                                                                                  MD5 hash:8943e5f8f8c280467b4472c15ae93ba9

                                                                                  File Activities

                                                                                  Process Activities

                                                                                  System Activities

                                                                                  Network Activities


                                                                                  General

                                                                                  Start time (UTC):14:27:59
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/tmp/morte.sh4.elf
                                                                                  Arguments:-
                                                                                  File size:4139976 bytes
                                                                                  MD5 hash:8943e5f8f8c280467b4472c15ae93ba9

                                                                                  Process Activities

                                                                                  Network Activities


                                                                                  General

                                                                                  Start time (UTC):14:27:59
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/tmp/morte.sh4.elf
                                                                                  Arguments:-
                                                                                  File size:4139976 bytes
                                                                                  MD5 hash:8943e5f8f8c280467b4472c15ae93ba9

                                                                                  File Activities

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:27:59
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/tmp/morte.sh4.elf
                                                                                  Arguments:-
                                                                                  File size:4139976 bytes
                                                                                  MD5 hash:8943e5f8f8c280467b4472c15ae93ba9

                                                                                  File Activities

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:27:59
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/lib/systemd/systemd
                                                                                  Arguments:-
                                                                                  File size:1620224 bytes
                                                                                  MD5 hash:9b2bec7092a40488108543f9334aab75

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:27:59
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/bin/journalctl
                                                                                  Arguments:/usr/bin/journalctl --smart-relinquish-var
                                                                                  File size:80120 bytes
                                                                                  MD5 hash:bf3a987344f3bacafc44efd882abda8b

                                                                                  File Activities

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:00
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/lib/systemd/systemd
                                                                                  Arguments:-
                                                                                  File size:1620224 bytes
                                                                                  MD5 hash:9b2bec7092a40488108543f9334aab75

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:00
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/bin/dbus-daemon
                                                                                  Arguments:/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
                                                                                  File size:249032 bytes
                                                                                  MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                                                                                  File Activities

                                                                                  Network Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:00
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/lib/systemd/systemd
                                                                                  Arguments:-
                                                                                  File size:1620224 bytes
                                                                                  MD5 hash:9b2bec7092a40488108543f9334aab75

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:00
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/sbin/rsyslogd
                                                                                  Arguments:/usr/sbin/rsyslogd -n -iNONE
                                                                                  File size:727248 bytes
                                                                                  MD5 hash:0b8087fc907c42eb3c81a691db258e33

                                                                                  File Activities

                                                                                  System Activities

                                                                                  Network Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:00
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/lib/systemd/systemd
                                                                                  Arguments:-
                                                                                  File size:1620224 bytes
                                                                                  MD5 hash:9b2bec7092a40488108543f9334aab75

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:00
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/bin/pulseaudio
                                                                                  Arguments:/usr/bin/pulseaudio --daemonize=no --log-target=journal
                                                                                  File size:100832 bytes
                                                                                  MD5 hash:0c3b4c789d8ffb12b25507f27e14c186

                                                                                  File Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:00
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/libexec/gvfsd-fuse
                                                                                  Arguments:-
                                                                                  File size:47632 bytes
                                                                                  MD5 hash:d18fbf1cbf8eb57b17fac48b7b4be933

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:00
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/bin/fusermount
                                                                                  Arguments:fusermount -u -q -z -- /run/user/1000/gvfs
                                                                                  File size:39144 bytes
                                                                                  MD5 hash:576a1b135c82bdcbc97a91acea900566

                                                                                  File Activities

                                                                                  Network Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:00
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/lib/systemd/systemd
                                                                                  Arguments:-
                                                                                  File size:1620224 bytes
                                                                                  MD5 hash:9b2bec7092a40488108543f9334aab75

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:00
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/lib/systemd/systemd-journald
                                                                                  Arguments:/lib/systemd/systemd-journald
                                                                                  File size:162032 bytes
                                                                                  MD5 hash:474667ece6cecb5e04c6eb897a1d0d9e

                                                                                  File Activities

                                                                                  Process Activities

                                                                                  System Activities

                                                                                  Network Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:00
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/lib/systemd/systemd
                                                                                  Arguments:-
                                                                                  File size:1620224 bytes
                                                                                  MD5 hash:9b2bec7092a40488108543f9334aab75

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:00
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/bin/dbus-daemon
                                                                                  Arguments:/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
                                                                                  File size:249032 bytes
                                                                                  MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                                                                                  File Activities

                                                                                  Process Activities

                                                                                  Network Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:01
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/lib/systemd/systemd
                                                                                  Arguments:-
                                                                                  File size:1620224 bytes
                                                                                  MD5 hash:9b2bec7092a40488108543f9334aab75

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:01
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/sbin/rsyslogd
                                                                                  Arguments:/usr/sbin/rsyslogd -n -iNONE
                                                                                  File size:727248 bytes
                                                                                  MD5 hash:0b8087fc907c42eb3c81a691db258e33

                                                                                  File Activities

                                                                                  Process Activities

                                                                                  System Activities

                                                                                  Network Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:03
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/lib/systemd/systemd
                                                                                  Arguments:-
                                                                                  File size:1620224 bytes
                                                                                  MD5 hash:9b2bec7092a40488108543f9334aab75

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:03
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/lib/systemd/systemd-logind
                                                                                  Arguments:/lib/systemd/systemd-logind
                                                                                  File size:268576 bytes
                                                                                  MD5 hash:8dd58a1b4c12f7a1d5fe3ce18b2aaeef

                                                                                  File Activities

                                                                                  Process Activities

                                                                                  Network Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:04
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/sbin/gdm3
                                                                                  Arguments:-
                                                                                  File size:453296 bytes
                                                                                  MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:04
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/etc/gdm3/PrimeOff/Default
                                                                                  Arguments:/etc/gdm3/PrimeOff/Default
                                                                                  File size:129816 bytes
                                                                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                  File Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:05
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/sbin/gdm3
                                                                                  Arguments:-
                                                                                  File size:453296 bytes
                                                                                  MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:05
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/etc/gdm3/PrimeOff/Default
                                                                                  Arguments:/etc/gdm3/PrimeOff/Default
                                                                                  File size:129816 bytes
                                                                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                  File Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:05
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/sbin/gdm3
                                                                                  Arguments:-
                                                                                  File size:453296 bytes
                                                                                  MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:05
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/etc/gdm3/PrimeOff/Default
                                                                                  Arguments:/etc/gdm3/PrimeOff/Default
                                                                                  File size:129816 bytes
                                                                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                  File Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:10
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/lib/systemd/systemd
                                                                                  Arguments:-
                                                                                  File size:1620224 bytes
                                                                                  MD5 hash:9b2bec7092a40488108543f9334aab75

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:10
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/sbin/agetty
                                                                                  Arguments:/sbin/agetty -o "-p -- \\u" --noclear tty2 linux
                                                                                  File size:69000 bytes
                                                                                  MD5 hash:3a374724ba7e863768139bdd60ca36f7

                                                                                  File Activities

                                                                                  System Activities

                                                                                  Network Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:06
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/lib/systemd/systemd
                                                                                  Arguments:-
                                                                                  File size:1620224 bytes
                                                                                  MD5 hash:9b2bec7092a40488108543f9334aab75

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:06
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/bin/gpu-manager
                                                                                  Arguments:/usr/bin/gpu-manager --log /var/log/gpu-manager.log
                                                                                  File size:76616 bytes
                                                                                  MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                                                  File Activities

                                                                                  Process Activities

                                                                                  System Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:06
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/bin/gpu-manager
                                                                                  Arguments:-
                                                                                  File size:76616 bytes
                                                                                  MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:06
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/bin/sh
                                                                                  Arguments:sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
                                                                                  File size:129816 bytes
                                                                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                  File Activities

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:06
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/bin/sh
                                                                                  Arguments:-
                                                                                  File size:129816 bytes
                                                                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:06
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/bin/grep
                                                                                  Arguments:grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
                                                                                  File size:199136 bytes
                                                                                  MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                                                                  File Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:06
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/bin/gpu-manager
                                                                                  Arguments:-
                                                                                  File size:76616 bytes
                                                                                  MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:06
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/bin/sh
                                                                                  Arguments:sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
                                                                                  File size:129816 bytes
                                                                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                  File Activities

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:07
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/bin/sh
                                                                                  Arguments:-
                                                                                  File size:129816 bytes
                                                                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:07
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/bin/grep
                                                                                  Arguments:grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
                                                                                  File size:199136 bytes
                                                                                  MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                                                                  File Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:07
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/bin/gpu-manager
                                                                                  Arguments:-
                                                                                  File size:76616 bytes
                                                                                  MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:07
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/bin/sh
                                                                                  Arguments:sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
                                                                                  File size:129816 bytes
                                                                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                  File Activities

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:07
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/bin/sh
                                                                                  Arguments:-
                                                                                  File size:129816 bytes
                                                                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:07
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/bin/grep
                                                                                  Arguments:grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
                                                                                  File size:199136 bytes
                                                                                  MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                                                                  File Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:07
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/bin/gpu-manager
                                                                                  Arguments:-
                                                                                  File size:76616 bytes
                                                                                  MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:07
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/bin/sh
                                                                                  Arguments:sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
                                                                                  File size:129816 bytes
                                                                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                  File Activities

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:07
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/bin/sh
                                                                                  Arguments:-
                                                                                  File size:129816 bytes
                                                                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:07
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/bin/grep
                                                                                  Arguments:grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
                                                                                  File size:199136 bytes
                                                                                  MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                                                                  File Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:07
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/bin/gpu-manager
                                                                                  Arguments:-
                                                                                  File size:76616 bytes
                                                                                  MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:07
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/bin/sh
                                                                                  Arguments:sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
                                                                                  File size:129816 bytes
                                                                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                  File Activities

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:07
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/bin/sh
                                                                                  Arguments:-
                                                                                  File size:129816 bytes
                                                                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:07
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/bin/grep
                                                                                  Arguments:grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
                                                                                  File size:199136 bytes
                                                                                  MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                                                                  File Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:07
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/bin/gpu-manager
                                                                                  Arguments:-
                                                                                  File size:76616 bytes
                                                                                  MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:07
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/bin/sh
                                                                                  Arguments:sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
                                                                                  File size:129816 bytes
                                                                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                  File Activities

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:08
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/bin/sh
                                                                                  Arguments:-
                                                                                  File size:129816 bytes
                                                                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:08
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/bin/grep
                                                                                  Arguments:grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
                                                                                  File size:199136 bytes
                                                                                  MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                                                                  File Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:08
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/bin/gpu-manager
                                                                                  Arguments:-
                                                                                  File size:76616 bytes
                                                                                  MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:08
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/bin/sh
                                                                                  Arguments:sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
                                                                                  File size:129816 bytes
                                                                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                  File Activities

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:08
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/bin/sh
                                                                                  Arguments:-
                                                                                  File size:129816 bytes
                                                                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:08
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/bin/grep
                                                                                  Arguments:grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
                                                                                  File size:199136 bytes
                                                                                  MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                                                                  File Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:08
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/bin/gpu-manager
                                                                                  Arguments:-
                                                                                  File size:76616 bytes
                                                                                  MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:08
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/bin/sh
                                                                                  Arguments:sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
                                                                                  File size:129816 bytes
                                                                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                  File Activities

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:08
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/bin/sh
                                                                                  Arguments:-
                                                                                  File size:129816 bytes
                                                                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:08
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/bin/grep
                                                                                  Arguments:grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
                                                                                  File size:199136 bytes
                                                                                  MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                                                                  File Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:10
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/lib/systemd/systemd
                                                                                  Arguments:-
                                                                                  File size:1620224 bytes
                                                                                  MD5 hash:9b2bec7092a40488108543f9334aab75

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:10
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/bin/journalctl
                                                                                  Arguments:/usr/bin/journalctl --flush
                                                                                  File size:80120 bytes
                                                                                  MD5 hash:bf3a987344f3bacafc44efd882abda8b

                                                                                  File Activities

                                                                                  Process Activities

                                                                                  Network Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:11
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/lib/systemd/systemd
                                                                                  Arguments:-
                                                                                  File size:1620224 bytes
                                                                                  MD5 hash:9b2bec7092a40488108543f9334aab75

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:11
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/share/gdm/generate-config
                                                                                  Arguments:/usr/share/gdm/generate-config
                                                                                  File size:129816 bytes
                                                                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                  File Activities

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:11
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/share/gdm/generate-config
                                                                                  Arguments:-
                                                                                  File size:129816 bytes
                                                                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:11
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/bin/pkill
                                                                                  Arguments:pkill --signal HUP --uid gdm dconf-service
                                                                                  File size:30968 bytes
                                                                                  MD5 hash:fa96a75a08109d8842e4865b2907d51f

                                                                                  File Activities

                                                                                  Network Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:14
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/lib/systemd/systemd
                                                                                  Arguments:-
                                                                                  File size:1620224 bytes
                                                                                  MD5 hash:9b2bec7092a40488108543f9334aab75

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:14
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/lib/gdm3/gdm-wait-for-drm
                                                                                  Arguments:/usr/lib/gdm3/gdm-wait-for-drm
                                                                                  File size:14640 bytes
                                                                                  MD5 hash:82043ba752c6930b4e6aaea2f7747545

                                                                                  File Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:25
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/lib/systemd/systemd
                                                                                  Arguments:-
                                                                                  File size:1620224 bytes
                                                                                  MD5 hash:9b2bec7092a40488108543f9334aab75

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:25
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/sbin/gdm3
                                                                                  Arguments:/usr/sbin/gdm3
                                                                                  File size:453296 bytes
                                                                                  MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                                                                                  File Activities

                                                                                  Process Activities

                                                                                  Network Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:25
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/sbin/gdm3
                                                                                  Arguments:-
                                                                                  File size:453296 bytes
                                                                                  MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                                                                                  File Activities

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:25
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/bin/plymouth
                                                                                  Arguments:plymouth --ping
                                                                                  File size:51352 bytes
                                                                                  MD5 hash:87003efd8dad470042f5e75360a8f49f

                                                                                  File Activities

                                                                                  Network Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:26
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/sbin/gdm3
                                                                                  Arguments:-
                                                                                  File size:453296 bytes
                                                                                  MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                                                                                  File Activities

                                                                                  Process Activities

                                                                                  Network Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:26
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/lib/gdm3/gdm-session-worker
                                                                                  Arguments:"gdm-session-worker [pam/gdm-launch-environment]"
                                                                                  File size:293360 bytes
                                                                                  MD5 hash:692243754bd9f38fe9bd7e230b5c060a

                                                                                  File Activities

                                                                                  Process Activities

                                                                                  System Activities

                                                                                  Network Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:29
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/lib/gdm3/gdm-session-worker
                                                                                  Arguments:-
                                                                                  File size:293360 bytes
                                                                                  MD5 hash:692243754bd9f38fe9bd7e230b5c060a

                                                                                  Process Activities

                                                                                  Network Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:29
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/lib/gdm3/gdm-wayland-session
                                                                                  Arguments:/usr/lib/gdm3/gdm-wayland-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"
                                                                                  File size:76368 bytes
                                                                                  MD5 hash:d3def63cf1e83f7fb8a0f13b1744ff7c

                                                                                  File Activities

                                                                                  Process Activities

                                                                                  Network Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:29
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/lib/gdm3/gdm-wayland-session
                                                                                  Arguments:-
                                                                                  File size:76368 bytes
                                                                                  MD5 hash:d3def63cf1e83f7fb8a0f13b1744ff7c

                                                                                  File Activities

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:29
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/bin/dbus-daemon
                                                                                  Arguments:dbus-daemon --print-address 3 --session
                                                                                  File size:249032 bytes
                                                                                  MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                                                                                  File Activities

                                                                                  Process Activities

                                                                                  Network Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:30
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/bin/dbus-daemon
                                                                                  Arguments:-
                                                                                  File size:249032 bytes
                                                                                  MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:30
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/bin/dbus-daemon
                                                                                  Arguments:-
                                                                                  File size:249032 bytes
                                                                                  MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                                                                                  File Activities

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:30
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/bin/false
                                                                                  Arguments:/bin/false
                                                                                  File size:39256 bytes
                                                                                  MD5 hash:3177546c74e4f0062909eae43d948bfc

                                                                                  File Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:30
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/lib/gdm3/gdm-wayland-session
                                                                                  Arguments:-
                                                                                  File size:76368 bytes
                                                                                  MD5 hash:d3def63cf1e83f7fb8a0f13b1744ff7c

                                                                                  File Activities

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:30
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/bin/dbus-run-session
                                                                                  Arguments:dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart
                                                                                  File size:14480 bytes
                                                                                  MD5 hash:245f3ef6a268850b33b0225a8753b7f4

                                                                                  File Activities

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:30
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/bin/dbus-run-session
                                                                                  Arguments:-
                                                                                  File size:14480 bytes
                                                                                  MD5 hash:245f3ef6a268850b33b0225a8753b7f4

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:30
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/bin/dbus-daemon
                                                                                  Arguments:dbus-daemon --nofork --print-address 4 --session
                                                                                  File size:249032 bytes
                                                                                  MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                                                                                  File Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:31
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/sbin/gdm3
                                                                                  Arguments:-
                                                                                  File size:453296 bytes
                                                                                  MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                                                                                  File Activities

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:31
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/etc/gdm3/PrimeOff/Default
                                                                                  Arguments:/etc/gdm3/PrimeOff/Default
                                                                                  File size:129816 bytes
                                                                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                  File Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:31
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/sbin/gdm3
                                                                                  Arguments:-
                                                                                  File size:453296 bytes
                                                                                  MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                                                                                  File Activities

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:31
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/etc/gdm3/PrimeOff/Default
                                                                                  Arguments:/etc/gdm3/PrimeOff/Default
                                                                                  File size:129816 bytes
                                                                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                  File Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:25
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/lib/systemd/systemd
                                                                                  Arguments:-
                                                                                  File size:1620224 bytes
                                                                                  MD5 hash:9b2bec7092a40488108543f9334aab75

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:25
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/lib/accountsservice/accounts-daemon
                                                                                  Arguments:/usr/lib/accountsservice/accounts-daemon
                                                                                  File size:203192 bytes
                                                                                  MD5 hash:01a899e3fb5e7e434bea1290255a1f30

                                                                                  File Activities

                                                                                  Process Activities

                                                                                  Network Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:25
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/lib/accountsservice/accounts-daemon
                                                                                  Arguments:-
                                                                                  File size:203192 bytes
                                                                                  MD5 hash:01a899e3fb5e7e434bea1290255a1f30

                                                                                  File Activities

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:25
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/share/language-tools/language-validate
                                                                                  Arguments:/usr/share/language-tools/language-validate en_US.UTF-8
                                                                                  File size:129816 bytes
                                                                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                  File Activities

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:25
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/share/language-tools/language-validate
                                                                                  Arguments:-
                                                                                  File size:129816 bytes
                                                                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:25
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/share/language-tools/language-options
                                                                                  Arguments:/usr/share/language-tools/language-options
                                                                                  File size:3478464 bytes
                                                                                  MD5 hash:16a21f464119ea7fad1d3660de963637

                                                                                  File Activities

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:25
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/share/language-tools/language-options
                                                                                  Arguments:-
                                                                                  File size:3478464 bytes
                                                                                  MD5 hash:16a21f464119ea7fad1d3660de963637

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:25
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/bin/sh
                                                                                  Arguments:sh -c "locale -a | grep -F .utf8 "
                                                                                  File size:129816 bytes
                                                                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                  File Activities

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:25
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/bin/sh
                                                                                  Arguments:-
                                                                                  File size:129816 bytes
                                                                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:25
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/bin/locale
                                                                                  Arguments:locale -a
                                                                                  File size:58944 bytes
                                                                                  MD5 hash:c72a78792469db86d91369c9057f20d2

                                                                                  File Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:25
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/bin/sh
                                                                                  Arguments:-
                                                                                  File size:129816 bytes
                                                                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:25
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/bin/grep
                                                                                  Arguments:grep -F .utf8
                                                                                  File size:199136 bytes
                                                                                  MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                                                                  File Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:26
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/lib/systemd/systemd
                                                                                  Arguments:-
                                                                                  File size:1620224 bytes
                                                                                  MD5 hash:9b2bec7092a40488108543f9334aab75

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:28:26
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/lib/policykit-1/polkitd
                                                                                  Arguments:/usr/lib/policykit-1/polkitd --no-debug
                                                                                  File size:121504 bytes
                                                                                  MD5 hash:8efc9b4b5b524210ad2ea1954a9d0e69

                                                                                  File Activities

                                                                                  Process Activities

                                                                                  Network Activities


                                                                                  General

                                                                                  Start time (UTC):14:29:30
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/lib/systemd/systemd
                                                                                  Arguments:-
                                                                                  File size:1620224 bytes
                                                                                  MD5 hash:9b2bec7092a40488108543f9334aab75

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:29:30
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/bin/dbus-daemon
                                                                                  Arguments:/usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
                                                                                  File size:249032 bytes
                                                                                  MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                                                                                  File Activities

                                                                                  Network Activities


                                                                                  General

                                                                                  Start time (UTC):14:29:30
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/lib/systemd/systemd
                                                                                  Arguments:-
                                                                                  File size:1620224 bytes
                                                                                  MD5 hash:9b2bec7092a40488108543f9334aab75

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:29:30
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/bin/pulseaudio
                                                                                  Arguments:/usr/bin/pulseaudio --daemonize=no --log-target=journal
                                                                                  File size:100832 bytes
                                                                                  MD5 hash:0c3b4c789d8ffb12b25507f27e14c186

                                                                                  File Activities

                                                                                  Process Activities

                                                                                  System Activities

                                                                                  Network Activities


                                                                                  General

                                                                                  Start time (UTC):14:29:31
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/lib/systemd/systemd
                                                                                  Arguments:-
                                                                                  File size:1620224 bytes
                                                                                  MD5 hash:9b2bec7092a40488108543f9334aab75

                                                                                  Process Activities


                                                                                  General

                                                                                  Start time (UTC):14:29:31
                                                                                  Start date (UTC):23/03/2025
                                                                                  Path:/usr/libexec/rtkit-daemon
                                                                                  Arguments:/usr/libexec/rtkit-daemon
                                                                                  File size:68096 bytes
                                                                                  MD5 hash:df0cacf1db4ec95ac70f5b6e06b8ffd7

                                                                                  File Activities

                                                                                  Process Activities

                                                                                  Network Activities