Joe Sandbox Cloud Basic Analysis Report
Create Interactive Tour

Linux Analysis Report
xd.mips.elf

Overview

General Information

Sample name:xd.mips.elf
Analysis ID:1655032
MD5:342e23bbcc7b5b70d43f0335323dc82d
SHA1:ac3c550c5555caa170381bbee534394c2ea1d776
SHA256:c5bd0777ae7e457a3d40dd6fa5d604cc93ca845389dc5e732fd1c7591eb04d15
Tags:elfuser-abuse_ch
Infos:

Detection

Mirai
Score:96
Range:0 - 100

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Mirai
Sample deletes itself
Sample is packed with UPX
Sample reads /proc/mounts (often used for finding a writable filesystem)
Sample tries to kill multiple processes (SIGKILL)
Deletes log files
Detected TCP or UDP traffic on non-standard ports
ELF contains segments with high entropy indicating compressed/encrypted content
Enumerates processes within the "proc" file system
Executes commands using a shell command-line interpreter
Executes the "grep" command used to find patterns in files or piped streams
Executes the "kill" or "pkill" command typically used to terminate processes
HTTP GET or POST without a user agent
Reads CPU information from /sys indicative of miner or evasive malware
Sample contains only a LOAD segment without any section mappings
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Sample tries to set the executable flag
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

General Information

Joe Sandbox version:42.0.0 Malachite
Analysis ID:1655032
Start date and time:2025-04-02 21:57:28 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 47s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:xd.mips.elf
Detection:MAL
Classification:mal96.spre.troj.evad.linELF@0/16@3/0
  • Connection to analysis system has been lost, crash info: Unknown
  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Process Tree

  • system is lnxubuntu20
  • systemd New Fork (PID: 6269, Parent: 1)
  • journalctl (PID: 6269, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --smart-relinquish-var
  • systemd New Fork (PID: 6287, Parent: 1)
  • systemd New Fork (PID: 6291, Parent: 1)
  • systemd New Fork (PID: 6292, Parent: 1)
  • systemd New Fork (PID: 6293, Parent: 1)
  • systemd New Fork (PID: 6294, Parent: 1)
  • systemd New Fork (PID: 6350, Parent: 1)
  • systemd New Fork (PID: 6352, Parent: 1)
  • systemd New Fork (PID: 6353, Parent: 1)
  • systemd New Fork (PID: 6354, Parent: 1860)
  • pulseaudio (PID: 6354, Parent: 1860, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal
  • systemd New Fork (PID: 6355, Parent: 1)
  • systemd New Fork (PID: 6356, Parent: 1)
  • gdm3 New Fork (PID: 6357, Parent: 1320)
  • Default (PID: 6357, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 6358, Parent: 1320)
  • Default (PID: 6358, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 6359, Parent: 1320)
  • Default (PID: 6359, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • systemd New Fork (PID: 6365, Parent: 1)
  • gpu-manager (PID: 6365, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log
    • sh (PID: 6366, Parent: 6365, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 6367, Parent: 6366)
      • grep (PID: 6367, Parent: 6366, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 6368, Parent: 6365, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 6370, Parent: 6368)
      • grep (PID: 6370, Parent: 6368, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 6371, Parent: 6365, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 6373, Parent: 6371)
      • grep (PID: 6373, Parent: 6371, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 6374, Parent: 6365, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 6375, Parent: 6374)
      • grep (PID: 6375, Parent: 6374, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 6377, Parent: 6365, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 6378, Parent: 6377)
      • grep (PID: 6378, Parent: 6377, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 6380, Parent: 6365, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 6381, Parent: 6380)
      • grep (PID: 6381, Parent: 6380, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 6384, Parent: 6365, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 6385, Parent: 6384)
      • grep (PID: 6385, Parent: 6384, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 6386, Parent: 6365, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 6387, Parent: 6386)
      • grep (PID: 6387, Parent: 6386, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
  • systemd New Fork (PID: 6369, Parent: 1)
  • systemd New Fork (PID: 6372, Parent: 1)
  • systemd New Fork (PID: 6376, Parent: 1)
  • systemd New Fork (PID: 6379, Parent: 1)
  • systemd New Fork (PID: 6382, Parent: 1)
  • systemd New Fork (PID: 6388, Parent: 1)
  • generate-config (PID: 6388, Parent: 1, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/gdm/generate-config
    • pkill (PID: 6389, Parent: 6388, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill --signal HUP --uid gdm dconf-service
  • systemd New Fork (PID: 6390, Parent: 1)
  • gdm-wait-for-drm (PID: 6390, Parent: 1, MD5: 82043ba752c6930b4e6aaea2f7747545) Arguments: /usr/lib/gdm3/gdm-wait-for-drm
  • gdm3 (PID: 6391, Parent: 1, MD5: 2492e2d8d34f9377e3e530a61a15674f) Arguments: /usr/sbin/gdm3
  • fusermount (PID: 6418, Parent: 2038, MD5: 576a1b135c82bdcbc97a91acea900566) Arguments: fusermount -u -q -z -- /run/user/1000/gvfs
  • gpu-manager (PID: 6426, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log
  • gpu-manager (PID: 6438, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log
  • gpu-manager (PID: 6448, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log
  • gpu-manager (PID: 6458, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log
  • gpu-manager (PID: 6468, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log
  • plymouth (PID: 6478, Parent: 1, MD5: 87003efd8dad470042f5e75360a8f49f) Arguments: /bin/plymouth quit
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
6246.1.00007f2e5c400000.00007f2e5c415000.r-x.sdmpJoeSecurity_Mirai_9Yara detected MiraiJoe Security
    6246.1.00007f2e5c400000.00007f2e5c415000.r-x.sdmpJoeSecurity_Mirai_5Yara detected MiraiJoe Security
      6246.1.00007f2e5c400000.00007f2e5c415000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
        6246.1.00007f2e5c400000.00007f2e5c415000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
        • 0x13a88:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x13a9c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x13ab0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x13ac4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x13ad8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x13aec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x13b00:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x13b14:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x13b28:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x13b3c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x13b50:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x13b64:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x13b78:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x13b8c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x13ba0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x13bb4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x13bc8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x13bdc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x13bf0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x13c04:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x13c18:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        6246.1.00007f2e5c400000.00007f2e5c415000.r-x.sdmpLinux_Trojan_Gafgyt_ea92cca8unknownunknown
        • 0x13a24:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
        Click to see the 61 entries

        Suricata Signatures

        No Suricata rule has matched

        Joe Sandbox Signatures

        • AV Detection
        • Bitcoin Miner
        • Networking
        • System Summary
        • Data Obfuscation
        • Persistence and Installation Behavior
        • Hooking and other Techniques for Hiding and Protection
        • Malware Analysis System Evasion
        • Stealing of Sensitive Information
        • Remote Access Functionality

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Source: xd.mips.elfVirustotal: Detection: 39%Perma Link
        Source: xd.mips.elfReversingLabs: Detection: 44%
        Source: /usr/bin/pulseaudio (PID: 6354)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
        Source: /usr/bin/pkill (PID: 6389)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
        Source: global trafficTCP traffic: 192.168.2.23:60526 -> 213.209.129.92:7887
        Source: global trafficHTTP traffic detected: POST /9aadafe2051348cd32033e1cad68f0a5fe46fba3240ac1e6e42158f31b8a1371790c09baf3996b4979fe8e533446c7dedf30f654c68b25357334c66911dc6a9e HTTP/1.1Host: daisy.ubuntu.comAccept: */*Content-Type: application/octet-streamX-Whoopsie-Version: 0.2.69ubuntu0.3Content-Length: 164887Expect: 100-continue
        Source: /tmp/xd.mips.elf (PID: 6243)Socket: 0.0.0.0:23Jump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)Socket: 0.0.0.0:0Jump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)Socket: 0.0.0.0:80Jump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)Socket: 0.0.0.0:81Jump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)Socket: 0.0.0.0:8443Jump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)Socket: 0.0.0.0:9009Jump to behavior
        Source: unknownTCP traffic detected without corresponding DNS query: 213.209.129.92
        Source: unknownTCP traffic detected without corresponding DNS query: 175.137.38.180
        Source: unknownTCP traffic detected without corresponding DNS query: 17.142.236.129
        Source: unknownTCP traffic detected without corresponding DNS query: 12.74.131.132
        Source: unknownTCP traffic detected without corresponding DNS query: 183.62.48.167
        Source: unknownTCP traffic detected without corresponding DNS query: 188.54.209.142
        Source: unknownTCP traffic detected without corresponding DNS query: 213.197.231.129
        Source: unknownTCP traffic detected without corresponding DNS query: 70.80.151.138
        Source: unknownTCP traffic detected without corresponding DNS query: 146.158.1.144
        Source: unknownTCP traffic detected without corresponding DNS query: 96.163.229.68
        Source: unknownTCP traffic detected without corresponding DNS query: 67.1.238.178
        Source: unknownTCP traffic detected without corresponding DNS query: 14.237.24.37
        Source: unknownTCP traffic detected without corresponding DNS query: 244.183.230.6
        Source: unknownTCP traffic detected without corresponding DNS query: 176.78.240.216
        Source: unknownTCP traffic detected without corresponding DNS query: 12.65.219.123
        Source: unknownTCP traffic detected without corresponding DNS query: 105.53.32.118
        Source: unknownTCP traffic detected without corresponding DNS query: 106.142.130.3
        Source: unknownTCP traffic detected without corresponding DNS query: 255.231.126.209
        Source: unknownTCP traffic detected without corresponding DNS query: 123.155.84.221
        Source: unknownTCP traffic detected without corresponding DNS query: 121.220.221.113
        Source: unknownTCP traffic detected without corresponding DNS query: 18.142.166.87
        Source: unknownTCP traffic detected without corresponding DNS query: 181.64.11.132
        Source: unknownTCP traffic detected without corresponding DNS query: 217.73.118.81
        Source: unknownTCP traffic detected without corresponding DNS query: 117.243.50.138
        Source: unknownTCP traffic detected without corresponding DNS query: 176.32.194.2
        Source: unknownTCP traffic detected without corresponding DNS query: 20.62.246.152
        Source: unknownTCP traffic detected without corresponding DNS query: 201.176.104.18
        Source: unknownTCP traffic detected without corresponding DNS query: 95.172.183.223
        Source: unknownTCP traffic detected without corresponding DNS query: 216.234.201.113
        Source: unknownTCP traffic detected without corresponding DNS query: 40.75.181.5
        Source: unknownTCP traffic detected without corresponding DNS query: 206.140.40.144
        Source: unknownTCP traffic detected without corresponding DNS query: 202.81.111.35
        Source: unknownTCP traffic detected without corresponding DNS query: 42.195.43.114
        Source: unknownTCP traffic detected without corresponding DNS query: 108.240.174.189
        Source: unknownTCP traffic detected without corresponding DNS query: 74.179.8.59
        Source: unknownTCP traffic detected without corresponding DNS query: 202.172.193.181
        Source: unknownTCP traffic detected without corresponding DNS query: 186.94.165.35
        Source: unknownTCP traffic detected without corresponding DNS query: 76.236.3.251
        Source: unknownTCP traffic detected without corresponding DNS query: 193.58.198.34
        Source: unknownTCP traffic detected without corresponding DNS query: 86.112.20.12
        Source: unknownTCP traffic detected without corresponding DNS query: 114.22.137.203
        Source: unknownTCP traffic detected without corresponding DNS query: 109.160.136.193
        Source: unknownTCP traffic detected without corresponding DNS query: 186.141.135.10
        Source: unknownTCP traffic detected without corresponding DNS query: 144.41.1.111
        Source: unknownTCP traffic detected without corresponding DNS query: 126.196.152.33
        Source: unknownTCP traffic detected without corresponding DNS query: 193.80.159.223
        Source: unknownTCP traffic detected without corresponding DNS query: 156.239.56.12
        Source: unknownTCP traffic detected without corresponding DNS query: 142.212.178.53
        Source: unknownTCP traffic detected without corresponding DNS query: 111.75.162.99
        Source: unknownTCP traffic detected without corresponding DNS query: 2.162.124.54
        Source: global trafficDNS traffic detected: DNS query: daisy.ubuntu.com
        Source: unknownHTTP traffic detected: POST /9aadafe2051348cd32033e1cad68f0a5fe46fba3240ac1e6e42158f31b8a1371790c09baf3996b4979fe8e533446c7dedf30f654c68b25357334c66911dc6a9e HTTP/1.1Host: daisy.ubuntu.comAccept: */*Content-Type: application/octet-streamX-Whoopsie-Version: 0.2.69ubuntu0.3Content-Length: 164887Expect: 100-continue
        Source: xd.mips.elfString found in binary or memory: http://upx.sf.net
        Source: unknownNetwork traffic detected: HTTP traffic on port 53068 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53068
        Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443

        System Summary

        barindex
        Source: 6246.1.00007f2e5c400000.00007f2e5c415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: 6246.1.00007f2e5c400000.00007f2e5c415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: 6246.1.00007f2e5c400000.00007f2e5c415000.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
        Source: 6246.1.00007f2e5c400000.00007f2e5c415000.r-x.sdmp, type: MEMORYMatched rule: Detects ELF malware Mirai related Author: Florian Roth
        Source: 6257.1.00007f2e5c400000.00007f2e5c415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: 6257.1.00007f2e5c400000.00007f2e5c415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: 6257.1.00007f2e5c400000.00007f2e5c415000.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
        Source: 6257.1.00007f2e5c400000.00007f2e5c415000.r-x.sdmp, type: MEMORYMatched rule: Detects ELF malware Mirai related Author: Florian Roth
        Source: 6259.1.00007f2e5c400000.00007f2e5c415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: 6259.1.00007f2e5c400000.00007f2e5c415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: 6259.1.00007f2e5c400000.00007f2e5c415000.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
        Source: 6259.1.00007f2e5c400000.00007f2e5c415000.r-x.sdmp, type: MEMORYMatched rule: Detects ELF malware Mirai related Author: Florian Roth
        Source: 6244.1.00007f2e5c400000.00007f2e5c415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: 6244.1.00007f2e5c400000.00007f2e5c415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: 6244.1.00007f2e5c400000.00007f2e5c415000.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
        Source: 6244.1.00007f2e5c400000.00007f2e5c415000.r-x.sdmp, type: MEMORYMatched rule: Detects ELF malware Mirai related Author: Florian Roth
        Source: 6249.1.00007f2e5c400000.00007f2e5c415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: 6249.1.00007f2e5c400000.00007f2e5c415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: 6249.1.00007f2e5c400000.00007f2e5c415000.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
        Source: 6249.1.00007f2e5c400000.00007f2e5c415000.r-x.sdmp, type: MEMORYMatched rule: Detects ELF malware Mirai related Author: Florian Roth
        Source: 6241.1.00007f2e5c400000.00007f2e5c415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: 6241.1.00007f2e5c400000.00007f2e5c415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: 6241.1.00007f2e5c400000.00007f2e5c415000.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
        Source: 6241.1.00007f2e5c400000.00007f2e5c415000.r-x.sdmp, type: MEMORYMatched rule: Detects ELF malware Mirai related Author: Florian Roth
        Source: Process Memory Space: xd.mips.elf PID: 6241, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: Process Memory Space: xd.mips.elf PID: 6241, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: Process Memory Space: xd.mips.elf PID: 6244, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: Process Memory Space: xd.mips.elf PID: 6244, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: Process Memory Space: xd.mips.elf PID: 6246, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: Process Memory Space: xd.mips.elf PID: 6246, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: Process Memory Space: xd.mips.elf PID: 6249, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: Process Memory Space: xd.mips.elf PID: 6249, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: Process Memory Space: xd.mips.elf PID: 6257, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: Process Memory Space: xd.mips.elf PID: 6257, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: Process Memory Space: xd.mips.elf PID: 6259, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: Process Memory Space: xd.mips.elf PID: 6259, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: /tmp/xd.mips.elf (PID: 6243)SIGKILL sent: pid: 936, result: successfulJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)SIGKILL sent: pid: 491, result: successfulJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)SIGKILL sent: pid: 658, result: successfulJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)SIGKILL sent: pid: 720, result: successfulJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)SIGKILL sent: pid: 721, result: successfulJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)SIGKILL sent: pid: 759, result: successfulJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)SIGKILL sent: pid: 761, result: successfulJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)SIGKILL sent: pid: 772, result: successfulJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)SIGKILL sent: pid: 774, result: successfulJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)SIGKILL sent: pid: 777, result: successfulJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)SIGKILL sent: pid: 785, result: successfulJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)SIGKILL sent: pid: 793, result: successfulJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)SIGKILL sent: pid: 797, result: successfulJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)SIGKILL sent: pid: 1334, result: successfulJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)SIGKILL sent: pid: 1335, result: successfulJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)SIGKILL sent: pid: 1344, result: successfulJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)SIGKILL sent: pid: 1860, result: successfulJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)SIGKILL sent: pid: 1872, result: successfulJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)SIGKILL sent: pid: 1886, result: successfulJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)SIGKILL sent: pid: 2009, result: no such processJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)SIGKILL sent: pid: 2048, result: successfulJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)SIGKILL sent: pid: 6074, result: successfulJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)SIGKILL sent: pid: 6226, result: successfulJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)SIGKILL sent: pid: 6227, result: successfulJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)SIGKILL sent: pid: 6351, result: successfulJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)SIGKILL sent: pid: 6354, result: successfulJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)SIGKILL sent: pid: 6391, result: successfulJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6246)SIGKILL sent: pid: -6246, result: unknownJump to behavior
        Source: LOAD without section mappingsProgram segment: 0x100000
        Source: /tmp/xd.mips.elf (PID: 6243)SIGKILL sent: pid: 936, result: successfulJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)SIGKILL sent: pid: 491, result: successfulJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)SIGKILL sent: pid: 658, result: successfulJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)SIGKILL sent: pid: 720, result: successfulJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)SIGKILL sent: pid: 721, result: successfulJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)SIGKILL sent: pid: 759, result: successfulJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)SIGKILL sent: pid: 761, result: successfulJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)SIGKILL sent: pid: 772, result: successfulJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)SIGKILL sent: pid: 774, result: successfulJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)SIGKILL sent: pid: 777, result: successfulJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)SIGKILL sent: pid: 785, result: successfulJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)SIGKILL sent: pid: 793, result: successfulJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)SIGKILL sent: pid: 797, result: successfulJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)SIGKILL sent: pid: 1334, result: successfulJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)SIGKILL sent: pid: 1335, result: successfulJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)SIGKILL sent: pid: 1344, result: successfulJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)SIGKILL sent: pid: 1860, result: successfulJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)SIGKILL sent: pid: 1872, result: successfulJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)SIGKILL sent: pid: 1886, result: successfulJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)SIGKILL sent: pid: 2009, result: no such processJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)SIGKILL sent: pid: 2048, result: successfulJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)SIGKILL sent: pid: 6074, result: successfulJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)SIGKILL sent: pid: 6226, result: successfulJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)SIGKILL sent: pid: 6227, result: successfulJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)SIGKILL sent: pid: 6351, result: successfulJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)SIGKILL sent: pid: 6354, result: successfulJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)SIGKILL sent: pid: 6391, result: successfulJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6246)SIGKILL sent: pid: -6246, result: unknownJump to behavior
        Source: 6246.1.00007f2e5c400000.00007f2e5c415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: 6246.1.00007f2e5c400000.00007f2e5c415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: 6246.1.00007f2e5c400000.00007f2e5c415000.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
        Source: 6246.1.00007f2e5c400000.00007f2e5c415000.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
        Source: 6257.1.00007f2e5c400000.00007f2e5c415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: 6257.1.00007f2e5c400000.00007f2e5c415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: 6257.1.00007f2e5c400000.00007f2e5c415000.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
        Source: 6257.1.00007f2e5c400000.00007f2e5c415000.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
        Source: 6259.1.00007f2e5c400000.00007f2e5c415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: 6259.1.00007f2e5c400000.00007f2e5c415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: 6259.1.00007f2e5c400000.00007f2e5c415000.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
        Source: 6259.1.00007f2e5c400000.00007f2e5c415000.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
        Source: 6244.1.00007f2e5c400000.00007f2e5c415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: 6244.1.00007f2e5c400000.00007f2e5c415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: 6244.1.00007f2e5c400000.00007f2e5c415000.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
        Source: 6244.1.00007f2e5c400000.00007f2e5c415000.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
        Source: 6249.1.00007f2e5c400000.00007f2e5c415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: 6249.1.00007f2e5c400000.00007f2e5c415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: 6249.1.00007f2e5c400000.00007f2e5c415000.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
        Source: 6249.1.00007f2e5c400000.00007f2e5c415000.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
        Source: 6241.1.00007f2e5c400000.00007f2e5c415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: 6241.1.00007f2e5c400000.00007f2e5c415000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: 6241.1.00007f2e5c400000.00007f2e5c415000.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
        Source: 6241.1.00007f2e5c400000.00007f2e5c415000.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
        Source: Process Memory Space: xd.mips.elf PID: 6241, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: Process Memory Space: xd.mips.elf PID: 6241, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: Process Memory Space: xd.mips.elf PID: 6244, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: Process Memory Space: xd.mips.elf PID: 6244, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: Process Memory Space: xd.mips.elf PID: 6246, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: Process Memory Space: xd.mips.elf PID: 6246, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: Process Memory Space: xd.mips.elf PID: 6249, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: Process Memory Space: xd.mips.elf PID: 6249, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: Process Memory Space: xd.mips.elf PID: 6257, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: Process Memory Space: xd.mips.elf PID: 6257, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: Process Memory Space: xd.mips.elf PID: 6259, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: Process Memory Space: xd.mips.elf PID: 6259, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: classification engineClassification label: mal96.spre.troj.evad.linELF@0/16@3/0

        Data Obfuscation

        barindex
        Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
        Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
        Source: initial sampleString containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $

        Persistence and Installation Behavior

        barindex
        Source: /bin/fusermount (PID: 6418)File: /proc/6418/mountsJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/6197/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/6034/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/4450/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/1582/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/2033/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/3088/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/670/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/2746/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/793/fdJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/1579/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/1612/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/674/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/796/fdJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/796/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/675/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/1532/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/1576/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/2302/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/676/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/797/fdJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/677/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/799/fdJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/799/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/910/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/912/fdJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/912/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/759/fdJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/517/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/4447/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/4448/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/2749/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/4449/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/2307/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/918/fdJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/918/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/1594/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/2285/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/2281/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/6480/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/1349/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/1/fdJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/761/fdJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/884/fdJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/884/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/1389/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/2038/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/720/fdJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/1465/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/1586/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/721/fdJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/1463/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/800/fdJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/800/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/4499/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/801/fdJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/801/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/847/fdJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/847/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/6254/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/6255/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/3021/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/491/fdJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/2294/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/772/fdJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/2128/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/1599/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/774/fdJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/1477/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/654/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/896/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/1476/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/655/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/1475/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/2289/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/777/fdJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/656/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/2761/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/2882/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/657/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/658/fdJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/4501/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/936/fdJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/419/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/4504/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/2208/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/2180/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/6263/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/6262/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/6188/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/1494/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/1601/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/420/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/2018/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/1489/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/785/fdJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/2014/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/1320/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/667/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/788/fdJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/788/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/789/fdJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/789/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/4510/exeJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/904/fdJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File opened: /proc/904/exeJump to behavior
        Source: /usr/bin/gpu-manager (PID: 6366)Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"Jump to behavior
        Source: /usr/bin/gpu-manager (PID: 6368)Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"Jump to behavior
        Source: /usr/bin/gpu-manager (PID: 6371)Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"Jump to behavior
        Source: /usr/bin/gpu-manager (PID: 6374)Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"Jump to behavior
        Source: /usr/bin/gpu-manager (PID: 6377)Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"Jump to behavior
        Source: /usr/bin/gpu-manager (PID: 6380)Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"Jump to behavior
        Source: /usr/bin/gpu-manager (PID: 6384)Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"Jump to behavior
        Source: /usr/bin/gpu-manager (PID: 6386)Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"Jump to behavior
        Source: /bin/sh (PID: 6367)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.confJump to behavior
        Source: /bin/sh (PID: 6370)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.confJump to behavior
        Source: /bin/sh (PID: 6373)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.confJump to behavior
        Source: /bin/sh (PID: 6375)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.confJump to behavior
        Source: /bin/sh (PID: 6378)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.confJump to behavior
        Source: /bin/sh (PID: 6381)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.confJump to behavior
        Source: /bin/sh (PID: 6385)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.confJump to behavior
        Source: /bin/sh (PID: 6387)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.confJump to behavior
        Source: /usr/share/gdm/generate-config (PID: 6389)Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-serviceJump to behavior
        Source: /usr/sbin/gdm3 (PID: 6391)File: /var/run/gdm3 (bits: - usr: -x grp: x all: rwx)Jump to behavior
        Source: /usr/sbin/gdm3 (PID: 6391)File: /var/log/gdm3 (bits: - usr: -x grp: x all: rwx)Jump to behavior
        Source: /usr/bin/gpu-manager (PID: 6365)Log file created: /var/log/gpu-manager.log
        Source: /usr/bin/gpu-manager (PID: 6426)Log file created: /var/log/gpu-manager.log
        Source: /usr/bin/gpu-manager (PID: 6438)Log file created: /var/log/gpu-manager.log
        Source: /usr/bin/gpu-manager (PID: 6448)Log file created: /var/log/gpu-manager.log
        Source: /usr/bin/gpu-manager (PID: 6458)Log file created: /var/log/gpu-manager.log
        Source: /usr/bin/gpu-manager (PID: 6468)Log file created: /var/log/gpu-manager.logJump to dropped file

        Hooking and other Techniques for Hiding and Protection

        barindex
        Source: /tmp/xd.mips.elf (PID: 6243)File: /usr/lib/systemd/systemdJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File: /usr/lib/systemd/systemd (deleted)Jump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File: /usr/bin/pulseaudioJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6243)File: /usr/sbin/gdm3Jump to behavior
        Source: xd.mips.elfSubmission file: segment LOAD with 7.9033 entropy (max. 8.0)
        Source: /usr/bin/gpu-manager (PID: 6365)Truncated file: /var/log/gpu-manager.logJump to behavior
        Source: /usr/bin/gpu-manager (PID: 6426)Truncated file: /var/log/gpu-manager.logJump to behavior
        Source: /usr/bin/gpu-manager (PID: 6438)Truncated file: /var/log/gpu-manager.logJump to behavior
        Source: /usr/bin/gpu-manager (PID: 6448)Truncated file: /var/log/gpu-manager.logJump to behavior
        Source: /usr/bin/gpu-manager (PID: 6458)Truncated file: /var/log/gpu-manager.logJump to behavior
        Source: /usr/bin/gpu-manager (PID: 6468)Truncated file: /var/log/gpu-manager.logJump to behavior
        Source: /usr/bin/pulseaudio (PID: 6354)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
        Source: /usr/bin/pkill (PID: 6389)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
        Source: /tmp/xd.mips.elf (PID: 6241)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/bin/pulseaudio (PID: 6354)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/bin/gpu-manager (PID: 6365)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/bin/gpu-manager (PID: 6426)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/bin/gpu-manager (PID: 6438)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/bin/gpu-manager (PID: 6448)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/bin/gpu-manager (PID: 6458)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/bin/gpu-manager (PID: 6468)Queries kernel information via 'uname': Jump to behavior
        Source: xd.mips.elf, 6241.1.000055aa82222000.000055aa822a9000.rw-.sdmp, xd.mips.elf, 6244.1.000055aa82222000.000055aa822a9000.rw-.sdmp, xd.mips.elf, 6246.1.000055aa82222000.000055aa822a9000.rw-.sdmp, xd.mips.elf, 6249.1.000055aa82222000.000055aa822a9000.rw-.sdmp, xd.mips.elf, 6257.1.000055aa82222000.000055aa822a9000.rw-.sdmp, xd.mips.elf, 6259.1.000055aa82222000.000055aa822a9000.rw-.sdmpBinary or memory string: U!/etc/qemu-binfmt/mips
        Source: xd.mips.elf, 6241.1.000055aa82222000.000055aa822a9000.rw-.sdmp, xd.mips.elf, 6244.1.000055aa82222000.000055aa822a9000.rw-.sdmp, xd.mips.elf, 6246.1.000055aa82222000.000055aa822a9000.rw-.sdmp, xd.mips.elf, 6249.1.000055aa82222000.000055aa822a9000.rw-.sdmp, xd.mips.elf, 6257.1.000055aa82222000.000055aa822a9000.rw-.sdmp, xd.mips.elf, 6259.1.000055aa82222000.000055aa822a9000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/mips
        Source: xd.mips.elf, 6241.1.00007ffd30723000.00007ffd30744000.rw-.sdmp, xd.mips.elf, 6244.1.00007ffd30723000.00007ffd30744000.rw-.sdmp, xd.mips.elf, 6246.1.00007ffd30723000.00007ffd30744000.rw-.sdmp, xd.mips.elf, 6249.1.00007ffd30723000.00007ffd30744000.rw-.sdmp, xd.mips.elf, 6257.1.00007ffd30723000.00007ffd30744000.rw-.sdmp, xd.mips.elf, 6259.1.00007ffd30723000.00007ffd30744000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-mips/tmp/xd.mips.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/xd.mips.elf
        Source: xd.mips.elf, 6241.1.00007ffd30723000.00007ffd30744000.rw-.sdmp, xd.mips.elf, 6244.1.00007ffd30723000.00007ffd30744000.rw-.sdmp, xd.mips.elf, 6246.1.00007ffd30723000.00007ffd30744000.rw-.sdmp, xd.mips.elf, 6249.1.00007ffd30723000.00007ffd30744000.rw-.sdmp, xd.mips.elf, 6257.1.00007ffd30723000.00007ffd30744000.rw-.sdmp, xd.mips.elf, 6259.1.00007ffd30723000.00007ffd30744000.rw-.sdmpBinary or memory string: /usr/bin/qemu-mips

        Stealing of Sensitive Information

        barindex
        Source: Yara matchFile source: 6246.1.00007f2e5c400000.00007f2e5c415000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 6257.1.00007f2e5c400000.00007f2e5c415000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 6259.1.00007f2e5c400000.00007f2e5c415000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 6244.1.00007f2e5c400000.00007f2e5c415000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 6249.1.00007f2e5c400000.00007f2e5c415000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 6241.1.00007f2e5c400000.00007f2e5c415000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: xd.mips.elf PID: 6241, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: xd.mips.elf PID: 6244, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: xd.mips.elf PID: 6246, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: xd.mips.elf PID: 6249, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: xd.mips.elf PID: 6257, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: xd.mips.elf PID: 6259, type: MEMORYSTR

        Remote Access Functionality

        barindex
        Source: Yara matchFile source: 6246.1.00007f2e5c400000.00007f2e5c415000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 6257.1.00007f2e5c400000.00007f2e5c415000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 6259.1.00007f2e5c400000.00007f2e5c415000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 6244.1.00007f2e5c400000.00007f2e5c415000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 6249.1.00007f2e5c400000.00007f2e5c415000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 6241.1.00007f2e5c400000.00007f2e5c415000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: xd.mips.elf PID: 6241, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: xd.mips.elf PID: 6244, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: xd.mips.elf PID: 6246, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: xd.mips.elf PID: 6249, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: xd.mips.elf PID: 6257, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: xd.mips.elf PID: 6259, type: MEMORYSTR

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity Information1
        Scripting        		Valid AccountsWindows Management Instrumentation1
        Scripting        		Path Interception1
        File and Directory Permissions Modification        		1
        OS Credential Dumping        		11
        Security Software Discovery        		Remote ServicesData from Local System1
        Encrypted Channel        		Exfiltration Over Other Network Medium1
        Service Stop
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
        Disable or Modify Tools        		LSASS Memory1
        File and Directory Discovery        		Remote Desktop ProtocolData from Removable Media1
        Non-Standard Port        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
        Obfuscated Files or Information        		Security Account Manager1
        System Information Discovery        		SMB/Windows Admin SharesData from Network Shared Drive2
        Non-Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
        Indicator Removal        		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
        Application Layer Protocol        		Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
        File Deletion        		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

        Malware Configuration

        No configs have been found

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Number of created Files
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1655032 Sample: xd.mips.elf Startdate: 02/04/2025 Architecture: LINUX Score: 96 54 174.130.227.45, 23 WINDSTREAMUS United States 2->54 56 72.243.88.50, 23 WINDSTREAMUS United States 2->56 58 99 other IPs or domains 2->58 64 Malicious sample detected (through community Yara rule) 2->64 66 Multi AV Scanner detection for submitted file 2->66 68 Yara detected Mirai 2->68 70 Sample is packed with UPX 2->70 8 xd.mips.elf 2->8         started        10 systemd gpu-manager 2->10         started        12 gvfsd-fuse fusermount 2->12         started        15 45 other processes 2->15 signatures3 process4 signatures5 17 xd.mips.elf 8->17         started        20 xd.mips.elf 8->20         started        22 xd.mips.elf 8->22         started        24 gpu-manager sh 10->24         started        26 gpu-manager sh 10->26         started        28 gpu-manager sh 10->28         started        32 5 other processes 10->32 72 Sample reads /proc/mounts (often used for finding a writable filesystem) 12->72 30 generate-config pkill 15->30         started        34 40 other processes 15->34 process6 signatures7 60 Sample tries to kill multiple processes (SIGKILL) 17->60 62 Sample deletes itself 17->62 36 xd.mips.elf 20->36         started        50 2 other processes 20->50 38 sh grep 24->38         started        40 sh grep 26->40         started        42 sh grep 28->42         started        44 sh grep 32->44         started        46 sh grep 32->46         started        48 sh grep 32->48         started        52 2 other processes 32->52 process8

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        xd.mips.elf39%VirustotalBrowse
        xd.mips.elf44%ReversingLabsLinux.Trojan.Mirai

        Dropped Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        No Antivirus matches

        Domains and IPs

        Download Network PCAP: filteredfull

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        daisy.ubuntu.com
        		162.213.35.24
        		truefalse
          		high

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          https://daisy.ubuntu.com/9aadafe2051348cd32033e1cad68f0a5fe46fba3240ac1e6e42158f31b8a1371790c09baf3996b4979fe8e533446c7dedf30f654c68b25357334c66911dc6a9efalse
            		high
            NameSourceMaliciousAntivirus DetectionReputation
            http://upx.sf.netxd.mips.elffalse
              		high

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              99.218.242.172
              		unknownCanada
              		812ROGERS-COMMUNICATIONSCAfalse
              14.237.24.37
              		unknownViet Nam
              		45899VNPT-AS-VNVNPTCorpVNfalse
              175.137.38.180
              		unknownMalaysia
              		4788TMNET-AS-APTMNetInternetServiceProviderMYfalse
              213.197.231.129
              		unknownNetherlands
              		15879KPN-INTERNEDSERVICESNLfalse
              123.155.84.221
              		unknownChina
              		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
              145.95.187.147
              		unknownNetherlands
              		1103SURFNET-NLSURFnetTheNetherlandsNLfalse
              219.181.211.83
              		unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
              175.31.116.136
              		unknownChina
              		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
              69.107.250.149
              		unknownUnited States
              		7018ATT-INTERNET4USfalse
              217.73.118.81
              		unknownRussian Federation
              		50299TYFON-ASRUfalse
              37.26.158.151
              		unknownSweden
              		48093WEBLAND-CORE-NETSEfalse
              159.113.142.128
              		unknownUnited States
              		32982DOE-HQUSfalse
              12.65.219.123
              		unknownUnited States
              		7018ATT-INTERNET4USfalse
              255.231.126.209
              		unknownReserved
              		unknownunknownfalse
              111.75.162.99
              		unknownChina
              		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
              5.168.65.102
              		unknownItaly
              		16232ASN-TIMServiceProviderITfalse
              176.136.254.52
              		unknownFrance
              		5410BOUYGTEL-ISPFRfalse
              114.22.137.203
              		unknownJapan2516KDDIKDDICORPORATIONJPfalse
              91.189.91.43
              		unknownUnited Kingdom
              		41231CANONICAL-ASGBfalse
              91.189.91.42
              		unknownUnited Kingdom
              		41231CANONICAL-ASGBfalse
              114.133.81.108
              		unknownMalaysia
              		56046CMNET-JIANGSU-APChinaMobilecommunicationscorporationCNfalse
              176.78.240.216
              		unknownPortugal
              		3243MEO-RESIDENCIALPTfalse
              254.214.155.213
              		unknownReserved
              		unknownunknownfalse
              249.44.129.65
              		unknownReserved
              		unknownunknownfalse
              96.163.229.68
              		unknownUnited States
              		7922COMCAST-7922USfalse
              219.59.187.253
              		unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
              88.226.104.38
              		unknownTurkey
              		9121TTNETTRfalse
              154.13.177.194
              		unknownUnited States
              		174COGENT-174USfalse
              188.54.209.142
              		unknownSaudi Arabia
              		25019SAUDINETSTC-ASSAfalse
              47.6.234.127
              		unknownUnited States
              		20115CHARTER-20115USfalse
              244.183.230.6
              		unknownReserved
              		unknownunknownfalse
              186.94.165.35
              		unknownVenezuela
              		8048CANTVServiciosVenezuelaVEfalse
              85.151.108.48
              		unknownGermany
              		5390EURONETNLfalse
              20.62.246.152
              		unknownUnited States
              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
              170.239.159.143
              		unknownBrazil
              		28198IsimplesTelecomeHardwareLtdaBRfalse
              168.94.42.87
              		unknownUnited States
              		11596BESTBUYUSfalse
              87.51.83.17
              		unknownDenmark
              		3292TDCTDCASDKfalse
              17.113.249.224
              		unknownUnited States
              		714APPLE-ENGINEERINGUSfalse
              194.105.57.95
              		unknownItaly
              		21176ASN-DEBISITfalse
              27.178.85.117
              		unknownKorea Republic of
              		9644SKTELECOM-NET-ASSKTelecomKRfalse
              95.153.205.74
              		unknownRussian Federation
              		29497KUBANGSMRUfalse
              120.96.146.140
              		unknownTaiwan; Republic of China (ROC)
              		17716NTU-TWNationalTaiwanUniversityTWfalse
              201.176.104.18
              		unknownArgentina
              		22927TelefonicadeArgentinaARfalse
              105.53.32.118
              		unknownKenya
              		33771SAFARICOM-LIMITEDKEfalse
              17.178.100.66
              		unknownUnited States
              		714APPLE-ENGINEERINGUSfalse
              17.107.170.66
              		unknownUnited States
              		714APPLE-ENGINEERINGUSfalse
              67.1.238.178
              		unknownUnited States
              		209CENTURYLINK-US-LEGACY-QWESTUSfalse
              72.243.88.50
              		unknownUnited States
              		7029WINDSTREAMUSfalse
              146.59.188.32
              		unknownNorway
              		16276OVHFRfalse
              183.62.48.167
              		unknownChina
              		4816CHINANET-IDC-GDChinaTelecomGroupCNfalse
              109.160.136.193
              		unknownIsrael
              		12400PARTNER-ASILfalse
              160.70.13.210
              		unknownGermany
              		21293ASN-NRKNRKAutonomousSystemNOfalse
              88.205.125.52
              		unknownGermany
              		12676NCORE-ASHochstadenstr5DEfalse
              190.136.166.254
              		unknownArgentina
              		7303TelecomArgentinaSAARfalse
              146.158.1.144
              		unknownCzech Republic
              		43849SEVER-SVYAZ-ASNoyabrskYNAORUfalse
              121.220.221.113
              		unknownAustralia
              		1221ASN-TELSTRATelstraCorporationLtdAUfalse
              108.172.240.181
              		unknownCanada
              		852ASN852CAfalse
              76.236.3.251
              		unknownUnited States
              		7018ATT-INTERNET4USfalse
              4.184.114.7
              		unknownUnited States
              		3356LEVEL3USfalse
              178.195.0.18
              		unknownSwitzerland
              		3303SWISSCOMSwisscomSwitzerlandLtdCHfalse
              245.224.70.75
              		unknownReserved
              		unknownunknownfalse
              154.1.62.160
              		unknownUnited States
              		37680COOL-IDEASZAfalse
              161.229.100.105
              		unknownSingapore
              		396269BPL-ASNUSfalse
              213.209.129.92
              		unknownGermany
              		42821RAPIDNET-DEHaunstetterStr19DEfalse
              108.240.174.189
              		unknownUnited States
              		7018ATT-INTERNET4USfalse
              95.52.159.210
              		unknownRussian Federation
              		12389ROSTELECOM-ASRUfalse
              181.64.11.132
              		unknownPeru
              		6147TelefonicadelPeruSAAPEfalse
              117.243.50.138
              		unknownIndia
              		9829BSNL-NIBNationalInternetBackboneINfalse
              104.108.101.199
              		unknownUnited States
              		16625AKAMAI-ASUSfalse
              23.86.35.18
              		unknownUnited States
              		395954LEASEWEB-USA-LAX-11USfalse
              70.80.151.138
              		unknownCanada
              		5769VIDEOTRONCAfalse
              177.119.97.37
              		unknownBrazil
              		26599TELEFONICABRASILSABRfalse
              40.75.181.5
              		unknownUnited States
              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
              14.209.51.203
              		unknownChina
              		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
              186.83.236.137
              		unknownColombia
              		10620TelmexColombiaSACOfalse
              193.58.198.34
              		unknownUnited Kingdom
              		16160SWANBratislavaSlovakiaSKfalse
              16.59.70.176
              		unknownUnited States
              		unknownunknownfalse
              185.69.53.235
              		unknownLithuania
              		62282RACKRAYUABRakrejusLTfalse
              17.142.236.129
              		unknownUnited States
              		714APPLE-ENGINEERINGUSfalse
              17.197.255.47
              		unknownUnited States
              		714APPLE-ENGINEERINGUSfalse
              162.213.35.25
              		unknownUnited States
              		41231CANONICAL-ASGBfalse
              44.80.77.10
              		unknownUnited States
              		7377UCSDUSfalse
              222.142.55.135
              		unknownChina
              		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
              243.26.147.251
              		unknownReserved
              		unknownunknownfalse
              74.179.8.59
              		unknownUnited States
              		10796TWC-10796-MIDWESTUSfalse
              156.239.56.12
              		unknownSeychelles
              		8100ASN-QUADRANET-GLOBALUSfalse
              167.245.3.153
              		unknownUnited States
              		17161MARSHUSfalse
              102.55.170.147
              		unknownMorocco
              		6713IAM-ASMAfalse
              112.222.141.255
              		unknownKorea Republic of
              		3786LGDACOMLGDACOMCorporationKRfalse
              13.141.213.197
              		unknownUnited States
              		7018ATT-INTERNET4USfalse
              151.212.151.129
              		unknownUnited Kingdom
              		11003PANDGUSfalse
              96.40.232.165
              		unknownUnited States
              		20115CHARTER-20115USfalse
              126.196.152.33
              		unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
              70.89.149.56
              		unknownUnited States
              		7922COMCAST-7922USfalse
              40.53.69.94
              		unknownUnited States
              		4249LILLY-ASUSfalse
              151.221.212.102
              		unknownunknown
              		11003PANDGUSfalse
              5.36.223.206
              		unknownOman
              		28885OMANTEL-NAP-ASOmanTelNAPOMfalse
              202.81.111.35
              		unknownAustralia
              		58521GARENA-SGGarenaOnlinePteLtdSGfalse
              24.127.115.50
              		unknownUnited States
              		7922COMCAST-7922USfalse
              174.130.227.45
              		unknownUnited States
              		7029WINDSTREAMUSfalse

              Joe Sandbox View / Context

              IPs

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              91.189.91.43sshd.elfGet hashmaliciousUnknownBrowse
                xd.mpsl.elfGet hashmaliciousMiraiBrowse
                  na.elfGet hashmaliciousPrometeiBrowse
                    xd.i686.elfGet hashmaliciousMiraiBrowse
                      xd.arm.elfGet hashmaliciousMiraiBrowse
                        xd.sh4.elfGet hashmaliciousMiraiBrowse
                          xd.arm5.elfGet hashmaliciousMiraiBrowse
                            na.elfGet hashmaliciousPrometeiBrowse
                              xd.i486.elfGet hashmaliciousMiraiBrowse
                                xd.spc.elfGet hashmaliciousMiraiBrowse
                                  91.189.91.42sshd.elfGet hashmaliciousUnknownBrowse
                                    xd.mpsl.elfGet hashmaliciousMiraiBrowse
                                      na.elfGet hashmaliciousPrometeiBrowse
                                        xd.i686.elfGet hashmaliciousMiraiBrowse
                                          xd.arm.elfGet hashmaliciousMiraiBrowse
                                            xd.sh4.elfGet hashmaliciousMiraiBrowse
                                              xd.arm5.elfGet hashmaliciousMiraiBrowse
                                                na.elfGet hashmaliciousPrometeiBrowse
                                                  xd.i486.elfGet hashmaliciousMiraiBrowse
                                                    xd.spc.elfGet hashmaliciousMiraiBrowse

                                                      Domains

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      daisy.ubuntu.comxd.arm6.elfGet hashmaliciousMiraiBrowse
                                                      • 162.213.35.24
                                                      xd.arm6.elfGet hashmaliciousMiraiBrowse
                                                      • 162.213.35.25
                                                      xd.x86.elfGet hashmaliciousMiraiBrowse
                                                      • 162.213.35.25
                                                      xd.x86_64.elfGet hashmaliciousMiraiBrowse
                                                      • 162.213.35.25
                                                      boatnet.x86.elfGet hashmaliciousMiraiBrowse
                                                      • 162.213.35.25
                                                      boatnet.arm.elfGet hashmaliciousMiraiBrowse
                                                      • 162.213.35.25
                                                      boatnet.arm6.elfGet hashmaliciousMiraiBrowse
                                                      • 162.213.35.25
                                                      bejv86.elfGet hashmaliciousUnknownBrowse
                                                      • 162.213.35.24
                                                      arm7.elfGet hashmaliciousMiraiBrowse
                                                      • 162.213.35.24
                                                      aarch64.elfGet hashmaliciousMiraiBrowse
                                                      • 162.213.35.24

                                                      ASNs

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      ROGERS-COMMUNICATIONSCAxd.x86_64.elfGet hashmaliciousMiraiBrowse
                                                      • 99.219.67.198
                                                      xd.ppc.elfGet hashmaliciousMiraiBrowse
                                                      • 72.141.150.35
                                                      xd.arm7.elfGet hashmaliciousMiraiBrowse
                                                      • 99.221.45.4
                                                      x86.elfGet hashmaliciousMiraiBrowse
                                                      • 155.194.207.207
                                                      mips.elfGet hashmaliciousUnknownBrowse
                                                      • 99.250.211.22
                                                      .i.elfGet hashmaliciousMiraiBrowse
                                                      • 99.241.228.239
                                                      bimbo-mips.elfGet hashmaliciousUnknownBrowse
                                                      • 99.220.55.168
                                                      k03ldc.spc.elfGet hashmaliciousUnknownBrowse
                                                      • 208.97.92.18
                                                      sora.spc.elfGet hashmaliciousMiraiBrowse
                                                      • 99.243.30.94
                                                      sora.x86.elfGet hashmaliciousMiraiBrowse
                                                      • 99.236.221.77
                                                      VNPT-AS-VNVNPTCorpVNxd.powerpc-440fp.elfGet hashmaliciousMiraiBrowse
                                                      • 14.179.184.201
                                                      xd.x86_64.elfGet hashmaliciousMiraiBrowse
                                                      • 14.247.77.19
                                                      Purchase Order 139022.exeGet hashmaliciousFormBookBrowse
                                                      • 203.161.38.186
                                                      xd.i686.elfGet hashmaliciousMiraiBrowse
                                                      • 14.172.137.54
                                                      xd.spc.elfGet hashmaliciousMiraiBrowse
                                                      • 14.249.79.78
                                                      OC-8563 PURCHASE ORDER.exeGet hashmaliciousFormBookBrowse
                                                      • 203.161.38.186
                                                      rep.ppc.elfGet hashmaliciousMiraiBrowse
                                                      • 14.162.101.86
                                                      DHL_AWB#6078538091.exeGet hashmaliciousFormBookBrowse
                                                      • 203.161.60.161
                                                      arm5.elfGet hashmaliciousUnknownBrowse
                                                      • 14.167.73.16
                                                      ppc.elfGet hashmaliciousMiraiBrowse
                                                      • 14.167.48.84
                                                      TMNET-AS-APTMNetInternetServiceProviderMYxd.powerpc-440fp.elfGet hashmaliciousMiraiBrowse
                                                      • 202.188.60.200
                                                      https://u7990385.ct.sendgrid.net/ls/click?upn=u001.oZ6GXC16Ztdw1ob-2F3C5yow-2FsK2YC4S8s269h9OLgp-2FGcQesCtXDXKgCEAF90Sa3OCy4-2F8kjpNgZm-2BgZsMdS1bfz52FcnP1TWB9R0E7-2F8Qnsc-2FB1JorLOHf8hisusJ4QRFAdkzlPlCtQyWV7XFlsorDlGs-2FXFaZtfILNk2CGzhOAh-2FplOBpAwbo8FEcNO6XU5yHNlcED7s9R6vn8NXl8BHGMXjZTaDIh3ednS0qpEYQlkjgdh04lqNlwUYQgfcZcrKvrl_TS1MykV2MfY4erwoSL54Fxruz3oW8XjCJ-2BoN9Zik9lnfuVgJcpfWzpZ2kemqNfDwpv0iQt9S4uySN3znm-2BVhjBDFXpavPbhp3p63OqMKE14K-2B87bgvIyQeft2IA5x5DXtXyea4x7LL3ebnAt5F3iws4moF4GGYx8i-2BOXu7XZjWH0GMPc0EM6lkOWGk0vwG-2FjwXFvt1n9jGbqE-2FkvlQWBREfPj3XI47wSs0OcIXHID47RBGllKyjoFHcTRVuRkeBPBjN4gewg0w8p4bShL-2Fr1YdURDfyviYbMM74eBBFCl2-2Bkr7ZOyuk-2FIHWpgRPOs9m54a1Lfkrfus2zBhCAWlGWoQpBcv6cXnG2svD8IGNmOfy9bqAH2OADQRmihLcQD9oUk5O-2BoVDui4816AM-2FXopyV9cYB0wzX6vtrT4EnW7jL7NESjGPrz7mdcXhfoIZCp4eInnzYxTQ8j8yFsGJ9bUK-2B8vuDffEncAbiSfBMicEq9uiA4Wk3TCDg6UfJl1sr76JQ2RYA4z5fFVT25Euw-2FCbwhWuVAyKUdFPY93NzmJl7ZYlNDPVrAclSb75dsk0rqhTu3ZTtC2bZEtzEALRsZQY4b221BytJlaaeRyyvP75v6ZmCcG7-2Bcl4WZGtsiW4-2FkDth6QE24hsfcLoAtA7pxT9uq-2BmqXz2quvSyk9-2Bm90ngMUEFVmzqJ2woki8fUYvKvsXhpNbl4YAk-2FjCY1SojpHp0OB5Ag9NAjiZCUsHiuxPmqFxotpjfwqx9h-2FIdr9skeRgttV-2FHbMYXeQfXe3eEepIS3L8j4eq-2FvVf5UOGVfefW9MIJOvr9g-2F-2F-2F1x8AnFuX1sjI30oQ-2BqYxjqJrVL0mKpiwZdEJzkC9CnhOyGpYXHtCUMTxDReigPu4J7-2B1wU5hRs85XHg597OD3ghdHNIq2Gd-2BKTtGqA99VnR9kFt3j98yvakP93-2Fxhk-2FLX4oMZzWfEjWvyJEpL17yKlwhsowtC9wvtyctQ09OLV1taCdtJx4wgtsp9tsqzNnyHObFTFv3zLFGet hashmaliciousUnknownBrowse
                                                      • 23.51.56.185
                                                      -Lysisfinancial_Executives_Schedule 6cLKF4B .svgGet hashmaliciousHTMLPhisherBrowse
                                                      • 23.51.57.13
                                                      http://daugavpils.pilseta24.lv/linkredirect/?link=https%3A%2F%2Fmujicconstruction.com%2Fjustdoitforyou%2F123%2FbGF1cmEuYmVyZ21hbkBwb3N0bm9yZC5jb20=&referer=daugavpils.pilseta24.lv%2Fzina%3Fslug%3Deccal-briketes-un-apkures-granulas-ar-lielisku-kvalitati-pievilcigu-cenu-videi-draudzigs-un-izd-8c175fc171&additional_params=%7B%22company_orig_id%22%3A%22267661%22%2C%22object_country_id%22%3A%22lv%22%2C%22referer_layout_type%22%3A%22SR%22%2C%22bannerinfo%22%3A%22%7B%5C%22key%5C%22%3A%5C%22%5C%5C%5C%22Apbed%5C%5Cu012b%5C%5Cu0161anas+nams-krematorija%5C%5C%5C%22%2C+SIA%7C2020-09-11%7C2021-08-23%7Cdaugavpils+p24+lielais+baneris%7Chttps%3A%5C%5C%5C%2F%5C%5C%5C%2Fwww.krematorijariga.lv%5C%5C%5C%2F%7C%7Cupload%5C%5C%5C%2F267661%5C%5C%5C%2Fbaners%5C%5C%5C%2F1184_krematorija_980x90.gif%7Clva%7C267661%7C980%7C90%7C%7C0%7C0%7C%7C0%7C0%7C%5C%22%2C%5C%22doc_count%5C%22%3A1%2C%5C%22key0%5C%22%3A%5C%22%5C%5C%5C%22Apbed%5C%5Cu012b%5C%5Cu0161anas+nams-krematorija%5C%5C%5C%22%2C+SIA%5C%22%2C%5C%22key1%5C%22%3A%5C%222020-09-11%5C%22%2C%5C%22key2%5C%22%3A%5C%222021-08-23%5C%22%2C%5C%22key3%5C%22%3A%5C%22daugavpils+p24+lielais+baneris%5C%22%2C%5C%22key4%5C%22%3A%5C%22https%3A%5C%5C%5C%2F%5C%5C%5C%2Fwww.krematorijariga.lv%5C%5C%5C%2F%5C%22%2C%5C%22key5%5C%22%3A%5C%22%5C%22%2C%5C%22key6%5C%22%3A%5C%22upload%5C%5C%5C%2F267661%5C%5C%5C%2Fbaners%5C%5C%5C%2F1184_krematorija_980x90.gif%5C%22%2C%5C%22key7%5C%22%3A%5C%22lva%5C%22%2C%5C%22key8%5C%22%3A%5C%22267661%5C%22%2C%5C%22key9%5C%22%3A%5C%22980%5C%22%2C%5C%22key10%5C%22%3A%5C%2290%5C%22%2C%5C%22key11%5C%22%3A%5C%22%5C%22%2C%5C%22key12%5C%22%3A%5C%220%5C%22%2C%5C%22key13%5C%22%3A%5C%220%5C%22%2C%5C%22key14%5C%22%3A%5C%22%5C%22%2C%5C%22key15%5C%22%3A%5C%220%5C%22%2C%5C%22key16%5C%22%3A%5C%220%5C%22%2C%5C%22key17%5C%22%3A%5C%22%5C%22%7D%22%7D&control=494d2e7146aade77cb8a9ef0fd1fd133Get hashmaliciousHTMLPhisherBrowse
                                                      • 23.51.57.57
                                                      https://www.notion.so/1c85839ca3918049b295de37b1c532aaGet hashmaliciousHTMLPhisherBrowse
                                                      • 23.51.57.57
                                                      xd.mpsl.elfGet hashmaliciousMiraiBrowse
                                                      • 110.159.121.16
                                                      Revised - Buncombe county government 2025 Handbook33469.docGet hashmaliciousUnknownBrowse
                                                      • 23.51.56.185
                                                      Message.emlGet hashmaliciousUnknownBrowse
                                                      • 23.51.57.215
                                                      https://acrobat.adobe.com/id/urn:aaid:sc:US:3b18b23b-dd60-40b3-bef3-3c70493b338aGet hashmaliciousUnknownBrowse
                                                      • 23.51.57.57
                                                      Invoice PSI-3101.msgGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                      • 23.51.56.185
                                                      KPN-INTERNEDSERVICESNLFantazy.m68k.elfGet hashmaliciousMiraiBrowse
                                                      • 213.130.168.100
                                                      nabarm.elfGet hashmaliciousUnknownBrowse
                                                      • 82.201.47.149
                                                      m68k.elfGet hashmaliciousMiraiBrowse
                                                      • 213.133.37.129
                                                      res.arm5.elfGet hashmaliciousUnknownBrowse
                                                      • 193.91.59.165
                                                      res.mips.elfGet hashmaliciousUnknownBrowse
                                                      • 193.91.59.158
                                                      boatnet.arm.elfGet hashmaliciousMirai, GafgytBrowse
                                                      • 213.133.37.165
                                                      arm7.elfGet hashmaliciousMirai, MoobotBrowse
                                                      • 213.133.37.167
                                                      nklsh4.elfGet hashmaliciousUnknownBrowse
                                                      • 193.91.59.178
                                                      nshsh4.elfGet hashmaliciousMiraiBrowse
                                                      • 213.133.37.123
                                                      loligang.sh4.elfGet hashmaliciousMiraiBrowse
                                                      • 213.130.186.180

                                                      JA3 Fingerprints

                                                      No context

                                                      Dropped Files

                                                      No context

                                                      Created / dropped Files

                                                      Process:/usr/bin/pulseaudio
                                                      File Type:ASCII text
                                                      Category:dropped
                                                      Size (bytes):10
                                                      Entropy (8bit):2.9219280948873623
                                                      Encrypted:false
                                                      SSDEEP:3:5bkPn:pkP
                                                      MD5:FF001A15CE15CF062A3704CEA2991B5F
                                                      SHA1:B06F6855F376C3245B82212AC73ADED55DFE5DEF
                                                      SHA-256:C54830B41ECFA1B6FBDC30397188DDA86B7B200E62AEAC21AE694A6192DCC38A
                                                      SHA-512:65EBF7C31F6F65713CE01B38A112E97D0AE64A6BD1DA40CE4C1B998F10CD3912EE1A48BB2B279B24493062118AAB3B8753742E2AF28E56A31A7AAB27DE80E7BF
                                                      Malicious:false
                                                      Reputation:moderate, very likely benign file
                                                      Preview:auto_null.
                                                      Process:/usr/bin/pulseaudio
                                                      File Type:ASCII text
                                                      Category:dropped
                                                      Size (bytes):18
                                                      Entropy (8bit):3.4613201402110088
                                                      Encrypted:false
                                                      SSDEEP:3:5bkrIZsXvn:pkckv
                                                      MD5:28FE6435F34B3367707BB1C5D5F6B430
                                                      SHA1:EB8FE2D16BD6BBCCE106C94E4D284543B2573CF6
                                                      SHA-256:721A37C69E555799B41D308849E8F8125441883AB021B723FED90A9B744F36C0
                                                      SHA-512:6B6AB7C0979629D0FEF6BE47C5C6BCC367EDD0AAE3FC973F4DE2FD5F0A819C89E7656DB65D453B1B5398E54012B27EDFE02894AD87A7E0AF3A9C5F2EB24A9919
                                                      Malicious:false
                                                      Reputation:moderate, very likely benign file
                                                      Preview:auto_null.monitor.
                                                      Process:/usr/sbin/gdm3
                                                      File Type:ASCII text
                                                      Category:dropped
                                                      Size (bytes):5
                                                      Entropy (8bit):2.321928094887362
                                                      Encrypted:false
                                                      SSDEEP:3:X2:G
                                                      MD5:C6733A10A907D115736253130FFC1E16
                                                      SHA1:4894C014175828BF6AC22FA3EFA33CFDD3905436
                                                      SHA-256:6090476896F07F4B60F5CB387CD33A06A2BD5A60E597618A817AA51C7865F9C1
                                                      SHA-512:C4D174E5E837EF62A2EDC53DFC0079815A0B97A267CABAB40B6D3BA86CAD2AA58D6CDF53DD6F9DA47405B83C1D0BEC6AF6A67269C1B8D5F4572CDD1B3E54479A
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview:6391.
                                                      Process:/usr/bin/pulseaudio
                                                      File Type:ASCII text
                                                      Category:dropped
                                                      Size (bytes):5
                                                      Entropy (8bit):2.321928094887362
                                                      Encrypted:false
                                                      SSDEEP:3:bJn:ln
                                                      MD5:CA784DEF220BBE896ADAA8AEB77DD167
                                                      SHA1:5ABA13B73A989708B0F8672D9E5F126F763969EB
                                                      SHA-256:1E8E9D144C8FDB15B92D37E4910B9B11B8786F7657CF1004F609BA3991A2093D
                                                      SHA-512:B915AC509EE80D5B777EC1F4DAE0F039173E3521EC93543A2F1811C4A34423F667DF657155B1310E621C7A432D84D0656D475CA932E59A4B43F357DDD268B3F0
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview:6354.
                                                      Process:/usr/bin/gpu-manager
                                                      File Type:ASCII text
                                                      Category:dropped
                                                      Size (bytes):25
                                                      Entropy (8bit):2.7550849518197795
                                                      Encrypted:false
                                                      SSDEEP:3:JoT/V9fDVbn:M/V3n
                                                      MD5:078760523943E160756979906B85FB5E
                                                      SHA1:0962643266F4C5537F7D125046F28F21D6DD0C89
                                                      SHA-256:048416AC7A9A99690B8B53718CD39F32F637B55CC8DD8E67E58E5AEF060DD41C
                                                      SHA-512:DEFAAE8F8B54C61A716A0B0B4884358FEB8EB44DFEA01AAA5A687FDA7182792B7DEBB34AA840672EB3B40EB59FD0186749E08E47D181786C7FAA8C8F73F0104D
                                                      Malicious:false
                                                      Reputation:moderate, very likely benign file
                                                      Preview:15ad:0405;0000:00:0f:0;1.
                                                      Process:/usr/bin/gpu-manager
                                                      File Type:ASCII text
                                                      Category:dropped
                                                      Size (bytes):1371
                                                      Entropy (8bit):4.8296848499188485
                                                      Encrypted:false
                                                      SSDEEP:24:wPXXX9uV6BNu3WDF3GF3XFFxFFed2uk2HUvJlfWkpPpx7uvvAdow9555cJz:wPXXXe6vejpeC2HUR5WkpPpcvAdow95O
                                                      MD5:3AF77E630DA00B3BE24F4E8AA5D78B13
                                                      SHA1:BCF2D99E002F6DE2413A183227B011CFBEF5673D
                                                      SHA-256:EB1CBBA20845237B4409274D693FEAE13F835274DA3337B7A9D14F4D7FDF9DEA
                                                      SHA-512:8524B1E8A761F962B32F396812099B9B0B2DCF3C9FCA8605424753CFCFF4DC67EDC5EE1D8C91B9C0ED7FAE6BB1E752898B8D514B7C421D1839D6FEDA609C593C
                                                      Malicious:false
                                                      Reputation:moderate, very likely benign file
                                                      Preview:log_file: /var/log/gpu-manager.log.last_boot_file: /var/lib/ubuntu-drivers-common/last_gfx_boot.new_boot_file: /var/lib/ubuntu-drivers-common/last_gfx_boot.can't access /run/u-d-c-nvidia-was-loaded file.can't get module info via kmodcan't access /opt/amdgpu-pro/bin/amdgpu-pro-px.Looking for nvidia modules in /lib/modules/5.4.0-72-generic/kernel.Looking for nvidia modules in /lib/modules/5.4.0-72-generic/updates/dkms.Looking for amdgpu modules in /lib/modules/5.4.0-72-generic/kernel.Looking for amdgpu modules in /lib/modules/5.4.0-72-generic/updates/dkms.Is nvidia loaded? no.Was nvidia unloaded? no.Is nvidia blacklisted? no.Is intel loaded? no.Is radeon loaded? no.Is radeon blacklisted? no.Is amdgpu loaded? no.Is amdgpu blacklisted? no.Is amdgpu versioned? no.Is amdgpu pro stack? no.Is nouveau loaded? no.Is nouveau blacklisted? no.Is nvidia kernel module available? no.Is amdgpu kernel module available? no.Vendor/Device Id: 15ad:405.BusID "PCI:0@0:15:0".Is boot vga? yes.Error: can't acce

                                                      Static File Info

                                                      General

                                                      File type:ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, no section header
                                                      Entropy (8bit):7.899818688272102
                                                      TrID:
                                                      • ELF Executable and Linkable format (Linux) (4029/14) 50.16%
                                                      • ELF Executable and Linkable format (generic) (4004/1) 49.84%
                                                      File name:xd.mips.elf
                                                      File size:30'960 bytes
                                                      MD5:342e23bbcc7b5b70d43f0335323dc82d
                                                      SHA1:ac3c550c5555caa170381bbee534394c2ea1d776
                                                      SHA256:c5bd0777ae7e457a3d40dd6fa5d604cc93ca845389dc5e732fd1c7591eb04d15
                                                      SHA512:637f3efcd41610d7c4bc544fdd0f064bffdce9bade6041a589def88b1a1f2b2af8c6152caec187b92b99063b08680799c797b4623f9c71771fa725a980ccfe22
                                                      SSDEEP:768:ih1AbbA5cYnQttg2C39wYt/I6wOYnJgGlzDpbuR1J1:ILvQtZlYtG7lVJuf
                                                      TLSH:61D2E19A1B0049AED45684F76AF082453A6046736CD0ADD7BD0EF6A7DB293E074F79C0
                                                      File Content Preview:.ELF......................dx...4.........4. ...(......................w...w...............[X.E[X.E[X....................UPX!.h........X...X........U.......?.E.h4...@b..) ..]....E......Rfp.EPD0@..n..y..O1..V.c..P...P..kG*..c.:..;.7.q:.$.P..N...`...........

                                                      Static ELF Info

                                                      ELF header

                                                      Class:ELF32
                                                      Data:2's complement, big endian
                                                      Version:1 (current)
                                                      Machine:MIPS R3000
                                                      Version Number:0x1
                                                      Type:EXEC (Executable file)
                                                      OS/ABI:UNIX - System V
                                                      ABI Version:0
                                                      Entry Point Address:0x106478
                                                      Flags:0x1007
                                                      ELF Header Size:52
                                                      Program Header Offset:52
                                                      Program Header Size:32
                                                      Number of Program Headers:2
                                                      Section Header Offset:0
                                                      Section Header Size:40
                                                      Number of Section Headers:0
                                                      Header String Table Index:0

                                                      Program Segments

                                                      TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                                      LOAD0x00x1000000x1000000x77bc0x77bc7.90330x5R E0x10000
                                                      LOAD0x5b580x455b580x455b580x00x00.00000x6RW 0x10000

                                                      Network Behavior

                                                      Download Network PCAP: filteredfull

                                                      Network Port Distribution

                                                      • Total Packets: 202
                                                      • 7887 undefined
                                                      • 443 (HTTPS)
                                                      • 80 (HTTP)
                                                      • 53 (DNS)
                                                      • 23 (Telnet)
                                                      TimestampSource PortDest PortSource IPDest IP
                                                      Apr 2, 2025 21:58:21.792273998 CEST605267887192.168.2.23213.209.129.92
                                                      Apr 2, 2025 21:58:21.813446045 CEST1171123192.168.2.23175.137.38.180
                                                      Apr 2, 2025 21:58:21.813448906 CEST1171123192.168.2.2317.142.236.129
                                                      Apr 2, 2025 21:58:21.813468933 CEST1171123192.168.2.2312.74.131.132
                                                      Apr 2, 2025 21:58:21.813489914 CEST1171123192.168.2.23183.62.48.167
                                                      Apr 2, 2025 21:58:21.813498020 CEST1171123192.168.2.23188.54.209.142
                                                      Apr 2, 2025 21:58:21.813518047 CEST1171123192.168.2.23213.197.231.129
                                                      Apr 2, 2025 21:58:21.813535929 CEST1171123192.168.2.2370.80.151.138
                                                      Apr 2, 2025 21:58:21.813548088 CEST1171123192.168.2.23146.158.1.144
                                                      Apr 2, 2025 21:58:21.813585997 CEST1171123192.168.2.2396.163.229.68
                                                      Apr 2, 2025 21:58:21.813589096 CEST1171123192.168.2.2367.1.238.178
                                                      Apr 2, 2025 21:58:21.813594103 CEST1171123192.168.2.2314.237.24.37
                                                      Apr 2, 2025 21:58:21.813626051 CEST1171123192.168.2.23244.183.230.6
                                                      Apr 2, 2025 21:58:21.813635111 CEST1171123192.168.2.23176.78.240.216
                                                      Apr 2, 2025 21:58:21.813642025 CEST1171123192.168.2.2312.65.219.123
                                                      Apr 2, 2025 21:58:21.813642025 CEST1171123192.168.2.23105.53.32.118
                                                      Apr 2, 2025 21:58:21.813652039 CEST1171123192.168.2.23106.142.130.3
                                                      Apr 2, 2025 21:58:21.813652039 CEST1171123192.168.2.23255.231.126.209
                                                      Apr 2, 2025 21:58:21.813657999 CEST1171123192.168.2.23123.155.84.221
                                                      Apr 2, 2025 21:58:21.813657999 CEST1171123192.168.2.23121.220.221.113
                                                      Apr 2, 2025 21:58:21.813678026 CEST1171123192.168.2.2318.142.166.87
                                                      Apr 2, 2025 21:58:21.813678026 CEST1171123192.168.2.23181.64.11.132
                                                      Apr 2, 2025 21:58:21.813711882 CEST1171123192.168.2.23217.73.118.81
                                                      Apr 2, 2025 21:58:21.813720942 CEST1171123192.168.2.23117.243.50.138
                                                      Apr 2, 2025 21:58:21.813721895 CEST1171123192.168.2.23176.32.194.2
                                                      Apr 2, 2025 21:58:21.813724041 CEST1171123192.168.2.2320.62.246.152
                                                      Apr 2, 2025 21:58:21.813724041 CEST1171123192.168.2.23201.176.104.18
                                                      Apr 2, 2025 21:58:21.813731909 CEST1171123192.168.2.2395.172.183.223
                                                      Apr 2, 2025 21:58:21.813756943 CEST1171123192.168.2.23216.234.201.113
                                                      Apr 2, 2025 21:58:21.813785076 CEST1171123192.168.2.2340.75.181.5
                                                      Apr 2, 2025 21:58:21.813797951 CEST1171123192.168.2.23206.140.40.144
                                                      Apr 2, 2025 21:58:21.813803911 CEST1171123192.168.2.23202.81.111.35
                                                      Apr 2, 2025 21:58:21.813810110 CEST1171123192.168.2.2342.195.43.114
                                                      Apr 2, 2025 21:58:21.813826084 CEST1171123192.168.2.23108.240.174.189
                                                      Apr 2, 2025 21:58:21.813829899 CEST1171123192.168.2.2374.179.8.59
                                                      Apr 2, 2025 21:58:21.813829899 CEST1171123192.168.2.23202.172.193.181
                                                      Apr 2, 2025 21:58:21.813829899 CEST1171123192.168.2.23186.94.165.35
                                                      Apr 2, 2025 21:58:21.813844919 CEST1171123192.168.2.2376.236.3.251
                                                      Apr 2, 2025 21:58:21.813849926 CEST1171123192.168.2.23193.58.198.34
                                                      Apr 2, 2025 21:58:21.813863993 CEST1171123192.168.2.2386.112.20.12
                                                      Apr 2, 2025 21:58:21.813884974 CEST1171123192.168.2.23114.22.137.203
                                                      Apr 2, 2025 21:58:21.813889980 CEST1171123192.168.2.23109.160.136.193
                                                      Apr 2, 2025 21:58:21.813910007 CEST1171123192.168.2.23186.141.135.10
                                                      Apr 2, 2025 21:58:21.813934088 CEST1171123192.168.2.23144.41.1.111
                                                      Apr 2, 2025 21:58:21.813935995 CEST1171123192.168.2.23126.196.152.33
                                                      Apr 2, 2025 21:58:21.813939095 CEST1171123192.168.2.23193.80.159.223
                                                      Apr 2, 2025 21:58:21.813961983 CEST1171123192.168.2.23156.239.56.12
                                                      Apr 2, 2025 21:58:21.813967943 CEST1171123192.168.2.23142.212.178.53
                                                      Apr 2, 2025 21:58:21.813967943 CEST1171123192.168.2.23111.75.162.99
                                                      Apr 2, 2025 21:58:21.813970089 CEST1171123192.168.2.232.162.124.54
                                                      Apr 2, 2025 21:58:21.813977003 CEST1171123192.168.2.234.184.114.7
                                                      Apr 2, 2025 21:58:21.813977957 CEST1171123192.168.2.23145.95.187.147
                                                      Apr 2, 2025 21:58:21.814027071 CEST1171123192.168.2.2317.197.255.47
                                                      Apr 2, 2025 21:58:21.814035892 CEST1171123192.168.2.23178.195.0.18
                                                      Apr 2, 2025 21:58:21.814055920 CEST1171123192.168.2.23139.18.43.139
                                                      Apr 2, 2025 21:58:21.814060926 CEST1171123192.168.2.23213.70.7.213
                                                      Apr 2, 2025 21:58:21.814085960 CEST1171123192.168.2.2385.151.108.48
                                                      Apr 2, 2025 21:58:21.814112902 CEST1171123192.168.2.23156.52.17.234
                                                      Apr 2, 2025 21:58:21.814112902 CEST1171123192.168.2.2377.85.48.179
                                                      Apr 2, 2025 21:58:21.814146996 CEST1171123192.168.2.2317.178.100.66
                                                      Apr 2, 2025 21:58:21.814151049 CEST1171123192.168.2.23159.216.144.171
                                                      Apr 2, 2025 21:58:21.814187050 CEST1171123192.168.2.2388.226.104.38
                                                      Apr 2, 2025 21:58:21.814188957 CEST1171123192.168.2.23158.193.160.146
                                                      Apr 2, 2025 21:58:21.814202070 CEST1171123192.168.2.2314.252.151.97
                                                      Apr 2, 2025 21:58:21.814202070 CEST1171123192.168.2.23190.136.166.254
                                                      Apr 2, 2025 21:58:21.814212084 CEST1171123192.168.2.23120.96.146.140
                                                      Apr 2, 2025 21:58:21.814227104 CEST1171123192.168.2.2377.118.136.111
                                                      Apr 2, 2025 21:58:21.814251900 CEST1171123192.168.2.23174.130.227.45
                                                      Apr 2, 2025 21:58:21.814254045 CEST1171123192.168.2.23186.83.236.137
                                                      Apr 2, 2025 21:58:21.814301014 CEST1171123192.168.2.2378.156.58.186
                                                      Apr 2, 2025 21:58:21.814305067 CEST1171123192.168.2.23245.80.212.0
                                                      Apr 2, 2025 21:58:21.814326048 CEST1171123192.168.2.2337.26.158.151
                                                      Apr 2, 2025 21:58:21.814331055 CEST1171123192.168.2.2395.246.196.234
                                                      Apr 2, 2025 21:58:21.814388990 CEST1171123192.168.2.2313.141.213.197
                                                      Apr 2, 2025 21:58:21.814414978 CEST1171123192.168.2.235.168.65.102
                                                      Apr 2, 2025 21:58:21.814425945 CEST1171123192.168.2.23177.119.97.37
                                                      Apr 2, 2025 21:58:21.814439058 CEST1171123192.168.2.2384.14.222.134
                                                      Apr 2, 2025 21:58:21.814439058 CEST1171123192.168.2.2316.59.70.176
                                                      Apr 2, 2025 21:58:21.814439058 CEST1171123192.168.2.23219.181.211.83
                                                      Apr 2, 2025 21:58:21.814443111 CEST1171123192.168.2.23114.133.81.108
                                                      Apr 2, 2025 21:58:21.814445019 CEST1171123192.168.2.23245.224.70.75
                                                      Apr 2, 2025 21:58:21.814457893 CEST1171123192.168.2.2384.219.156.129
                                                      Apr 2, 2025 21:58:21.814491987 CEST1171123192.168.2.23185.69.53.235
                                                      Apr 2, 2025 21:58:21.814502954 CEST1171123192.168.2.23151.212.151.129
                                                      Apr 2, 2025 21:58:21.814515114 CEST1171123192.168.2.2396.40.232.165
                                                      Apr 2, 2025 21:58:21.814527988 CEST1171123192.168.2.23194.105.57.95
                                                      Apr 2, 2025 21:58:21.814552069 CEST1171123192.168.2.23243.26.147.251
                                                      Apr 2, 2025 21:58:21.814559937 CEST1171123192.168.2.23104.108.101.199
                                                      Apr 2, 2025 21:58:21.814563036 CEST1171123192.168.2.235.36.223.206
                                                      Apr 2, 2025 21:58:21.814563036 CEST1171123192.168.2.2317.107.170.66
                                                      Apr 2, 2025 21:58:21.814568996 CEST1171123192.168.2.23112.222.141.255
                                                      Apr 2, 2025 21:58:21.814574003 CEST1171123192.168.2.2399.32.229.162
                                                      Apr 2, 2025 21:58:21.814589977 CEST1171123192.168.2.23108.172.240.181
                                                      Apr 2, 2025 21:58:21.814589977 CEST1171123192.168.2.2327.178.85.117
                                                      Apr 2, 2025 21:58:21.814589977 CEST1171123192.168.2.23160.70.13.210
                                                      Apr 2, 2025 21:58:21.814589977 CEST1171123192.168.2.23254.214.155.213
                                                      Apr 2, 2025 21:58:21.814591885 CEST1171123192.168.2.23242.30.219.219
                                                      Apr 2, 2025 21:58:21.814604998 CEST1171123192.168.2.2336.88.166.174
                                                      Apr 2, 2025 21:58:21.814606905 CEST1171123192.168.2.23151.221.212.102
                                                      Apr 2, 2025 21:58:21.814609051 CEST1171123192.168.2.23170.239.159.143
                                                      Apr 2, 2025 21:58:21.814632893 CEST1171123192.168.2.2367.181.143.250
                                                      Apr 2, 2025 21:58:21.814635038 CEST1171123192.168.2.23175.31.116.136
                                                      Apr 2, 2025 21:58:21.814635038 CEST1171123192.168.2.23216.214.159.24
                                                      Apr 2, 2025 21:58:21.814654112 CEST1171123192.168.2.23222.147.212.119
                                                      Apr 2, 2025 21:58:21.814661026 CEST1171123192.168.2.23173.41.61.2
                                                      Apr 2, 2025 21:58:21.814661980 CEST1171123192.168.2.23123.228.228.157
                                                      Apr 2, 2025 21:58:21.814707994 CEST1171123192.168.2.2317.113.249.224
                                                      Apr 2, 2025 21:58:21.814708948 CEST1171123192.168.2.2395.52.159.210
                                                      Apr 2, 2025 21:58:21.814724922 CEST1171123192.168.2.23222.142.55.135
                                                      Apr 2, 2025 21:58:21.814726114 CEST1171123192.168.2.2314.209.51.203
                                                      Apr 2, 2025 21:58:21.814735889 CEST1171123192.168.2.23168.94.42.87
                                                      Apr 2, 2025 21:58:21.814743996 CEST1171123192.168.2.2388.205.125.52
                                                      Apr 2, 2025 21:58:21.814755917 CEST1171123192.168.2.23147.138.211.171
                                                      Apr 2, 2025 21:58:21.814760923 CEST1171123192.168.2.2367.9.109.45
                                                      Apr 2, 2025 21:58:21.814764023 CEST1171123192.168.2.2344.80.77.10
                                                      Apr 2, 2025 21:58:21.814766884 CEST1171123192.168.2.2395.153.205.74
                                                      Apr 2, 2025 21:58:21.814789057 CEST1171123192.168.2.23162.160.13.188
                                                      Apr 2, 2025 21:58:21.815068960 CEST1171123192.168.2.23163.187.108.187
                                                      Apr 2, 2025 21:58:21.815074921 CEST1171123192.168.2.23185.83.17.239
                                                      Apr 2, 2025 21:58:21.815080881 CEST1171123192.168.2.23154.13.177.194
                                                      Apr 2, 2025 21:58:21.815119982 CEST1171123192.168.2.2372.243.88.50
                                                      Apr 2, 2025 21:58:21.815121889 CEST1171123192.168.2.2377.93.31.221
                                                      Apr 2, 2025 21:58:21.815139055 CEST1171123192.168.2.23159.113.142.128
                                                      Apr 2, 2025 21:58:21.815140009 CEST1171123192.168.2.23182.52.45.206
                                                      Apr 2, 2025 21:58:21.815139055 CEST1171123192.168.2.23154.1.62.160
                                                      Apr 2, 2025 21:58:21.815150976 CEST1171123192.168.2.2392.28.75.56
                                                      Apr 2, 2025 21:58:21.815171957 CEST1171123192.168.2.2339.40.31.152
                                                      Apr 2, 2025 21:58:21.815176010 CEST1171123192.168.2.2323.86.35.18
                                                      Apr 2, 2025 21:58:21.815190077 CEST1171123192.168.2.2347.6.234.127
                                                      Apr 2, 2025 21:58:21.815190077 CEST1171123192.168.2.2370.89.149.56
                                                      Apr 2, 2025 21:58:21.815195084 CEST1171123192.168.2.23142.92.161.124
                                                      Apr 2, 2025 21:58:21.815217018 CEST1171123192.168.2.23241.31.45.231
                                                      Apr 2, 2025 21:58:21.815217018 CEST1171123192.168.2.2313.0.166.226
                                                      Apr 2, 2025 21:58:21.815217972 CEST1171123192.168.2.23176.136.254.52
                                                      Apr 2, 2025 21:58:21.815221071 CEST1171123192.168.2.2369.107.250.149
                                                      Apr 2, 2025 21:58:21.815222979 CEST1171123192.168.2.23114.91.84.233
                                                      Apr 2, 2025 21:58:21.815232992 CEST1171123192.168.2.23255.19.103.101
                                                      Apr 2, 2025 21:58:21.815233946 CEST1171123192.168.2.2387.51.83.17
                                                      Apr 2, 2025 21:58:21.815251112 CEST1171123192.168.2.2340.53.69.94
                                                      Apr 2, 2025 21:58:21.815252066 CEST1171123192.168.2.23146.59.188.32
                                                      Apr 2, 2025 21:58:21.815268040 CEST1171123192.168.2.2342.109.233.62
                                                      Apr 2, 2025 21:58:21.815280914 CEST1171123192.168.2.23219.59.187.253
                                                      Apr 2, 2025 21:58:21.815296888 CEST1171123192.168.2.2324.127.115.50
                                                      Apr 2, 2025 21:58:21.815346003 CEST1171123192.168.2.23249.44.129.65
                                                      Apr 2, 2025 21:58:21.815346956 CEST1171123192.168.2.23167.245.3.153
                                                      Apr 2, 2025 21:58:21.815359116 CEST1171123192.168.2.23161.229.100.105
                                                      Apr 2, 2025 21:58:21.815380096 CEST1171123192.168.2.23172.37.179.209
                                                      Apr 2, 2025 21:58:21.815381050 CEST1171123192.168.2.2342.142.170.20
                                                      Apr 2, 2025 21:58:21.815413952 CEST1171123192.168.2.2371.101.46.39
                                                      Apr 2, 2025 21:58:21.815440893 CEST1171123192.168.2.23124.183.73.109
                                                      Apr 2, 2025 21:58:21.815440893 CEST1171123192.168.2.23181.231.211.118
                                                      Apr 2, 2025 21:58:21.815444946 CEST1171123192.168.2.23206.206.164.160
                                                      Apr 2, 2025 21:58:21.815444946 CEST1171123192.168.2.23102.55.170.147
                                                      Apr 2, 2025 21:58:21.815494061 CEST1171123192.168.2.2399.218.242.172
                                                      Apr 2, 2025 21:58:22.020771027 CEST788760526213.209.129.92192.168.2.23
                                                      Apr 2, 2025 21:58:22.020899057 CEST605267887192.168.2.23213.209.129.92
                                                      Apr 2, 2025 21:58:22.481882095 CEST605267887192.168.2.23213.209.129.92
                                                      Apr 2, 2025 21:58:22.706264973 CEST788760526213.209.129.92192.168.2.23
                                                      Apr 2, 2025 21:58:22.706351042 CEST605267887192.168.2.23213.209.129.92
                                                      Apr 2, 2025 21:58:24.187520027 CEST42836443192.168.2.2391.189.91.43
                                                      Apr 2, 2025 21:58:24.955075979 CEST4251680192.168.2.23109.202.202.202
                                                      Apr 2, 2025 21:58:39.033145905 CEST43928443192.168.2.2391.189.91.42
                                                      Apr 2, 2025 21:58:46.261703968 CEST53068443192.168.2.23162.213.35.25
                                                      Apr 2, 2025 21:58:46.261816978 CEST44353068162.213.35.25192.168.2.23
                                                      Apr 2, 2025 21:58:46.261883974 CEST53068443192.168.2.23162.213.35.25
                                                      Apr 2, 2025 21:58:47.536869049 CEST53068443192.168.2.23162.213.35.25
                                                      Apr 2, 2025 21:58:47.536899090 CEST44353068162.213.35.25192.168.2.23
                                                      Apr 2, 2025 21:58:47.779268980 CEST44353068162.213.35.25192.168.2.23
                                                      Apr 2, 2025 21:58:47.779361963 CEST53068443192.168.2.23162.213.35.25
                                                      Apr 2, 2025 21:58:47.779633999 CEST53068443192.168.2.23162.213.35.25
                                                      Apr 2, 2025 21:58:47.779640913 CEST44353068162.213.35.25192.168.2.23
                                                      Apr 2, 2025 21:58:47.779922962 CEST53068443192.168.2.23162.213.35.25
                                                      Apr 2, 2025 21:58:47.779933929 CEST44353068162.213.35.25192.168.2.23
                                                      Apr 2, 2025 21:58:47.780025005 CEST44353068162.213.35.25192.168.2.23
                                                      Apr 2, 2025 21:58:47.780070066 CEST53068443192.168.2.23162.213.35.25
                                                      Apr 2, 2025 21:58:47.780078888 CEST44353068162.213.35.25192.168.2.23
                                                      Apr 2, 2025 21:58:47.780117035 CEST53068443192.168.2.23162.213.35.25
                                                      Apr 2, 2025 21:58:47.780493975 CEST53068443192.168.2.23162.213.35.25
                                                      Apr 2, 2025 21:58:47.824271917 CEST44353068162.213.35.25192.168.2.23
                                                      Apr 2, 2025 21:58:47.976808071 CEST44353068162.213.35.25192.168.2.23
                                                      Apr 2, 2025 21:58:47.976871014 CEST53068443192.168.2.23162.213.35.25
                                                      Apr 2, 2025 21:58:47.976957083 CEST53068443192.168.2.23162.213.35.25
                                                      Apr 2, 2025 21:58:47.976957083 CEST53068443192.168.2.23162.213.35.25
                                                      Apr 2, 2025 21:58:47.976983070 CEST44353068162.213.35.25192.168.2.23
                                                      Apr 2, 2025 21:58:47.976994991 CEST44353068162.213.35.25192.168.2.23
                                                      Apr 2, 2025 21:58:47.977026939 CEST53068443192.168.2.23162.213.35.25
                                                      Apr 2, 2025 21:58:47.977026939 CEST53068443192.168.2.23162.213.35.25
                                                      Apr 2, 2025 21:58:47.977036953 CEST44353068162.213.35.25192.168.2.23
                                                      Apr 2, 2025 21:58:47.977051020 CEST44353068162.213.35.25192.168.2.23
                                                      Apr 2, 2025 21:58:47.977070093 CEST53068443192.168.2.23162.213.35.25
                                                      Apr 2, 2025 21:58:47.977083921 CEST53068443192.168.2.23162.213.35.25
                                                      Apr 2, 2025 21:58:47.977092028 CEST44353068162.213.35.25192.168.2.23
                                                      Apr 2, 2025 21:58:47.977099895 CEST53068443192.168.2.23162.213.35.25
                                                      Apr 2, 2025 21:58:47.977113008 CEST44353068162.213.35.25192.168.2.23
                                                      Apr 2, 2025 21:58:47.977116108 CEST53068443192.168.2.23162.213.35.25
                                                      Apr 2, 2025 21:58:47.977139950 CEST53068443192.168.2.23162.213.35.25
                                                      Apr 2, 2025 21:58:47.977159023 CEST53068443192.168.2.23162.213.35.25
                                                      Apr 2, 2025 21:58:47.977247000 CEST44353068162.213.35.25192.168.2.23
                                                      Apr 2, 2025 21:58:47.977308989 CEST53068443192.168.2.23162.213.35.25
                                                      Apr 2, 2025 21:58:47.977319002 CEST44353068162.213.35.25192.168.2.23
                                                      Apr 2, 2025 21:58:47.977343082 CEST53068443192.168.2.23162.213.35.25
                                                      Apr 2, 2025 21:58:47.977343082 CEST53068443192.168.2.23162.213.35.25
                                                      Apr 2, 2025 21:58:47.977371931 CEST53068443192.168.2.23162.213.35.25
                                                      Apr 2, 2025 21:58:47.977615118 CEST44353068162.213.35.25192.168.2.23
                                                      Apr 2, 2025 21:58:47.977678061 CEST53068443192.168.2.23162.213.35.25
                                                      Apr 2, 2025 21:58:47.977686882 CEST44353068162.213.35.25192.168.2.23
                                                      Apr 2, 2025 21:58:47.977704048 CEST53068443192.168.2.23162.213.35.25
                                                      Apr 2, 2025 21:58:47.977713108 CEST44353068162.213.35.25192.168.2.23
                                                      Apr 2, 2025 21:58:47.977729082 CEST53068443192.168.2.23162.213.35.25
                                                      Apr 2, 2025 21:58:47.977729082 CEST53068443192.168.2.23162.213.35.25
                                                      Apr 2, 2025 21:58:47.977735996 CEST44353068162.213.35.25192.168.2.23
                                                      Apr 2, 2025 21:58:47.977750063 CEST44353068162.213.35.25192.168.2.23
                                                      Apr 2, 2025 21:58:47.977757931 CEST53068443192.168.2.23162.213.35.25
                                                      Apr 2, 2025 21:58:47.977775097 CEST53068443192.168.2.23162.213.35.25
                                                      Apr 2, 2025 21:58:47.977775097 CEST53068443192.168.2.23162.213.35.25
                                                      Apr 2, 2025 21:58:47.977777004 CEST44353068162.213.35.25192.168.2.23
                                                      Apr 2, 2025 21:58:47.977793932 CEST53068443192.168.2.23162.213.35.25
                                                      Apr 2, 2025 21:58:47.977793932 CEST53068443192.168.2.23162.213.35.25
                                                      Apr 2, 2025 21:58:47.977797031 CEST44353068162.213.35.25192.168.2.23
                                                      Apr 2, 2025 21:58:47.977813959 CEST53068443192.168.2.23162.213.35.25
                                                      Apr 2, 2025 21:58:47.977814913 CEST44353068162.213.35.25192.168.2.23
                                                      Apr 2, 2025 21:58:48.020288944 CEST44353068162.213.35.25192.168.2.23
                                                      Apr 2, 2025 21:58:48.406717062 CEST44353068162.213.35.25192.168.2.23
                                                      Apr 2, 2025 21:58:48.406797886 CEST53068443192.168.2.23162.213.35.25
                                                      Apr 2, 2025 21:58:48.406810045 CEST44353068162.213.35.25192.168.2.23
                                                      Apr 2, 2025 21:58:48.406853914 CEST53068443192.168.2.23162.213.35.25
                                                      Apr 2, 2025 21:58:48.406860113 CEST44353068162.213.35.25192.168.2.23
                                                      Apr 2, 2025 21:58:48.406887054 CEST44353068162.213.35.25192.168.2.23
                                                      Apr 2, 2025 21:58:51.319436073 CEST42836443192.168.2.2391.189.91.43
                                                      Apr 2, 2025 21:58:55.414942980 CEST4251680192.168.2.23109.202.202.202
                                                      Apr 2, 2025 21:59:19.987790108 CEST43928443192.168.2.2391.189.91.42
                                                      TimestampSource PortDest PortSource IPDest IP
                                                      Apr 2, 2025 21:58:45.996922970 CEST5002253192.168.2.231.1.1.1
                                                      Apr 2, 2025 21:58:45.996973991 CEST4122553192.168.2.231.1.1.1
                                                      Apr 2, 2025 21:58:46.102761030 CEST53412251.1.1.1192.168.2.23
                                                      Apr 2, 2025 21:58:46.111608028 CEST53500221.1.1.1192.168.2.23
                                                      Apr 2, 2025 21:58:46.155656099 CEST3496353192.168.2.231.1.1.1
                                                      Apr 2, 2025 21:58:46.256572008 CEST53349631.1.1.1192.168.2.23
                                                      TimestampSource IPDest IPChecksumCodeType
                                                      Apr 2, 2025 21:58:48.340548992 CEST192.168.2.23192.168.2.18283(Port unreachable)Destination Unreachable
                                                      Apr 2, 2025 22:00:08.358928919 CEST192.168.2.23192.168.2.18283(Port unreachable)Destination Unreachable

                                                      DNS Queries

                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                      Apr 2, 2025 21:58:45.996922970 CEST192.168.2.231.1.1.10xa135Standard query (0)daisy.ubuntu.comA (IP address)IN (0x0001)false
                                                      Apr 2, 2025 21:58:45.996973991 CEST192.168.2.231.1.1.10xf154Standard query (0)daisy.ubuntu.com28IN (0x0001)false
                                                      Apr 2, 2025 21:58:46.155656099 CEST192.168.2.231.1.1.10x27bcStandard query (0)daisy.ubuntu.com28IN (0x0001)false

                                                      DNS Answers

                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                      Apr 2, 2025 21:58:46.111608028 CEST1.1.1.1192.168.2.230xa135No error (0)daisy.ubuntu.com162.213.35.24A (IP address)IN (0x0001)false
                                                      Apr 2, 2025 21:58:46.111608028 CEST1.1.1.1192.168.2.230xa135No error (0)daisy.ubuntu.com162.213.35.25A (IP address)IN (0x0001)false

                                                      HTTP Request Dependency Graph

                                                      • daisy.ubuntu.com

                                                      HTTPS Proxied Packets

                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                      0192.168.2.2353068162.213.35.25443
                                                      TimestampBytes transferredDirectionData
                                                      2025-04-02 19:58:47 UTC307OUTPOST /9aadafe2051348cd32033e1cad68f0a5fe46fba3240ac1e6e42158f31b8a1371790c09baf3996b4979fe8e533446c7dedf30f654c68b25357334c66911dc6a9e HTTP/1.1
                                                      Host: daisy.ubuntu.com
                                                      Accept: */*
                                                      Content-Type: application/octet-stream
                                                      X-Whoopsie-Version: 0.2.69ubuntu0.3
                                                      Content-Length: 164887
                                                      Expect: 100-continue
                                                      2025-04-02 19:58:47 UTC25INHTTP/1.1 100 Continue
                                                      2025-04-02 19:58:47 UTC16384OUTData Raw: 17 84 02 00 02 50 72 6f 63 45 6e 76 69 72 6f 6e 00 4e 00 00 00 50 41 54 48 3d 28 63 75 73 74 6f 6d 2c 20 6e 6f 20 75 73 65 72 29 0a 58 44 47 5f 52 55 4e 54 49 4d 45 5f 44 49 52 3d 3c 73 65 74 3e 0a 4c 41 4e 47 3d 65 6e 5f 55 53 2e 55 54 46 2d 38 0a 53 48 45 4c 4c 3d 2f 62 69 6e 2f 62 61 73 68 00 02 5f 4c 6f 67 69 6e 64 53 65 73 73 69 6f 6e 00 02 00 00 00 35 00 02 44 61 74 65 00 19 00 00 00 54 75 65 20 41 75 67 20 31 37 20 32 30 3a 31 38 3a 30 34 20 32 30 32 31 00 02 53 6f 75 72 63 65 50 61 63 6b 61 67 65 00 0d 00 00 00 6c 69 67 68 74 2d 6c 6f 63 6b 65 72 00 02 50 61 63 6b 61 67 65 41 72 63 68 69 74 65 63 74 75 72 65 00 06 00 00 00 61 6d 64 36 34 00 02 41 72 63 68 69 74 65 63 74 75 72 65 00 06 00 00 00 61 6d 64 36 34 00 02 44 69 73 74 72 6f 52 65 6c 65 61
                                                      Data Ascii: ProcEnvironNPATH=(custom, no user)XDG_RUNTIME_DIR=<set>LANG=en_US.UTF-8SHELL=/bin/bash_LogindSession5DateTue Aug 17 20:18:04 2021SourcePackagelight-lockerPackageArchitectureamd64Architectureamd64DistroRelea
                                                      2025-04-02 19:58:47 UTC16384OUTData Raw: 74 75 34 2e 31 0a 6c 69 62 70 61 6d 2d 72 75 6e 74 69 6d 65 20 31 2e 33 2e 31 2d 35 75 62 75 6e 74 75 34 2e 31 0a 6c 69 62 70 61 6d 2d 73 79 73 74 65 6d 64 20 32 34 35 2e 34 2d 34 75 62 75 6e 74 75 33 2e 31 31 0a 6c 69 62 70 61 6d 30 67 20 31 2e 33 2e 31 2d 35 75 62 75 6e 74 75 34 2e 31 0a 6c 69 62 70 61 6e 67 6f 2d 31 2e 30 2d 30 20 31 2e 34 34 2e 37 2d 32 75 62 75 6e 74 75 34 0a 6c 69 62 70 61 6e 67 6f 63 61 69 72 6f 2d 31 2e 30 2d 30 20 31 2e 34 34 2e 37 2d 32 75 62 75 6e 74 75 34 0a 6c 69 62 70 61 6e 67 6f 66 74 32 2d 31 2e 30 2d 30 20 31 2e 34 34 2e 37 2d 32 75 62 75 6e 74 75 34 0a 6c 69 62 70 61 6e 67 6f 78 66 74 2d 31 2e 30 2d 30 20 31 2e 34 34 2e 37 2d 32 75 62 75 6e 74 75 34 0a 6c 69 62 70 61 70 65 72 2d 75 74 69 6c 73 20 31 2e 31 2e 32 38 0a 6c
                                                      Data Ascii: tu4.1libpam-runtime 1.3.1-5ubuntu4.1libpam-systemd 245.4-4ubuntu3.11libpam0g 1.3.1-5ubuntu4.1libpango-1.0-0 1.44.7-2ubuntu4libpangocairo-1.0-0 1.44.7-2ubuntu4libpangoft2-1.0-0 1.44.7-2ubuntu4libpangoxft-1.0-0 1.44.7-2ubuntu4libpaper-utils 1.1.28l
                                                      2025-04-02 19:58:47 UTC16384OUTData Raw: 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 67 73 20 20 20 20 20 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 6b 30 20 20 20 20 20 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 6b 31 20 20 20 20 20 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 6b 32 20 20 20 20 20 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 6b 33 20 20 20 20 20 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 6b 34 20 20 20 20 20 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 6b 35 20
                                                      Data Ascii: 0x0 0gs 0x0 0k0 0x0 0k1 0x0 0k2 0x0 0k3 0x0 0k4 0x0 0k5
                                                      2025-04-02 19:58:47 UTC16384OUTData Raw: 20 20 20 20 20 20 20 20 20 2f 75 73 72 2f 6c 69 62 2f 78 38 36 5f 36 34 2d 6c 69 6e 75 78 2d 67 6e 75 2f 6c 69 62 78 63 62 2d 72 65 6e 64 65 72 2e 73 6f 2e 30 2e 30 2e 30 0a 37 66 37 39 31 63 30 37 34 30 30 30 2d 37 66 37 39 31 63 30 37 35 30 30 30 20 2d 2d 2d 70 20 30 30 30 30 63 30 30 30 20 66 64 3a 30 30 20 38 30 36 32 36 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2f 75 73 72 2f 6c 69 62 2f 78 38 36 5f 36 34 2d 6c 69 6e 75 78 2d 67 6e 75 2f 6c 69 62 78 63 62 2d 72 65 6e 64 65 72 2e 73 6f 2e 30 2e 30 2e 30 0a 37 66 37 39 31 63 30 37 35 30 30 30 2d 37 66 37 39 31 63 30 37 36 30 30 30 20 72 2d 2d 70 20 30 30 30 30 63 30 30 30 20 66 64 3a 30 30 20 38 30 36 32 36 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2f 75
                                                      Data Ascii: /usr/lib/x86_64-linux-gnu/libxcb-render.so.0.0.07f791c074000-7f791c075000 ---p 0000c000 fd:00 806260 /usr/lib/x86_64-linux-gnu/libxcb-render.so.0.0.07f791c075000-7f791c076000 r--p 0000c000 fd:00 806260 /u
                                                      2025-04-02 19:58:47 UTC16384OUTData Raw: 6e 75 78 2d 67 6e 75 2f 6c 69 62 67 64 6b 5f 70 69 78 62 75 66 2d 32 2e 30 2e 73 6f 2e 30 2e 34 30 30 30 2e 30 0a 37 66 37 39 31 63 37 37 33 30 30 30 2d 37 66 37 39 31 63 37 37 34 30 30 30 20 72 77 2d 70 20 30 30 30 32 36 30 30 30 20 66 64 3a 30 30 20 38 30 36 32 34 35 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2f 75 73 72 2f 6c 69 62 2f 78 38 36 5f 36 34 2d 6c 69 6e 75 78 2d 67 6e 75 2f 6c 69 62 67 64 6b 5f 70 69 78 62 75 66 2d 32 2e 30 2e 73 6f 2e 30 2e 34 30 30 30 2e 30 0a 37 66 37 39 31 63 37 37 34 30 30 30 2d 37 66 37 39 31 63 37 37 38 30 30 30 20 72 2d 2d 70 20 30 30 30 30 30 30 30 30 20 66 64 3a 30 30 20 38 30 36 32 36 38 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2f 75 73 72 2f 6c 69 62 2f 78 38 36 5f 36 34
                                                      Data Ascii: nux-gnu/libgdk_pixbuf-2.0.so.0.4000.07f791c773000-7f791c774000 rw-p 00026000 fd:00 806245 /usr/lib/x86_64-linux-gnu/libgdk_pixbuf-2.0.so.0.4000.07f791c774000-7f791c778000 r--p 00000000 fd:00 806268 /usr/lib/x86_64
                                                      2025-04-02 19:58:47 UTC16384OUTData Raw: 20 70 6c 61 74 66 6f 72 6d 20 65 69 73 61 2e 30 3a 20 43 61 6e 6e 6f 74 20 61 6c 6c 6f 63 61 74 65 20 72 65 73 6f 75 72 63 65 20 66 6f 72 20 45 49 53 41 20 73 6c 6f 74 20 37 0a 41 75 67 20 31 37 20 32 30 3a 32 34 3a 34 36 20 67 61 6c 61 73 73 69 61 20 6b 65 72 6e 65 6c 3a 20 70 6c 61 74 66 6f 72 6d 20 65 69 73 61 2e 30 3a 20 43 61 6e 6e 6f 74 20 61 6c 6c 6f 63 61 74 65 20 72 65 73 6f 75 72 63 65 20 66 6f 72 20 45 49 53 41 20 73 6c 6f 74 20 38 0a 41 75 67 20 31 37 20 32 30 3a 32 34 3a 34 36 20 67 61 6c 61 73 73 69 61 20 6b 65 72 6e 65 6c 3a 20 73 64 20 33 32 3a 30 3a 30 3a 30 3a 20 5b 73 64 61 5d 20 41 73 73 75 6d 69 6e 67 20 64 72 69 76 65 20 63 61 63 68 65 3a 20 77 72 69 74 65 20 74 68 72 6f 75 67 68 0a 41 75 67 20 31 37 20 32 30 3a 32 34 3a 34 37 20 67
                                                      Data Ascii: platform eisa.0: Cannot allocate resource for EISA slot 7Aug 17 20:24:46 galassia kernel: platform eisa.0: Cannot allocate resource for EISA slot 8Aug 17 20:24:46 galassia kernel: sd 32:0:0:0: [sda] Assuming drive cache: write throughAug 17 20:24:47 g
                                                      2025-04-02 19:58:47 UTC16384OUTData Raw: 35 35 31 5d 3a 20 28 49 49 29 20 4c 6f 61 64 4d 6f 64 75 6c 65 3a 20 22 66 62 64 65 76 68 77 22 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 34 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 49 49 29 20 4c 6f 61 64 69 6e 67 20 2f 75 73 72 2f 6c 69 62 2f 78 6f 72 67 2f 6d 6f 64 75 6c 65 73 2f 6c 69 62 66 62 64 65 76 68 77 2e 73 6f 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 34 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 49 49 29 20 4d 6f 64 75 6c 65 20 66 62 64 65 76 68 77 3a 20 76 65 6e 64 6f 72 3d 22 58 2e 4f 72 67 20 46 6f 75 6e 64 61 74 69 6f 6e 22 0a 41 75 67 20 31 37
                                                      Data Ascii: 551]: (II) LoadModule: "fbdevhw"Aug 17 20:25:04 galassia /usr/lib/gdm3/gdm-x-session[1551]: (II) Loading /usr/lib/xorg/modules/libfbdevhw.soAug 17 20:25:04 galassia /usr/lib/gdm3/gdm-x-session[1551]: (II) Module fbdevhw: vendor="X.Org Foundation"Aug 17
                                                      2025-04-02 19:58:47 UTC16384OUTData Raw: 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 49 49 29 20 76 6d 77 61 72 65 28 30 29 3a 20 4e 6f 74 20 75 73 69 6e 67 20 64 65 66 61 75 6c 74 20 6d 6f 64 65 20 22 31 39 32 30 78 31 32 30 30 22 20 28 69 6e 73 75 66 66 69 63 69 65 6e 74 20 6d 65 6d 6f 72 79 20 66 6f 72 20 6d 6f 64 65 29 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 35 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 49 49 29 20 76 6d 77 61 72 65 28 30 29 3a 20 4e 6f 74 20 75 73 69 6e 67 20 64 65 66 61 75 6c 74 20 6d 6f 64 65 20 22 39 36 30 78 36 30 30 22 20 28 62 61 64 20 6d 6f 64 65 20 63 6c 6f 63 6b 2f 69 6e 74 65 72 6c 61 63 65 2f 64 6f 75 62 6c 65 73
                                                      Data Ascii: /lib/gdm3/gdm-x-session[1551]: (II) vmware(0): Not using default mode "1920x1200" (insufficient memory for mode)Aug 17 20:25:05 galassia /usr/lib/gdm3/gdm-x-session[1551]: (II) vmware(0): Not using default mode "960x600" (bad mode clock/interlace/doubles
                                                      2025-04-02 19:58:47 UTC16384OUTData Raw: 20 31 33 33 36 20 31 35 32 30 20 20 38 36 34 20 38 36 35 20 38 36 38 20 38 39 35 20 2d 68 73 79 6e 63 20 2b 76 73 79 6e 63 20 28 35 33 2e 37 20 6b 48 7a 20 64 29 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 35 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 2a 2a 29 20 76 6d 77 61 72 65 28 30 29 3a 20 20 44 65 66 61 75 6c 74 20 6d 6f 64 65 20 22 31 30 32 34 78 37 36 38 22 3a 20 39 34 2e 35 20 4d 48 7a 2c 20 36 38 2e 37 20 6b 48 7a 2c 20 38 35 2e 30 20 48 7a 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 35 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 49 49 29 20 76 6d 77 61 72
                                                      Data Ascii: 1336 1520 864 865 868 895 -hsync +vsync (53.7 kHz d)Aug 17 20:25:05 galassia /usr/lib/gdm3/gdm-x-session[1551]: (**) vmware(0): Default mode "1024x768": 94.5 MHz, 68.7 kHz, 85.0 HzAug 17 20:25:05 galassia /usr/lib/gdm3/gdm-x-session[1551]: (II) vmwar
                                                      2025-04-02 19:58:47 UTC16384OUTData Raw: 65 64 20 53 65 74 20 32 20 6b 65 79 62 6f 61 72 64 3a 20 61 6c 77 61 79 73 20 72 65 70 6f 72 74 73 20 63 6f 72 65 20 65 76 65 6e 74 73 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 35 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 2a 2a 29 20 4f 70 74 69 6f 6e 20 22 44 65 76 69 63 65 22 20 22 2f 64 65 76 2f 69 6e 70 75 74 2f 65 76 65 6e 74 31 22 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 35 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 2a 2a 29 20 4f 70 74 69 6f 6e 20 22 5f 73 6f 75 72 63 65 22 20 22 73 65 72 76 65 72 2f 75 64 65 76 22 0a 41 75 67 20 31 37 20 32 30 3a 32 35
                                                      Data Ascii: ed Set 2 keyboard: always reports core eventsAug 17 20:25:05 galassia /usr/lib/gdm3/gdm-x-session[1551]: (**) Option "Device" "/dev/input/event1"Aug 17 20:25:05 galassia /usr/lib/gdm3/gdm-x-session[1551]: (**) Option "_source" "server/udev"Aug 17 20:25
                                                      2025-04-02 19:58:48 UTC279INHTTP/1.1 400 Bad Request
                                                      Date: Wed, 02 Apr 2025 19:58:48 GMT
                                                      Server: gunicorn/19.7.1
                                                      X-Daisy-Revision-Number: 979
                                                      X-Oops-Repository-Version: 0.0.0
                                                      Strict-Transport-Security: max-age=2592000
                                                      Connection: close
                                                      Transfer-Encoding: chunked
                                                      17
                                                      Crash already reported.
                                                      0


                                                      System Behavior

                                                      General

                                                      Start time (UTC):19:58:20
                                                      Start date (UTC):02/04/2025
                                                      Path:/tmp/xd.mips.elf
                                                      Arguments:/tmp/xd.mips.elf
                                                      File size:5777432 bytes
                                                      MD5 hash:0083f1f0e77be34ad27f849842bbb00c

                                                      File Activities

                                                      Process Activities

                                                      System Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):19:58:20
                                                      Start date (UTC):02/04/2025
                                                      Path:/tmp/xd.mips.elf
                                                      Arguments:-
                                                      File size:5777432 bytes
                                                      MD5 hash:0083f1f0e77be34ad27f849842bbb00c

                                                      File Activities

                                                      Process Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):19:58:20
                                                      Start date (UTC):02/04/2025
                                                      Path:/tmp/xd.mips.elf
                                                      Arguments:-
                                                      File size:5777432 bytes
                                                      MD5 hash:0083f1f0e77be34ad27f849842bbb00c

                                                      File Activities


                                                      General

                                                      Start time (UTC):19:58:20
                                                      Start date (UTC):02/04/2025
                                                      Path:/tmp/xd.mips.elf
                                                      Arguments:-
                                                      File size:5777432 bytes
                                                      MD5 hash:0083f1f0e77be34ad27f849842bbb00c

                                                      Process Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):19:58:20
                                                      Start date (UTC):02/04/2025
                                                      Path:/tmp/xd.mips.elf
                                                      Arguments:-
                                                      File size:5777432 bytes
                                                      MD5 hash:0083f1f0e77be34ad27f849842bbb00c

                                                      File Activities

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:58:20
                                                      Start date (UTC):02/04/2025
                                                      Path:/tmp/xd.mips.elf
                                                      Arguments:-
                                                      File size:5777432 bytes
                                                      MD5 hash:0083f1f0e77be34ad27f849842bbb00c

                                                      File Activities

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:58:20
                                                      Start date (UTC):02/04/2025
                                                      Path:/tmp/xd.mips.elf
                                                      Arguments:-
                                                      File size:5777432 bytes
                                                      MD5 hash:0083f1f0e77be34ad27f849842bbb00c

                                                      Process Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):19:58:32
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:58:32
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/journalctl
                                                      Arguments:/usr/bin/journalctl --smart-relinquish-var
                                                      File size:80120 bytes
                                                      MD5 hash:bf3a987344f3bacafc44efd882abda8b

                                                      File Activities

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:58:32
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      File Activities

                                                      Process Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):19:58:32
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      File Activities

                                                      Process Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):19:58:33
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      File Activities

                                                      Process Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):19:58:33
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      File Activities

                                                      Process Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):19:58:33
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      File Activities

                                                      Process Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):19:58:44
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      File Activities

                                                      Process Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):19:58:44
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      File Activities

                                                      Process Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):19:58:44
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      File Activities

                                                      Process Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):19:58:44
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:58:44
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/pulseaudio
                                                      Arguments:/usr/bin/pulseaudio --daemonize=no --log-target=journal
                                                      File size:100832 bytes
                                                      MD5 hash:0c3b4c789d8ffb12b25507f27e14c186

                                                      File Activities

                                                      Process Activities

                                                      System Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):19:58:44
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      File Activities

                                                      Process Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):19:58:44
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      File Activities

                                                      Process Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):19:58:44
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/sbin/gdm3
                                                      Arguments:-
                                                      File size:453296 bytes
                                                      MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:58:44
                                                      Start date (UTC):02/04/2025
                                                      Path:/etc/gdm3/PrimeOff/Default
                                                      Arguments:/etc/gdm3/PrimeOff/Default
                                                      File size:129816 bytes
                                                      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                      File Activities


                                                      General

                                                      Start time (UTC):19:58:44
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/sbin/gdm3
                                                      Arguments:-
                                                      File size:453296 bytes
                                                      MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:58:44
                                                      Start date (UTC):02/04/2025
                                                      Path:/etc/gdm3/PrimeOff/Default
                                                      Arguments:/etc/gdm3/PrimeOff/Default
                                                      File size:129816 bytes
                                                      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                      File Activities


                                                      General

                                                      Start time (UTC):19:58:44
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/sbin/gdm3
                                                      Arguments:-
                                                      File size:453296 bytes
                                                      MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:58:44
                                                      Start date (UTC):02/04/2025
                                                      Path:/etc/gdm3/PrimeOff/Default
                                                      Arguments:/etc/gdm3/PrimeOff/Default
                                                      File size:129816 bytes
                                                      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                      File Activities


                                                      General

                                                      Start time (UTC):19:58:45
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:58:45
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:/usr/bin/gpu-manager --log /var/log/gpu-manager.log
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      File Activities

                                                      Process Activities

                                                      System Activities


                                                      General

                                                      Start time (UTC):19:58:45
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:58:45
                                                      Start date (UTC):02/04/2025
                                                      Path:/bin/sh
                                                      Arguments:sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
                                                      File size:129816 bytes
                                                      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                      File Activities

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:58:45
                                                      Start date (UTC):02/04/2025
                                                      Path:/bin/sh
                                                      Arguments:-
                                                      File size:129816 bytes
                                                      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:58:45
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/grep
                                                      Arguments:grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
                                                      File size:199136 bytes
                                                      MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                                      File Activities


                                                      General

                                                      Start time (UTC):19:58:46
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:58:46
                                                      Start date (UTC):02/04/2025
                                                      Path:/bin/sh
                                                      Arguments:sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
                                                      File size:129816 bytes
                                                      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                      File Activities

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:58:46
                                                      Start date (UTC):02/04/2025
                                                      Path:/bin/sh
                                                      Arguments:-
                                                      File size:129816 bytes
                                                      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:58:46
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/grep
                                                      Arguments:grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
                                                      File size:199136 bytes
                                                      MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                                      File Activities


                                                      General

                                                      Start time (UTC):19:58:46
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:58:46
                                                      Start date (UTC):02/04/2025
                                                      Path:/bin/sh
                                                      Arguments:sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
                                                      File size:129816 bytes
                                                      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                      File Activities

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:58:46
                                                      Start date (UTC):02/04/2025
                                                      Path:/bin/sh
                                                      Arguments:-
                                                      File size:129816 bytes
                                                      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:58:46
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/grep
                                                      Arguments:grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
                                                      File size:199136 bytes
                                                      MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                                      File Activities


                                                      General

                                                      Start time (UTC):19:58:46
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:58:46
                                                      Start date (UTC):02/04/2025
                                                      Path:/bin/sh
                                                      Arguments:sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
                                                      File size:129816 bytes
                                                      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                      File Activities

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:58:46
                                                      Start date (UTC):02/04/2025
                                                      Path:/bin/sh
                                                      Arguments:-
                                                      File size:129816 bytes
                                                      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:58:46
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/grep
                                                      Arguments:grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
                                                      File size:199136 bytes
                                                      MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                                      File Activities


                                                      General

                                                      Start time (UTC):19:58:46
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:58:46
                                                      Start date (UTC):02/04/2025
                                                      Path:/bin/sh
                                                      Arguments:sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
                                                      File size:129816 bytes
                                                      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                      File Activities

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:58:46
                                                      Start date (UTC):02/04/2025
                                                      Path:/bin/sh
                                                      Arguments:-
                                                      File size:129816 bytes
                                                      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:58:46
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/grep
                                                      Arguments:grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
                                                      File size:199136 bytes
                                                      MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                                      File Activities


                                                      General

                                                      Start time (UTC):19:58:46
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:58:46
                                                      Start date (UTC):02/04/2025
                                                      Path:/bin/sh
                                                      Arguments:sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
                                                      File size:129816 bytes
                                                      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                      File Activities

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:58:47
                                                      Start date (UTC):02/04/2025
                                                      Path:/bin/sh
                                                      Arguments:-
                                                      File size:129816 bytes
                                                      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:58:47
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/grep
                                                      Arguments:grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
                                                      File size:199136 bytes
                                                      MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                                      File Activities


                                                      General

                                                      Start time (UTC):19:58:47
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:58:47
                                                      Start date (UTC):02/04/2025
                                                      Path:/bin/sh
                                                      Arguments:sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
                                                      File size:129816 bytes
                                                      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                      File Activities

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:58:47
                                                      Start date (UTC):02/04/2025
                                                      Path:/bin/sh
                                                      Arguments:-
                                                      File size:129816 bytes
                                                      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:58:47
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/grep
                                                      Arguments:grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
                                                      File size:199136 bytes
                                                      MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                                      File Activities


                                                      General

                                                      Start time (UTC):19:58:47
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:58:47
                                                      Start date (UTC):02/04/2025
                                                      Path:/bin/sh
                                                      Arguments:sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
                                                      File size:129816 bytes
                                                      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                      File Activities

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:58:47
                                                      Start date (UTC):02/04/2025
                                                      Path:/bin/sh
                                                      Arguments:-
                                                      File size:129816 bytes
                                                      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:58:47
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/grep
                                                      Arguments:grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
                                                      File size:199136 bytes
                                                      MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                                      File Activities


                                                      General

                                                      Start time (UTC):19:58:46
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      File Activities

                                                      Process Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):19:58:46
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      File Activities

                                                      Process Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):19:58:46
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      File Activities

                                                      Process Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):19:58:46
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      File Activities

                                                      Process Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):19:58:47
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      File Activities

                                                      Process Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):19:58:48
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:58:48
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/share/gdm/generate-config
                                                      Arguments:/usr/share/gdm/generate-config
                                                      File size:129816 bytes
                                                      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                      File Activities

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:58:48
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/share/gdm/generate-config
                                                      Arguments:-
                                                      File size:129816 bytes
                                                      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:58:48
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/pkill
                                                      Arguments:pkill --signal HUP --uid gdm dconf-service
                                                      File size:30968 bytes
                                                      MD5 hash:fa96a75a08109d8842e4865b2907d51f

                                                      File Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):19:58:51
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:58:51
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/gdm3/gdm-wait-for-drm
                                                      Arguments:/usr/lib/gdm3/gdm-wait-for-drm
                                                      File size:14640 bytes
                                                      MD5 hash:82043ba752c6930b4e6aaea2f7747545

                                                      File Activities


                                                      General

                                                      Start time (UTC):19:59:01
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd (deleted)
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:59:01
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/sbin/gdm3
                                                      Arguments:/usr/sbin/gdm3
                                                      File size:453296 bytes
                                                      MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                                                      File Activities

                                                      Process Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):19:59:01
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd (deleted)
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      File Activities

                                                      Process Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):19:59:01
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd (deleted)
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      File Activities

                                                      Process Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):19:59:01
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd (deleted)
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      File Activities

                                                      Process Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):19:59:01
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd (deleted)
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      File Activities

                                                      Process Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):19:59:01
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd (deleted)
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      File Activities

                                                      Process Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):19:59:17
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/libexec/gvfsd-fuse
                                                      Arguments:-
                                                      File size:47632 bytes
                                                      MD5 hash:d18fbf1cbf8eb57b17fac48b7b4be933

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:59:17
                                                      Start date (UTC):02/04/2025
                                                      Path:/bin/fusermount
                                                      Arguments:fusermount -u -q -z -- /run/user/1000/gvfs
                                                      File size:39144 bytes
                                                      MD5 hash:576a1b135c82bdcbc97a91acea900566

                                                      File Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):19:59:51
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd (deleted)
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      File Activities

                                                      Process Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):19:59:51
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd (deleted)
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      File Activities

                                                      Process Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):19:59:52
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd (deleted)
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      File Activities

                                                      Process Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):19:59:52
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd (deleted)
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:59:52
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:/usr/bin/gpu-manager --log /var/log/gpu-manager.log
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      File Activities

                                                      Process Activities

                                                      System Activities


                                                      General

                                                      Start time (UTC):19:59:52
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:59:52
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:59:52
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:59:52
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:59:52
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:59:52
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:59:52
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:59:52
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:59:52
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd (deleted)
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      File Activities

                                                      Process Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):19:59:52
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd (deleted)
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      File Activities

                                                      Process Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):19:59:53
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd (deleted)
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      File Activities

                                                      Process Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):19:59:54
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd (deleted)
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:59:54
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:/usr/bin/gpu-manager --log /var/log/gpu-manager.log
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      File Activities

                                                      Process Activities

                                                      System Activities


                                                      General

                                                      Start time (UTC):19:59:54
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:59:54
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:59:54
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:59:54
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:59:54
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:59:54
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:59:54
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:59:54
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:59:54
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd (deleted)
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      File Activities

                                                      Process Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):19:59:55
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd (deleted)
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:59:55
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:/usr/bin/gpu-manager --log /var/log/gpu-manager.log
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      File Activities

                                                      Process Activities

                                                      System Activities


                                                      General

                                                      Start time (UTC):19:59:55
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:59:55
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:59:55
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:59:55
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:59:55
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:59:55
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:59:56
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:59:56
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:59:56
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd (deleted)
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      File Activities

                                                      Process Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):19:59:57
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd (deleted)
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:59:57
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:/usr/bin/gpu-manager --log /var/log/gpu-manager.log
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      File Activities

                                                      Process Activities

                                                      System Activities


                                                      General

                                                      Start time (UTC):19:59:57
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:59:57
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:59:57
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:59:57
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:59:57
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:59:57
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:59:57
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:59:57
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:59:58
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd (deleted)
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      File Activities

                                                      Process Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):19:59:59
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd (deleted)
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:59:59
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:/usr/bin/gpu-manager --log /var/log/gpu-manager.log
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      File Activities

                                                      Process Activities

                                                      System Activities


                                                      General

                                                      Start time (UTC):19:59:59
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:59:59
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:59:59
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:59:59
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:59:59
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:59:59
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:59:59
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:59:59
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):19:59:59
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd (deleted)
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      File Activities

                                                      Process Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):20:00:01
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd (deleted)
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:00:01
                                                      Start date (UTC):02/04/2025
                                                      Path:/bin/plymouth
                                                      Arguments:/bin/plymouth quit
                                                      File size:51352 bytes
                                                      MD5 hash:87003efd8dad470042f5e75360a8f49f

                                                      File Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):20:00:47
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd (deleted)
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      File Activities

                                                      Process Activities

                                                      Network Activities