Joe Sandbox Cloud Basic Analysis Report
Create Interactive Tour

Linux Analysis Report
xd.m68k.elf

Overview

General Information

Sample name:xd.m68k.elf
Analysis ID:1655043
MD5:cb58ee51514fc861df5da86ab6679e08
SHA1:5eaf222deaac3217c66a3775b5562b75c810edb4
SHA256:40d60e1003f2d54ce4eb5452486547f86804bdf18018bd5942dd6c5035585130
Tags:elfuser-abuse_ch
Infos:

Detection

Mirai
Score:92
Range:0 - 100

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Mirai
Sample deletes itself
Sample reads /proc/mounts (often used for finding a writable filesystem)
Sample tries to kill multiple processes (SIGKILL)
Deletes log files
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Executes commands using a shell command-line interpreter
Executes the "grep" command used to find patterns in files or piped streams
Executes the "kill" or "pkill" command typically used to terminate processes
Executes the "rm" command used to delete files or directories
HTTP GET or POST without a user agent
Reads CPU information from /sys indicative of miner or evasive malware
Sample has stripped symbol table
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Sample tries to set the executable flag
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

General Information

Joe Sandbox version:42.0.0 Malachite
Analysis ID:1655043
Start date and time:2025-04-02 22:12:30 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 39s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:xd.m68k.elf
Detection:MAL
Classification:mal92.spre.troj.evad.linELF@0/16@3/0
  • Connection to analysis system has been lost, crash info: Unknown
  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Process Tree

  • system is lnxubuntu20
  • systemd New Fork (PID: 6254, Parent: 1)
  • journalctl (PID: 6254, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --smart-relinquish-var
  • systemd New Fork (PID: 6270, Parent: 1)
  • systemd New Fork (PID: 6274, Parent: 1)
  • systemd New Fork (PID: 6276, Parent: 1)
  • systemd New Fork (PID: 6278, Parent: 1)
  • systemd New Fork (PID: 6279, Parent: 1)
  • systemd New Fork (PID: 6318, Parent: 1)
  • systemd New Fork (PID: 6326, Parent: 1)
  • systemd New Fork (PID: 6327, Parent: 1)
  • systemd New Fork (PID: 6328, Parent: 1)
  • systemd New Fork (PID: 6329, Parent: 1)
  • systemd New Fork (PID: 6335, Parent: 1)
  • systemd New Fork (PID: 6337, Parent: 1860)
  • pulseaudio (PID: 6337, Parent: 1860, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal
  • gdm3 New Fork (PID: 6339, Parent: 1320)
  • Default (PID: 6339, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • systemd New Fork (PID: 6340, Parent: 1)
  • gdm3 New Fork (PID: 6342, Parent: 1320)
  • Default (PID: 6342, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 6343, Parent: 1320)
  • Default (PID: 6343, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • systemd New Fork (PID: 6344, Parent: 1)
  • systemd New Fork (PID: 6345, Parent: 1)
  • systemd New Fork (PID: 6347, Parent: 1)
  • systemd New Fork (PID: 6349, Parent: 1)
  • gpu-manager (PID: 6349, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log
    • sh (PID: 6350, Parent: 6349, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 6351, Parent: 6350)
      • grep (PID: 6351, Parent: 6350, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 6352, Parent: 6349, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 6354, Parent: 6352)
      • grep (PID: 6354, Parent: 6352, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 6355, Parent: 6349, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 6356, Parent: 6355)
      • grep (PID: 6356, Parent: 6355, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 6357, Parent: 6349, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 6358, Parent: 6357)
      • grep (PID: 6358, Parent: 6357, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 6359, Parent: 6349, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 6360, Parent: 6359)
      • grep (PID: 6360, Parent: 6359, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 6361, Parent: 6349, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 6362, Parent: 6361)
      • grep (PID: 6362, Parent: 6361, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 6363, Parent: 6349, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 6364, Parent: 6363)
      • grep (PID: 6364, Parent: 6363, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 6365, Parent: 6349, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 6366, Parent: 6365)
      • grep (PID: 6366, Parent: 6365, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
  • systemd New Fork (PID: 6368, Parent: 1)
  • generate-config (PID: 6368, Parent: 1, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/gdm/generate-config
    • pkill (PID: 6384, Parent: 6368, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill --signal HUP --uid gdm dconf-service
  • systemd New Fork (PID: 6385, Parent: 1)
  • systemd New Fork (PID: 6390, Parent: 1)
  • gdm-wait-for-drm (PID: 6390, Parent: 1, MD5: 82043ba752c6930b4e6aaea2f7747545) Arguments: /usr/lib/gdm3/gdm-wait-for-drm
  • gdm3 (PID: 6391, Parent: 1, MD5: 2492e2d8d34f9377e3e530a61a15674f) Arguments: /usr/sbin/gdm3
  • dash New Fork (PID: 6410, Parent: 4331)
  • rm (PID: 6410, Parent: 4331, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.DoGmkhIjL8 /tmp/tmp.absXHfGxPy /tmp/tmp.70h2CaxMMY
  • dash New Fork (PID: 6411, Parent: 4331)
  • rm (PID: 6411, Parent: 4331, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.DoGmkhIjL8 /tmp/tmp.absXHfGxPy /tmp/tmp.70h2CaxMMY
  • fusermount (PID: 6429, Parent: 2038, MD5: 576a1b135c82bdcbc97a91acea900566) Arguments: fusermount -u -q -z -- /run/user/1000/gvfs
  • gpu-manager (PID: 6437, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log
  • gpu-manager (PID: 6449, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log
  • gpu-manager (PID: 6459, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log
  • gpu-manager (PID: 6469, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log
  • gpu-manager (PID: 6479, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log
  • plymouth (PID: 6489, Parent: 1, MD5: 87003efd8dad470042f5e75360a8f49f) Arguments: /bin/plymouth quit
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
xd.m68k.elfJoeSecurity_Mirai_9Yara detected MiraiJoe Security
    xd.m68k.elfJoeSecurity_Mirai_8Yara detected MiraiJoe Security
      xd.m68k.elfLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
      • 0xf2b2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xf2c6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xf2da:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xf2ee:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xf302:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xf316:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xf32a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xf33e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xf352:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xf366:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xf37a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xf38e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xf3a2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xf3b6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xf3ca:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xf3de:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xf3f2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xf406:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xf41a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xf42e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xf442:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      xd.m68k.elfLinux_Trojan_Gafgyt_ea92cca8unknownunknown
      • 0xf252:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      6237.1.00007f2974001000.00007f2974012000.r-x.sdmpJoeSecurity_Mirai_9Yara detected MiraiJoe Security
        6237.1.00007f2974001000.00007f2974012000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
          6237.1.00007f2974001000.00007f2974012000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
          • 0xf2b2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xf2c6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xf2da:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xf2ee:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xf302:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xf316:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xf32a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xf33e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xf352:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xf366:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xf37a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xf38e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xf3a2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xf3b6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xf3ca:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xf3de:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xf3f2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xf406:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xf41a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xf42e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xf442:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          6237.1.00007f2974001000.00007f2974012000.r-x.sdmpLinux_Trojan_Gafgyt_ea92cca8unknownunknown
          • 0xf252:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
          6233.1.00007f2974001000.00007f2974012000.r-x.sdmpJoeSecurity_Mirai_9Yara detected MiraiJoe Security
            Click to see the 43 entries

            Suricata Signatures

            No Suricata rule has matched

            Joe Sandbox Signatures

            • AV Detection
            • Bitcoin Miner
            • Networking
            • System Summary
            • Persistence and Installation Behavior
            • Hooking and other Techniques for Hiding and Protection
            • Malware Analysis System Evasion
            • Stealing of Sensitive Information
            • Remote Access Functionality

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Source: xd.m68k.elfAvira: detected
            Source: xd.m68k.elfReversingLabs: Detection: 63%
            Source: xd.m68k.elfVirustotal: Detection: 62%Perma Link
            Source: /usr/bin/pulseaudio (PID: 6337)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
            Source: /usr/bin/pkill (PID: 6384)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
            Source: global trafficTCP traffic: 192.168.2.23:60532 -> 213.209.129.92:7887
            Source: global trafficHTTP traffic detected: POST /9aadafe2051348cd32033e1cad68f0a5fe46fba3240ac1e6e42158f31b8a1371790c09baf3996b4979fe8e533446c7dedf30f654c68b25357334c66911dc6a9e HTTP/1.1Host: daisy.ubuntu.comAccept: */*Content-Type: application/octet-streamX-Whoopsie-Version: 0.2.69ubuntu0.3Content-Length: 164887Expect: 100-continue
            Source: /tmp/xd.m68k.elf (PID: 6231)Socket: 0.0.0.0:23Jump to behavior
            Source: /tmp/xd.m68k.elf (PID: 6231)Socket: 0.0.0.0:0Jump to behavior
            Source: /tmp/xd.m68k.elf (PID: 6231)Socket: 0.0.0.0:80Jump to behavior
            Source: /tmp/xd.m68k.elf (PID: 6231)Socket: 0.0.0.0:81Jump to behavior
            Source: /tmp/xd.m68k.elf (PID: 6231)Socket: 0.0.0.0:8443Jump to behavior
            Source: /tmp/xd.m68k.elf (PID: 6231)Socket: 0.0.0.0:9009Jump to behavior
            Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
            Source: unknownTCP traffic detected without corresponding DNS query: 54.171.230.55
            Source: unknownTCP traffic detected without corresponding DNS query: 213.209.129.92
            Source: unknownTCP traffic detected without corresponding DNS query: 115.12.101.191
            Source: unknownTCP traffic detected without corresponding DNS query: 222.140.207.168
            Source: unknownTCP traffic detected without corresponding DNS query: 94.223.190.14
            Source: unknownTCP traffic detected without corresponding DNS query: 195.3.30.66
            Source: unknownTCP traffic detected without corresponding DNS query: 20.197.205.134
            Source: unknownTCP traffic detected without corresponding DNS query: 98.7.174.129
            Source: unknownTCP traffic detected without corresponding DNS query: 201.187.65.81
            Source: unknownTCP traffic detected without corresponding DNS query: 246.188.74.174
            Source: unknownTCP traffic detected without corresponding DNS query: 133.49.138.41
            Source: unknownTCP traffic detected without corresponding DNS query: 57.195.237.16
            Source: unknownTCP traffic detected without corresponding DNS query: 145.202.208.46
            Source: unknownTCP traffic detected without corresponding DNS query: 187.245.34.185
            Source: unknownTCP traffic detected without corresponding DNS query: 60.64.224.192
            Source: unknownTCP traffic detected without corresponding DNS query: 100.26.227.90
            Source: unknownTCP traffic detected without corresponding DNS query: 126.163.68.241
            Source: unknownTCP traffic detected without corresponding DNS query: 194.251.49.172
            Source: unknownTCP traffic detected without corresponding DNS query: 252.246.255.166
            Source: unknownTCP traffic detected without corresponding DNS query: 54.115.124.195
            Source: unknownTCP traffic detected without corresponding DNS query: 187.62.221.145
            Source: unknownTCP traffic detected without corresponding DNS query: 152.183.183.149
            Source: unknownTCP traffic detected without corresponding DNS query: 163.51.178.209
            Source: unknownTCP traffic detected without corresponding DNS query: 96.173.142.244
            Source: unknownTCP traffic detected without corresponding DNS query: 84.84.226.102
            Source: unknownTCP traffic detected without corresponding DNS query: 93.218.202.162
            Source: unknownTCP traffic detected without corresponding DNS query: 53.165.6.251
            Source: unknownTCP traffic detected without corresponding DNS query: 163.66.181.21
            Source: unknownTCP traffic detected without corresponding DNS query: 53.153.255.103
            Source: unknownTCP traffic detected without corresponding DNS query: 99.16.30.72
            Source: unknownTCP traffic detected without corresponding DNS query: 176.98.66.251
            Source: unknownTCP traffic detected without corresponding DNS query: 243.181.12.244
            Source: unknownTCP traffic detected without corresponding DNS query: 59.40.41.88
            Source: unknownTCP traffic detected without corresponding DNS query: 169.199.147.173
            Source: unknownTCP traffic detected without corresponding DNS query: 152.139.3.72
            Source: unknownTCP traffic detected without corresponding DNS query: 34.131.57.216
            Source: unknownTCP traffic detected without corresponding DNS query: 243.214.82.243
            Source: unknownTCP traffic detected without corresponding DNS query: 189.185.244.112
            Source: unknownTCP traffic detected without corresponding DNS query: 180.215.59.218
            Source: unknownTCP traffic detected without corresponding DNS query: 222.161.13.201
            Source: unknownTCP traffic detected without corresponding DNS query: 31.190.116.88
            Source: unknownTCP traffic detected without corresponding DNS query: 5.197.86.243
            Source: unknownTCP traffic detected without corresponding DNS query: 220.8.166.56
            Source: unknownTCP traffic detected without corresponding DNS query: 217.145.206.107
            Source: unknownTCP traffic detected without corresponding DNS query: 189.154.137.89
            Source: unknownTCP traffic detected without corresponding DNS query: 243.70.254.172
            Source: unknownTCP traffic detected without corresponding DNS query: 118.167.206.120
            Source: unknownTCP traffic detected without corresponding DNS query: 217.32.57.10
            Source: unknownTCP traffic detected without corresponding DNS query: 168.189.222.16
            Source: global trafficDNS traffic detected: DNS query: daisy.ubuntu.com
            Source: unknownHTTP traffic detected: POST /9aadafe2051348cd32033e1cad68f0a5fe46fba3240ac1e6e42158f31b8a1371790c09baf3996b4979fe8e533446c7dedf30f654c68b25357334c66911dc6a9e HTTP/1.1Host: daisy.ubuntu.comAccept: */*Content-Type: application/octet-streamX-Whoopsie-Version: 0.2.69ubuntu0.3Content-Length: 164887Expect: 100-continue
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 33606
            Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 33606 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 37608 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 37608
            Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443

            System Summary

            barindex
            Source: xd.m68k.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
            Source: xd.m68k.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
            Source: 6237.1.00007f2974001000.00007f2974012000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
            Source: 6237.1.00007f2974001000.00007f2974012000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
            Source: 6233.1.00007f2974001000.00007f2974012000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
            Source: 6233.1.00007f2974001000.00007f2974012000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
            Source: 6238.1.00007f2974001000.00007f2974012000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
            Source: 6238.1.00007f2974001000.00007f2974012000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
            Source: 6228.1.00007f2974001000.00007f2974012000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
            Source: 6228.1.00007f2974001000.00007f2974012000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
            Source: 6241.1.00007f2974001000.00007f2974012000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
            Source: 6241.1.00007f2974001000.00007f2974012000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
            Source: 6235.1.00007f2974001000.00007f2974012000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
            Source: 6235.1.00007f2974001000.00007f2974012000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
            Source: Process Memory Space: xd.m68k.elf PID: 6228, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
            Source: Process Memory Space: xd.m68k.elf PID: 6228, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
            Source: Process Memory Space: xd.m68k.elf PID: 6233, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
            Source: Process Memory Space: xd.m68k.elf PID: 6233, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
            Source: Process Memory Space: xd.m68k.elf PID: 6235, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
            Source: Process Memory Space: xd.m68k.elf PID: 6235, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
            Source: Process Memory Space: xd.m68k.elf PID: 6237, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
            Source: Process Memory Space: xd.m68k.elf PID: 6237, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
            Source: Process Memory Space: xd.m68k.elf PID: 6238, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
            Source: Process Memory Space: xd.m68k.elf PID: 6238, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
            Source: Process Memory Space: xd.m68k.elf PID: 6241, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
            Source: Process Memory Space: xd.m68k.elf PID: 6241, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
            Source: /tmp/xd.m68k.elf (PID: 6231)SIGKILL sent: pid: 936, result: successfulJump to behavior
            Source: /tmp/xd.m68k.elf (PID: 6231)SIGKILL sent: pid: 491, result: successfulJump to behavior
            Source: /tmp/xd.m68k.elf (PID: 6231)SIGKILL sent: pid: 658, result: successfulJump to behavior
            Source: /tmp/xd.m68k.elf (PID: 6231)SIGKILL sent: pid: 720, result: successfulJump to behavior
            Source: /tmp/xd.m68k.elf (PID: 6231)SIGKILL sent: pid: 721, result: successfulJump to behavior
            Source: /tmp/xd.m68k.elf (PID: 6231)SIGKILL sent: pid: 759, result: successfulJump to behavior
            Source: /tmp/xd.m68k.elf (PID: 6231)SIGKILL sent: pid: 761, result: successfulJump to behavior
            Source: /tmp/xd.m68k.elf (PID: 6231)SIGKILL sent: pid: 772, result: successfulJump to behavior
            Source: /tmp/xd.m68k.elf (PID: 6231)SIGKILL sent: pid: 774, result: successfulJump to behavior
            Source: /tmp/xd.m68k.elf (PID: 6231)SIGKILL sent: pid: 777, result: successfulJump to behavior
            Source: /tmp/xd.m68k.elf (PID: 6231)SIGKILL sent: pid: 785, result: successfulJump to behavior
            Source: /tmp/xd.m68k.elf (PID: 6231)SIGKILL sent: pid: 788, result: successfulJump to behavior
            Source: /tmp/xd.m68k.elf (PID: 6231)SIGKILL sent: pid: 789, result: successfulJump to behavior
            Source: /tmp/xd.m68k.elf (PID: 6231)SIGKILL sent: pid: 793, result: successfulJump to behavior
            Source: /tmp/xd.m68k.elf (PID: 6231)SIGKILL sent: pid: 797, result: successfulJump to behavior
            Source: /tmp/xd.m68k.elf (PID: 6231)SIGKILL sent: pid: 1334, result: successfulJump to behavior
            Source: /tmp/xd.m68k.elf (PID: 6231)SIGKILL sent: pid: 1335, result: successfulJump to behavior
            Source: /tmp/xd.m68k.elf (PID: 6231)SIGKILL sent: pid: 1344, result: successfulJump to behavior
            Source: /tmp/xd.m68k.elf (PID: 6231)SIGKILL sent: pid: 1860, result: successfulJump to behavior
            Source: /tmp/xd.m68k.elf (PID: 6231)SIGKILL sent: pid: 1872, result: successfulJump to behavior
            Source: /tmp/xd.m68k.elf (PID: 6231)SIGKILL sent: pid: 1886, result: successfulJump to behavior
            Source: /tmp/xd.m68k.elf (PID: 6231)SIGKILL sent: pid: 2048, result: successfulJump to behavior
            Source: /tmp/xd.m68k.elf (PID: 6231)SIGKILL sent: pid: 6054, result: successfulJump to behavior
            Source: /tmp/xd.m68k.elf (PID: 6231)SIGKILL sent: pid: 6212, result: successfulJump to behavior
            Source: /tmp/xd.m68k.elf (PID: 6231)SIGKILL sent: pid: 6213, result: successfulJump to behavior
            Source: /tmp/xd.m68k.elf (PID: 6231)SIGKILL sent: pid: 6330, result: successfulJump to behavior
            Source: /tmp/xd.m68k.elf (PID: 6231)SIGKILL sent: pid: 6337, result: successfulJump to behavior
            Source: /tmp/xd.m68k.elf (PID: 6231)SIGKILL sent: pid: 6391, result: successfulJump to behavior
            Source: /tmp/xd.m68k.elf (PID: 6235)SIGKILL sent: pid: -6235, result: unknownJump to behavior
            Source: ELF static info symbol of initial sample.symtab present: no
            Source: /tmp/xd.m68k.elf (PID: 6231)SIGKILL sent: pid: 936, result: successfulJump to behavior
            Source: /tmp/xd.m68k.elf (PID: 6231)SIGKILL sent: pid: 491, result: successfulJump to behavior
            Source: /tmp/xd.m68k.elf (PID: 6231)SIGKILL sent: pid: 658, result: successfulJump to behavior
            Source: /tmp/xd.m68k.elf (PID: 6231)SIGKILL sent: pid: 720, result: successfulJump to behavior
            Source: /tmp/xd.m68k.elf (PID: 6231)SIGKILL sent: pid: 721, result: successfulJump to behavior
            Source: /tmp/xd.m68k.elf (PID: 6231)SIGKILL sent: pid: 759, result: successfulJump to behavior
            Source: /tmp/xd.m68k.elf (PID: 6231)SIGKILL sent: pid: 761, result: successfulJump to behavior
            Source: /tmp/xd.m68k.elf (PID: 6231)SIGKILL sent: pid: 772, result: successfulJump to behavior
            Source: /tmp/xd.m68k.elf (PID: 6231)SIGKILL sent: pid: 774, result: successfulJump to behavior
            Source: /tmp/xd.m68k.elf (PID: 6231)SIGKILL sent: pid: 777, result: successfulJump to behavior
            Source: /tmp/xd.m68k.elf (PID: 6231)SIGKILL sent: pid: 785, result: successfulJump to behavior
            Source: /tmp/xd.m68k.elf (PID: 6231)SIGKILL sent: pid: 788, result: successfulJump to behavior
            Source: /tmp/xd.m68k.elf (PID: 6231)SIGKILL sent: pid: 789, result: successfulJump to behavior
            Source: /tmp/xd.m68k.elf (PID: 6231)SIGKILL sent: pid: 793, result: successfulJump to behavior
            Source: /tmp/xd.m68k.elf (PID: 6231)SIGKILL sent: pid: 797, result: successfulJump to behavior
            Source: /tmp/xd.m68k.elf (PID: 6231)SIGKILL sent: pid: 1334, result: successfulJump to behavior
            Source: /tmp/xd.m68k.elf (PID: 6231)SIGKILL sent: pid: 1335, result: successfulJump to behavior
            Source: /tmp/xd.m68k.elf (PID: 6231)SIGKILL sent: pid: 1344, result: successfulJump to behavior
            Source: /tmp/xd.m68k.elf (PID: 6231)SIGKILL sent: pid: 1860, result: successfulJump to behavior
            Source: /tmp/xd.m68k.elf (PID: 6231)SIGKILL sent: pid: 1872, result: successfulJump to behavior
            Source: /tmp/xd.m68k.elf (PID: 6231)SIGKILL sent: pid: 1886, result: successfulJump to behavior
            Source: /tmp/xd.m68k.elf (PID: 6231)SIGKILL sent: pid: 2048, result: successfulJump to behavior
            Source: /tmp/xd.m68k.elf (PID: 6231)SIGKILL sent: pid: 6054, result: successfulJump to behavior
            Source: /tmp/xd.m68k.elf (PID: 6231)SIGKILL sent: pid: 6212, result: successfulJump to behavior
            Source: /tmp/xd.m68k.elf (PID: 6231)SIGKILL sent: pid: 6213, result: successfulJump to behavior
            Source: /tmp/xd.m68k.elf (PID: 6231)SIGKILL sent: pid: 6330, result: successfulJump to behavior
            Source: /tmp/xd.m68k.elf (PID: 6231)SIGKILL sent: pid: 6337, result: successfulJump to behavior
            Source: /tmp/xd.m68k.elf (PID: 6231)SIGKILL sent: pid: 6391, result: successfulJump to behavior
            Source: /tmp/xd.m68k.elf (PID: 6235)SIGKILL sent: pid: -6235, result: unknownJump to behavior
            Source: xd.m68k.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
            Source: xd.m68k.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
            Source: 6237.1.00007f2974001000.00007f2974012000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
            Source: 6237.1.00007f2974001000.00007f2974012000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
            Source: 6233.1.00007f2974001000.00007f2974012000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
            Source: 6233.1.00007f2974001000.00007f2974012000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
            Source: 6238.1.00007f2974001000.00007f2974012000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
            Source: 6238.1.00007f2974001000.00007f2974012000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
            Source: 6228.1.00007f2974001000.00007f2974012000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
            Source: 6228.1.00007f2974001000.00007f2974012000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
            Source: 6241.1.00007f2974001000.00007f2974012000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
            Source: 6241.1.00007f2974001000.00007f2974012000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
            Source: 6235.1.00007f2974001000.00007f2974012000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
            Source: 6235.1.00007f2974001000.00007f2974012000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
            Source: Process Memory Space: xd.m68k.elf PID: 6228, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
            Source: Process Memory Space: xd.m68k.elf PID: 6228, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
            Source: Process Memory Space: xd.m68k.elf PID: 6233, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
            Source: Process Memory Space: xd.m68k.elf PID: 6233, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
            Source: Process Memory Space: xd.m68k.elf PID: 6235, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
            Source: Process Memory Space: xd.m68k.elf PID: 6235, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
            Source: Process Memory Space: xd.m68k.elf PID: 6237, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
            Source: Process Memory Space: xd.m68k.elf PID: 6237, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
            Source: Process Memory Space: xd.m68k.elf PID: 6238, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
            Source: Process Memory Space: xd.m68k.elf PID: 6238, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
            Source: Process Memory Space: xd.m68k.elf PID: 6241, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
            Source: Process Memory Space: xd.m68k.elf PID: 6241, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
            Source: classification engineClassification label: mal92.spre.troj.evad.linELF@0/16@3/0

            Persistence and Installation Behavior

            barindex
            Source: /bin/fusermount (PID: 6429)File: /proc/6429/mountsJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/6231/statusJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/6231/cmdlineJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/3088/statusJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/3088/cmdlineJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/230/statusJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/230/cmdlineJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/110/statusJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/110/cmdlineJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/231/statusJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/231/cmdlineJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/111/statusJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/111/cmdlineJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/232/statusJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/232/cmdlineJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/112/statusJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/112/cmdlineJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/233/statusJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/233/cmdlineJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/113/statusJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/113/cmdlineJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/234/statusJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/234/cmdlineJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/1335/statusJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/1335/cmdlineJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/114/statusJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/114/cmdlineJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/235/statusJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/235/cmdlineJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/1334/statusJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/1334/cmdlineJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/2302/statusJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/2302/cmdlineJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/115/statusJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/115/cmdlineJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/236/statusJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/236/cmdlineJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/116/statusJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/116/cmdlineJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/237/statusJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/237/cmdlineJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/117/statusJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/117/cmdlineJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/118/statusJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/118/cmdlineJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/910/statusJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/910/cmdlineJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/119/statusJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/119/cmdlineJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/10/statusJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/10/cmdlineJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/2307/statusJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/2307/cmdlineJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/11/statusJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/11/cmdlineJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/12/statusJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/12/cmdlineJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/13/statusJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/13/cmdlineJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/14/statusJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/14/cmdlineJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/6242/statusJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/6242/cmdlineJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/15/statusJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/15/cmdlineJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/6245/statusJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/6245/cmdlineJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/16/statusJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/16/cmdlineJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/17/statusJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/17/cmdlineJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/6368/statusJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/6368/cmdlineJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/18/statusJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/18/cmdlineJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/6246/statusJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/6246/cmdlineJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/6367/statusJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/6367/cmdlineJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/120/statusJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/120/cmdlineJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/121/statusJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/121/cmdlineJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/1/statusJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/1/cmdlineJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/122/statusJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/122/cmdlineJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/243/statusJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/243/cmdlineJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/123/statusJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/123/cmdlineJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/2/statusJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/2/cmdlineJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/124/statusJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/124/cmdlineJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/3/statusJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/3/cmdlineJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/4/statusJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/4/cmdlineJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/125/statusJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/125/cmdlineJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/126/statusJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/126/cmdlineJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/1344/statusJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/1344/cmdlineJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/248/statusJump to behavior
            Source: /usr/bin/pkill (PID: 6384)File opened: /proc/248/cmdlineJump to behavior
            Source: /usr/bin/gpu-manager (PID: 6350)Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"Jump to behavior
            Source: /usr/bin/gpu-manager (PID: 6352)Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"Jump to behavior
            Source: /usr/bin/gpu-manager (PID: 6355)Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"Jump to behavior
            Source: /usr/bin/gpu-manager (PID: 6357)Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"Jump to behavior
            Source: /usr/bin/gpu-manager (PID: 6359)Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"Jump to behavior
            Source: /usr/bin/gpu-manager (PID: 6361)Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"Jump to behavior
            Source: /usr/bin/gpu-manager (PID: 6363)Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"Jump to behavior
            Source: /usr/bin/gpu-manager (PID: 6365)Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"Jump to behavior
            Source: /bin/sh (PID: 6351)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.confJump to behavior
            Source: /bin/sh (PID: 6354)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.confJump to behavior
            Source: /bin/sh (PID: 6356)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.confJump to behavior
            Source: /bin/sh (PID: 6358)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.confJump to behavior
            Source: /bin/sh (PID: 6360)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.confJump to behavior
            Source: /bin/sh (PID: 6362)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.confJump to behavior
            Source: /bin/sh (PID: 6364)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.confJump to behavior
            Source: /bin/sh (PID: 6366)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.confJump to behavior
            Source: /usr/share/gdm/generate-config (PID: 6384)Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-serviceJump to behavior
            Source: /usr/bin/dash (PID: 6410)Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.DoGmkhIjL8 /tmp/tmp.absXHfGxPy /tmp/tmp.70h2CaxMMYJump to behavior
            Source: /usr/bin/dash (PID: 6411)Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.DoGmkhIjL8 /tmp/tmp.absXHfGxPy /tmp/tmp.70h2CaxMMYJump to behavior
            Source: /usr/sbin/gdm3 (PID: 6391)File: /var/run/gdm3 (bits: - usr: -x grp: x all: rwx)Jump to behavior
            Source: /usr/sbin/gdm3 (PID: 6391)File: /var/log/gdm3 (bits: - usr: -x grp: x all: rwx)Jump to behavior
            Source: /usr/bin/gpu-manager (PID: 6349)Log file created: /var/log/gpu-manager.log
            Source: /usr/bin/gpu-manager (PID: 6437)Log file created: /var/log/gpu-manager.log
            Source: /usr/bin/gpu-manager (PID: 6449)Log file created: /var/log/gpu-manager.log
            Source: /usr/bin/gpu-manager (PID: 6459)Log file created: /var/log/gpu-manager.log
            Source: /usr/bin/gpu-manager (PID: 6469)Log file created: /var/log/gpu-manager.log
            Source: /usr/bin/gpu-manager (PID: 6479)Log file created: /var/log/gpu-manager.logJump to dropped file

            Hooking and other Techniques for Hiding and Protection

            barindex
            Source: /tmp/xd.m68k.elf (PID: 6231)File: /usr/lib/systemd/systemdJump to behavior
            Source: /tmp/xd.m68k.elf (PID: 6231)File: /usr/lib/systemd/systemd (deleted)Jump to behavior
            Source: /tmp/xd.m68k.elf (PID: 6231)File: /usr/bin/dashJump to behavior
            Source: /tmp/xd.m68k.elf (PID: 6231)File: /usr/bin/pulseaudioJump to behavior
            Source: /tmp/xd.m68k.elf (PID: 6231)File: /usr/sbin/gdm3Jump to behavior
            Source: /usr/bin/gpu-manager (PID: 6349)Truncated file: /var/log/gpu-manager.logJump to behavior
            Source: /usr/bin/gpu-manager (PID: 6437)Truncated file: /var/log/gpu-manager.logJump to behavior
            Source: /usr/bin/gpu-manager (PID: 6449)Truncated file: /var/log/gpu-manager.logJump to behavior
            Source: /usr/bin/gpu-manager (PID: 6459)Truncated file: /var/log/gpu-manager.logJump to behavior
            Source: /usr/bin/gpu-manager (PID: 6469)Truncated file: /var/log/gpu-manager.logJump to behavior
            Source: /usr/bin/gpu-manager (PID: 6479)Truncated file: /var/log/gpu-manager.logJump to behavior
            Source: /usr/bin/pulseaudio (PID: 6337)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
            Source: /usr/bin/pkill (PID: 6384)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
            Source: /tmp/xd.m68k.elf (PID: 6228)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/pulseaudio (PID: 6337)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/gpu-manager (PID: 6349)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/gpu-manager (PID: 6437)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/gpu-manager (PID: 6449)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/gpu-manager (PID: 6459)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/gpu-manager (PID: 6469)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/gpu-manager (PID: 6479)Queries kernel information via 'uname': Jump to behavior
            Source: xd.m68k.elf, 6228.1.000055ffa1001000.000055ffa1086000.rw-.sdmp, xd.m68k.elf, 6233.1.000055ffa1001000.000055ffa1086000.rw-.sdmp, xd.m68k.elf, 6235.1.000055ffa1001000.000055ffa1086000.rw-.sdmp, xd.m68k.elf, 6237.1.000055ffa1001000.000055ffa1086000.rw-.sdmp, xd.m68k.elf, 6238.1.000055ffa1001000.000055ffa1086000.rw-.sdmp, xd.m68k.elf, 6241.1.000055ffa1001000.000055ffa1086000.rw-.sdmpBinary or memory string: U!/etc/qemu-binfmt/m68k
            Source: xd.m68k.elf, 6228.1.00007ffe0e2fd000.00007ffe0e31e000.rw-.sdmp, xd.m68k.elf, 6233.1.00007ffe0e2fd000.00007ffe0e31e000.rw-.sdmp, xd.m68k.elf, 6235.1.00007ffe0e2fd000.00007ffe0e31e000.rw-.sdmp, xd.m68k.elf, 6237.1.00007ffe0e2fd000.00007ffe0e31e000.rw-.sdmp, xd.m68k.elf, 6238.1.00007ffe0e2fd000.00007ffe0e31e000.rw-.sdmp, xd.m68k.elf, 6241.1.00007ffe0e2fd000.00007ffe0e31e000.rw-.sdmpBinary or memory string: /usr/bin/qemu-m68k
            Source: xd.m68k.elf, 6228.1.000055ffa1001000.000055ffa1086000.rw-.sdmp, xd.m68k.elf, 6233.1.000055ffa1001000.000055ffa1086000.rw-.sdmp, xd.m68k.elf, 6235.1.000055ffa1001000.000055ffa1086000.rw-.sdmp, xd.m68k.elf, 6237.1.000055ffa1001000.000055ffa1086000.rw-.sdmp, xd.m68k.elf, 6238.1.000055ffa1001000.000055ffa1086000.rw-.sdmp, xd.m68k.elf, 6241.1.000055ffa1001000.000055ffa1086000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/m68k
            Source: xd.m68k.elf, 6228.1.00007ffe0e2fd000.00007ffe0e31e000.rw-.sdmp, xd.m68k.elf, 6233.1.00007ffe0e2fd000.00007ffe0e31e000.rw-.sdmp, xd.m68k.elf, 6235.1.00007ffe0e2fd000.00007ffe0e31e000.rw-.sdmp, xd.m68k.elf, 6237.1.00007ffe0e2fd000.00007ffe0e31e000.rw-.sdmp, xd.m68k.elf, 6238.1.00007ffe0e2fd000.00007ffe0e31e000.rw-.sdmp, xd.m68k.elf, 6241.1.00007ffe0e2fd000.00007ffe0e31e000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-m68k/tmp/xd.m68k.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/xd.m68k.elf

            Stealing of Sensitive Information

            barindex
            Source: Yara matchFile source: xd.m68k.elf, type: SAMPLE
            Source: Yara matchFile source: 6237.1.00007f2974001000.00007f2974012000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6233.1.00007f2974001000.00007f2974012000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6238.1.00007f2974001000.00007f2974012000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6228.1.00007f2974001000.00007f2974012000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6241.1.00007f2974001000.00007f2974012000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6235.1.00007f2974001000.00007f2974012000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: xd.m68k.elf PID: 6228, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: xd.m68k.elf PID: 6233, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: xd.m68k.elf PID: 6235, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: xd.m68k.elf PID: 6237, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: xd.m68k.elf PID: 6238, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: xd.m68k.elf PID: 6241, type: MEMORYSTR

            Remote Access Functionality

            barindex
            Source: Yara matchFile source: xd.m68k.elf, type: SAMPLE
            Source: Yara matchFile source: 6237.1.00007f2974001000.00007f2974012000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6233.1.00007f2974001000.00007f2974012000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6238.1.00007f2974001000.00007f2974012000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6228.1.00007f2974001000.00007f2974012000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6241.1.00007f2974001000.00007f2974012000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6235.1.00007f2974001000.00007f2974012000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: xd.m68k.elf PID: 6228, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: xd.m68k.elf PID: 6233, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: xd.m68k.elf PID: 6235, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: xd.m68k.elf PID: 6237, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: xd.m68k.elf PID: 6238, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: xd.m68k.elf PID: 6241, type: MEMORYSTR

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity Information1
            Scripting            		Valid AccountsWindows Management Instrumentation1
            Scripting            		Path Interception1
            File and Directory Permissions Modification            		1
            OS Credential Dumping            		11
            Security Software Discovery            		Remote ServicesData from Local System1
            Encrypted Channel            		Exfiltration Over Other Network Medium1
            Service Stop
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
            Disable or Modify Tools            		LSASS Memory1
            File and Directory Discovery            		Remote Desktop ProtocolData from Removable Media1
            Non-Standard Port            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
            Indicator Removal            		Security Account Manager1
            System Information Discovery            		SMB/Windows Admin SharesData from Network Shared Drive2
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
            File Deletion            		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
            Application Layer Protocol            		Traffic DuplicationData Destruction

            Malware Configuration

            No configs have been found

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Number of created Files
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1655043 Sample: xd.m68k.elf Startdate: 02/04/2025 Architecture: LINUX Score: 92 54 61.46.52.8, 23 ZAQJupiterTelecommunicationsCoLtdJP Japan 2->54 56 197.212.3.4, 23 ZAIN-ZAMBIAZM Zambia 2->56 58 99 other IPs or domains 2->58 64 Malicious sample detected (through community Yara rule) 2->64 66 Antivirus / Scanner detection for submitted sample 2->66 68 Multi AV Scanner detection for submitted file 2->68 70 Yara detected Mirai 2->70 8 xd.m68k.elf 2->8         started        10 systemd gpu-manager 2->10         started        12 gvfsd-fuse fusermount 2->12         started        15 48 other processes 2->15 signatures3 process4 signatures5 17 xd.m68k.elf 8->17         started        20 xd.m68k.elf 8->20         started        22 xd.m68k.elf 8->22         started        24 gpu-manager sh 10->24         started        26 gpu-manager sh 10->26         started        28 gpu-manager sh 10->28         started        32 5 other processes 10->32 72 Sample reads /proc/mounts (often used for finding a writable filesystem) 12->72 30 generate-config pkill 15->30         started        34 40 other processes 15->34 process6 signatures7 60 Sample tries to kill multiple processes (SIGKILL) 17->60 62 Sample deletes itself 17->62 36 xd.m68k.elf 20->36         started        50 2 other processes 20->50 38 sh grep 24->38         started        40 sh grep 26->40         started        42 sh grep 28->42         started        44 sh grep 32->44         started        46 sh grep 32->46         started        48 sh grep 32->48         started        52 2 other processes 32->52 process8

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            xd.m68k.elf64%ReversingLabsLinux.Backdoor.Mirai
            xd.m68k.elf62%VirustotalBrowse
            xd.m68k.elf100%AviraLINUX/Mirai.bonb

            Dropped Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            No Antivirus matches

            Domains and IPs

            Download Network PCAP: filteredfull

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            daisy.ubuntu.com
            		162.213.35.25
            		truefalse
              		high

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              https://daisy.ubuntu.com/9aadafe2051348cd32033e1cad68f0a5fe46fba3240ac1e6e42158f31b8a1371790c09baf3996b4979fe8e533446c7dedf30f654c68b25357334c66911dc6a9efalse
                		high

                World Map of Contacted IPs

                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs

                Public IPs

                IPDomainCountryFlagASNASN NameMalicious
                90.142.120.57
                		unknownSweden
                		1257TELE2EUfalse
                178.38.215.126
                		unknownSwitzerland
                		6730SUNRISECHfalse
                199.109.14.113
                		unknownUnited States
                		3754NYSERNET3-ASUSfalse
                183.144.47.112
                		unknownChina
                		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
                148.253.217.229
                		unknownUnited Kingdom
                		44503CHARTERHOUSEGBfalse
                102.159.225.135
                		unknownTunisia
                		37705TOPNETTNfalse
                254.52.172.116
                		unknownReserved
                		unknownunknownfalse
                197.212.3.4
                		unknownZambia
                		37287ZAIN-ZAMBIAZMfalse
                220.8.166.56
                		unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
                243.214.82.243
                		unknownReserved
                		unknownunknownfalse
                54.37.243.216
                		unknownFrance
                		16276OVHFRfalse
                158.218.129.144
                		unknownUnited Kingdom
                		2907SINET-ASResearchOrganizationofInformationandSystemsNfalse
                252.246.255.166
                		unknownReserved
                		unknownunknownfalse
                217.32.57.10
                		unknownUnited Kingdom
                		6871PLUSNETUKInternetServiceProviderGBfalse
                122.22.22.136
                		unknownJapan4713OCNNTTCommunicationsCorporationJPfalse
                54.115.124.195
                		unknownUnited States
                		16509AMAZON-02USfalse
                163.66.181.21
                		unknownFrance
                		17816CHINA169-GZChinaUnicomIPnetworkChina169Guangdongprovifalse
                194.251.49.172
                		unknownFinland
                		1759TSF-IP-CORETeliaFinlandOyjEUfalse
                69.10.192.31
                		unknownUnited States
                		20394MASHELL-TELECOMUSfalse
                47.131.121.98
                		unknownCanada
                		34533ESAMARA-ASRUfalse
                119.62.164.163
                		unknownChina
                		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
                243.181.12.244
                		unknownReserved
                		unknownunknownfalse
                91.189.91.43
                		unknownUnited Kingdom
                		41231CANONICAL-ASGBfalse
                91.189.91.42
                		unknownUnited Kingdom
                		41231CANONICAL-ASGBfalse
                246.188.74.174
                		unknownReserved
                		unknownunknownfalse
                13.209.216.226
                		unknownUnited States
                		16509AMAZON-02USfalse
                74.226.122.129
                		unknownUnited States
                		19108SUDDENLINK-COMMUNICATIONSUSfalse
                116.23.21.55
                		unknownChina
                		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
                48.30.52.188
                		unknownUnited States
                		2686ATGS-MMD-ASUSfalse
                222.140.207.168
                		unknownChina
                		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
                42.219.246.211
                		unknownChina
                		4249LILLY-ASUSfalse
                180.45.12.149
                		unknownJapan4713OCNNTTCommunicationsCorporationJPfalse
                207.102.240.96
                		unknownCanada
                		15101CENTRAL1CAfalse
                145.202.208.46
                		unknownNetherlands
                		1101IP-EEND-ASIP-EENDBVNLfalse
                36.32.150.85
                		unknownChina
                		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
                187.245.34.185
                		unknownMexico
                		13999MegaCableSAdeCVMXfalse
                245.142.23.77
                		unknownReserved
                		unknownunknownfalse
                57.195.237.16
                		unknownBelgium
                		2686ATGS-MMD-ASUSfalse
                36.178.74.4
                		unknownChina
                		9808CMNET-GDGuangdongMobileCommunicationCoLtdCNfalse
                251.103.244.158
                		unknownReserved
                		unknownunknownfalse
                35.46.105.251
                		unknownUnited States
                		36375UMICH-AS-5USfalse
                177.120.18.30
                		unknownBrazil
                		26615TIMSABRfalse
                152.132.241.131
                		unknownUnited States
                		29992VA-TMP-COREUSfalse
                173.168.150.6
                		unknownUnited States
                		33363BHN-33363USfalse
                126.163.68.241
                		unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
                125.73.77.43
                		unknownChina
                		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
                187.62.221.145
                		unknownBrazil
                		28165WirelessCommServicesLTDABRfalse
                16.208.243.89
                		unknownUnited States
                		unknownunknownfalse
                252.116.139.62
                		unknownReserved
                		unknownunknownfalse
                100.26.227.90
                		unknownUnited States
                		14618AMAZON-AESUSfalse
                34.131.57.216
                		unknownUnited States
                		2686ATGS-MMD-ASUSfalse
                189.154.137.89
                		unknownMexico
                		8151UninetSAdeCVMXfalse
                248.59.65.210
                		unknownReserved
                		unknownunknownfalse
                180.215.59.218
                		unknownSingapore
                		64050BCPL-SGBGPNETGlobalASNSGfalse
                246.103.156.191
                		unknownReserved
                		unknownunknownfalse
                157.51.190.228
                		unknownIndia
                		55836RELIANCEJIO-INRelianceJioInfocommLimitedINfalse
                124.93.238.61
                		unknownChina
                		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
                97.162.249.42
                		unknownUnited States
                		6167CELLCO-PARTUSfalse
                139.30.37.136
                		unknownGermany
                		680DFNVereinzurFoerderungeinesDeutschenForschungsnetzesefalse
                87.235.173.225
                		unknownSpain
                		12430VODAFONE_ESESfalse
                124.91.43.189
                		unknownChina
                		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
                245.230.89.57
                		unknownReserved
                		unknownunknownfalse
                145.123.152.154
                		unknownNetherlands
                		1103SURFNET-NLSURFnetTheNetherlandsNLfalse
                43.150.124.81
                		unknownJapan4249LILLY-ASUSfalse
                32.109.166.110
                		unknownUnited States
                		2688ATGS-MMD-ASUSfalse
                133.49.138.41
                		unknownJapan2907SINET-ASResearchOrganizationofInformationandSystemsNfalse
                31.190.116.88
                		unknownItaly
                		24608WINDTRE-ASITfalse
                135.169.36.190
                		unknownUnited States
                		18676AVAYAUSfalse
                90.21.80.122
                		unknownFrance
                		3215FranceTelecom-OrangeFRfalse
                59.40.41.88
                		unknownChina
                		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
                123.95.245.116
                		unknownChina
                		9394CTTNETChinaTieTongTelecommunicationsCorporationCNfalse
                213.209.129.92
                		unknownGermany
                		42821RAPIDNET-DEHaunstetterStr19DEfalse
                222.117.30.57
                		unknownKorea Republic of
                		4766KIXS-AS-KRKoreaTelecomKRfalse
                86.67.231.106
                		unknownFrance
                		15557LDCOMNETFRfalse
                117.133.63.73
                		unknownChina
                		56048CMNET-BEIJING-APChinaMobileCommunicaitonsCorporationCNfalse
                87.210.63.242
                		unknownNetherlands
                		13127VERSATELASfortheTrans-EuropeanTele2IPTransportbackbofalse
                88.28.231.247
                		unknownSpain
                		3352TELEFONICA_DE_ESPANAESfalse
                191.107.242.220
                		unknownColombia
                		61317ASDETUKhttpwwwheficedcomGBfalse
                61.46.52.8
                		unknownJapan9617ZAQJupiterTelecommunicationsCoLtdJPfalse
                142.107.6.117
                		unknownCanada
                		808GONET-ASN-1CAfalse
                122.152.222.136
                		unknownChina
                		45090CNNIC-TENCENT-NET-APShenzhenTencentComputerSystemsCompafalse
                110.120.201.214
                		unknownChina
                		38370CTTNETChinaTieTongTelecommunicationsCorporationCNfalse
                124.78.149.189
                		unknownChina
                		4812CHINANET-SH-APChinaTelecomGroupCNfalse
                62.43.206.136
                		unknownSpain
                		12357COMUNITELSPAINESfalse
                38.38.81.82
                		unknownUnited States
                		174COGENT-174USfalse
                123.228.2.219
                		unknownKorea Republic of
                		9644SKTELECOM-NET-ASSKTelecomKRfalse
                187.173.180.44
                		unknownMexico
                		8151UninetSAdeCVMXfalse
                118.167.206.120
                		unknownTaiwan; Republic of China (ROC)
                		3462HINETDataCommunicationBusinessGroupTWfalse
                168.189.222.16
                		unknownUnited States
                		53526THECLO-ASNUSfalse
                1.111.156.50
                		unknownKorea Republic of
                		4766KIXS-AS-KRKoreaTelecomKRfalse
                217.145.206.107
                		unknownSlovakia (SLOVAK Republic)
                		12426MADNET-ASSKfalse
                133.72.132.225
                		unknownJapan2907SINET-ASResearchOrganizationofInformationandSystemsNfalse
                72.249.84.98
                		unknownUnited States
                		36024AS-TIERP-36024USfalse
                195.3.30.66
                		unknownFrance
                		15557LDCOMNETFRfalse
                162.213.35.24
                		unknownUnited States
                		41231CANONICAL-ASGBfalse
                212.131.89.32
                		unknownItaly
                		3269ASN-IBSNAZITfalse
                85.169.47.23
                		unknownFrance
                		21502ASN-NUMERICABLEFRfalse
                195.95.165.97
                		unknownUkraine
                		47898PTW-ASUAfalse
                98.7.174.129
                		unknownUnited States
                		40294CHARTER-40294-DCUSfalse
                243.70.254.172
                		unknownReserved
                		unknownunknownfalse

                Joe Sandbox View / Context

                IPs

                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                91.189.91.43xd.mips.elfGet hashmaliciousMiraiBrowse
                  sshd.elfGet hashmaliciousUnknownBrowse
                    xd.mpsl.elfGet hashmaliciousMiraiBrowse
                      na.elfGet hashmaliciousPrometeiBrowse
                        xd.i686.elfGet hashmaliciousMiraiBrowse
                          xd.arm.elfGet hashmaliciousMiraiBrowse
                            xd.sh4.elfGet hashmaliciousMiraiBrowse
                              xd.arm5.elfGet hashmaliciousMiraiBrowse
                                na.elfGet hashmaliciousPrometeiBrowse
                                  xd.i486.elfGet hashmaliciousMiraiBrowse
                                    91.189.91.42xd.mips.elfGet hashmaliciousMiraiBrowse
                                      sshd.elfGet hashmaliciousUnknownBrowse
                                        xd.mpsl.elfGet hashmaliciousMiraiBrowse
                                          na.elfGet hashmaliciousPrometeiBrowse
                                            xd.i686.elfGet hashmaliciousMiraiBrowse
                                              xd.arm.elfGet hashmaliciousMiraiBrowse
                                                xd.sh4.elfGet hashmaliciousMiraiBrowse
                                                  xd.arm5.elfGet hashmaliciousMiraiBrowse
                                                    na.elfGet hashmaliciousPrometeiBrowse
                                                      xd.i486.elfGet hashmaliciousMiraiBrowse

                                                        Domains

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        daisy.ubuntu.comxd.mips.elfGet hashmaliciousMiraiBrowse
                                                        • 162.213.35.24
                                                        xd.arm6.elfGet hashmaliciousMiraiBrowse
                                                        • 162.213.35.24
                                                        xd.arm6.elfGet hashmaliciousMiraiBrowse
                                                        • 162.213.35.25
                                                        xd.x86.elfGet hashmaliciousMiraiBrowse
                                                        • 162.213.35.25
                                                        xd.x86_64.elfGet hashmaliciousMiraiBrowse
                                                        • 162.213.35.25
                                                        boatnet.x86.elfGet hashmaliciousMiraiBrowse
                                                        • 162.213.35.25
                                                        boatnet.arm.elfGet hashmaliciousMiraiBrowse
                                                        • 162.213.35.25
                                                        boatnet.arm6.elfGet hashmaliciousMiraiBrowse
                                                        • 162.213.35.25
                                                        bejv86.elfGet hashmaliciousUnknownBrowse
                                                        • 162.213.35.24
                                                        arm7.elfGet hashmaliciousMiraiBrowse
                                                        • 162.213.35.24

                                                        ASNs

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        CHINANET-BACKBONENo31Jin-rongStreetCNxd.mips.elfGet hashmaliciousMiraiBrowse
                                                        • 14.209.51.203
                                                        xd.x86.elfGet hashmaliciousMiraiBrowse
                                                        • 171.81.85.175
                                                        xd.powerpc-440fp.elfGet hashmaliciousMiraiBrowse
                                                        • 36.22.80.62
                                                        xd.sh4.elfGet hashmaliciousMiraiBrowse
                                                        • 171.47.160.33
                                                        xd.x86_64.elfGet hashmaliciousMiraiBrowse
                                                        • 116.22.120.195
                                                        http://daugavpils.pilseta24.lv/linkredirect/?link=https%3A%2F%2Fmujicconstruction.com%2Fjustdoitforyou%2F123%2FbGF1cmEuYmVyZ21hbkBwb3N0bm9yZC5jb20=&referer=daugavpils.pilseta24.lv%2Fzina%3Fslug%3Deccal-briketes-un-apkures-granulas-ar-lielisku-kvalitati-pievilcigu-cenu-videi-draudzigs-un-izd-8c175fc171&additional_params=%7B%22company_orig_id%22%3A%22267661%22%2C%22object_country_id%22%3A%22lv%22%2C%22referer_layout_type%22%3A%22SR%22%2C%22bannerinfo%22%3A%22%7B%5C%22key%5C%22%3A%5C%22%5C%5C%5C%22Apbed%5C%5Cu012b%5C%5Cu0161anas+nams-krematorija%5C%5C%5C%22%2C+SIA%7C2020-09-11%7C2021-08-23%7Cdaugavpils+p24+lielais+baneris%7Chttps%3A%5C%5C%5C%2F%5C%5C%5C%2Fwww.krematorijariga.lv%5C%5C%5C%2F%7C%7Cupload%5C%5C%5C%2F267661%5C%5C%5C%2Fbaners%5C%5C%5C%2F1184_krematorija_980x90.gif%7Clva%7C267661%7C980%7C90%7C%7C0%7C0%7C%7C0%7C0%7C%5C%22%2C%5C%22doc_count%5C%22%3A1%2C%5C%22key0%5C%22%3A%5C%22%5C%5C%5C%22Apbed%5C%5Cu012b%5C%5Cu0161anas+nams-krematorija%5C%5C%5C%22%2C+SIA%5C%22%2C%5C%22key1%5C%22%3A%5C%222020-09-11%5C%22%2C%5C%22key2%5C%22%3A%5C%222021-08-23%5C%22%2C%5C%22key3%5C%22%3A%5C%22daugavpils+p24+lielais+baneris%5C%22%2C%5C%22key4%5C%22%3A%5C%22https%3A%5C%5C%5C%2F%5C%5C%5C%2Fwww.krematorijariga.lv%5C%5C%5C%2F%5C%22%2C%5C%22key5%5C%22%3A%5C%22%5C%22%2C%5C%22key6%5C%22%3A%5C%22upload%5C%5C%5C%2F267661%5C%5C%5C%2Fbaners%5C%5C%5C%2F1184_krematorija_980x90.gif%5C%22%2C%5C%22key7%5C%22%3A%5C%22lva%5C%22%2C%5C%22key8%5C%22%3A%5C%22267661%5C%22%2C%5C%22key9%5C%22%3A%5C%22980%5C%22%2C%5C%22key10%5C%22%3A%5C%2290%5C%22%2C%5C%22key11%5C%22%3A%5C%22%5C%22%2C%5C%22key12%5C%22%3A%5C%220%5C%22%2C%5C%22key13%5C%22%3A%5C%220%5C%22%2C%5C%22key14%5C%22%3A%5C%22%5C%22%2C%5C%22key15%5C%22%3A%5C%220%5C%22%2C%5C%22key16%5C%22%3A%5C%220%5C%22%2C%5C%22key17%5C%22%3A%5C%22%5C%22%7D%22%7D&control=494d2e7146aade77cb8a9ef0fd1fd133Get hashmaliciousHTMLPhisherBrowse
                                                        • 63.140.39.9
                                                        utorrent_installer.exeGet hashmaliciousUnknownBrowse
                                                        • 221.225.226.18
                                                        utorrent_installer.exeGet hashmaliciousUnknownBrowse
                                                        • 106.63.26.28
                                                        https://www.notion.so/1c85839ca3918049b295de37b1c532aaGet hashmaliciousHTMLPhisherBrowse
                                                        • 63.140.39.93
                                                        xd.mips.elfGet hashmaliciousMiraiBrowse
                                                        • 121.8.97.224
                                                        SUNRISECHmssecsvc.exe.exeGet hashmaliciousWannacryBrowse
                                                        • 31.165.163.7
                                                        k03ldc.arm.elfGet hashmaliciousUnknownBrowse
                                                        • 84.227.11.204
                                                        x64.elfGet hashmaliciousGafgyt, OkiruBrowse
                                                        • 194.230.199.166
                                                        weje64.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                        • 178.38.28.155
                                                        ppc.elfGet hashmaliciousOkiruBrowse
                                                        • 89.217.215.197
                                                        g4za.mpsl.elfGet hashmaliciousMiraiBrowse
                                                        • 31.165.131.126
                                                        loligang.x86.elfGet hashmaliciousMiraiBrowse
                                                        • 62.167.118.31
                                                        nklmpsl.elfGet hashmaliciousUnknownBrowse
                                                        • 188.154.143.190
                                                        hgfs.mpsl.elfGet hashmaliciousUnknownBrowse
                                                        • 89.217.108.30
                                                        apep.mpsl.elfGet hashmaliciousUnknownBrowse
                                                        • 31.164.32.8
                                                        TOPNETTNbimbo-x86.elfGet hashmaliciousUnknownBrowse
                                                        • 102.158.97.44
                                                        resgod.m68k.elfGet hashmaliciousMiraiBrowse
                                                        • 41.230.97.118
                                                        resgod.arm.elfGet hashmaliciousMiraiBrowse
                                                        • 197.1.178.238
                                                        sora.arm7.elfGet hashmaliciousMiraiBrowse
                                                        • 197.2.168.197
                                                        boatnet.mips.elfGet hashmaliciousMiraiBrowse
                                                        • 41.230.97.126
                                                        boatnet.arm7.elfGet hashmaliciousMiraiBrowse
                                                        • 197.2.168.163
                                                        boatnet.m68k.elfGet hashmaliciousMiraiBrowse
                                                        • 197.238.77.125
                                                        boatnet.arm.elfGet hashmaliciousMiraiBrowse
                                                        • 197.2.168.196
                                                        boatnet.spc.elfGet hashmaliciousMiraiBrowse
                                                        • 41.62.154.109
                                                        boatnet.sh4.elfGet hashmaliciousMiraiBrowse
                                                        • 197.240.45.189
                                                        TELE2EUxd.x86.elfGet hashmaliciousMiraiBrowse
                                                        • 83.180.191.8
                                                        xd.ppc.elfGet hashmaliciousMiraiBrowse
                                                        • 159.78.224.125
                                                        xd.arm7.elfGet hashmaliciousMiraiBrowse
                                                        • 213.100.68.200
                                                        x86_64.elfGet hashmaliciousUnknownBrowse
                                                        • 90.132.203.133
                                                        sh4.elfGet hashmaliciousUnknownBrowse
                                                        • 176.70.136.121
                                                        x86.elfGet hashmaliciousUnknownBrowse
                                                        • 83.179.92.102
                                                        k03ldc.m68k.elfGet hashmaliciousUnknownBrowse
                                                        • 91.131.212.212
                                                        k03ldc.i686.elfGet hashmaliciousUnknownBrowse
                                                        • 83.178.193.241
                                                        k03ldc.mips.elfGet hashmaliciousUnknownBrowse
                                                        • 83.179.135.231
                                                        x86.elfGet hashmaliciousUnknownBrowse
                                                        • 90.144.196.108
                                                        NYSERNET3-ASUSk03ldc.spc.elfGet hashmaliciousUnknownBrowse
                                                        • 199.109.115.19
                                                        m68k.elfGet hashmaliciousUnknownBrowse
                                                        • 137.238.255.205
                                                        nabarm5.elfGet hashmaliciousUnknownBrowse
                                                        • 199.109.127.52
                                                        res.mips.elfGet hashmaliciousUnknownBrowse
                                                        • 137.238.255.212
                                                        KKveTTgaAAsecNNaaaa.spc.elfGet hashmaliciousUnknownBrowse
                                                        • 199.110.246.68
                                                        RpHVKGndFL.elfGet hashmaliciousUnknownBrowse
                                                        • 199.109.36.157
                                                        skid.arm7.elfGet hashmaliciousMirai, MoobotBrowse
                                                        • 199.110.246.78
                                                        log21.arm.elfGet hashmaliciousMirai, MoobotBrowse
                                                        • 137.238.255.251
                                                        skid.arm7-20220823-1147Get hashmaliciousMirai, MoobotBrowse
                                                        • 199.109.36.101
                                                        cutie.arm7Get hashmaliciousMiraiBrowse
                                                        • 137.238.255.228

                                                        JA3 Fingerprints

                                                        No context

                                                        Dropped Files

                                                        No context

                                                        Created / dropped Files

                                                        Process:/usr/bin/pulseaudio
                                                        File Type:ASCII text
                                                        Category:dropped
                                                        Size (bytes):10
                                                        Entropy (8bit):2.9219280948873623
                                                        Encrypted:false
                                                        SSDEEP:3:5bkPn:pkP
                                                        MD5:FF001A15CE15CF062A3704CEA2991B5F
                                                        SHA1:B06F6855F376C3245B82212AC73ADED55DFE5DEF
                                                        SHA-256:C54830B41ECFA1B6FBDC30397188DDA86B7B200E62AEAC21AE694A6192DCC38A
                                                        SHA-512:65EBF7C31F6F65713CE01B38A112E97D0AE64A6BD1DA40CE4C1B998F10CD3912EE1A48BB2B279B24493062118AAB3B8753742E2AF28E56A31A7AAB27DE80E7BF
                                                        Malicious:false
                                                        Reputation:moderate, very likely benign file
                                                        Preview:auto_null.
                                                        Process:/usr/bin/pulseaudio
                                                        File Type:ASCII text
                                                        Category:dropped
                                                        Size (bytes):18
                                                        Entropy (8bit):3.4613201402110088
                                                        Encrypted:false
                                                        SSDEEP:3:5bkrIZsXvn:pkckv
                                                        MD5:28FE6435F34B3367707BB1C5D5F6B430
                                                        SHA1:EB8FE2D16BD6BBCCE106C94E4D284543B2573CF6
                                                        SHA-256:721A37C69E555799B41D308849E8F8125441883AB021B723FED90A9B744F36C0
                                                        SHA-512:6B6AB7C0979629D0FEF6BE47C5C6BCC367EDD0AAE3FC973F4DE2FD5F0A819C89E7656DB65D453B1B5398E54012B27EDFE02894AD87A7E0AF3A9C5F2EB24A9919
                                                        Malicious:false
                                                        Reputation:moderate, very likely benign file
                                                        Preview:auto_null.monitor.
                                                        Process:/usr/sbin/gdm3
                                                        File Type:ASCII text
                                                        Category:dropped
                                                        Size (bytes):5
                                                        Entropy (8bit):2.321928094887362
                                                        Encrypted:false
                                                        SSDEEP:3:X2:G
                                                        MD5:C6733A10A907D115736253130FFC1E16
                                                        SHA1:4894C014175828BF6AC22FA3EFA33CFDD3905436
                                                        SHA-256:6090476896F07F4B60F5CB387CD33A06A2BD5A60E597618A817AA51C7865F9C1
                                                        SHA-512:C4D174E5E837EF62A2EDC53DFC0079815A0B97A267CABAB40B6D3BA86CAD2AA58D6CDF53DD6F9DA47405B83C1D0BEC6AF6A67269C1B8D5F4572CDD1B3E54479A
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:6391.
                                                        Process:/usr/bin/pulseaudio
                                                        File Type:ASCII text
                                                        Category:dropped
                                                        Size (bytes):5
                                                        Entropy (8bit):1.9219280948873623
                                                        Encrypted:false
                                                        SSDEEP:3:dc:6
                                                        MD5:DFE615D838F1944C4D660444DBF9F951
                                                        SHA1:4692DA54296E87C0BF26C11962868EC77A33537F
                                                        SHA-256:7CD98B83C0690F4A87FDC21541949380FC5DAE8E7FD5685EE054E98517031CF8
                                                        SHA-512:5303A7BB92FEBFF51CDC486C3F6C4217E0FF1E9AC88DC315A49352B12271524BCD3C2A9EDA9465907EA827FBBFD454010F8F5C3B5CCF983E4F812B878C4851CF
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:6337.
                                                        Process:/usr/bin/gpu-manager
                                                        File Type:ASCII text
                                                        Category:dropped
                                                        Size (bytes):25
                                                        Entropy (8bit):2.7550849518197795
                                                        Encrypted:false
                                                        SSDEEP:3:JoT/V9fDVbn:M/V3n
                                                        MD5:078760523943E160756979906B85FB5E
                                                        SHA1:0962643266F4C5537F7D125046F28F21D6DD0C89
                                                        SHA-256:048416AC7A9A99690B8B53718CD39F32F637B55CC8DD8E67E58E5AEF060DD41C
                                                        SHA-512:DEFAAE8F8B54C61A716A0B0B4884358FEB8EB44DFEA01AAA5A687FDA7182792B7DEBB34AA840672EB3B40EB59FD0186749E08E47D181786C7FAA8C8F73F0104D
                                                        Malicious:false
                                                        Reputation:moderate, very likely benign file
                                                        Preview:15ad:0405;0000:00:0f:0;1.
                                                        Process:/usr/bin/gpu-manager
                                                        File Type:ASCII text
                                                        Category:dropped
                                                        Size (bytes):1371
                                                        Entropy (8bit):4.8296848499188485
                                                        Encrypted:false
                                                        SSDEEP:24:wPXXX9uV6BNu3WDF3GF3XFFxFFed2uk2HUvJlfWkpPpx7uvvAdow9555cJz:wPXXXe6vejpeC2HUR5WkpPpcvAdow95O
                                                        MD5:3AF77E630DA00B3BE24F4E8AA5D78B13
                                                        SHA1:BCF2D99E002F6DE2413A183227B011CFBEF5673D
                                                        SHA-256:EB1CBBA20845237B4409274D693FEAE13F835274DA3337B7A9D14F4D7FDF9DEA
                                                        SHA-512:8524B1E8A761F962B32F396812099B9B0B2DCF3C9FCA8605424753CFCFF4DC67EDC5EE1D8C91B9C0ED7FAE6BB1E752898B8D514B7C421D1839D6FEDA609C593C
                                                        Malicious:false
                                                        Reputation:moderate, very likely benign file
                                                        Preview:log_file: /var/log/gpu-manager.log.last_boot_file: /var/lib/ubuntu-drivers-common/last_gfx_boot.new_boot_file: /var/lib/ubuntu-drivers-common/last_gfx_boot.can't access /run/u-d-c-nvidia-was-loaded file.can't get module info via kmodcan't access /opt/amdgpu-pro/bin/amdgpu-pro-px.Looking for nvidia modules in /lib/modules/5.4.0-72-generic/kernel.Looking for nvidia modules in /lib/modules/5.4.0-72-generic/updates/dkms.Looking for amdgpu modules in /lib/modules/5.4.0-72-generic/kernel.Looking for amdgpu modules in /lib/modules/5.4.0-72-generic/updates/dkms.Is nvidia loaded? no.Was nvidia unloaded? no.Is nvidia blacklisted? no.Is intel loaded? no.Is radeon loaded? no.Is radeon blacklisted? no.Is amdgpu loaded? no.Is amdgpu blacklisted? no.Is amdgpu versioned? no.Is amdgpu pro stack? no.Is nouveau loaded? no.Is nouveau blacklisted? no.Is nvidia kernel module available? no.Is amdgpu kernel module available? no.Vendor/Device Id: 15ad:405.BusID "PCI:0@0:15:0".Is boot vga? yes.Error: can't acce

                                                        Static File Info

                                                        General

                                                        File type:ELF 32-bit MSB executable, Motorola m68k, 68020, version 1 (SYSV), statically linked, stripped
                                                        Entropy (8bit):6.411265216819995
                                                        TrID:
                                                        • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                                                        File name:xd.m68k.elf
                                                        File size:68'204 bytes
                                                        MD5:cb58ee51514fc861df5da86ab6679e08
                                                        SHA1:5eaf222deaac3217c66a3775b5562b75c810edb4
                                                        SHA256:40d60e1003f2d54ce4eb5452486547f86804bdf18018bd5942dd6c5035585130
                                                        SHA512:ff557d6d5c5e7ddbfa29d19f162dfac7b26c1465a3aff519e34a77f09d5fd035ebf0ecaaebf0ff5b66db8727581d90844012a76a12eedf38bfe3962ae55b9b87
                                                        SSDEEP:1536:MQwmDAhgRaHCQzvBInusFB2fWS7Y4Yg1p+uZw93Pb88V2rETCCfKA2tT:p7szvBI7B2fWb49p+SSDa6fF2tT
                                                        TLSH:3E634BE9F4019E7DF98BD5BAC0228E0ABC2162D051931B2773B7FDA37D72195E806C49
                                                        File Content Preview:.ELF.......................D...4.........4. ...(.......................t...t...... ........x..&x..&x...$... ...... .dt.Q............................NV..a....da.....N^NuNV..J9..(.f>"y..&. QJ.g.X.#...&.N."y..&. QJ.f.A.....J.g.Hy...tN.X.......(.N^NuNV..N^NuN

                                                        Static ELF Info

                                                        ELF header

                                                        Class:ELF32
                                                        Data:2's complement, big endian
                                                        Version:1 (current)
                                                        Machine:MC68000
                                                        Version Number:0x1
                                                        Type:EXEC (Executable file)
                                                        OS/ABI:UNIX - System V
                                                        ABI Version:0
                                                        Entry Point Address:0x80000144
                                                        Flags:0x0
                                                        ELF Header Size:52
                                                        Program Header Offset:52
                                                        Program Header Size:32
                                                        Number of Program Headers:3
                                                        Section Header Offset:67804
                                                        Section Header Size:40
                                                        Number of Section Headers:10
                                                        Header String Table Index:9

                                                        Sections

                                                        NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                                                        NULL0x00x00x00x00x0000
                                                        .initPROGBITS0x800000940x940x140x00x6AX002
                                                        .textPROGBITS0x800000a80xa80xeeca0x00x6AX004
                                                        .finiPROGBITS0x8000ef720xef720xe0x00x6AX002
                                                        .rodataPROGBITS0x8000ef800xef800x16f40x00x2A002
                                                        .ctorsPROGBITS0x800126780x106780x80x00x3WA004
                                                        .dtorsPROGBITS0x800126800x106800x80x00x3WA004
                                                        .dataPROGBITS0x8001268c0x1068c0x2100x00x3WA004
                                                        .bssNOBITS0x8001289c0x1089c0x3fc0x00x3WA004
                                                        .shstrtabSTRTAB0x00x1089c0x3e0x00x0001

                                                        Program Segments

                                                        TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                                        LOAD0x00x800000000x800000000x106740x106746.44110x5R E0x2000.init .text .fini .rodata
                                                        LOAD0x106780x800126780x800126780x2240x6203.06830x6RW 0x2000.ctors .dtors .data .bss
                                                        GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

                                                        Network Behavior

                                                        Download Network PCAP: filteredfull

                                                        Network Port Distribution

                                                        • Total Packets: 203
                                                        • 7887 undefined
                                                        • 443 (HTTPS)
                                                        • 80 (HTTP)
                                                        • 53 (DNS)
                                                        • 23 (Telnet)
                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Apr 2, 2025 22:13:17.501658916 CEST43928443192.168.2.2391.189.91.42
                                                        Apr 2, 2025 22:13:17.757450104 CEST33606443192.168.2.2354.171.230.55
                                                        Apr 2, 2025 22:13:18.581923962 CEST605327887192.168.2.23213.209.129.92
                                                        Apr 2, 2025 22:13:18.595738888 CEST1973323192.168.2.23115.12.101.191
                                                        Apr 2, 2025 22:13:18.595738888 CEST1973323192.168.2.23222.140.207.168
                                                        Apr 2, 2025 22:13:18.595746994 CEST1973323192.168.2.2394.223.190.14
                                                        Apr 2, 2025 22:13:18.595746994 CEST1973323192.168.2.23195.3.30.66
                                                        Apr 2, 2025 22:13:18.595748901 CEST1973323192.168.2.2320.197.205.134
                                                        Apr 2, 2025 22:13:18.595748901 CEST1973323192.168.2.2398.7.174.129
                                                        Apr 2, 2025 22:13:18.595748901 CEST1973323192.168.2.23201.187.65.81
                                                        Apr 2, 2025 22:13:18.595748901 CEST1973323192.168.2.23246.188.74.174
                                                        Apr 2, 2025 22:13:18.595748901 CEST1973323192.168.2.23133.49.138.41
                                                        Apr 2, 2025 22:13:18.595748901 CEST1973323192.168.2.2357.195.237.16
                                                        Apr 2, 2025 22:13:18.595752954 CEST1973323192.168.2.23145.202.208.46
                                                        Apr 2, 2025 22:13:18.595772028 CEST1973323192.168.2.23166.213.110.234
                                                        Apr 2, 2025 22:13:18.595772028 CEST1973323192.168.2.23187.245.34.185
                                                        Apr 2, 2025 22:13:18.595772028 CEST1973323192.168.2.2360.64.224.192
                                                        Apr 2, 2025 22:13:18.595772028 CEST1973323192.168.2.23100.26.227.90
                                                        Apr 2, 2025 22:13:18.595772982 CEST1973323192.168.2.23126.163.68.241
                                                        Apr 2, 2025 22:13:18.595777035 CEST1973323192.168.2.23194.251.49.172
                                                        Apr 2, 2025 22:13:18.595776081 CEST1973323192.168.2.23252.246.255.166
                                                        Apr 2, 2025 22:13:18.595777035 CEST1973323192.168.2.2354.115.124.195
                                                        Apr 2, 2025 22:13:18.595776081 CEST1973323192.168.2.23187.62.221.145
                                                        Apr 2, 2025 22:13:18.595777035 CEST1973323192.168.2.23152.183.183.149
                                                        Apr 2, 2025 22:13:18.595776081 CEST1973323192.168.2.23163.51.178.209
                                                        Apr 2, 2025 22:13:18.595772982 CEST1973323192.168.2.2396.173.142.244
                                                        Apr 2, 2025 22:13:18.595776081 CEST1973323192.168.2.2384.84.226.102
                                                        Apr 2, 2025 22:13:18.595772982 CEST1973323192.168.2.2393.218.202.162
                                                        Apr 2, 2025 22:13:18.595776081 CEST1973323192.168.2.2353.165.6.251
                                                        Apr 2, 2025 22:13:18.595781088 CEST1973323192.168.2.23163.66.181.21
                                                        Apr 2, 2025 22:13:18.595776081 CEST1973323192.168.2.2353.153.255.103
                                                        Apr 2, 2025 22:13:18.595772982 CEST1973323192.168.2.2399.16.30.72
                                                        Apr 2, 2025 22:13:18.595792055 CEST1973323192.168.2.23176.98.66.251
                                                        Apr 2, 2025 22:13:18.595782042 CEST1973323192.168.2.23243.181.12.244
                                                        Apr 2, 2025 22:13:18.595772982 CEST1973323192.168.2.2359.40.41.88
                                                        Apr 2, 2025 22:13:18.595781088 CEST1973323192.168.2.23169.199.147.173
                                                        Apr 2, 2025 22:13:18.595796108 CEST1973323192.168.2.23152.139.3.72
                                                        Apr 2, 2025 22:13:18.595781088 CEST1973323192.168.2.2334.131.57.216
                                                        Apr 2, 2025 22:13:18.595781088 CEST1973323192.168.2.23243.214.82.243
                                                        Apr 2, 2025 22:13:18.595782995 CEST1973323192.168.2.23189.185.244.112
                                                        Apr 2, 2025 22:13:18.595802069 CEST1973323192.168.2.23180.215.59.218
                                                        Apr 2, 2025 22:13:18.595796108 CEST1973323192.168.2.23222.161.13.201
                                                        Apr 2, 2025 22:13:18.595782995 CEST1973323192.168.2.2331.190.116.88
                                                        Apr 2, 2025 22:13:18.595782042 CEST1973323192.168.2.235.197.86.243
                                                        Apr 2, 2025 22:13:18.595782995 CEST1973323192.168.2.23220.8.166.56
                                                        Apr 2, 2025 22:13:18.595782042 CEST1973323192.168.2.23217.145.206.107
                                                        Apr 2, 2025 22:13:18.595782995 CEST1973323192.168.2.23154.192.10.246
                                                        Apr 2, 2025 22:13:18.595797062 CEST1973323192.168.2.23189.154.137.89
                                                        Apr 2, 2025 22:13:18.595782995 CEST1973323192.168.2.23243.70.254.172
                                                        Apr 2, 2025 22:13:18.595810890 CEST1973323192.168.2.23118.167.206.120
                                                        Apr 2, 2025 22:13:18.595782042 CEST1973323192.168.2.23110.120.201.214
                                                        Apr 2, 2025 22:13:18.595810890 CEST1973323192.168.2.23217.32.57.10
                                                        Apr 2, 2025 22:13:18.595839024 CEST1973323192.168.2.23168.189.222.16
                                                        Apr 2, 2025 22:13:18.595869064 CEST1973323192.168.2.23197.212.3.4
                                                        Apr 2, 2025 22:13:18.595885038 CEST1973323192.168.2.2384.231.220.227
                                                        Apr 2, 2025 22:13:18.595906019 CEST1973323192.168.2.23177.120.18.30
                                                        Apr 2, 2025 22:13:18.595937967 CEST1973323192.168.2.23123.95.245.116
                                                        Apr 2, 2025 22:13:18.595937967 CEST1973323192.168.2.23245.142.23.77
                                                        Apr 2, 2025 22:13:18.595957041 CEST1973323192.168.2.23248.95.162.75
                                                        Apr 2, 2025 22:13:18.595982075 CEST1973323192.168.2.23124.91.43.189
                                                        Apr 2, 2025 22:13:18.595982075 CEST1973323192.168.2.23191.107.242.220
                                                        Apr 2, 2025 22:13:18.596003056 CEST1973323192.168.2.2342.219.246.211
                                                        Apr 2, 2025 22:13:18.596029043 CEST1973323192.168.2.2372.249.84.98
                                                        Apr 2, 2025 22:13:18.596059084 CEST1973323192.168.2.2387.235.173.225
                                                        Apr 2, 2025 22:13:18.596136093 CEST1973323192.168.2.23145.123.152.154
                                                        Apr 2, 2025 22:13:18.596179008 CEST1973323192.168.2.23207.94.38.75
                                                        Apr 2, 2025 22:13:18.596189976 CEST1973323192.168.2.2361.46.52.8
                                                        Apr 2, 2025 22:13:18.596191883 CEST1973323192.168.2.2348.30.52.188
                                                        Apr 2, 2025 22:13:18.596210003 CEST1973323192.168.2.2370.145.3.130
                                                        Apr 2, 2025 22:13:18.596236944 CEST1973323192.168.2.23208.49.23.66
                                                        Apr 2, 2025 22:13:18.596291065 CEST1973323192.168.2.23178.38.215.126
                                                        Apr 2, 2025 22:13:18.596291065 CEST1973323192.168.2.2316.208.243.89
                                                        Apr 2, 2025 22:13:18.596328974 CEST1973323192.168.2.2386.212.196.15
                                                        Apr 2, 2025 22:13:18.596353054 CEST1973323192.168.2.2313.209.216.226
                                                        Apr 2, 2025 22:13:18.596371889 CEST1973323192.168.2.2362.43.206.136
                                                        Apr 2, 2025 22:13:18.596375942 CEST1973323192.168.2.2317.102.118.4
                                                        Apr 2, 2025 22:13:18.596379042 CEST1973323192.168.2.23135.169.36.190
                                                        Apr 2, 2025 22:13:18.596404076 CEST1973323192.168.2.2332.109.166.110
                                                        Apr 2, 2025 22:13:18.596406937 CEST1973323192.168.2.23148.253.217.229
                                                        Apr 2, 2025 22:13:18.596422911 CEST1973323192.168.2.2396.59.178.80
                                                        Apr 2, 2025 22:13:18.596425056 CEST1973323192.168.2.2386.67.231.106
                                                        Apr 2, 2025 22:13:18.596443892 CEST1973323192.168.2.2374.226.122.129
                                                        Apr 2, 2025 22:13:18.596498966 CEST1973323192.168.2.23199.109.14.113
                                                        Apr 2, 2025 22:13:18.596501112 CEST1973323192.168.2.23117.133.63.73
                                                        Apr 2, 2025 22:13:18.596513033 CEST1973323192.168.2.2387.210.63.242
                                                        Apr 2, 2025 22:13:18.596513987 CEST1973323192.168.2.2338.38.81.82
                                                        Apr 2, 2025 22:13:18.599373102 CEST1973323192.168.2.23135.40.120.9
                                                        Apr 2, 2025 22:13:18.599376917 CEST1973323192.168.2.23222.117.30.57
                                                        Apr 2, 2025 22:13:18.599379063 CEST1973323192.168.2.23133.72.132.225
                                                        Apr 2, 2025 22:13:18.599379063 CEST1973323192.168.2.2397.162.249.42
                                                        Apr 2, 2025 22:13:18.599415064 CEST1973323192.168.2.2369.10.192.31
                                                        Apr 2, 2025 22:13:18.599432945 CEST1973323192.168.2.23195.95.165.97
                                                        Apr 2, 2025 22:13:18.599487066 CEST1973323192.168.2.2340.68.125.9
                                                        Apr 2, 2025 22:13:18.599487066 CEST1973323192.168.2.23119.62.164.163
                                                        Apr 2, 2025 22:13:18.599487066 CEST1973323192.168.2.23245.230.89.57
                                                        Apr 2, 2025 22:13:18.599499941 CEST1973323192.168.2.23139.30.37.136
                                                        Apr 2, 2025 22:13:18.599499941 CEST1973323192.168.2.23252.116.139.62
                                                        Apr 2, 2025 22:13:18.599499941 CEST1973323192.168.2.23183.144.47.112
                                                        Apr 2, 2025 22:13:18.599500895 CEST1973323192.168.2.2312.233.193.18
                                                        Apr 2, 2025 22:13:18.599500895 CEST1973323192.168.2.23187.213.189.50
                                                        Apr 2, 2025 22:13:18.599500895 CEST1973323192.168.2.23124.78.149.189
                                                        Apr 2, 2025 22:13:18.599502087 CEST1973323192.168.2.2371.50.218.105
                                                        Apr 2, 2025 22:13:18.599502087 CEST1973323192.168.2.23180.45.12.149
                                                        Apr 2, 2025 22:13:18.599534988 CEST1973323192.168.2.23112.129.30.186
                                                        Apr 2, 2025 22:13:18.599534988 CEST1973323192.168.2.23103.106.69.204
                                                        Apr 2, 2025 22:13:18.599540949 CEST1973323192.168.2.23246.103.156.191
                                                        Apr 2, 2025 22:13:18.599545002 CEST1973323192.168.2.23125.73.77.43
                                                        Apr 2, 2025 22:13:18.599551916 CEST1973323192.168.2.2335.46.105.251
                                                        Apr 2, 2025 22:13:18.599551916 CEST1973323192.168.2.235.76.117.49
                                                        Apr 2, 2025 22:13:18.599554062 CEST1973323192.168.2.23116.23.21.55
                                                        Apr 2, 2025 22:13:18.599560022 CEST1973323192.168.2.23212.167.141.7
                                                        Apr 2, 2025 22:13:18.599560022 CEST1973323192.168.2.23248.59.65.210
                                                        Apr 2, 2025 22:13:18.599589109 CEST1973323192.168.2.23102.159.225.135
                                                        Apr 2, 2025 22:13:18.599591017 CEST1973323192.168.2.23158.218.129.144
                                                        Apr 2, 2025 22:13:18.599601984 CEST1973323192.168.2.23207.102.240.96
                                                        Apr 2, 2025 22:13:18.599602938 CEST1973323192.168.2.23122.22.22.136
                                                        Apr 2, 2025 22:13:18.599613905 CEST1973323192.168.2.2347.131.121.98
                                                        Apr 2, 2025 22:13:18.599623919 CEST1973323192.168.2.23173.168.150.6
                                                        Apr 2, 2025 22:13:18.599632025 CEST1973323192.168.2.2390.142.120.57
                                                        Apr 2, 2025 22:13:18.599679947 CEST1973323192.168.2.2388.28.231.247
                                                        Apr 2, 2025 22:13:18.599683046 CEST1973323192.168.2.2343.150.124.81
                                                        Apr 2, 2025 22:13:18.599694014 CEST1973323192.168.2.23221.203.1.36
                                                        Apr 2, 2025 22:13:18.599756956 CEST1973323192.168.2.2336.178.74.4
                                                        Apr 2, 2025 22:13:18.599769115 CEST1973323192.168.2.2387.26.223.207
                                                        Apr 2, 2025 22:13:18.599771023 CEST1973323192.168.2.23251.103.244.158
                                                        Apr 2, 2025 22:13:18.599786997 CEST1973323192.168.2.23114.57.184.64
                                                        Apr 2, 2025 22:13:18.599806070 CEST1973323192.168.2.2354.37.243.216
                                                        Apr 2, 2025 22:13:18.599821091 CEST1973323192.168.2.23124.192.169.219
                                                        Apr 2, 2025 22:13:18.599824905 CEST1973323192.168.2.2336.32.150.85
                                                        Apr 2, 2025 22:13:18.599838018 CEST1973323192.168.2.2339.13.221.183
                                                        Apr 2, 2025 22:13:18.599841118 CEST1973323192.168.2.23187.173.180.44
                                                        Apr 2, 2025 22:13:18.599939108 CEST1973323192.168.2.23155.24.232.61
                                                        Apr 2, 2025 22:13:18.599958897 CEST1973323192.168.2.231.111.156.50
                                                        Apr 2, 2025 22:13:18.599962950 CEST1973323192.168.2.2317.145.18.62
                                                        Apr 2, 2025 22:13:18.600006104 CEST1973323192.168.2.2390.21.80.122
                                                        Apr 2, 2025 22:13:18.600023031 CEST1973323192.168.2.23122.152.222.136
                                                        Apr 2, 2025 22:13:18.600040913 CEST1973323192.168.2.2393.195.8.166
                                                        Apr 2, 2025 22:13:18.600070000 CEST1973323192.168.2.23123.228.2.219
                                                        Apr 2, 2025 22:13:18.600081921 CEST1973323192.168.2.23212.131.89.32
                                                        Apr 2, 2025 22:13:18.600107908 CEST1973323192.168.2.2327.153.200.39
                                                        Apr 2, 2025 22:13:18.600109100 CEST1973323192.168.2.23152.132.241.131
                                                        Apr 2, 2025 22:13:18.600210905 CEST1973323192.168.2.23124.93.238.61
                                                        Apr 2, 2025 22:13:18.600214005 CEST1973323192.168.2.23254.52.172.116
                                                        Apr 2, 2025 22:13:18.600245953 CEST1973323192.168.2.2385.169.47.23
                                                        Apr 2, 2025 22:13:18.600250006 CEST1973323192.168.2.23187.1.163.78
                                                        Apr 2, 2025 22:13:18.600267887 CEST1973323192.168.2.23142.107.6.117
                                                        Apr 2, 2025 22:13:18.600267887 CEST1973323192.168.2.23174.76.73.111
                                                        Apr 2, 2025 22:13:18.600285053 CEST1973323192.168.2.23157.51.190.228
                                                        Apr 2, 2025 22:13:18.600307941 CEST1973323192.168.2.23189.178.191.183
                                                        Apr 2, 2025 22:13:18.600311041 CEST1973323192.168.2.23156.209.222.153
                                                        Apr 2, 2025 22:13:18.807231903 CEST788760532213.209.129.92192.168.2.23
                                                        Apr 2, 2025 22:13:22.876785040 CEST42836443192.168.2.2391.189.91.43
                                                        Apr 2, 2025 22:13:24.156701088 CEST4251680192.168.2.23109.202.202.202
                                                        Apr 2, 2025 22:13:26.204246044 CEST33606443192.168.2.2354.171.230.55
                                                        Apr 2, 2025 22:13:37.978858948 CEST43928443192.168.2.2391.189.91.42
                                                        Apr 2, 2025 22:13:43.347035885 CEST37608443192.168.2.23162.213.35.24
                                                        Apr 2, 2025 22:13:43.347073078 CEST44337608162.213.35.24192.168.2.23
                                                        Apr 2, 2025 22:13:43.347171068 CEST37608443192.168.2.23162.213.35.24
                                                        Apr 2, 2025 22:13:44.121710062 CEST33606443192.168.2.2354.171.230.55
                                                        Apr 2, 2025 22:13:46.581391096 CEST37608443192.168.2.23162.213.35.24
                                                        Apr 2, 2025 22:13:46.581413031 CEST44337608162.213.35.24192.168.2.23
                                                        Apr 2, 2025 22:13:46.801312923 CEST44337608162.213.35.24192.168.2.23
                                                        Apr 2, 2025 22:13:46.801798105 CEST37608443192.168.2.23162.213.35.24
                                                        Apr 2, 2025 22:13:46.801798105 CEST37608443192.168.2.23162.213.35.24
                                                        Apr 2, 2025 22:13:46.801798105 CEST37608443192.168.2.23162.213.35.24
                                                        Apr 2, 2025 22:13:46.801815033 CEST44337608162.213.35.24192.168.2.23
                                                        Apr 2, 2025 22:13:46.801830053 CEST44337608162.213.35.24192.168.2.23
                                                        Apr 2, 2025 22:13:46.801909924 CEST44337608162.213.35.24192.168.2.23
                                                        Apr 2, 2025 22:13:46.802273035 CEST37608443192.168.2.23162.213.35.24
                                                        Apr 2, 2025 22:13:46.802273989 CEST37608443192.168.2.23162.213.35.24
                                                        Apr 2, 2025 22:13:46.802279949 CEST44337608162.213.35.24192.168.2.23
                                                        Apr 2, 2025 22:13:46.802577972 CEST37608443192.168.2.23162.213.35.24
                                                        Apr 2, 2025 22:13:46.848269939 CEST44337608162.213.35.24192.168.2.23
                                                        Apr 2, 2025 22:13:46.996898890 CEST44337608162.213.35.24192.168.2.23
                                                        Apr 2, 2025 22:13:46.997061968 CEST37608443192.168.2.23162.213.35.24
                                                        Apr 2, 2025 22:13:46.997062922 CEST37608443192.168.2.23162.213.35.24
                                                        Apr 2, 2025 22:13:46.997062922 CEST37608443192.168.2.23162.213.35.24
                                                        Apr 2, 2025 22:13:46.997092009 CEST44337608162.213.35.24192.168.2.23
                                                        Apr 2, 2025 22:13:46.997102976 CEST44337608162.213.35.24192.168.2.23
                                                        Apr 2, 2025 22:13:46.997112989 CEST37608443192.168.2.23162.213.35.24
                                                        Apr 2, 2025 22:13:46.997112989 CEST37608443192.168.2.23162.213.35.24
                                                        Apr 2, 2025 22:13:46.997118950 CEST44337608162.213.35.24192.168.2.23
                                                        Apr 2, 2025 22:13:46.997136116 CEST44337608162.213.35.24192.168.2.23
                                                        Apr 2, 2025 22:13:46.997160912 CEST37608443192.168.2.23162.213.35.24
                                                        Apr 2, 2025 22:13:46.997160912 CEST37608443192.168.2.23162.213.35.24
                                                        Apr 2, 2025 22:13:46.997162104 CEST37608443192.168.2.23162.213.35.24
                                                        Apr 2, 2025 22:13:46.997170925 CEST44337608162.213.35.24192.168.2.23
                                                        Apr 2, 2025 22:13:46.997180939 CEST44337608162.213.35.24192.168.2.23
                                                        Apr 2, 2025 22:13:46.997184992 CEST44337608162.213.35.24192.168.2.23
                                                        Apr 2, 2025 22:13:46.997189999 CEST37608443192.168.2.23162.213.35.24
                                                        Apr 2, 2025 22:13:46.997189999 CEST37608443192.168.2.23162.213.35.24
                                                        Apr 2, 2025 22:13:46.997196913 CEST44337608162.213.35.24192.168.2.23
                                                        Apr 2, 2025 22:13:46.997203112 CEST44337608162.213.35.24192.168.2.23
                                                        Apr 2, 2025 22:13:46.997210979 CEST37608443192.168.2.23162.213.35.24
                                                        Apr 2, 2025 22:13:46.997214079 CEST44337608162.213.35.24192.168.2.23
                                                        Apr 2, 2025 22:13:46.997230053 CEST37608443192.168.2.23162.213.35.24
                                                        Apr 2, 2025 22:13:46.997230053 CEST37608443192.168.2.23162.213.35.24
                                                        Apr 2, 2025 22:13:46.997236013 CEST44337608162.213.35.24192.168.2.23
                                                        Apr 2, 2025 22:13:46.997237921 CEST44337608162.213.35.24192.168.2.23
                                                        Apr 2, 2025 22:13:46.997457981 CEST37608443192.168.2.23162.213.35.24
                                                        Apr 2, 2025 22:13:46.997457981 CEST37608443192.168.2.23162.213.35.24
                                                        Apr 2, 2025 22:13:46.997463942 CEST44337608162.213.35.24192.168.2.23
                                                        Apr 2, 2025 22:13:46.997486115 CEST37608443192.168.2.23162.213.35.24
                                                        Apr 2, 2025 22:13:46.997486115 CEST37608443192.168.2.23162.213.35.24
                                                        Apr 2, 2025 22:13:46.997486115 CEST37608443192.168.2.23162.213.35.24
                                                        Apr 2, 2025 22:13:46.997493982 CEST44337608162.213.35.24192.168.2.23
                                                        Apr 2, 2025 22:13:46.997494936 CEST37608443192.168.2.23162.213.35.24
                                                        Apr 2, 2025 22:13:46.997499943 CEST37608443192.168.2.23162.213.35.24
                                                        Apr 2, 2025 22:13:46.997510910 CEST44337608162.213.35.24192.168.2.23
                                                        Apr 2, 2025 22:13:46.997528076 CEST37608443192.168.2.23162.213.35.24
                                                        Apr 2, 2025 22:13:46.997533083 CEST44337608162.213.35.24192.168.2.23
                                                        Apr 2, 2025 22:13:46.997572899 CEST37608443192.168.2.23162.213.35.24
                                                        Apr 2, 2025 22:13:46.997581005 CEST44337608162.213.35.24192.168.2.23
                                                        Apr 2, 2025 22:13:46.997591019 CEST37608443192.168.2.23162.213.35.24
                                                        Apr 2, 2025 22:13:46.997591019 CEST37608443192.168.2.23162.213.35.24
                                                        Apr 2, 2025 22:13:46.997600079 CEST44337608162.213.35.24192.168.2.23
                                                        Apr 2, 2025 22:13:46.997611046 CEST44337608162.213.35.24192.168.2.23
                                                        Apr 2, 2025 22:13:46.997637033 CEST37608443192.168.2.23162.213.35.24
                                                        Apr 2, 2025 22:13:46.997642040 CEST44337608162.213.35.24192.168.2.23
                                                        Apr 2, 2025 22:13:46.997649908 CEST37608443192.168.2.23162.213.35.24
                                                        Apr 2, 2025 22:13:46.997649908 CEST37608443192.168.2.23162.213.35.24
                                                        Apr 2, 2025 22:13:46.997654915 CEST44337608162.213.35.24192.168.2.23
                                                        Apr 2, 2025 22:13:46.997661114 CEST37608443192.168.2.23162.213.35.24
                                                        Apr 2, 2025 22:13:46.997663975 CEST44337608162.213.35.24192.168.2.23
                                                        Apr 2, 2025 22:13:46.997673988 CEST44337608162.213.35.24192.168.2.23
                                                        Apr 2, 2025 22:13:46.997700930 CEST37608443192.168.2.23162.213.35.24
                                                        Apr 2, 2025 22:13:46.997700930 CEST37608443192.168.2.23162.213.35.24
                                                        Apr 2, 2025 22:13:46.997706890 CEST44337608162.213.35.24192.168.2.23
                                                        Apr 2, 2025 22:13:46.997713089 CEST44337608162.213.35.24192.168.2.23
                                                        Apr 2, 2025 22:13:46.997716904 CEST37608443192.168.2.23162.213.35.24
                                                        Apr 2, 2025 22:13:46.997716904 CEST37608443192.168.2.23162.213.35.24
                                                        Apr 2, 2025 22:13:46.997724056 CEST44337608162.213.35.24192.168.2.23
                                                        Apr 2, 2025 22:13:46.997730017 CEST44337608162.213.35.24192.168.2.23
                                                        Apr 2, 2025 22:13:47.525588036 CEST44337608162.213.35.24192.168.2.23
                                                        Apr 2, 2025 22:13:47.525685072 CEST44337608162.213.35.24192.168.2.23
                                                        Apr 2, 2025 22:13:47.525736094 CEST37608443192.168.2.23162.213.35.24
                                                        Apr 2, 2025 22:13:47.525736094 CEST37608443192.168.2.23162.213.35.24
                                                        Apr 2, 2025 22:13:47.525768042 CEST44337608162.213.35.24192.168.2.23
                                                        Apr 2, 2025 22:13:47.528270006 CEST37608443192.168.2.23162.213.35.24
                                                        Apr 2, 2025 22:13:50.265397072 CEST42836443192.168.2.2391.189.91.43
                                                        Apr 2, 2025 22:13:54.360479116 CEST4251680192.168.2.23109.202.202.202
                                                        Apr 2, 2025 22:14:08.963462114 CEST33606443192.168.2.2354.171.230.55
                                                        Apr 2, 2025 22:14:09.136234045 CEST4433360654.171.230.55192.168.2.23
                                                        Apr 2, 2025 22:14:18.933089018 CEST43928443192.168.2.2391.189.91.42
                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Apr 2, 2025 22:13:43.005259991 CEST3934853192.168.2.231.1.1.1
                                                        Apr 2, 2025 22:13:43.005346060 CEST5797353192.168.2.231.1.1.1
                                                        Apr 2, 2025 22:13:43.105911970 CEST53579731.1.1.1192.168.2.23
                                                        Apr 2, 2025 22:13:43.139689922 CEST53393481.1.1.1192.168.2.23
                                                        Apr 2, 2025 22:13:43.231615067 CEST5873153192.168.2.231.1.1.1
                                                        Apr 2, 2025 22:13:43.334218025 CEST53587311.1.1.1192.168.2.23
                                                        TimestampSource IPDest IPChecksumCodeType
                                                        Apr 2, 2025 22:13:46.123080015 CEST192.168.2.23192.168.2.18283(Port unreachable)Destination Unreachable
                                                        Apr 2, 2025 22:15:06.142967939 CEST192.168.2.23192.168.2.18283(Port unreachable)Destination Unreachable

                                                        DNS Queries

                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                        Apr 2, 2025 22:13:43.005259991 CEST192.168.2.231.1.1.10xe8e2Standard query (0)daisy.ubuntu.comA (IP address)IN (0x0001)false
                                                        Apr 2, 2025 22:13:43.005346060 CEST192.168.2.231.1.1.10x2b43Standard query (0)daisy.ubuntu.com28IN (0x0001)false
                                                        Apr 2, 2025 22:13:43.231615067 CEST192.168.2.231.1.1.10x8810Standard query (0)daisy.ubuntu.com28IN (0x0001)false

                                                        DNS Answers

                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                        Apr 2, 2025 22:13:43.139689922 CEST1.1.1.1192.168.2.230xe8e2No error (0)daisy.ubuntu.com162.213.35.25A (IP address)IN (0x0001)false
                                                        Apr 2, 2025 22:13:43.139689922 CEST1.1.1.1192.168.2.230xe8e2No error (0)daisy.ubuntu.com162.213.35.24A (IP address)IN (0x0001)false

                                                        HTTP Request Dependency Graph

                                                        • daisy.ubuntu.com

                                                        HTTPS Proxied Packets

                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        0192.168.2.2337608162.213.35.24443
                                                        TimestampBytes transferredDirectionData
                                                        2025-04-02 20:13:46 UTC307OUTPOST /9aadafe2051348cd32033e1cad68f0a5fe46fba3240ac1e6e42158f31b8a1371790c09baf3996b4979fe8e533446c7dedf30f654c68b25357334c66911dc6a9e HTTP/1.1
                                                        Host: daisy.ubuntu.com
                                                        Accept: */*
                                                        Content-Type: application/octet-stream
                                                        X-Whoopsie-Version: 0.2.69ubuntu0.3
                                                        Content-Length: 164887
                                                        Expect: 100-continue
                                                        2025-04-02 20:13:46 UTC25INHTTP/1.1 100 Continue
                                                        2025-04-02 20:13:46 UTC16384OUTData Raw: 17 84 02 00 02 50 72 6f 63 45 6e 76 69 72 6f 6e 00 4e 00 00 00 50 41 54 48 3d 28 63 75 73 74 6f 6d 2c 20 6e 6f 20 75 73 65 72 29 0a 58 44 47 5f 52 55 4e 54 49 4d 45 5f 44 49 52 3d 3c 73 65 74 3e 0a 4c 41 4e 47 3d 65 6e 5f 55 53 2e 55 54 46 2d 38 0a 53 48 45 4c 4c 3d 2f 62 69 6e 2f 62 61 73 68 00 02 5f 4c 6f 67 69 6e 64 53 65 73 73 69 6f 6e 00 02 00 00 00 35 00 02 44 61 74 65 00 19 00 00 00 54 75 65 20 41 75 67 20 31 37 20 32 30 3a 31 38 3a 30 34 20 32 30 32 31 00 02 53 6f 75 72 63 65 50 61 63 6b 61 67 65 00 0d 00 00 00 6c 69 67 68 74 2d 6c 6f 63 6b 65 72 00 02 50 61 63 6b 61 67 65 41 72 63 68 69 74 65 63 74 75 72 65 00 06 00 00 00 61 6d 64 36 34 00 02 41 72 63 68 69 74 65 63 74 75 72 65 00 06 00 00 00 61 6d 64 36 34 00 02 44 69 73 74 72 6f 52 65 6c 65 61
                                                        Data Ascii: ProcEnvironNPATH=(custom, no user)XDG_RUNTIME_DIR=<set>LANG=en_US.UTF-8SHELL=/bin/bash_LogindSession5DateTue Aug 17 20:18:04 2021SourcePackagelight-lockerPackageArchitectureamd64Architectureamd64DistroRelea
                                                        2025-04-02 20:13:46 UTC16384OUTData Raw: 74 75 34 2e 31 0a 6c 69 62 70 61 6d 2d 72 75 6e 74 69 6d 65 20 31 2e 33 2e 31 2d 35 75 62 75 6e 74 75 34 2e 31 0a 6c 69 62 70 61 6d 2d 73 79 73 74 65 6d 64 20 32 34 35 2e 34 2d 34 75 62 75 6e 74 75 33 2e 31 31 0a 6c 69 62 70 61 6d 30 67 20 31 2e 33 2e 31 2d 35 75 62 75 6e 74 75 34 2e 31 0a 6c 69 62 70 61 6e 67 6f 2d 31 2e 30 2d 30 20 31 2e 34 34 2e 37 2d 32 75 62 75 6e 74 75 34 0a 6c 69 62 70 61 6e 67 6f 63 61 69 72 6f 2d 31 2e 30 2d 30 20 31 2e 34 34 2e 37 2d 32 75 62 75 6e 74 75 34 0a 6c 69 62 70 61 6e 67 6f 66 74 32 2d 31 2e 30 2d 30 20 31 2e 34 34 2e 37 2d 32 75 62 75 6e 74 75 34 0a 6c 69 62 70 61 6e 67 6f 78 66 74 2d 31 2e 30 2d 30 20 31 2e 34 34 2e 37 2d 32 75 62 75 6e 74 75 34 0a 6c 69 62 70 61 70 65 72 2d 75 74 69 6c 73 20 31 2e 31 2e 32 38 0a 6c
                                                        Data Ascii: tu4.1libpam-runtime 1.3.1-5ubuntu4.1libpam-systemd 245.4-4ubuntu3.11libpam0g 1.3.1-5ubuntu4.1libpango-1.0-0 1.44.7-2ubuntu4libpangocairo-1.0-0 1.44.7-2ubuntu4libpangoft2-1.0-0 1.44.7-2ubuntu4libpangoxft-1.0-0 1.44.7-2ubuntu4libpaper-utils 1.1.28l
                                                        2025-04-02 20:13:46 UTC16384OUTData Raw: 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 67 73 20 20 20 20 20 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 6b 30 20 20 20 20 20 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 6b 31 20 20 20 20 20 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 6b 32 20 20 20 20 20 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 6b 33 20 20 20 20 20 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 6b 34 20 20 20 20 20 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 6b 35 20
                                                        Data Ascii: 0x0 0gs 0x0 0k0 0x0 0k1 0x0 0k2 0x0 0k3 0x0 0k4 0x0 0k5
                                                        2025-04-02 20:13:46 UTC16384OUTData Raw: 20 20 20 20 20 20 20 20 20 2f 75 73 72 2f 6c 69 62 2f 78 38 36 5f 36 34 2d 6c 69 6e 75 78 2d 67 6e 75 2f 6c 69 62 78 63 62 2d 72 65 6e 64 65 72 2e 73 6f 2e 30 2e 30 2e 30 0a 37 66 37 39 31 63 30 37 34 30 30 30 2d 37 66 37 39 31 63 30 37 35 30 30 30 20 2d 2d 2d 70 20 30 30 30 30 63 30 30 30 20 66 64 3a 30 30 20 38 30 36 32 36 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2f 75 73 72 2f 6c 69 62 2f 78 38 36 5f 36 34 2d 6c 69 6e 75 78 2d 67 6e 75 2f 6c 69 62 78 63 62 2d 72 65 6e 64 65 72 2e 73 6f 2e 30 2e 30 2e 30 0a 37 66 37 39 31 63 30 37 35 30 30 30 2d 37 66 37 39 31 63 30 37 36 30 30 30 20 72 2d 2d 70 20 30 30 30 30 63 30 30 30 20 66 64 3a 30 30 20 38 30 36 32 36 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2f 75
                                                        Data Ascii: /usr/lib/x86_64-linux-gnu/libxcb-render.so.0.0.07f791c074000-7f791c075000 ---p 0000c000 fd:00 806260 /usr/lib/x86_64-linux-gnu/libxcb-render.so.0.0.07f791c075000-7f791c076000 r--p 0000c000 fd:00 806260 /u
                                                        2025-04-02 20:13:46 UTC16384OUTData Raw: 6e 75 78 2d 67 6e 75 2f 6c 69 62 67 64 6b 5f 70 69 78 62 75 66 2d 32 2e 30 2e 73 6f 2e 30 2e 34 30 30 30 2e 30 0a 37 66 37 39 31 63 37 37 33 30 30 30 2d 37 66 37 39 31 63 37 37 34 30 30 30 20 72 77 2d 70 20 30 30 30 32 36 30 30 30 20 66 64 3a 30 30 20 38 30 36 32 34 35 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2f 75 73 72 2f 6c 69 62 2f 78 38 36 5f 36 34 2d 6c 69 6e 75 78 2d 67 6e 75 2f 6c 69 62 67 64 6b 5f 70 69 78 62 75 66 2d 32 2e 30 2e 73 6f 2e 30 2e 34 30 30 30 2e 30 0a 37 66 37 39 31 63 37 37 34 30 30 30 2d 37 66 37 39 31 63 37 37 38 30 30 30 20 72 2d 2d 70 20 30 30 30 30 30 30 30 30 20 66 64 3a 30 30 20 38 30 36 32 36 38 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2f 75 73 72 2f 6c 69 62 2f 78 38 36 5f 36 34
                                                        Data Ascii: nux-gnu/libgdk_pixbuf-2.0.so.0.4000.07f791c773000-7f791c774000 rw-p 00026000 fd:00 806245 /usr/lib/x86_64-linux-gnu/libgdk_pixbuf-2.0.so.0.4000.07f791c774000-7f791c778000 r--p 00000000 fd:00 806268 /usr/lib/x86_64
                                                        2025-04-02 20:13:46 UTC16384OUTData Raw: 20 70 6c 61 74 66 6f 72 6d 20 65 69 73 61 2e 30 3a 20 43 61 6e 6e 6f 74 20 61 6c 6c 6f 63 61 74 65 20 72 65 73 6f 75 72 63 65 20 66 6f 72 20 45 49 53 41 20 73 6c 6f 74 20 37 0a 41 75 67 20 31 37 20 32 30 3a 32 34 3a 34 36 20 67 61 6c 61 73 73 69 61 20 6b 65 72 6e 65 6c 3a 20 70 6c 61 74 66 6f 72 6d 20 65 69 73 61 2e 30 3a 20 43 61 6e 6e 6f 74 20 61 6c 6c 6f 63 61 74 65 20 72 65 73 6f 75 72 63 65 20 66 6f 72 20 45 49 53 41 20 73 6c 6f 74 20 38 0a 41 75 67 20 31 37 20 32 30 3a 32 34 3a 34 36 20 67 61 6c 61 73 73 69 61 20 6b 65 72 6e 65 6c 3a 20 73 64 20 33 32 3a 30 3a 30 3a 30 3a 20 5b 73 64 61 5d 20 41 73 73 75 6d 69 6e 67 20 64 72 69 76 65 20 63 61 63 68 65 3a 20 77 72 69 74 65 20 74 68 72 6f 75 67 68 0a 41 75 67 20 31 37 20 32 30 3a 32 34 3a 34 37 20 67
                                                        Data Ascii: platform eisa.0: Cannot allocate resource for EISA slot 7Aug 17 20:24:46 galassia kernel: platform eisa.0: Cannot allocate resource for EISA slot 8Aug 17 20:24:46 galassia kernel: sd 32:0:0:0: [sda] Assuming drive cache: write throughAug 17 20:24:47 g
                                                        2025-04-02 20:13:46 UTC16384OUTData Raw: 35 35 31 5d 3a 20 28 49 49 29 20 4c 6f 61 64 4d 6f 64 75 6c 65 3a 20 22 66 62 64 65 76 68 77 22 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 34 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 49 49 29 20 4c 6f 61 64 69 6e 67 20 2f 75 73 72 2f 6c 69 62 2f 78 6f 72 67 2f 6d 6f 64 75 6c 65 73 2f 6c 69 62 66 62 64 65 76 68 77 2e 73 6f 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 34 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 49 49 29 20 4d 6f 64 75 6c 65 20 66 62 64 65 76 68 77 3a 20 76 65 6e 64 6f 72 3d 22 58 2e 4f 72 67 20 46 6f 75 6e 64 61 74 69 6f 6e 22 0a 41 75 67 20 31 37
                                                        Data Ascii: 551]: (II) LoadModule: "fbdevhw"Aug 17 20:25:04 galassia /usr/lib/gdm3/gdm-x-session[1551]: (II) Loading /usr/lib/xorg/modules/libfbdevhw.soAug 17 20:25:04 galassia /usr/lib/gdm3/gdm-x-session[1551]: (II) Module fbdevhw: vendor="X.Org Foundation"Aug 17
                                                        2025-04-02 20:13:46 UTC16384OUTData Raw: 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 49 49 29 20 76 6d 77 61 72 65 28 30 29 3a 20 4e 6f 74 20 75 73 69 6e 67 20 64 65 66 61 75 6c 74 20 6d 6f 64 65 20 22 31 39 32 30 78 31 32 30 30 22 20 28 69 6e 73 75 66 66 69 63 69 65 6e 74 20 6d 65 6d 6f 72 79 20 66 6f 72 20 6d 6f 64 65 29 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 35 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 49 49 29 20 76 6d 77 61 72 65 28 30 29 3a 20 4e 6f 74 20 75 73 69 6e 67 20 64 65 66 61 75 6c 74 20 6d 6f 64 65 20 22 39 36 30 78 36 30 30 22 20 28 62 61 64 20 6d 6f 64 65 20 63 6c 6f 63 6b 2f 69 6e 74 65 72 6c 61 63 65 2f 64 6f 75 62 6c 65 73
                                                        Data Ascii: /lib/gdm3/gdm-x-session[1551]: (II) vmware(0): Not using default mode "1920x1200" (insufficient memory for mode)Aug 17 20:25:05 galassia /usr/lib/gdm3/gdm-x-session[1551]: (II) vmware(0): Not using default mode "960x600" (bad mode clock/interlace/doubles
                                                        2025-04-02 20:13:46 UTC16384OUTData Raw: 20 31 33 33 36 20 31 35 32 30 20 20 38 36 34 20 38 36 35 20 38 36 38 20 38 39 35 20 2d 68 73 79 6e 63 20 2b 76 73 79 6e 63 20 28 35 33 2e 37 20 6b 48 7a 20 64 29 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 35 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 2a 2a 29 20 76 6d 77 61 72 65 28 30 29 3a 20 20 44 65 66 61 75 6c 74 20 6d 6f 64 65 20 22 31 30 32 34 78 37 36 38 22 3a 20 39 34 2e 35 20 4d 48 7a 2c 20 36 38 2e 37 20 6b 48 7a 2c 20 38 35 2e 30 20 48 7a 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 35 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 49 49 29 20 76 6d 77 61 72
                                                        Data Ascii: 1336 1520 864 865 868 895 -hsync +vsync (53.7 kHz d)Aug 17 20:25:05 galassia /usr/lib/gdm3/gdm-x-session[1551]: (**) vmware(0): Default mode "1024x768": 94.5 MHz, 68.7 kHz, 85.0 HzAug 17 20:25:05 galassia /usr/lib/gdm3/gdm-x-session[1551]: (II) vmwar
                                                        2025-04-02 20:13:46 UTC16384OUTData Raw: 65 64 20 53 65 74 20 32 20 6b 65 79 62 6f 61 72 64 3a 20 61 6c 77 61 79 73 20 72 65 70 6f 72 74 73 20 63 6f 72 65 20 65 76 65 6e 74 73 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 35 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 2a 2a 29 20 4f 70 74 69 6f 6e 20 22 44 65 76 69 63 65 22 20 22 2f 64 65 76 2f 69 6e 70 75 74 2f 65 76 65 6e 74 31 22 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 35 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 2a 2a 29 20 4f 70 74 69 6f 6e 20 22 5f 73 6f 75 72 63 65 22 20 22 73 65 72 76 65 72 2f 75 64 65 76 22 0a 41 75 67 20 31 37 20 32 30 3a 32 35
                                                        Data Ascii: ed Set 2 keyboard: always reports core eventsAug 17 20:25:05 galassia /usr/lib/gdm3/gdm-x-session[1551]: (**) Option "Device" "/dev/input/event1"Aug 17 20:25:05 galassia /usr/lib/gdm3/gdm-x-session[1551]: (**) Option "_source" "server/udev"Aug 17 20:25
                                                        2025-04-02 20:13:47 UTC279INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 02 Apr 2025 20:13:47 GMT
                                                        Server: gunicorn/19.7.1
                                                        X-Daisy-Revision-Number: 979
                                                        X-Oops-Repository-Version: 0.0.0
                                                        Strict-Transport-Security: max-age=2592000
                                                        Connection: close
                                                        Transfer-Encoding: chunked
                                                        17
                                                        Crash already reported.
                                                        0


                                                        System Behavior

                                                        General

                                                        Start time (UTC):20:13:17
                                                        Start date (UTC):02/04/2025
                                                        Path:/tmp/xd.m68k.elf
                                                        Arguments:/tmp/xd.m68k.elf
                                                        File size:4463432 bytes
                                                        MD5 hash:cd177594338c77b895ae27c33f8f86cc

                                                        File Activities

                                                        Process Activities

                                                        System Activities

                                                        Network Activities


                                                        General

                                                        Start time (UTC):20:13:17
                                                        Start date (UTC):02/04/2025
                                                        Path:/tmp/xd.m68k.elf
                                                        Arguments:-
                                                        File size:4463432 bytes
                                                        MD5 hash:cd177594338c77b895ae27c33f8f86cc

                                                        File Activities

                                                        Process Activities

                                                        Network Activities


                                                        General

                                                        Start time (UTC):20:13:17
                                                        Start date (UTC):02/04/2025
                                                        Path:/tmp/xd.m68k.elf
                                                        Arguments:-
                                                        File size:4463432 bytes
                                                        MD5 hash:cd177594338c77b895ae27c33f8f86cc

                                                        File Activities

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:13:17
                                                        Start date (UTC):02/04/2025
                                                        Path:/tmp/xd.m68k.elf
                                                        Arguments:-
                                                        File size:4463432 bytes
                                                        MD5 hash:cd177594338c77b895ae27c33f8f86cc

                                                        Process Activities

                                                        Network Activities


                                                        General

                                                        Start time (UTC):20:13:17
                                                        Start date (UTC):02/04/2025
                                                        Path:/tmp/xd.m68k.elf
                                                        Arguments:-
                                                        File size:4463432 bytes
                                                        MD5 hash:cd177594338c77b895ae27c33f8f86cc

                                                        File Activities

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:13:17
                                                        Start date (UTC):02/04/2025
                                                        Path:/tmp/xd.m68k.elf
                                                        Arguments:-
                                                        File size:4463432 bytes
                                                        MD5 hash:cd177594338c77b895ae27c33f8f86cc

                                                        File Activities

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:13:17
                                                        Start date (UTC):02/04/2025
                                                        Path:/tmp/xd.m68k.elf
                                                        Arguments:-
                                                        File size:4463432 bytes
                                                        MD5 hash:cd177594338c77b895ae27c33f8f86cc

                                                        Process Activities

                                                        Network Activities


                                                        General

                                                        Start time (UTC):20:13:29
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/lib/systemd/systemd
                                                        Arguments:-
                                                        File size:1620224 bytes
                                                        MD5 hash:9b2bec7092a40488108543f9334aab75

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:13:29
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/journalctl
                                                        Arguments:/usr/bin/journalctl --smart-relinquish-var
                                                        File size:80120 bytes
                                                        MD5 hash:bf3a987344f3bacafc44efd882abda8b

                                                        File Activities

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:13:29
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/lib/systemd/systemd
                                                        Arguments:-
                                                        File size:1620224 bytes
                                                        MD5 hash:9b2bec7092a40488108543f9334aab75

                                                        File Activities

                                                        Process Activities

                                                        Network Activities


                                                        General

                                                        Start time (UTC):20:13:29
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/lib/systemd/systemd
                                                        Arguments:-
                                                        File size:1620224 bytes
                                                        MD5 hash:9b2bec7092a40488108543f9334aab75

                                                        File Activities

                                                        Process Activities

                                                        Network Activities


                                                        General

                                                        Start time (UTC):20:13:29
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/lib/systemd/systemd
                                                        Arguments:-
                                                        File size:1620224 bytes
                                                        MD5 hash:9b2bec7092a40488108543f9334aab75

                                                        File Activities

                                                        Process Activities

                                                        Network Activities


                                                        General

                                                        Start time (UTC):20:13:29
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/lib/systemd/systemd
                                                        Arguments:-
                                                        File size:1620224 bytes
                                                        MD5 hash:9b2bec7092a40488108543f9334aab75

                                                        File Activities

                                                        Process Activities

                                                        Network Activities


                                                        General

                                                        Start time (UTC):20:13:29
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/lib/systemd/systemd
                                                        Arguments:-
                                                        File size:1620224 bytes
                                                        MD5 hash:9b2bec7092a40488108543f9334aab75

                                                        File Activities

                                                        Process Activities

                                                        Network Activities


                                                        General

                                                        Start time (UTC):20:13:41
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/lib/systemd/systemd
                                                        Arguments:-
                                                        File size:1620224 bytes
                                                        MD5 hash:9b2bec7092a40488108543f9334aab75

                                                        File Activities

                                                        Process Activities

                                                        Network Activities


                                                        General

                                                        Start time (UTC):20:13:41
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/lib/systemd/systemd
                                                        Arguments:-
                                                        File size:1620224 bytes
                                                        MD5 hash:9b2bec7092a40488108543f9334aab75

                                                        File Activities

                                                        Process Activities

                                                        Network Activities


                                                        General

                                                        Start time (UTC):20:13:41
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/lib/systemd/systemd
                                                        Arguments:-
                                                        File size:1620224 bytes
                                                        MD5 hash:9b2bec7092a40488108543f9334aab75

                                                        File Activities

                                                        Process Activities

                                                        Network Activities


                                                        General

                                                        Start time (UTC):20:13:41
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/lib/systemd/systemd
                                                        Arguments:-
                                                        File size:1620224 bytes
                                                        MD5 hash:9b2bec7092a40488108543f9334aab75

                                                        File Activities

                                                        Process Activities

                                                        Network Activities


                                                        General

                                                        Start time (UTC):20:13:41
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/lib/systemd/systemd
                                                        Arguments:-
                                                        File size:1620224 bytes
                                                        MD5 hash:9b2bec7092a40488108543f9334aab75

                                                        File Activities

                                                        Process Activities

                                                        Network Activities


                                                        General

                                                        Start time (UTC):20:13:41
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/lib/systemd/systemd
                                                        Arguments:-
                                                        File size:1620224 bytes
                                                        MD5 hash:9b2bec7092a40488108543f9334aab75

                                                        File Activities

                                                        Process Activities

                                                        Network Activities


                                                        General

                                                        Start time (UTC):20:13:41
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/lib/systemd/systemd
                                                        Arguments:-
                                                        File size:1620224 bytes
                                                        MD5 hash:9b2bec7092a40488108543f9334aab75

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:13:41
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/pulseaudio
                                                        Arguments:/usr/bin/pulseaudio --daemonize=no --log-target=journal
                                                        File size:100832 bytes
                                                        MD5 hash:0c3b4c789d8ffb12b25507f27e14c186

                                                        File Activities

                                                        Process Activities

                                                        System Activities

                                                        Network Activities


                                                        General

                                                        Start time (UTC):20:13:41
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/sbin/gdm3
                                                        Arguments:-
                                                        File size:453296 bytes
                                                        MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:13:41
                                                        Start date (UTC):02/04/2025
                                                        Path:/etc/gdm3/PrimeOff/Default
                                                        Arguments:/etc/gdm3/PrimeOff/Default
                                                        File size:129816 bytes
                                                        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                        File Activities


                                                        General

                                                        Start time (UTC):20:13:41
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/lib/systemd/systemd
                                                        Arguments:-
                                                        File size:1620224 bytes
                                                        MD5 hash:9b2bec7092a40488108543f9334aab75

                                                        File Activities

                                                        Process Activities

                                                        Network Activities


                                                        General

                                                        Start time (UTC):20:13:41
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/sbin/gdm3
                                                        Arguments:-
                                                        File size:453296 bytes
                                                        MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:13:41
                                                        Start date (UTC):02/04/2025
                                                        Path:/etc/gdm3/PrimeOff/Default
                                                        Arguments:/etc/gdm3/PrimeOff/Default
                                                        File size:129816 bytes
                                                        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                        File Activities


                                                        General

                                                        Start time (UTC):20:13:41
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/sbin/gdm3
                                                        Arguments:-
                                                        File size:453296 bytes
                                                        MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:13:41
                                                        Start date (UTC):02/04/2025
                                                        Path:/etc/gdm3/PrimeOff/Default
                                                        Arguments:/etc/gdm3/PrimeOff/Default
                                                        File size:129816 bytes
                                                        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                        File Activities


                                                        General

                                                        Start time (UTC):20:13:41
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/lib/systemd/systemd
                                                        Arguments:-
                                                        File size:1620224 bytes
                                                        MD5 hash:9b2bec7092a40488108543f9334aab75

                                                        File Activities

                                                        Process Activities

                                                        Network Activities


                                                        General

                                                        Start time (UTC):20:13:42
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/lib/systemd/systemd
                                                        Arguments:-
                                                        File size:1620224 bytes
                                                        MD5 hash:9b2bec7092a40488108543f9334aab75

                                                        File Activities

                                                        Process Activities

                                                        Network Activities


                                                        General

                                                        Start time (UTC):20:13:42
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/lib/systemd/systemd
                                                        Arguments:-
                                                        File size:1620224 bytes
                                                        MD5 hash:9b2bec7092a40488108543f9334aab75

                                                        File Activities

                                                        Process Activities

                                                        Network Activities


                                                        General

                                                        Start time (UTC):20:13:42
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/lib/systemd/systemd
                                                        Arguments:-
                                                        File size:1620224 bytes
                                                        MD5 hash:9b2bec7092a40488108543f9334aab75

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:13:42
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/gpu-manager
                                                        Arguments:/usr/bin/gpu-manager --log /var/log/gpu-manager.log
                                                        File size:76616 bytes
                                                        MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                        File Activities

                                                        Process Activities

                                                        System Activities


                                                        General

                                                        Start time (UTC):20:13:43
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/gpu-manager
                                                        Arguments:-
                                                        File size:76616 bytes
                                                        MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:13:43
                                                        Start date (UTC):02/04/2025
                                                        Path:/bin/sh
                                                        Arguments:sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
                                                        File size:129816 bytes
                                                        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                        File Activities

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:13:43
                                                        Start date (UTC):02/04/2025
                                                        Path:/bin/sh
                                                        Arguments:-
                                                        File size:129816 bytes
                                                        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:13:43
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/grep
                                                        Arguments:grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
                                                        File size:199136 bytes
                                                        MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                                        File Activities


                                                        General

                                                        Start time (UTC):20:13:43
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/gpu-manager
                                                        Arguments:-
                                                        File size:76616 bytes
                                                        MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:13:43
                                                        Start date (UTC):02/04/2025
                                                        Path:/bin/sh
                                                        Arguments:sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
                                                        File size:129816 bytes
                                                        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                        File Activities

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:13:43
                                                        Start date (UTC):02/04/2025
                                                        Path:/bin/sh
                                                        Arguments:-
                                                        File size:129816 bytes
                                                        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:13:43
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/grep
                                                        Arguments:grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
                                                        File size:199136 bytes
                                                        MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                                        File Activities


                                                        General

                                                        Start time (UTC):20:13:43
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/gpu-manager
                                                        Arguments:-
                                                        File size:76616 bytes
                                                        MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:13:43
                                                        Start date (UTC):02/04/2025
                                                        Path:/bin/sh
                                                        Arguments:sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
                                                        File size:129816 bytes
                                                        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                        File Activities

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:13:43
                                                        Start date (UTC):02/04/2025
                                                        Path:/bin/sh
                                                        Arguments:-
                                                        File size:129816 bytes
                                                        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:13:43
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/grep
                                                        Arguments:grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
                                                        File size:199136 bytes
                                                        MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                                        File Activities


                                                        General

                                                        Start time (UTC):20:13:44
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/gpu-manager
                                                        Arguments:-
                                                        File size:76616 bytes
                                                        MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:13:44
                                                        Start date (UTC):02/04/2025
                                                        Path:/bin/sh
                                                        Arguments:sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
                                                        File size:129816 bytes
                                                        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                        File Activities

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:13:44
                                                        Start date (UTC):02/04/2025
                                                        Path:/bin/sh
                                                        Arguments:-
                                                        File size:129816 bytes
                                                        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:13:44
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/grep
                                                        Arguments:grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
                                                        File size:199136 bytes
                                                        MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                                        File Activities


                                                        General

                                                        Start time (UTC):20:13:44
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/gpu-manager
                                                        Arguments:-
                                                        File size:76616 bytes
                                                        MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:13:44
                                                        Start date (UTC):02/04/2025
                                                        Path:/bin/sh
                                                        Arguments:sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
                                                        File size:129816 bytes
                                                        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                        File Activities

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:13:44
                                                        Start date (UTC):02/04/2025
                                                        Path:/bin/sh
                                                        Arguments:-
                                                        File size:129816 bytes
                                                        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:13:44
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/grep
                                                        Arguments:grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
                                                        File size:199136 bytes
                                                        MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                                        File Activities


                                                        General

                                                        Start time (UTC):20:13:44
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/gpu-manager
                                                        Arguments:-
                                                        File size:76616 bytes
                                                        MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:13:44
                                                        Start date (UTC):02/04/2025
                                                        Path:/bin/sh
                                                        Arguments:sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
                                                        File size:129816 bytes
                                                        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                        File Activities

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:13:44
                                                        Start date (UTC):02/04/2025
                                                        Path:/bin/sh
                                                        Arguments:-
                                                        File size:129816 bytes
                                                        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:13:44
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/grep
                                                        Arguments:grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
                                                        File size:199136 bytes
                                                        MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                                        File Activities


                                                        General

                                                        Start time (UTC):20:13:44
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/gpu-manager
                                                        Arguments:-
                                                        File size:76616 bytes
                                                        MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:13:44
                                                        Start date (UTC):02/04/2025
                                                        Path:/bin/sh
                                                        Arguments:sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
                                                        File size:129816 bytes
                                                        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                        File Activities

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:13:45
                                                        Start date (UTC):02/04/2025
                                                        Path:/bin/sh
                                                        Arguments:-
                                                        File size:129816 bytes
                                                        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:13:45
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/grep
                                                        Arguments:grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
                                                        File size:199136 bytes
                                                        MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                                        File Activities


                                                        General

                                                        Start time (UTC):20:13:45
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/gpu-manager
                                                        Arguments:-
                                                        File size:76616 bytes
                                                        MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:13:45
                                                        Start date (UTC):02/04/2025
                                                        Path:/bin/sh
                                                        Arguments:sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
                                                        File size:129816 bytes
                                                        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                        File Activities

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:13:45
                                                        Start date (UTC):02/04/2025
                                                        Path:/bin/sh
                                                        Arguments:-
                                                        File size:129816 bytes
                                                        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:13:45
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/grep
                                                        Arguments:grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
                                                        File size:199136 bytes
                                                        MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                                        File Activities


                                                        General

                                                        Start time (UTC):20:13:46
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/lib/systemd/systemd
                                                        Arguments:-
                                                        File size:1620224 bytes
                                                        MD5 hash:9b2bec7092a40488108543f9334aab75

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:13:46
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/share/gdm/generate-config
                                                        Arguments:/usr/share/gdm/generate-config
                                                        File size:129816 bytes
                                                        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                        File Activities

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:13:46
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/share/gdm/generate-config
                                                        Arguments:-
                                                        File size:129816 bytes
                                                        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:13:46
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/pkill
                                                        Arguments:pkill --signal HUP --uid gdm dconf-service
                                                        File size:30968 bytes
                                                        MD5 hash:fa96a75a08109d8842e4865b2907d51f

                                                        File Activities

                                                        Network Activities


                                                        General

                                                        Start time (UTC):20:13:46
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/lib/systemd/systemd
                                                        Arguments:-
                                                        File size:1620224 bytes
                                                        MD5 hash:9b2bec7092a40488108543f9334aab75

                                                        File Activities

                                                        Process Activities

                                                        Network Activities


                                                        General

                                                        Start time (UTC):20:13:48
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/lib/systemd/systemd
                                                        Arguments:-
                                                        File size:1620224 bytes
                                                        MD5 hash:9b2bec7092a40488108543f9334aab75

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:13:48
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/lib/gdm3/gdm-wait-for-drm
                                                        Arguments:/usr/lib/gdm3/gdm-wait-for-drm
                                                        File size:14640 bytes
                                                        MD5 hash:82043ba752c6930b4e6aaea2f7747545

                                                        File Activities


                                                        General

                                                        Start time (UTC):20:13:58
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/lib/systemd/systemd (deleted)
                                                        Arguments:-
                                                        File size:1620224 bytes
                                                        MD5 hash:9b2bec7092a40488108543f9334aab75

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:13:58
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/sbin/gdm3
                                                        Arguments:/usr/sbin/gdm3
                                                        File size:453296 bytes
                                                        MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                                                        File Activities

                                                        Process Activities

                                                        Network Activities


                                                        General

                                                        Start time (UTC):20:13:58
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/lib/systemd/systemd (deleted)
                                                        Arguments:-
                                                        File size:1620224 bytes
                                                        MD5 hash:9b2bec7092a40488108543f9334aab75

                                                        File Activities

                                                        Process Activities

                                                        Network Activities


                                                        General

                                                        Start time (UTC):20:13:58
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/lib/systemd/systemd (deleted)
                                                        Arguments:-
                                                        File size:1620224 bytes
                                                        MD5 hash:9b2bec7092a40488108543f9334aab75

                                                        File Activities

                                                        Process Activities

                                                        Network Activities


                                                        General

                                                        Start time (UTC):20:13:58
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/lib/systemd/systemd (deleted)
                                                        Arguments:-
                                                        File size:1620224 bytes
                                                        MD5 hash:9b2bec7092a40488108543f9334aab75

                                                        File Activities

                                                        Process Activities

                                                        Network Activities


                                                        General

                                                        Start time (UTC):20:13:58
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/lib/systemd/systemd (deleted)
                                                        Arguments:-
                                                        File size:1620224 bytes
                                                        MD5 hash:9b2bec7092a40488108543f9334aab75

                                                        File Activities

                                                        Process Activities

                                                        Network Activities


                                                        General

                                                        Start time (UTC):20:13:58
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/lib/systemd/systemd (deleted)
                                                        Arguments:-
                                                        File size:1620224 bytes
                                                        MD5 hash:9b2bec7092a40488108543f9334aab75

                                                        File Activities

                                                        Process Activities

                                                        Network Activities


                                                        General

                                                        Start time (UTC):20:14:07
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/dash
                                                        Arguments:-
                                                        File size:129816 bytes
                                                        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:14:07
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/rm
                                                        Arguments:rm -f /tmp/tmp.DoGmkhIjL8 /tmp/tmp.absXHfGxPy /tmp/tmp.70h2CaxMMY
                                                        File size:72056 bytes
                                                        MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

                                                        File Activities


                                                        General

                                                        Start time (UTC):20:14:07
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/dash
                                                        Arguments:-
                                                        File size:129816 bytes
                                                        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:14:07
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/rm
                                                        Arguments:rm -f /tmp/tmp.DoGmkhIjL8 /tmp/tmp.absXHfGxPy /tmp/tmp.70h2CaxMMY
                                                        File size:72056 bytes
                                                        MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

                                                        File Activities


                                                        General

                                                        Start time (UTC):20:14:12
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/libexec/gvfsd-fuse
                                                        Arguments:-
                                                        File size:47632 bytes
                                                        MD5 hash:d18fbf1cbf8eb57b17fac48b7b4be933

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:14:12
                                                        Start date (UTC):02/04/2025
                                                        Path:/bin/fusermount
                                                        Arguments:fusermount -u -q -z -- /run/user/1000/gvfs
                                                        File size:39144 bytes
                                                        MD5 hash:576a1b135c82bdcbc97a91acea900566

                                                        File Activities

                                                        Network Activities


                                                        General

                                                        Start time (UTC):20:14:45
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/lib/systemd/systemd (deleted)
                                                        Arguments:-
                                                        File size:1620224 bytes
                                                        MD5 hash:9b2bec7092a40488108543f9334aab75

                                                        File Activities

                                                        Process Activities

                                                        Network Activities


                                                        General

                                                        Start time (UTC):20:14:45
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/lib/systemd/systemd (deleted)
                                                        Arguments:-
                                                        File size:1620224 bytes
                                                        MD5 hash:9b2bec7092a40488108543f9334aab75

                                                        File Activities

                                                        Process Activities

                                                        Network Activities


                                                        General

                                                        Start time (UTC):20:14:46
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/lib/systemd/systemd (deleted)
                                                        Arguments:-
                                                        File size:1620224 bytes
                                                        MD5 hash:9b2bec7092a40488108543f9334aab75

                                                        File Activities

                                                        Process Activities

                                                        Network Activities


                                                        General

                                                        Start time (UTC):20:14:46
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/lib/systemd/systemd (deleted)
                                                        Arguments:-
                                                        File size:1620224 bytes
                                                        MD5 hash:9b2bec7092a40488108543f9334aab75

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:14:46
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/gpu-manager
                                                        Arguments:/usr/bin/gpu-manager --log /var/log/gpu-manager.log
                                                        File size:76616 bytes
                                                        MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                        File Activities

                                                        Process Activities

                                                        System Activities


                                                        General

                                                        Start time (UTC):20:14:46
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/gpu-manager
                                                        Arguments:-
                                                        File size:76616 bytes
                                                        MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:14:46
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/gpu-manager
                                                        Arguments:-
                                                        File size:76616 bytes
                                                        MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:14:46
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/gpu-manager
                                                        Arguments:-
                                                        File size:76616 bytes
                                                        MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:14:46
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/gpu-manager
                                                        Arguments:-
                                                        File size:76616 bytes
                                                        MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:14:46
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/gpu-manager
                                                        Arguments:-
                                                        File size:76616 bytes
                                                        MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:14:46
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/gpu-manager
                                                        Arguments:-
                                                        File size:76616 bytes
                                                        MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:14:46
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/gpu-manager
                                                        Arguments:-
                                                        File size:76616 bytes
                                                        MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:14:46
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/gpu-manager
                                                        Arguments:-
                                                        File size:76616 bytes
                                                        MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:14:46
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/lib/systemd/systemd (deleted)
                                                        Arguments:-
                                                        File size:1620224 bytes
                                                        MD5 hash:9b2bec7092a40488108543f9334aab75

                                                        File Activities

                                                        Process Activities

                                                        Network Activities


                                                        General

                                                        Start time (UTC):20:14:46
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/lib/systemd/systemd (deleted)
                                                        Arguments:-
                                                        File size:1620224 bytes
                                                        MD5 hash:9b2bec7092a40488108543f9334aab75

                                                        File Activities

                                                        Process Activities

                                                        Network Activities


                                                        General

                                                        Start time (UTC):20:14:47
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/lib/systemd/systemd (deleted)
                                                        Arguments:-
                                                        File size:1620224 bytes
                                                        MD5 hash:9b2bec7092a40488108543f9334aab75

                                                        File Activities

                                                        Process Activities

                                                        Network Activities


                                                        General

                                                        Start time (UTC):20:14:48
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/lib/systemd/systemd (deleted)
                                                        Arguments:-
                                                        File size:1620224 bytes
                                                        MD5 hash:9b2bec7092a40488108543f9334aab75

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:14:48
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/gpu-manager
                                                        Arguments:/usr/bin/gpu-manager --log /var/log/gpu-manager.log
                                                        File size:76616 bytes
                                                        MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                        File Activities

                                                        Process Activities

                                                        System Activities


                                                        General

                                                        Start time (UTC):20:14:48
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/gpu-manager
                                                        Arguments:-
                                                        File size:76616 bytes
                                                        MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:14:48
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/gpu-manager
                                                        Arguments:-
                                                        File size:76616 bytes
                                                        MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:14:48
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/gpu-manager
                                                        Arguments:-
                                                        File size:76616 bytes
                                                        MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:14:48
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/gpu-manager
                                                        Arguments:-
                                                        File size:76616 bytes
                                                        MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:14:48
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/gpu-manager
                                                        Arguments:-
                                                        File size:76616 bytes
                                                        MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:14:48
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/gpu-manager
                                                        Arguments:-
                                                        File size:76616 bytes
                                                        MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:14:48
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/gpu-manager
                                                        Arguments:-
                                                        File size:76616 bytes
                                                        MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:14:48
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/gpu-manager
                                                        Arguments:-
                                                        File size:76616 bytes
                                                        MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:14:48
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/lib/systemd/systemd (deleted)
                                                        Arguments:-
                                                        File size:1620224 bytes
                                                        MD5 hash:9b2bec7092a40488108543f9334aab75

                                                        File Activities

                                                        Process Activities

                                                        Network Activities


                                                        General

                                                        Start time (UTC):20:14:50
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/lib/systemd/systemd (deleted)
                                                        Arguments:-
                                                        File size:1620224 bytes
                                                        MD5 hash:9b2bec7092a40488108543f9334aab75

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:14:50
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/gpu-manager
                                                        Arguments:/usr/bin/gpu-manager --log /var/log/gpu-manager.log
                                                        File size:76616 bytes
                                                        MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                        File Activities

                                                        Process Activities

                                                        System Activities


                                                        General

                                                        Start time (UTC):20:14:50
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/gpu-manager
                                                        Arguments:-
                                                        File size:76616 bytes
                                                        MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:14:50
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/gpu-manager
                                                        Arguments:-
                                                        File size:76616 bytes
                                                        MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:14:50
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/gpu-manager
                                                        Arguments:-
                                                        File size:76616 bytes
                                                        MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:14:50
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/gpu-manager
                                                        Arguments:-
                                                        File size:76616 bytes
                                                        MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:14:50
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/gpu-manager
                                                        Arguments:-
                                                        File size:76616 bytes
                                                        MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:14:50
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/gpu-manager
                                                        Arguments:-
                                                        File size:76616 bytes
                                                        MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:14:50
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/gpu-manager
                                                        Arguments:-
                                                        File size:76616 bytes
                                                        MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:14:50
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/gpu-manager
                                                        Arguments:-
                                                        File size:76616 bytes
                                                        MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:14:50
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/lib/systemd/systemd (deleted)
                                                        Arguments:-
                                                        File size:1620224 bytes
                                                        MD5 hash:9b2bec7092a40488108543f9334aab75

                                                        File Activities

                                                        Process Activities

                                                        Network Activities


                                                        General

                                                        Start time (UTC):20:14:52
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/lib/systemd/systemd (deleted)
                                                        Arguments:-
                                                        File size:1620224 bytes
                                                        MD5 hash:9b2bec7092a40488108543f9334aab75

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:14:52
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/gpu-manager
                                                        Arguments:/usr/bin/gpu-manager --log /var/log/gpu-manager.log
                                                        File size:76616 bytes
                                                        MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                        File Activities

                                                        Process Activities

                                                        System Activities


                                                        General

                                                        Start time (UTC):20:14:52
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/gpu-manager
                                                        Arguments:-
                                                        File size:76616 bytes
                                                        MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:14:52
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/gpu-manager
                                                        Arguments:-
                                                        File size:76616 bytes
                                                        MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:14:52
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/gpu-manager
                                                        Arguments:-
                                                        File size:76616 bytes
                                                        MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:14:52
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/gpu-manager
                                                        Arguments:-
                                                        File size:76616 bytes
                                                        MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:14:52
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/gpu-manager
                                                        Arguments:-
                                                        File size:76616 bytes
                                                        MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:14:52
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/gpu-manager
                                                        Arguments:-
                                                        File size:76616 bytes
                                                        MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:14:52
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/gpu-manager
                                                        Arguments:-
                                                        File size:76616 bytes
                                                        MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:14:52
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/gpu-manager
                                                        Arguments:-
                                                        File size:76616 bytes
                                                        MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:14:52
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/lib/systemd/systemd (deleted)
                                                        Arguments:-
                                                        File size:1620224 bytes
                                                        MD5 hash:9b2bec7092a40488108543f9334aab75

                                                        File Activities

                                                        Process Activities

                                                        Network Activities


                                                        General

                                                        Start time (UTC):20:14:53
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/lib/systemd/systemd (deleted)
                                                        Arguments:-
                                                        File size:1620224 bytes
                                                        MD5 hash:9b2bec7092a40488108543f9334aab75

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:14:53
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/gpu-manager
                                                        Arguments:/usr/bin/gpu-manager --log /var/log/gpu-manager.log
                                                        File size:76616 bytes
                                                        MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                        File Activities

                                                        Process Activities

                                                        System Activities


                                                        General

                                                        Start time (UTC):20:14:53
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/gpu-manager
                                                        Arguments:-
                                                        File size:76616 bytes
                                                        MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:14:53
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/gpu-manager
                                                        Arguments:-
                                                        File size:76616 bytes
                                                        MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:14:53
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/gpu-manager
                                                        Arguments:-
                                                        File size:76616 bytes
                                                        MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:14:53
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/gpu-manager
                                                        Arguments:-
                                                        File size:76616 bytes
                                                        MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:14:53
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/gpu-manager
                                                        Arguments:-
                                                        File size:76616 bytes
                                                        MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:14:53
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/gpu-manager
                                                        Arguments:-
                                                        File size:76616 bytes
                                                        MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:14:53
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/gpu-manager
                                                        Arguments:-
                                                        File size:76616 bytes
                                                        MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:14:53
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/bin/gpu-manager
                                                        Arguments:-
                                                        File size:76616 bytes
                                                        MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:14:54
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/lib/systemd/systemd (deleted)
                                                        Arguments:-
                                                        File size:1620224 bytes
                                                        MD5 hash:9b2bec7092a40488108543f9334aab75

                                                        File Activities

                                                        Process Activities

                                                        Network Activities


                                                        General

                                                        Start time (UTC):20:14:55
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/lib/systemd/systemd (deleted)
                                                        Arguments:-
                                                        File size:1620224 bytes
                                                        MD5 hash:9b2bec7092a40488108543f9334aab75

                                                        Process Activities


                                                        General

                                                        Start time (UTC):20:14:55
                                                        Start date (UTC):02/04/2025
                                                        Path:/bin/plymouth
                                                        Arguments:/bin/plymouth quit
                                                        File size:51352 bytes
                                                        MD5 hash:87003efd8dad470042f5e75360a8f49f

                                                        File Activities

                                                        Network Activities


                                                        General

                                                        Start time (UTC):20:15:42
                                                        Start date (UTC):02/04/2025
                                                        Path:/usr/lib/systemd/systemd (deleted)
                                                        Arguments:-
                                                        File size:1620224 bytes
                                                        MD5 hash:9b2bec7092a40488108543f9334aab75

                                                        File Activities

                                                        Process Activities

                                                        Network Activities