Joe Sandbox Cloud Basic Analysis Report
Create Interactive Tour

Linux Analysis Report
xd.arm.elf

Overview

General Information

Sample name:xd.arm.elf
Analysis ID:1655045
MD5:c21a996dad5c78e727809509e9f637b9
SHA1:98a9448e9e447fb8b73d5e0b715320bb41a41298
SHA256:56d5484a6d9354dc27a42303ae5cf0f174bb3cb8dfe06e304ee342d28722430b
Tags:elfuser-abuse_ch
Infos:

Detection

Mirai
Score:96
Range:0 - 100

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Mirai
Sample deletes itself
Sample is packed with UPX
Sample reads /proc/mounts (often used for finding a writable filesystem)
Sample tries to kill multiple processes (SIGKILL)
Deletes log files
Detected TCP or UDP traffic on non-standard ports
ELF contains segments with high entropy indicating compressed/encrypted content
Enumerates processes within the "proc" file system
Executes commands using a shell command-line interpreter
Executes the "grep" command used to find patterns in files or piped streams
Executes the "kill" or "pkill" command typically used to terminate processes
Executes the "rm" command used to delete files or directories
HTTP GET or POST without a user agent
Reads CPU information from /sys indicative of miner or evasive malware
Sample contains only a LOAD segment without any section mappings
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Sample tries to set the executable flag
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

General Information

Joe Sandbox version:42.0.0 Malachite
Analysis ID:1655045
Start date and time:2025-04-02 22:18:24 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 5m 0s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:xd.arm.elf
Detection:MAL
Classification:mal96.spre.troj.evad.linELF@0/12@3/0
  • Connection to analysis system has been lost, crash info: Unknown
  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Process Tree

  • system is lnxubuntu20
  • xd.arm.elf (PID: 6237, Parent: 6163, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /tmp/xd.arm.elf
  • systemd New Fork (PID: 6259, Parent: 1)
  • journalctl (PID: 6259, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --smart-relinquish-var
  • systemd New Fork (PID: 6277, Parent: 1)
  • systemd New Fork (PID: 6279, Parent: 1)
  • systemd New Fork (PID: 6280, Parent: 1)
  • systemd New Fork (PID: 6281, Parent: 1)
  • systemd New Fork (PID: 6282, Parent: 1)
  • systemd New Fork (PID: 6313, Parent: 1)
  • systemd New Fork (PID: 6326, Parent: 1)
  • systemd New Fork (PID: 6338, Parent: 1)
  • systemd New Fork (PID: 6341, Parent: 1)
  • systemd New Fork (PID: 6343, Parent: 1)
  • systemd New Fork (PID: 6344, Parent: 1860)
  • pulseaudio (PID: 6344, Parent: 1860, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal
  • gdm3 New Fork (PID: 6345, Parent: 1320)
  • Default (PID: 6345, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 6346, Parent: 1320)
  • Default (PID: 6346, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 6347, Parent: 1320)
  • Default (PID: 6347, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • systemd New Fork (PID: 6351, Parent: 1)
  • gpu-manager (PID: 6351, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log
    • sh (PID: 6353, Parent: 6351, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 6355, Parent: 6353)
      • grep (PID: 6355, Parent: 6353, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 6357, Parent: 6351, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 6358, Parent: 6357)
      • grep (PID: 6358, Parent: 6357, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 6361, Parent: 6351, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 6363, Parent: 6361)
      • grep (PID: 6363, Parent: 6361, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 6365, Parent: 6351, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 6366, Parent: 6365)
      • grep (PID: 6366, Parent: 6365, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 6367, Parent: 6351, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 6368, Parent: 6367)
      • grep (PID: 6368, Parent: 6367, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 6369, Parent: 6351, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 6370, Parent: 6369)
      • grep (PID: 6370, Parent: 6369, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 6371, Parent: 6351, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 6372, Parent: 6371)
      • grep (PID: 6372, Parent: 6371, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 6373, Parent: 6351, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 6374, Parent: 6373)
      • grep (PID: 6374, Parent: 6373, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
  • systemd New Fork (PID: 6352, Parent: 1)
  • systemd New Fork (PID: 6356, Parent: 1)
  • systemd New Fork (PID: 6360, Parent: 1)
  • systemd New Fork (PID: 6362, Parent: 1)
  • systemd New Fork (PID: 6364, Parent: 1)
  • systemd New Fork (PID: 6376, Parent: 1)
  • generate-config (PID: 6376, Parent: 1, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/gdm/generate-config
    • pkill (PID: 6377, Parent: 6376, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill --signal HUP --uid gdm dconf-service
  • systemd New Fork (PID: 6378, Parent: 1)
  • gdm-wait-for-drm (PID: 6378, Parent: 1, MD5: 82043ba752c6930b4e6aaea2f7747545) Arguments: /usr/lib/gdm3/gdm-wait-for-drm
  • gdm3 (PID: 6379, Parent: 1, MD5: 2492e2d8d34f9377e3e530a61a15674f) Arguments: /usr/sbin/gdm3
  • fusermount (PID: 6382, Parent: 2038, MD5: 576a1b135c82bdcbc97a91acea900566) Arguments: fusermount -u -q -z -- /run/user/1000/gvfs
  • dash New Fork (PID: 6387, Parent: 4331)
  • rm (PID: 6387, Parent: 4331, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.OoRRg2lor3 /tmp/tmp.0LYAALYHro /tmp/tmp.phAiVfUkbz
  • dash New Fork (PID: 6388, Parent: 4331)
  • rm (PID: 6388, Parent: 4331, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.OoRRg2lor3 /tmp/tmp.0LYAALYHro /tmp/tmp.phAiVfUkbz
  • gpu-manager (PID: 6413, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log
  • gpu-manager (PID: 6424, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log
  • gpu-manager (PID: 6434, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log
  • gpu-manager (PID: 6444, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log
  • plymouth (PID: 6456, Parent: 1, MD5: 87003efd8dad470042f5e75360a8f49f) Arguments: /bin/plymouth quit
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
6246.1.00007fa53c017000.00007fa53c029000.r-x.sdmpJoeSecurity_Mirai_9Yara detected MiraiJoe Security
    6246.1.00007fa53c017000.00007fa53c029000.r-x.sdmpJoeSecurity_Mirai_5Yara detected MiraiJoe Security
      6246.1.00007fa53c017000.00007fa53c029000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
        6246.1.00007fa53c017000.00007fa53c029000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
        • 0xfd7c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xfd90:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xfda4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xfdb8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xfdcc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xfde0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xfdf4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xfe08:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xfe1c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xfe30:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xfe44:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xfe58:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xfe6c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xfe80:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xfe94:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xfea8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xfebc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xfed0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xfee4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xfef8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xff0c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        6246.1.00007fa53c017000.00007fa53c029000.r-x.sdmpLinux_Trojan_Gafgyt_ea92cca8unknownunknown
        • 0xfd18:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
        Click to see the 59 entries

        Suricata Signatures

        No Suricata rule has matched

        Joe Sandbox Signatures

        • AV Detection
        • Bitcoin Miner
        • Networking
        • System Summary
        • Data Obfuscation
        • Persistence and Installation Behavior
        • Hooking and other Techniques for Hiding and Protection
        • Malware Analysis System Evasion
        • Stealing of Sensitive Information
        • Remote Access Functionality

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Source: xd.arm.elfReversingLabs: Detection: 41%
        Source: xd.arm.elfVirustotal: Detection: 25%Perma Link
        Source: /usr/bin/pulseaudio (PID: 6344)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
        Source: /usr/bin/pkill (PID: 6377)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
        Source: global trafficTCP traffic: 192.168.2.23:60526 -> 213.209.129.92:7887
        Source: global trafficHTTP traffic detected: POST /9aadafe2051348cd32033e1cad68f0a5fe46fba3240ac1e6e42158f31b8a1371790c09baf3996b4979fe8e533446c7dedf30f654c68b25357334c66911dc6a9e HTTP/1.1Host: daisy.ubuntu.comAccept: */*Content-Type: application/octet-streamX-Whoopsie-Version: 0.2.69ubuntu0.3Content-Length: 164887Expect: 100-continue
        Source: /tmp/xd.arm.elf (PID: 6239)Socket: 0.0.0.0:23Jump to behavior
        Source: /tmp/xd.arm.elf (PID: 6239)Socket: 0.0.0.0:0Jump to behavior
        Source: /tmp/xd.arm.elf (PID: 6239)Socket: 0.0.0.0:80Jump to behavior
        Source: /tmp/xd.arm.elf (PID: 6239)Socket: 0.0.0.0:81Jump to behavior
        Source: /tmp/xd.arm.elf (PID: 6239)Socket: 0.0.0.0:8443Jump to behavior
        Source: /tmp/xd.arm.elf (PID: 6239)Socket: 0.0.0.0:9009Jump to behavior
        Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
        Source: unknownTCP traffic detected without corresponding DNS query: 213.209.129.92
        Source: unknownTCP traffic detected without corresponding DNS query: 160.160.12.199
        Source: unknownTCP traffic detected without corresponding DNS query: 41.139.7.199
        Source: unknownTCP traffic detected without corresponding DNS query: 91.81.147.169
        Source: unknownTCP traffic detected without corresponding DNS query: 251.47.134.58
        Source: unknownTCP traffic detected without corresponding DNS query: 44.178.37.237
        Source: unknownTCP traffic detected without corresponding DNS query: 164.61.45.205
        Source: unknownTCP traffic detected without corresponding DNS query: 95.169.148.233
        Source: unknownTCP traffic detected without corresponding DNS query: 243.41.175.218
        Source: unknownTCP traffic detected without corresponding DNS query: 57.140.168.181
        Source: unknownTCP traffic detected without corresponding DNS query: 222.235.71.0
        Source: unknownTCP traffic detected without corresponding DNS query: 98.82.158.255
        Source: unknownTCP traffic detected without corresponding DNS query: 17.211.151.195
        Source: unknownTCP traffic detected without corresponding DNS query: 98.73.119.53
        Source: unknownTCP traffic detected without corresponding DNS query: 200.61.173.216
        Source: unknownTCP traffic detected without corresponding DNS query: 176.187.107.146
        Source: unknownTCP traffic detected without corresponding DNS query: 69.0.25.214
        Source: unknownTCP traffic detected without corresponding DNS query: 143.239.205.209
        Source: unknownTCP traffic detected without corresponding DNS query: 41.102.13.144
        Source: unknownTCP traffic detected without corresponding DNS query: 144.66.194.244
        Source: unknownTCP traffic detected without corresponding DNS query: 150.231.47.252
        Source: unknownTCP traffic detected without corresponding DNS query: 157.111.213.97
        Source: unknownTCP traffic detected without corresponding DNS query: 194.83.129.106
        Source: unknownTCP traffic detected without corresponding DNS query: 40.234.204.79
        Source: unknownTCP traffic detected without corresponding DNS query: 166.181.114.207
        Source: unknownTCP traffic detected without corresponding DNS query: 86.16.249.51
        Source: unknownTCP traffic detected without corresponding DNS query: 20.225.226.167
        Source: unknownTCP traffic detected without corresponding DNS query: 19.244.164.99
        Source: unknownTCP traffic detected without corresponding DNS query: 122.211.243.9
        Source: unknownTCP traffic detected without corresponding DNS query: 185.91.126.85
        Source: unknownTCP traffic detected without corresponding DNS query: 41.75.56.168
        Source: unknownTCP traffic detected without corresponding DNS query: 117.201.117.99
        Source: unknownTCP traffic detected without corresponding DNS query: 252.60.111.32
        Source: unknownTCP traffic detected without corresponding DNS query: 142.43.42.97
        Source: unknownTCP traffic detected without corresponding DNS query: 246.118.132.64
        Source: unknownTCP traffic detected without corresponding DNS query: 246.61.137.117
        Source: unknownTCP traffic detected without corresponding DNS query: 104.175.237.87
        Source: unknownTCP traffic detected without corresponding DNS query: 106.31.146.132
        Source: unknownTCP traffic detected without corresponding DNS query: 66.186.78.42
        Source: unknownTCP traffic detected without corresponding DNS query: 88.83.120.214
        Source: unknownTCP traffic detected without corresponding DNS query: 216.153.28.169
        Source: unknownTCP traffic detected without corresponding DNS query: 40.160.94.228
        Source: unknownTCP traffic detected without corresponding DNS query: 173.45.150.119
        Source: unknownTCP traffic detected without corresponding DNS query: 4.23.203.211
        Source: unknownTCP traffic detected without corresponding DNS query: 18.254.109.131
        Source: unknownTCP traffic detected without corresponding DNS query: 174.142.167.245
        Source: unknownTCP traffic detected without corresponding DNS query: 197.70.143.150
        Source: unknownTCP traffic detected without corresponding DNS query: 74.104.47.34
        Source: unknownTCP traffic detected without corresponding DNS query: 121.215.152.153
        Source: global trafficDNS traffic detected: DNS query: daisy.ubuntu.com
        Source: unknownHTTP traffic detected: POST /9aadafe2051348cd32033e1cad68f0a5fe46fba3240ac1e6e42158f31b8a1371790c09baf3996b4979fe8e533446c7dedf30f654c68b25357334c66911dc6a9e HTTP/1.1Host: daisy.ubuntu.comAccept: */*Content-Type: application/octet-streamX-Whoopsie-Version: 0.2.69ubuntu0.3Content-Length: 164887Expect: 100-continue
        Source: xd.arm.elfString found in binary or memory: http://upx.sf.net
        Source: unknownNetwork traffic detected: HTTP traffic on port 37604 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 39248 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39248
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 37604
        Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443

        System Summary

        barindex
        Source: 6246.1.00007fa53c017000.00007fa53c029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: 6246.1.00007fa53c017000.00007fa53c029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: 6246.1.00007fa53c017000.00007fa53c029000.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
        Source: 6246.1.00007fa53c017000.00007fa53c029000.r-x.sdmp, type: MEMORYMatched rule: Detects ELF malware Mirai related Author: Florian Roth
        Source: 6248.1.00007fa53c017000.00007fa53c029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: 6248.1.00007fa53c017000.00007fa53c029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: 6248.1.00007fa53c017000.00007fa53c029000.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
        Source: 6248.1.00007fa53c017000.00007fa53c029000.r-x.sdmp, type: MEMORYMatched rule: Detects ELF malware Mirai related Author: Florian Roth
        Source: 6245.1.00007fa53c017000.00007fa53c029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: 6245.1.00007fa53c017000.00007fa53c029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: 6245.1.00007fa53c017000.00007fa53c029000.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
        Source: 6245.1.00007fa53c017000.00007fa53c029000.r-x.sdmp, type: MEMORYMatched rule: Detects ELF malware Mirai related Author: Florian Roth
        Source: 6241.1.00007fa53c017000.00007fa53c029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: 6241.1.00007fa53c017000.00007fa53c029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: 6241.1.00007fa53c017000.00007fa53c029000.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
        Source: 6241.1.00007fa53c017000.00007fa53c029000.r-x.sdmp, type: MEMORYMatched rule: Detects ELF malware Mirai related Author: Florian Roth
        Source: 6242.1.00007fa53c017000.00007fa53c029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: 6242.1.00007fa53c017000.00007fa53c029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: 6242.1.00007fa53c017000.00007fa53c029000.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
        Source: 6242.1.00007fa53c017000.00007fa53c029000.r-x.sdmp, type: MEMORYMatched rule: Detects ELF malware Mirai related Author: Florian Roth
        Source: 6237.1.00007fa53c017000.00007fa53c029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: 6237.1.00007fa53c017000.00007fa53c029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: 6237.1.00007fa53c017000.00007fa53c029000.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
        Source: 6237.1.00007fa53c017000.00007fa53c029000.r-x.sdmp, type: MEMORYMatched rule: Detects ELF malware Mirai related Author: Florian Roth
        Source: Process Memory Space: xd.arm.elf PID: 6237, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: Process Memory Space: xd.arm.elf PID: 6237, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: Process Memory Space: xd.arm.elf PID: 6241, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: Process Memory Space: xd.arm.elf PID: 6241, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: Process Memory Space: xd.arm.elf PID: 6242, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: Process Memory Space: xd.arm.elf PID: 6242, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: Process Memory Space: xd.arm.elf PID: 6245, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: Process Memory Space: xd.arm.elf PID: 6245, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: Process Memory Space: xd.arm.elf PID: 6246, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: Process Memory Space: xd.arm.elf PID: 6246, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: Process Memory Space: xd.arm.elf PID: 6248, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: Process Memory Space: xd.arm.elf PID: 6248, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: /tmp/xd.arm.elf (PID: 6239)SIGKILL sent: pid: 936, result: successfulJump to behavior
        Source: /tmp/xd.arm.elf (PID: 6239)SIGKILL sent: pid: 491, result: successfulJump to behavior
        Source: /tmp/xd.arm.elf (PID: 6239)SIGKILL sent: pid: 720, result: successfulJump to behavior
        Source: /tmp/xd.arm.elf (PID: 6239)SIGKILL sent: pid: 721, result: successfulJump to behavior
        Source: /tmp/xd.arm.elf (PID: 6239)SIGKILL sent: pid: 759, result: successfulJump to behavior
        Source: /tmp/xd.arm.elf (PID: 6239)SIGKILL sent: pid: 761, result: successfulJump to behavior
        Source: /tmp/xd.arm.elf (PID: 6239)SIGKILL sent: pid: 772, result: successfulJump to behavior
        Source: /tmp/xd.arm.elf (PID: 6239)SIGKILL sent: pid: 774, result: successfulJump to behavior
        Source: /tmp/xd.arm.elf (PID: 6239)SIGKILL sent: pid: 777, result: successfulJump to behavior
        Source: /tmp/xd.arm.elf (PID: 6239)SIGKILL sent: pid: 785, result: successfulJump to behavior
        Source: /tmp/xd.arm.elf (PID: 6239)SIGKILL sent: pid: 793, result: successfulJump to behavior
        Source: /tmp/xd.arm.elf (PID: 6239)SIGKILL sent: pid: 797, result: successfulJump to behavior
        Source: /tmp/xd.arm.elf (PID: 6239)SIGKILL sent: pid: 1334, result: successfulJump to behavior
        Source: /tmp/xd.arm.elf (PID: 6239)SIGKILL sent: pid: 1335, result: successfulJump to behavior
        Source: /tmp/xd.arm.elf (PID: 6239)SIGKILL sent: pid: 1344, result: successfulJump to behavior
        Source: /tmp/xd.arm.elf (PID: 6239)SIGKILL sent: pid: 1860, result: successfulJump to behavior
        Source: /tmp/xd.arm.elf (PID: 6239)SIGKILL sent: pid: 1872, result: successfulJump to behavior
        Source: /tmp/xd.arm.elf (PID: 6239)SIGKILL sent: pid: 1886, result: successfulJump to behavior
        Source: /tmp/xd.arm.elf (PID: 6239)SIGKILL sent: pid: 2009, result: successfulJump to behavior
        Source: /tmp/xd.arm.elf (PID: 6239)SIGKILL sent: pid: 2048, result: successfulJump to behavior
        Source: /tmp/xd.arm.elf (PID: 6239)SIGKILL sent: pid: 6074, result: successfulJump to behavior
        Source: /tmp/xd.arm.elf (PID: 6239)SIGKILL sent: pid: 6222, result: successfulJump to behavior
        Source: /tmp/xd.arm.elf (PID: 6239)SIGKILL sent: pid: 6223, result: successfulJump to behavior
        Source: /tmp/xd.arm.elf (PID: 6239)SIGKILL sent: pid: 6342, result: successfulJump to behavior
        Source: /tmp/xd.arm.elf (PID: 6239)SIGKILL sent: pid: 6344, result: successfulJump to behavior
        Source: /tmp/xd.arm.elf (PID: 6239)SIGKILL sent: pid: 6379, result: successfulJump to behavior
        Source: /tmp/xd.arm.elf (PID: 6239)SIGKILL sent: pid: 6444, result: successfulJump to behavior
        Source: /tmp/xd.arm.elf (PID: 6242)SIGKILL sent: pid: -6242, result: unknownJump to behavior
        Source: LOAD without section mappingsProgram segment: 0x8000
        Source: /tmp/xd.arm.elf (PID: 6239)SIGKILL sent: pid: 936, result: successfulJump to behavior
        Source: /tmp/xd.arm.elf (PID: 6239)SIGKILL sent: pid: 491, result: successfulJump to behavior
        Source: /tmp/xd.arm.elf (PID: 6239)SIGKILL sent: pid: 720, result: successfulJump to behavior
        Source: /tmp/xd.arm.elf (PID: 6239)SIGKILL sent: pid: 721, result: successfulJump to behavior
        Source: /tmp/xd.arm.elf (PID: 6239)SIGKILL sent: pid: 759, result: successfulJump to behavior
        Source: /tmp/xd.arm.elf (PID: 6239)SIGKILL sent: pid: 761, result: successfulJump to behavior
        Source: /tmp/xd.arm.elf (PID: 6239)SIGKILL sent: pid: 772, result: successfulJump to behavior
        Source: /tmp/xd.arm.elf (PID: 6239)SIGKILL sent: pid: 774, result: successfulJump to behavior
        Source: /tmp/xd.arm.elf (PID: 6239)SIGKILL sent: pid: 777, result: successfulJump to behavior
        Source: /tmp/xd.arm.elf (PID: 6239)SIGKILL sent: pid: 785, result: successfulJump to behavior
        Source: /tmp/xd.arm.elf (PID: 6239)SIGKILL sent: pid: 793, result: successfulJump to behavior
        Source: /tmp/xd.arm.elf (PID: 6239)SIGKILL sent: pid: 797, result: successfulJump to behavior
        Source: /tmp/xd.arm.elf (PID: 6239)SIGKILL sent: pid: 1334, result: successfulJump to behavior
        Source: /tmp/xd.arm.elf (PID: 6239)SIGKILL sent: pid: 1335, result: successfulJump to behavior
        Source: /tmp/xd.arm.elf (PID: 6239)SIGKILL sent: pid: 1344, result: successfulJump to behavior
        Source: /tmp/xd.arm.elf (PID: 6239)SIGKILL sent: pid: 1860, result: successfulJump to behavior
        Source: /tmp/xd.arm.elf (PID: 6239)SIGKILL sent: pid: 1872, result: successfulJump to behavior
        Source: /tmp/xd.arm.elf (PID: 6239)SIGKILL sent: pid: 1886, result: successfulJump to behavior
        Source: /tmp/xd.arm.elf (PID: 6239)SIGKILL sent: pid: 2009, result: successfulJump to behavior
        Source: /tmp/xd.arm.elf (PID: 6239)SIGKILL sent: pid: 2048, result: successfulJump to behavior
        Source: /tmp/xd.arm.elf (PID: 6239)SIGKILL sent: pid: 6074, result: successfulJump to behavior
        Source: /tmp/xd.arm.elf (PID: 6239)SIGKILL sent: pid: 6222, result: successfulJump to behavior
        Source: /tmp/xd.arm.elf (PID: 6239)SIGKILL sent: pid: 6223, result: successfulJump to behavior
        Source: /tmp/xd.arm.elf (PID: 6239)SIGKILL sent: pid: 6342, result: successfulJump to behavior
        Source: /tmp/xd.arm.elf (PID: 6239)SIGKILL sent: pid: 6344, result: successfulJump to behavior
        Source: /tmp/xd.arm.elf (PID: 6239)SIGKILL sent: pid: 6379, result: successfulJump to behavior
        Source: /tmp/xd.arm.elf (PID: 6239)SIGKILL sent: pid: 6444, result: successfulJump to behavior
        Source: /tmp/xd.arm.elf (PID: 6242)SIGKILL sent: pid: -6242, result: unknownJump to behavior
        Source: 6246.1.00007fa53c017000.00007fa53c029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: 6246.1.00007fa53c017000.00007fa53c029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: 6246.1.00007fa53c017000.00007fa53c029000.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
        Source: 6246.1.00007fa53c017000.00007fa53c029000.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
        Source: 6248.1.00007fa53c017000.00007fa53c029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: 6248.1.00007fa53c017000.00007fa53c029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: 6248.1.00007fa53c017000.00007fa53c029000.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
        Source: 6248.1.00007fa53c017000.00007fa53c029000.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
        Source: 6245.1.00007fa53c017000.00007fa53c029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: 6245.1.00007fa53c017000.00007fa53c029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: 6245.1.00007fa53c017000.00007fa53c029000.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
        Source: 6245.1.00007fa53c017000.00007fa53c029000.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
        Source: 6241.1.00007fa53c017000.00007fa53c029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: 6241.1.00007fa53c017000.00007fa53c029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: 6241.1.00007fa53c017000.00007fa53c029000.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
        Source: 6241.1.00007fa53c017000.00007fa53c029000.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
        Source: 6242.1.00007fa53c017000.00007fa53c029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: 6242.1.00007fa53c017000.00007fa53c029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: 6242.1.00007fa53c017000.00007fa53c029000.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
        Source: 6242.1.00007fa53c017000.00007fa53c029000.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
        Source: 6237.1.00007fa53c017000.00007fa53c029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: 6237.1.00007fa53c017000.00007fa53c029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: 6237.1.00007fa53c017000.00007fa53c029000.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
        Source: 6237.1.00007fa53c017000.00007fa53c029000.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
        Source: Process Memory Space: xd.arm.elf PID: 6237, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: Process Memory Space: xd.arm.elf PID: 6237, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: Process Memory Space: xd.arm.elf PID: 6241, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: Process Memory Space: xd.arm.elf PID: 6241, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: Process Memory Space: xd.arm.elf PID: 6242, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: Process Memory Space: xd.arm.elf PID: 6242, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: Process Memory Space: xd.arm.elf PID: 6245, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: Process Memory Space: xd.arm.elf PID: 6245, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: Process Memory Space: xd.arm.elf PID: 6246, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: Process Memory Space: xd.arm.elf PID: 6246, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: Process Memory Space: xd.arm.elf PID: 6248, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: Process Memory Space: xd.arm.elf PID: 6248, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: classification engineClassification label: mal96.spre.troj.evad.linELF@0/12@3/0

        Data Obfuscation

        barindex
        Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
        Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
        Source: initial sampleString containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $

        Persistence and Installation Behavior

        barindex
        Source: /bin/fusermount (PID: 6382)File: /proc/6382/mountsJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/3088/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/3088/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/230/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/230/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/110/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/110/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/231/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/231/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/111/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/111/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/232/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/232/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/112/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/112/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/233/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/233/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/113/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/113/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/234/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/234/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/1335/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/1335/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/114/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/114/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/235/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/235/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/1334/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/1334/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/2302/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/2302/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/115/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/115/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/236/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/236/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/116/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/116/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/237/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/237/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/117/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/117/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/118/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/118/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/910/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/910/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/119/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/119/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/10/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/10/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/2307/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/2307/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/11/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/11/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/12/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/12/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/13/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/13/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/14/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/14/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/15/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/15/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/16/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/16/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/17/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/17/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/18/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/18/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/120/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/120/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/121/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/121/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/1/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/1/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/122/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/122/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/243/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/243/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/123/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/123/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/2/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/2/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/124/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/124/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/3/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/3/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/4/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/4/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/125/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/125/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/126/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/126/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/1344/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/1344/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/248/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/248/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/6/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/6/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/127/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/127/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/128/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/128/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/249/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/249/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/9/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/9/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/6239/statusJump to behavior
        Source: /usr/bin/pkill (PID: 6377)File opened: /proc/6239/cmdlineJump to behavior
        Source: /usr/bin/gpu-manager (PID: 6353)Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"Jump to behavior
        Source: /usr/bin/gpu-manager (PID: 6357)Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"Jump to behavior
        Source: /usr/bin/gpu-manager (PID: 6361)Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"Jump to behavior
        Source: /usr/bin/gpu-manager (PID: 6365)Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"Jump to behavior
        Source: /usr/bin/gpu-manager (PID: 6367)Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"Jump to behavior
        Source: /usr/bin/gpu-manager (PID: 6369)Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"Jump to behavior
        Source: /usr/bin/gpu-manager (PID: 6371)Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"Jump to behavior
        Source: /usr/bin/gpu-manager (PID: 6373)Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"Jump to behavior
        Source: /bin/sh (PID: 6355)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.confJump to behavior
        Source: /bin/sh (PID: 6358)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.confJump to behavior
        Source: /bin/sh (PID: 6363)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.confJump to behavior
        Source: /bin/sh (PID: 6366)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.confJump to behavior
        Source: /bin/sh (PID: 6368)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.confJump to behavior
        Source: /bin/sh (PID: 6370)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.confJump to behavior
        Source: /bin/sh (PID: 6372)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.confJump to behavior
        Source: /bin/sh (PID: 6374)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.confJump to behavior
        Source: /usr/share/gdm/generate-config (PID: 6377)Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-serviceJump to behavior
        Source: /usr/bin/dash (PID: 6387)Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.OoRRg2lor3 /tmp/tmp.0LYAALYHro /tmp/tmp.phAiVfUkbzJump to behavior
        Source: /usr/bin/dash (PID: 6388)Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.OoRRg2lor3 /tmp/tmp.0LYAALYHro /tmp/tmp.phAiVfUkbzJump to behavior
        Source: /usr/sbin/gdm3 (PID: 6379)File: /var/run/gdm3 (bits: - usr: -x grp: x all: rwx)Jump to behavior
        Source: /usr/sbin/gdm3 (PID: 6379)File: /var/log/gdm3 (bits: - usr: -x grp: x all: rwx)Jump to behavior
        Source: /usr/bin/gpu-manager (PID: 6351)Log file created: /var/log/gpu-manager.log
        Source: /usr/bin/gpu-manager (PID: 6413)Log file created: /var/log/gpu-manager.log
        Source: /usr/bin/gpu-manager (PID: 6424)Log file created: /var/log/gpu-manager.log
        Source: /usr/bin/gpu-manager (PID: 6434)Log file created: /var/log/gpu-manager.logJump to dropped file

        Hooking and other Techniques for Hiding and Protection

        barindex
        Source: /tmp/xd.arm.elf (PID: 6239)File: /usr/lib/systemd/systemdJump to behavior
        Source: /tmp/xd.arm.elf (PID: 6239)File: /usr/lib/systemd/systemd (deleted)Jump to behavior
        Source: /tmp/xd.arm.elf (PID: 6239)File: /usr/bin/dashJump to behavior
        Source: /tmp/xd.arm.elf (PID: 6239)File: /usr/bin/pulseaudioJump to behavior
        Source: /tmp/xd.arm.elf (PID: 6239)File: /usr/sbin/gdm3Jump to behavior
        Source: /tmp/xd.arm.elf (PID: 6239)File: /usr/bin/gpu-managerJump to behavior
        Source: xd.arm.elfSubmission file: segment LOAD with 7.9517 entropy (max. 8.0)
        Source: /usr/bin/gpu-manager (PID: 6351)Truncated file: /var/log/gpu-manager.logJump to behavior
        Source: /usr/bin/gpu-manager (PID: 6413)Truncated file: /var/log/gpu-manager.logJump to behavior
        Source: /usr/bin/gpu-manager (PID: 6424)Truncated file: /var/log/gpu-manager.logJump to behavior
        Source: /usr/bin/gpu-manager (PID: 6434)Truncated file: /var/log/gpu-manager.logJump to behavior
        Source: /usr/bin/gpu-manager (PID: 6444)Truncated file: /var/log/gpu-manager.logJump to behavior
        Source: /usr/bin/pulseaudio (PID: 6344)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
        Source: /usr/bin/pkill (PID: 6377)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
        Source: /tmp/xd.arm.elf (PID: 6237)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/bin/pulseaudio (PID: 6344)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/bin/gpu-manager (PID: 6351)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/bin/gpu-manager (PID: 6413)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/bin/gpu-manager (PID: 6424)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/bin/gpu-manager (PID: 6434)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/bin/gpu-manager (PID: 6444)Queries kernel information via 'uname': Jump to behavior
        Source: xd.arm.elf, 6237.1.00007ffcc4ec6000.00007ffcc4ee7000.rw-.sdmp, xd.arm.elf, 6241.1.00007ffcc4ec6000.00007ffcc4ee7000.rw-.sdmp, xd.arm.elf, 6242.1.00007ffcc4ec6000.00007ffcc4ee7000.rw-.sdmp, xd.arm.elf, 6245.1.00007ffcc4ec6000.00007ffcc4ee7000.rw-.sdmp, xd.arm.elf, 6246.1.00007ffcc4ec6000.00007ffcc4ee7000.rw-.sdmp, xd.arm.elf, 6248.1.00007ffcc4ec6000.00007ffcc4ee7000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-arm/tmp/xd.arm.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/xd.arm.elf
        Source: xd.arm.elf, 6237.1.0000561ab3b58000.0000561ab3ce6000.rw-.sdmp, xd.arm.elf, 6241.1.0000561ab3b58000.0000561ab3ce6000.rw-.sdmp, xd.arm.elf, 6242.1.0000561ab3b58000.0000561ab3ce6000.rw-.sdmp, xd.arm.elf, 6245.1.0000561ab3b58000.0000561ab3ce6000.rw-.sdmp, xd.arm.elf, 6246.1.0000561ab3b58000.0000561ab3ce6000.rw-.sdmp, xd.arm.elf, 6248.1.0000561ab3b58000.0000561ab3ce6000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/arm
        Source: xd.arm.elf, 6237.1.0000561ab3b58000.0000561ab3ce6000.rw-.sdmp, xd.arm.elf, 6241.1.0000561ab3b58000.0000561ab3ce6000.rw-.sdmp, xd.arm.elf, 6242.1.0000561ab3b58000.0000561ab3ce6000.rw-.sdmp, xd.arm.elf, 6245.1.0000561ab3b58000.0000561ab3ce6000.rw-.sdmp, xd.arm.elf, 6246.1.0000561ab3b58000.0000561ab3ce6000.rw-.sdmp, xd.arm.elf, 6248.1.0000561ab3b58000.0000561ab3ce6000.rw-.sdmpBinary or memory string: V!/etc/qemu-binfmt/arm
        Source: xd.arm.elf, 6237.1.00007ffcc4ec6000.00007ffcc4ee7000.rw-.sdmp, xd.arm.elf, 6241.1.00007ffcc4ec6000.00007ffcc4ee7000.rw-.sdmp, xd.arm.elf, 6242.1.00007ffcc4ec6000.00007ffcc4ee7000.rw-.sdmp, xd.arm.elf, 6245.1.00007ffcc4ec6000.00007ffcc4ee7000.rw-.sdmp, xd.arm.elf, 6246.1.00007ffcc4ec6000.00007ffcc4ee7000.rw-.sdmp, xd.arm.elf, 6248.1.00007ffcc4ec6000.00007ffcc4ee7000.rw-.sdmpBinary or memory string: /usr/bin/qemu-arm

        Stealing of Sensitive Information

        barindex
        Source: Yara matchFile source: 6246.1.00007fa53c017000.00007fa53c029000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 6248.1.00007fa53c017000.00007fa53c029000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 6245.1.00007fa53c017000.00007fa53c029000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 6241.1.00007fa53c017000.00007fa53c029000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 6242.1.00007fa53c017000.00007fa53c029000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 6237.1.00007fa53c017000.00007fa53c029000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: xd.arm.elf PID: 6237, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: xd.arm.elf PID: 6241, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: xd.arm.elf PID: 6245, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: xd.arm.elf PID: 6246, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: xd.arm.elf PID: 6248, type: MEMORYSTR

        Remote Access Functionality

        barindex
        Source: Yara matchFile source: 6246.1.00007fa53c017000.00007fa53c029000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 6248.1.00007fa53c017000.00007fa53c029000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 6245.1.00007fa53c017000.00007fa53c029000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 6241.1.00007fa53c017000.00007fa53c029000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 6242.1.00007fa53c017000.00007fa53c029000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 6237.1.00007fa53c017000.00007fa53c029000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: xd.arm.elf PID: 6237, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: xd.arm.elf PID: 6241, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: xd.arm.elf PID: 6245, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: xd.arm.elf PID: 6246, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: xd.arm.elf PID: 6248, type: MEMORYSTR

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity Information1
        Scripting        		Valid AccountsWindows Management Instrumentation1
        Scripting        		Path Interception1
        File and Directory Permissions Modification        		1
        OS Credential Dumping        		11
        Security Software Discovery        		Remote ServicesData from Local System1
        Encrypted Channel        		Exfiltration Over Other Network Medium1
        Service Stop
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
        Disable or Modify Tools        		LSASS Memory1
        File and Directory Discovery        		Remote Desktop ProtocolData from Removable Media1
        Non-Standard Port        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
        Obfuscated Files or Information        		Security Account Manager1
        System Information Discovery        		SMB/Windows Admin SharesData from Network Shared Drive2
        Non-Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
        Indicator Removal        		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
        Application Layer Protocol        		Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
        File Deletion        		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

        Malware Configuration

        No configs have been found

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Number of created Files
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1655045 Sample: xd.arm.elf Startdate: 02/04/2025 Architecture: LINUX Score: 96 54 41.63.31.4, 23 ZAMRENZM Zambia 2->54 56 70.43.152.150, 23 WINDSTREAMUS United States 2->56 58 99 other IPs or domains 2->58 64 Malicious sample detected (through community Yara rule) 2->64 66 Multi AV Scanner detection for submitted file 2->66 68 Yara detected Mirai 2->68 70 Sample is packed with UPX 2->70 8 xd.arm.elf 2->8         started        10 systemd gpu-manager 2->10         started        12 gvfsd-fuse fusermount 2->12         started        15 43 other processes 2->15 signatures3 process4 signatures5 17 xd.arm.elf 8->17         started        20 xd.arm.elf 8->20         started        22 xd.arm.elf 8->22         started        24 gpu-manager sh 10->24         started        26 gpu-manager sh 10->26         started        28 gpu-manager sh 10->28         started        32 5 other processes 10->32 72 Sample reads /proc/mounts (often used for finding a writable filesystem) 12->72 30 generate-config pkill 15->30         started        34 32 other processes 15->34 process6 signatures7 60 Sample tries to kill multiple processes (SIGKILL) 17->60 62 Sample deletes itself 17->62 36 xd.arm.elf 20->36         started        50 2 other processes 20->50 38 sh grep 24->38         started        40 sh grep 26->40         started        42 sh grep 28->42         started        44 sh grep 32->44         started        46 sh grep 32->46         started        48 sh grep 32->48         started        52 2 other processes 32->52 process8

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        xd.arm.elf42%ReversingLabsLinux.Backdoor.Mirai
        xd.arm.elf25%VirustotalBrowse

        Dropped Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        No Antivirus matches

        Domains and IPs

        Download Network PCAP: filteredfull

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        daisy.ubuntu.com
        		162.213.35.25
        		truefalse
          		high

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          https://daisy.ubuntu.com/9aadafe2051348cd32033e1cad68f0a5fe46fba3240ac1e6e42158f31b8a1371790c09baf3996b4979fe8e533446c7dedf30f654c68b25357334c66911dc6a9efalse
            		high
            NameSourceMaliciousAntivirus DetectionReputation
            http://upx.sf.netxd.arm.elffalse
              		high

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              18.254.109.131
              		unknownUnited States
              		16509AMAZON-02USfalse
              65.23.74.1
              		unknownUnited States
              		26510FTCH-HQ-ASNUSfalse
              4.23.203.211
              		unknownUnited States
              		3356LEVEL3USfalse
              107.111.168.108
              		unknownUnited States
              		7018ATT-INTERNET4USfalse
              44.178.37.237
              		unknownUnited States
              		7377UCSDUSfalse
              246.61.137.117
              		unknownReserved
              		unknownunknownfalse
              164.61.45.205
              		unknownGermany
              		8569MSYSDEfalse
              98.110.92.145
              		unknownUnited States
              		701UUNETUSfalse
              76.146.72.144
              		unknownUnited States
              		7922COMCAST-7922USfalse
              91.81.147.169
              		unknownItaly
              		30722VODAFONE-IT-ASNITfalse
              153.139.208.161
              		unknownJapan4713OCNNTTCommunicationsCorporationJPfalse
              146.90.117.50
              		unknownUnited Kingdom
              		6871PLUSNETUKInternetServiceProviderGBfalse
              168.31.211.199
              		unknownUnited States
              		3479PEACHNET-AS1USfalse
              218.188.161.112
              		unknownHong Kong
              		9304HUTCHISON-AS-APHGCGlobalCommunicationsLimitedHKfalse
              138.215.120.231
              		unknownSweden
              		3246TDCSONGTele2BusinessTDCSwedenSEfalse
              1.33.140.225
              		unknownJapan2514INFOSPHERENTTPCCommunicationsIncJPfalse
              70.43.152.150
              		unknownUnited States
              		7029WINDSTREAMUSfalse
              158.129.162.112
              		unknownLithuania
              		5479UNI-VILNIUSUniversityNetworkinVilniusLTfalse
              151.21.166.244
              		unknownItaly
              		1267ASN-WINDTREIUNETEUfalse
              91.189.91.43
              		unknownUnited Kingdom
              		41231CANONICAL-ASGBfalse
              91.189.91.42
              		unknownUnited Kingdom
              		41231CANONICAL-ASGBfalse
              86.16.249.51
              		unknownUnited Kingdom
              		5089NTLGBfalse
              136.72.176.33
              		unknownUnited States
              		60311ONEFMCHfalse
              216.153.28.169
              		unknownUnited States
              		6203ISDN-NETUSfalse
              207.42.245.114
              		unknownUnited States
              		18649ST-DALUSfalse
              195.25.174.79
              		unknownFrance
              		3215FranceTelecom-OrangeFRfalse
              31.4.178.250
              		unknownSpain
              		12430VODAFONE_ESESfalse
              253.23.112.103
              		unknownReserved
              		unknownunknownfalse
              176.187.107.146
              		unknownFrance
              		5410BOUYGTEL-ISPFRfalse
              17.148.202.84
              		unknownUnited States
              		714APPLE-ENGINEERINGUSfalse
              40.234.204.79
              		unknownUnited States
              		4249LILLY-ASUSfalse
              42.233.232.94
              		unknownChina
              		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
              17.101.27.50
              		unknownUnited States
              		714APPLE-ENGINEERINGUSfalse
              58.159.92.153
              		unknownJapan17506UCOMARTERIANetworksCorporationJPfalse
              57.140.168.181
              		unknownBelgium
              		2686ATGS-MMD-ASUSfalse
              79.113.0.230
              		unknownRomania
              		8708RCS-RDS73-75DrStaicoviciROfalse
              205.225.157.230
              		unknownUnited States
              		1226CTA-42-AS1226USfalse
              69.0.25.214
              		unknownUnited States
              		7018ATT-INTERNET4USfalse
              46.96.235.233
              		unknownUkraine
              		34058LIFECELL-ASUAfalse
              206.48.20.156
              		unknownUnited States
              		11816SetarNetAWfalse
              166.181.114.207
              		unknownUnited States
              		6614USCC-ASNUSfalse
              143.239.205.209
              		unknownIreland
              		1213HEANETIEfalse
              19.244.164.99
              		unknownUnited States
              		3MIT-GATEWAYSUSfalse
              98.201.241.33
              		unknownUnited States
              		7922COMCAST-7922USfalse
              104.175.237.87
              		unknownUnited States
              		20001TWC-20001-PACWESTUSfalse
              185.91.126.85
              		unknownUnited Kingdom
              		47474VIRTUAL1GBfalse
              66.186.78.42
              		unknownCanada
              		5690VIANET-NOCAfalse
              155.239.86.35
              		unknownSouth Africa
              		5713SAIX-NETZAfalse
              17.211.151.195
              		unknownUnited States
              		714APPLE-ENGINEERINGUSfalse
              95.169.148.233
              		unknownRussian Federation
              		25086URALTC-ASRUfalse
              130.170.13.58
              		unknownUnited States
              		12173UAUSfalse
              104.119.199.110
              		unknownUnited States
              		16625AKAMAI-ASUSfalse
              187.70.139.90
              		unknownBrazil
              		22085ClaroSABRfalse
              255.80.227.49
              		unknownReserved
              		unknownunknownfalse
              58.118.101.15
              		unknownChina
              		4847CNIX-APChinaNetworksInter-ExchangeCNfalse
              24.34.206.83
              		unknownUnited States
              		7922COMCAST-7922USfalse
              34.249.145.219
              		unknownUnited States
              		16509AMAZON-02USfalse
              190.106.50.2
              		unknownNicaragua
              		25607IBWCommunicationsNIfalse
              148.78.202.211
              		unknownUnited States
              		16811SAGENET-GTHUSfalse
              144.66.194.244
              		unknownNew Zealand
              		3243MEO-RESIDENCIALPTfalse
              171.153.107.153
              		unknownUnited States
              		9874STARHUB-MOBILEStarHubLtdSGfalse
              121.215.152.153
              		unknownAustralia
              		1221ASN-TELSTRATelstraCorporationLtdAUfalse
              61.210.89.146
              		unknownJapan2510INFOWEBFUJITSULIMITEDJPfalse
              14.67.88.105
              		unknownKorea Republic of
              		4766KIXS-AS-KRKoreaTelecomKRfalse
              73.154.135.7
              		unknownUnited States
              		7922COMCAST-7922USfalse
              174.142.167.245
              		unknownCanada
              		32613IWEB-ASCAfalse
              2.127.7.36
              		unknownUnited Kingdom
              		5607BSKYB-BROADBAND-ASGBfalse
              74.20.99.232
              		unknownUnited States
              		7922COMCAST-7922USfalse
              104.74.41.206
              		unknownUnited States
              		16625AKAMAI-ASUSfalse
              41.102.13.144
              		unknownAlgeria
              		36947ALGTEL-ASDZfalse
              41.17.76.58
              		unknownSouth Africa
              		29975VODACOM-ZAfalse
              246.118.132.64
              		unknownReserved
              		unknownunknownfalse
              101.43.161.160
              		unknownChina
              		4847CNIX-APChinaNetworksInter-ExchangeCNfalse
              20.131.222.216
              		unknownUnited States
              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
              251.47.134.58
              		unknownReserved
              		unknownunknownfalse
              31.29.86.55
              		unknownUnited Arab Emirates
              		56479HCT-ASAEfalse
              213.209.129.92
              		unknownGermany
              		42821RAPIDNET-DEHaunstetterStr19DEfalse
              248.60.17.66
              		unknownReserved
              		unknownunknownfalse
              41.63.31.4
              		unknownZambia
              		37532ZAMRENZMfalse
              243.41.175.218
              		unknownReserved
              		unknownunknownfalse
              67.191.247.185
              		unknownUnited States
              		7922COMCAST-7922USfalse
              247.167.202.110
              		unknownReserved
              		unknownunknownfalse
              98.82.158.255
              		unknownUnited States
              		11351TWC-11351-NORTHEASTUSfalse
              179.142.178.199
              		unknownBrazil
              		53037NEXTELTELECOMUNICACOESLTDABRfalse
              218.214.231.176
              		unknownAustralia
              		9443VOCUS-RETAIL-AUVocusRetailAUfalse
              255.207.225.35
              		unknownReserved
              		unknownunknownfalse
              47.35.175.36
              		unknownUnited States
              		20115CHARTER-20115USfalse
              76.102.124.246
              		unknownUnited States
              		7922COMCAST-7922USfalse
              160.160.12.199
              		unknownMorocco
              		6713IAM-ASMAfalse
              251.112.128.89
              		unknownReserved
              		unknownunknownfalse
              67.12.53.176
              		unknownUnited States
              		33363BHN-33363USfalse
              209.169.198.126
              		unknownUnited States
              		11232MIDCO-NETUSfalse
              162.213.35.24
              		unknownUnited States
              		41231CANONICAL-ASGBfalse
              200.61.173.216
              		unknownArgentina
              		16814NSSSAARfalse
              252.60.111.32
              		unknownReserved
              		unknownunknownfalse
              41.142.145.165
              		unknownMorocco
              		36903MT-MPLSMAfalse
              197.70.143.150
              		unknownSouth Africa
              		16637MTNNS-ASZAfalse
              251.139.123.160
              		unknownReserved
              		unknownunknownfalse
              195.63.228.176
              		unknownGermany
              		12312ECOTELDEfalse
              61.247.1.158
              		unknownIndonesia
              		23700FASTNET-AS-IDLinknet-FastnetASNIDfalse

              Joe Sandbox View / Context

              IPs

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              91.189.91.43xd.m68k.elfGet hashmaliciousMiraiBrowse
                xd.mips.elfGet hashmaliciousMiraiBrowse
                  sshd.elfGet hashmaliciousUnknownBrowse
                    xd.mpsl.elfGet hashmaliciousMiraiBrowse
                      na.elfGet hashmaliciousPrometeiBrowse
                        xd.i686.elfGet hashmaliciousMiraiBrowse
                          xd.arm.elfGet hashmaliciousMiraiBrowse
                            xd.sh4.elfGet hashmaliciousMiraiBrowse
                              xd.arm5.elfGet hashmaliciousMiraiBrowse
                                na.elfGet hashmaliciousPrometeiBrowse
                                  91.189.91.42xd.m68k.elfGet hashmaliciousMiraiBrowse
                                    xd.mips.elfGet hashmaliciousMiraiBrowse
                                      sshd.elfGet hashmaliciousUnknownBrowse
                                        xd.mpsl.elfGet hashmaliciousMiraiBrowse
                                          na.elfGet hashmaliciousPrometeiBrowse
                                            xd.i686.elfGet hashmaliciousMiraiBrowse
                                              xd.arm.elfGet hashmaliciousMiraiBrowse
                                                xd.sh4.elfGet hashmaliciousMiraiBrowse
                                                  xd.arm5.elfGet hashmaliciousMiraiBrowse
                                                    na.elfGet hashmaliciousPrometeiBrowse

                                                      Domains

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      daisy.ubuntu.comxd.m68k.elfGet hashmaliciousMiraiBrowse
                                                      • 162.213.35.25
                                                      xd.mips.elfGet hashmaliciousMiraiBrowse
                                                      • 162.213.35.24
                                                      xd.arm6.elfGet hashmaliciousMiraiBrowse
                                                      • 162.213.35.24
                                                      xd.arm6.elfGet hashmaliciousMiraiBrowse
                                                      • 162.213.35.25
                                                      xd.x86.elfGet hashmaliciousMiraiBrowse
                                                      • 162.213.35.25
                                                      xd.x86_64.elfGet hashmaliciousMiraiBrowse
                                                      • 162.213.35.25
                                                      boatnet.x86.elfGet hashmaliciousMiraiBrowse
                                                      • 162.213.35.25
                                                      boatnet.arm.elfGet hashmaliciousMiraiBrowse
                                                      • 162.213.35.25
                                                      boatnet.arm6.elfGet hashmaliciousMiraiBrowse
                                                      • 162.213.35.25
                                                      bejv86.elfGet hashmaliciousUnknownBrowse
                                                      • 162.213.35.24

                                                      ASNs

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      ATT-INTERNET4USxd.mips.elfGet hashmaliciousMiraiBrowse
                                                      • 13.141.213.197
                                                      xd.x86.elfGet hashmaliciousMiraiBrowse
                                                      • 107.128.57.24
                                                      xd.powerpc-440fp.elfGet hashmaliciousMiraiBrowse
                                                      • 45.16.142.91
                                                      xd.x86.elfGet hashmaliciousMiraiBrowse
                                                      • 206.121.192.0
                                                      xd.sh4.elfGet hashmaliciousMiraiBrowse
                                                      • 172.143.133.21
                                                      xd.x86_64.elfGet hashmaliciousMiraiBrowse
                                                      • 13.168.105.138
                                                      http://vsuite-emea.omnicell.comGet hashmaliciousUnknownBrowse
                                                      • 13.43.120.10
                                                      IMP 7527518303 2507294.docx.docGet hashmaliciousUnknownBrowse
                                                      • 216.9.224.185
                                                      IMP 7527518303 2507294.docx.docGet hashmaliciousUnknownBrowse
                                                      • 216.9.224.185
                                                      xd.mips.elfGet hashmaliciousMiraiBrowse
                                                      • 108.76.39.172
                                                      AMAZON-02UShttps://tiny.ee/AAZ8Get hashmaliciousUnknownBrowse
                                                      • 18.238.80.123
                                                      xd.m68k.elfGet hashmaliciousMiraiBrowse
                                                      • 13.209.216.226
                                                      https://fredfinch.tixio.io/share/wiki/67e579c57241d7dc92648844Get hashmaliciousUnknownBrowse
                                                      • 52.58.163.166
                                                      xd.powerpc-440fp.elfGet hashmaliciousMiraiBrowse
                                                      • 54.114.231.98
                                                      xd.m68k.elfGet hashmaliciousMiraiBrowse
                                                      • 54.247.62.1
                                                      Fw_ Tkt 10830 _ voicemail messages.msgGet hashmaliciousHTMLPhisherBrowse
                                                      • 18.238.49.97
                                                      na.elfGet hashmaliciousPrometeiBrowse
                                                      • 34.254.182.186
                                                      xd.arm.elfGet hashmaliciousMiraiBrowse
                                                      • 34.249.145.219
                                                      http://belastingdiensrt.nl.services.cartoriomoreirafeitosa.com.br//#mclear@securustechnologies.comGet hashmaliciousHTMLPhisherBrowse
                                                      • 52.42.9.193
                                                      xd.arm5.elfGet hashmaliciousMiraiBrowse
                                                      • 34.249.145.219
                                                      LEVEL3USxd.mips.elfGet hashmaliciousMiraiBrowse
                                                      • 4.184.114.7
                                                      xd.powerpc-440fp.elfGet hashmaliciousMiraiBrowse
                                                      • 64.9.22.52
                                                      xd.x86.elfGet hashmaliciousMiraiBrowse
                                                      • 206.243.46.192
                                                      xd.sh4.elfGet hashmaliciousMiraiBrowse
                                                      • 9.7.255.81
                                                      xd.x86_64.elfGet hashmaliciousMiraiBrowse
                                                      • 4.45.31.125
                                                      utorrent_installer.exeGet hashmaliciousUnknownBrowse
                                                      • 4.150.155.223
                                                      xd.mips.elfGet hashmaliciousMiraiBrowse
                                                      • 4.243.233.137
                                                      xd.powerpc-440fp.elfGet hashmaliciousMiraiBrowse
                                                      • 4.78.223.144
                                                      xd.arm.elfGet hashmaliciousMiraiBrowse
                                                      • 8.126.249.250
                                                      xd.ppc.elfGet hashmaliciousMiraiBrowse
                                                      • 9.204.255.240
                                                      FTCH-HQ-ASNUSHKZqB954AC.elfGet hashmaliciousMiraiBrowse
                                                      • 65.23.78.54
                                                      8IBz8sGHUM.elfGet hashmaliciousMirai, MoobotBrowse
                                                      • 65.23.78.96
                                                      z3hir.arm7Get hashmaliciousMiraiBrowse
                                                      • 65.23.78.51
                                                      zlPSZFihzFGet hashmaliciousMirai, MoobotBrowse
                                                      • 65.23.78.78
                                                      Zd0AiT1NLlGet hashmaliciousGafgyt MiraiBrowse
                                                      • 65.23.78.93

                                                      JA3 Fingerprints

                                                      No context

                                                      Dropped Files

                                                      No context

                                                      Created / dropped Files

                                                      Process:/usr/bin/pulseaudio
                                                      File Type:ASCII text
                                                      Category:dropped
                                                      Size (bytes):10
                                                      Entropy (8bit):2.9219280948873623
                                                      Encrypted:false
                                                      SSDEEP:3:5bkPn:pkP
                                                      MD5:FF001A15CE15CF062A3704CEA2991B5F
                                                      SHA1:B06F6855F376C3245B82212AC73ADED55DFE5DEF
                                                      SHA-256:C54830B41ECFA1B6FBDC30397188DDA86B7B200E62AEAC21AE694A6192DCC38A
                                                      SHA-512:65EBF7C31F6F65713CE01B38A112E97D0AE64A6BD1DA40CE4C1B998F10CD3912EE1A48BB2B279B24493062118AAB3B8753742E2AF28E56A31A7AAB27DE80E7BF
                                                      Malicious:false
                                                      Reputation:moderate, very likely benign file
                                                      Preview:auto_null.
                                                      Process:/usr/bin/pulseaudio
                                                      File Type:ASCII text
                                                      Category:dropped
                                                      Size (bytes):18
                                                      Entropy (8bit):3.4613201402110088
                                                      Encrypted:false
                                                      SSDEEP:3:5bkrIZsXvn:pkckv
                                                      MD5:28FE6435F34B3367707BB1C5D5F6B430
                                                      SHA1:EB8FE2D16BD6BBCCE106C94E4D284543B2573CF6
                                                      SHA-256:721A37C69E555799B41D308849E8F8125441883AB021B723FED90A9B744F36C0
                                                      SHA-512:6B6AB7C0979629D0FEF6BE47C5C6BCC367EDD0AAE3FC973F4DE2FD5F0A819C89E7656DB65D453B1B5398E54012B27EDFE02894AD87A7E0AF3A9C5F2EB24A9919
                                                      Malicious:false
                                                      Reputation:moderate, very likely benign file
                                                      Preview:auto_null.monitor.
                                                      Process:/usr/sbin/gdm3
                                                      File Type:ASCII text
                                                      Category:dropped
                                                      Size (bytes):5
                                                      Entropy (8bit):2.321928094887362
                                                      Encrypted:false
                                                      SSDEEP:3:Ze:M
                                                      MD5:440F41DC9493D4461CC5019CBD8F621F
                                                      SHA1:14E2905711A7CF695462F6FAE195794991590310
                                                      SHA-256:B705F8557613B6F45A5B690979E3FD29DAE8D58E8D6A693406F5512C5E7D7A12
                                                      SHA-512:2487A9BA27F88D0FF784C7A4D52A7D1BD36B4A6ABD4BCD586E451A7C0EAB02059018AD986768291D030A311B0C9600800269A186E3B38F1AD637B0EBB1C5D73D
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview:6379.
                                                      Process:/usr/bin/pulseaudio
                                                      File Type:ASCII text
                                                      Category:dropped
                                                      Size (bytes):5
                                                      Entropy (8bit):1.9219280948873623
                                                      Encrypted:false
                                                      SSDEEP:3:aJ:aJ
                                                      MD5:8E0E918653C2C936524527B7AF907534
                                                      SHA1:142BC7928697AAF7BE15D2A7C85B283EAADC167F
                                                      SHA-256:25C0A4ED10C1AFE5630B7DC59C311B6F4ED96A12BE43FF406892D32D21B1D7E6
                                                      SHA-512:0E47C2E379DE4A29DCC175EF651EFF735D85D79DD6076518568637A90EEB37DB574114A9BC7084F05EA2679DB099028D51CE91EAEE2028CD1B7489B01EB42288
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview:6344.
                                                      Process:/usr/bin/gpu-manager
                                                      File Type:ASCII text
                                                      Category:dropped
                                                      Size (bytes):25
                                                      Entropy (8bit):2.7550849518197795
                                                      Encrypted:false
                                                      SSDEEP:3:JoT/V9fDVbn:M/V3n
                                                      MD5:078760523943E160756979906B85FB5E
                                                      SHA1:0962643266F4C5537F7D125046F28F21D6DD0C89
                                                      SHA-256:048416AC7A9A99690B8B53718CD39F32F637B55CC8DD8E67E58E5AEF060DD41C
                                                      SHA-512:DEFAAE8F8B54C61A716A0B0B4884358FEB8EB44DFEA01AAA5A687FDA7182792B7DEBB34AA840672EB3B40EB59FD0186749E08E47D181786C7FAA8C8F73F0104D
                                                      Malicious:false
                                                      Reputation:moderate, very likely benign file
                                                      Preview:15ad:0405;0000:00:0f:0;1.
                                                      Process:/usr/bin/gpu-manager
                                                      File Type:ASCII text
                                                      Category:dropped
                                                      Size (bytes):1371
                                                      Entropy (8bit):4.8296848499188485
                                                      Encrypted:false
                                                      SSDEEP:24:wPXXX9uV6BNu3WDF3GF3XFFxFFed2uk2HUvJlfWkpPpx7uvvAdow9555cJz:wPXXXe6vejpeC2HUR5WkpPpcvAdow95O
                                                      MD5:3AF77E630DA00B3BE24F4E8AA5D78B13
                                                      SHA1:BCF2D99E002F6DE2413A183227B011CFBEF5673D
                                                      SHA-256:EB1CBBA20845237B4409274D693FEAE13F835274DA3337B7A9D14F4D7FDF9DEA
                                                      SHA-512:8524B1E8A761F962B32F396812099B9B0B2DCF3C9FCA8605424753CFCFF4DC67EDC5EE1D8C91B9C0ED7FAE6BB1E752898B8D514B7C421D1839D6FEDA609C593C
                                                      Malicious:false
                                                      Preview:log_file: /var/log/gpu-manager.log.last_boot_file: /var/lib/ubuntu-drivers-common/last_gfx_boot.new_boot_file: /var/lib/ubuntu-drivers-common/last_gfx_boot.can't access /run/u-d-c-nvidia-was-loaded file.can't get module info via kmodcan't access /opt/amdgpu-pro/bin/amdgpu-pro-px.Looking for nvidia modules in /lib/modules/5.4.0-72-generic/kernel.Looking for nvidia modules in /lib/modules/5.4.0-72-generic/updates/dkms.Looking for amdgpu modules in /lib/modules/5.4.0-72-generic/kernel.Looking for amdgpu modules in /lib/modules/5.4.0-72-generic/updates/dkms.Is nvidia loaded? no.Was nvidia unloaded? no.Is nvidia blacklisted? no.Is intel loaded? no.Is radeon loaded? no.Is radeon blacklisted? no.Is amdgpu loaded? no.Is amdgpu blacklisted? no.Is amdgpu versioned? no.Is amdgpu pro stack? no.Is nouveau loaded? no.Is nouveau blacklisted? no.Is nvidia kernel module available? no.Is amdgpu kernel module available? no.Vendor/Device Id: 15ad:405.BusID "PCI:0@0:15:0".Is boot vga? yes.Error: can't acce

                                                      Static File Info

                                                      General

                                                      File type:ELF 32-bit LSB executable, ARM, version 1 (ARM), statically linked, no section header
                                                      Entropy (8bit):7.948597375515882
                                                      TrID:
                                                      • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                                                      File name:xd.arm.elf
                                                      File size:29'992 bytes
                                                      MD5:c21a996dad5c78e727809509e9f637b9
                                                      SHA1:98a9448e9e447fb8b73d5e0b715320bb41a41298
                                                      SHA256:56d5484a6d9354dc27a42303ae5cf0f174bb3cb8dfe06e304ee342d28722430b
                                                      SHA512:39ae4c7f2046ff8dd56f3d26d28428f53e1f7f2f5bd73337b1c3ade94fbd1c83be4ddd2cc31a1562120bd51a5d0f54f2bee1934b7f9372b6ecd38c1decf42a56
                                                      SSDEEP:384:AymTK4fnB92B5LvzcNvTTtKgat/WTgpFu4uVC+A/T5a862EYGf/ye1LgRJv1hymm:/ILfnB92B5MNvTZalN+OxeJgls3Uoz5
                                                      TLSH:C0D2E126E7C67D77F3C184739A280E4BB2120B7905F7B132055882876ADAE4F657CB53
                                                      File Content Preview:.ELF...a..........(.........4...........4. ...(.....................?t..?t..........................................Q.td............................s.y.UPX!....................R..........?.E.h;.}...^..........f.....T....h............+h.*.......zj.,.C;6..C

                                                      Static ELF Info

                                                      ELF header

                                                      Class:ELF32
                                                      Data:2's complement, little endian
                                                      Version:1 (current)
                                                      Machine:ARM
                                                      Version Number:0x1
                                                      Type:EXEC (Executable file)
                                                      OS/ABI:ARM - ABI
                                                      ABI Version:0
                                                      Entry Point Address:0xe290
                                                      Flags:0x202
                                                      ELF Header Size:52
                                                      Program Header Offset:52
                                                      Program Header Size:32
                                                      Number of Program Headers:3
                                                      Section Header Offset:0
                                                      Section Header Size:40
                                                      Number of Section Headers:0
                                                      Header String Table Index:0

                                                      Program Segments

                                                      TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                                      LOAD0x00x80000x80000x743f0x743f7.95170x5R E0x8000
                                                      LOAD0x19140x219140x219140x00x00.00000x6RW 0x8000
                                                      GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

                                                      Network Behavior

                                                      Download Network PCAP: filteredfull

                                                      Network Port Distribution

                                                      • Total Packets: 200
                                                      • 7887 undefined
                                                      • 443 (HTTPS)
                                                      • 80 (HTTP)
                                                      • 53 (DNS)
                                                      • 23 (Telnet)
                                                      TimestampSource PortDest PortSource IPDest IP
                                                      Apr 2, 2025 22:19:21.043549061 CEST43928443192.168.2.2391.189.91.42
                                                      Apr 2, 2025 22:19:22.653304100 CEST605267887192.168.2.23213.209.129.92
                                                      Apr 2, 2025 22:19:22.689537048 CEST306423192.168.2.23160.160.12.199
                                                      Apr 2, 2025 22:19:22.689677954 CEST306423192.168.2.2341.139.7.199
                                                      Apr 2, 2025 22:19:22.689702988 CEST306423192.168.2.2391.81.147.169
                                                      Apr 2, 2025 22:19:22.689738035 CEST306423192.168.2.23251.47.134.58
                                                      Apr 2, 2025 22:19:22.689738035 CEST306423192.168.2.2344.178.37.237
                                                      Apr 2, 2025 22:19:22.689990997 CEST306423192.168.2.23164.61.45.205
                                                      Apr 2, 2025 22:19:22.689990997 CEST306423192.168.2.2395.169.148.233
                                                      Apr 2, 2025 22:19:22.689990997 CEST306423192.168.2.23243.41.175.218
                                                      Apr 2, 2025 22:19:22.689990997 CEST306423192.168.2.2357.140.168.181
                                                      Apr 2, 2025 22:19:22.689990997 CEST306423192.168.2.23222.235.71.0
                                                      Apr 2, 2025 22:19:22.689990997 CEST306423192.168.2.2398.82.158.255
                                                      Apr 2, 2025 22:19:22.689995050 CEST306423192.168.2.2317.211.151.195
                                                      Apr 2, 2025 22:19:22.689995050 CEST306423192.168.2.2398.73.119.53
                                                      Apr 2, 2025 22:19:22.689996004 CEST306423192.168.2.23200.61.173.216
                                                      Apr 2, 2025 22:19:22.689999104 CEST306423192.168.2.23176.187.107.146
                                                      Apr 2, 2025 22:19:22.689999104 CEST306423192.168.2.2369.0.25.214
                                                      Apr 2, 2025 22:19:22.689999104 CEST306423192.168.2.23143.239.205.209
                                                      Apr 2, 2025 22:19:22.689999104 CEST306423192.168.2.2341.102.13.144
                                                      Apr 2, 2025 22:19:22.689999104 CEST306423192.168.2.23144.66.194.244
                                                      Apr 2, 2025 22:19:22.689997911 CEST306423192.168.2.23150.231.47.252
                                                      Apr 2, 2025 22:19:22.689997911 CEST306423192.168.2.23157.111.213.97
                                                      Apr 2, 2025 22:19:22.690000057 CEST306423192.168.2.23194.83.129.106
                                                      Apr 2, 2025 22:19:22.690000057 CEST306423192.168.2.2340.234.204.79
                                                      Apr 2, 2025 22:19:22.690000057 CEST306423192.168.2.23166.181.114.207
                                                      Apr 2, 2025 22:19:22.690000057 CEST306423192.168.2.2386.16.249.51
                                                      Apr 2, 2025 22:19:22.690001011 CEST306423192.168.2.2320.225.226.167
                                                      Apr 2, 2025 22:19:22.690001011 CEST306423192.168.2.2319.244.164.99
                                                      Apr 2, 2025 22:19:22.690002918 CEST306423192.168.2.23122.211.243.9
                                                      Apr 2, 2025 22:19:22.689997911 CEST306423192.168.2.23185.91.126.85
                                                      Apr 2, 2025 22:19:22.690004110 CEST306423192.168.2.2341.75.56.168
                                                      Apr 2, 2025 22:19:22.690001011 CEST306423192.168.2.23117.201.117.99
                                                      Apr 2, 2025 22:19:22.690004110 CEST306423192.168.2.23252.60.111.32
                                                      Apr 2, 2025 22:19:22.690001011 CEST306423192.168.2.23142.43.42.97
                                                      Apr 2, 2025 22:19:22.690004110 CEST306423192.168.2.23246.118.132.64
                                                      Apr 2, 2025 22:19:22.689997911 CEST306423192.168.2.23246.61.137.117
                                                      Apr 2, 2025 22:19:22.689997911 CEST306423192.168.2.23104.175.237.87
                                                      Apr 2, 2025 22:19:22.690004110 CEST306423192.168.2.23106.31.146.132
                                                      Apr 2, 2025 22:19:22.690001011 CEST306423192.168.2.2366.186.78.42
                                                      Apr 2, 2025 22:19:22.690004110 CEST306423192.168.2.2388.83.120.214
                                                      Apr 2, 2025 22:19:22.690001011 CEST306423192.168.2.23216.153.28.169
                                                      Apr 2, 2025 22:19:22.690001011 CEST306423192.168.2.2340.160.94.228
                                                      Apr 2, 2025 22:19:22.690046072 CEST306423192.168.2.23173.45.150.119
                                                      Apr 2, 2025 22:19:22.690047026 CEST306423192.168.2.234.23.203.211
                                                      Apr 2, 2025 22:19:22.690047026 CEST306423192.168.2.2318.254.109.131
                                                      Apr 2, 2025 22:19:22.690054893 CEST306423192.168.2.23174.142.167.245
                                                      Apr 2, 2025 22:19:22.690054893 CEST306423192.168.2.23197.70.143.150
                                                      Apr 2, 2025 22:19:22.690054893 CEST306423192.168.2.2374.104.47.34
                                                      Apr 2, 2025 22:19:22.690054893 CEST306423192.168.2.23121.215.152.153
                                                      Apr 2, 2025 22:19:22.690054893 CEST306423192.168.2.23153.139.208.161
                                                      Apr 2, 2025 22:19:22.690057039 CEST306423192.168.2.2347.35.175.36
                                                      Apr 2, 2025 22:19:22.690056086 CEST306423192.168.2.23111.43.231.178
                                                      Apr 2, 2025 22:19:22.690057039 CEST306423192.168.2.2331.29.86.55
                                                      Apr 2, 2025 22:19:22.690054893 CEST306423192.168.2.2316.32.111.204
                                                      Apr 2, 2025 22:19:22.690054893 CEST306423192.168.2.23104.74.41.206
                                                      Apr 2, 2025 22:19:22.690054893 CEST306423192.168.2.23139.206.231.18
                                                      Apr 2, 2025 22:19:22.690054893 CEST306423192.168.2.23195.25.174.79
                                                      Apr 2, 2025 22:19:22.690054893 CEST306423192.168.2.2341.17.76.58
                                                      Apr 2, 2025 22:19:22.690054893 CEST306423192.168.2.23138.215.120.231
                                                      Apr 2, 2025 22:19:22.690072060 CEST306423192.168.2.23130.170.13.58
                                                      Apr 2, 2025 22:19:22.690072060 CEST306423192.168.2.2398.201.241.33
                                                      Apr 2, 2025 22:19:22.690072060 CEST306423192.168.2.23104.119.199.110
                                                      Apr 2, 2025 22:19:22.690072060 CEST306423192.168.2.23187.70.139.90
                                                      Apr 2, 2025 22:19:22.690072060 CEST306423192.168.2.2323.146.245.251
                                                      Apr 2, 2025 22:19:22.690072060 CEST306423192.168.2.2316.162.45.24
                                                      Apr 2, 2025 22:19:22.690073967 CEST306423192.168.2.2335.97.221.168
                                                      Apr 2, 2025 22:19:22.690073967 CEST306423192.168.2.23253.23.112.103
                                                      Apr 2, 2025 22:19:22.690098047 CEST306423192.168.2.231.33.140.225
                                                      Apr 2, 2025 22:19:22.690099001 CEST306423192.168.2.2374.20.99.232
                                                      Apr 2, 2025 22:19:22.690099001 CEST306423192.168.2.23111.76.103.160
                                                      Apr 2, 2025 22:19:22.690099001 CEST306423192.168.2.23136.115.91.31
                                                      Apr 2, 2025 22:19:22.690099001 CEST306423192.168.2.2317.148.202.84
                                                      Apr 2, 2025 22:19:22.690099001 CEST306423192.168.2.23146.90.117.50
                                                      Apr 2, 2025 22:19:22.690099001 CEST306423192.168.2.23251.112.128.89
                                                      Apr 2, 2025 22:19:22.690099001 CEST306423192.168.2.23136.72.176.33
                                                      Apr 2, 2025 22:19:22.690099001 CEST306423192.168.2.2373.154.135.7
                                                      Apr 2, 2025 22:19:22.690104961 CEST306423192.168.2.23105.98.41.18
                                                      Apr 2, 2025 22:19:22.690109968 CEST306423192.168.2.23115.54.56.199
                                                      Apr 2, 2025 22:19:22.690109968 CEST306423192.168.2.2361.247.1.158
                                                      Apr 2, 2025 22:19:22.690114021 CEST306423192.168.2.2376.108.232.5
                                                      Apr 2, 2025 22:19:22.690121889 CEST306423192.168.2.2376.102.124.246
                                                      Apr 2, 2025 22:19:22.690125942 CEST306423192.168.2.2367.12.53.176
                                                      Apr 2, 2025 22:19:22.690135002 CEST306423192.168.2.23155.239.86.35
                                                      Apr 2, 2025 22:19:22.690135002 CEST306423192.168.2.2358.118.101.15
                                                      Apr 2, 2025 22:19:22.690135002 CEST306423192.168.2.23217.170.220.62
                                                      Apr 2, 2025 22:19:22.690135002 CEST306423192.168.2.23166.98.74.255
                                                      Apr 2, 2025 22:19:22.690135002 CEST306423192.168.2.2361.210.89.146
                                                      Apr 2, 2025 22:19:22.690135002 CEST306423192.168.2.23216.57.65.238
                                                      Apr 2, 2025 22:19:22.690140963 CEST306423192.168.2.23218.214.231.176
                                                      Apr 2, 2025 22:19:22.690140963 CEST306423192.168.2.2358.159.92.153
                                                      Apr 2, 2025 22:19:22.690150023 CEST306423192.168.2.23107.111.168.108
                                                      Apr 2, 2025 22:19:22.690150976 CEST306423192.168.2.23202.132.254.0
                                                      Apr 2, 2025 22:19:22.690150976 CEST306423192.168.2.232.127.7.36
                                                      Apr 2, 2025 22:19:22.690151930 CEST306423192.168.2.23149.119.246.164
                                                      Apr 2, 2025 22:19:22.690150976 CEST306423192.168.2.23149.113.202.227
                                                      Apr 2, 2025 22:19:22.690150976 CEST306423192.168.2.23170.89.65.146
                                                      Apr 2, 2025 22:19:22.690155029 CEST306423192.168.2.2365.23.74.1
                                                      Apr 2, 2025 22:19:22.690155029 CEST306423192.168.2.23101.43.161.160
                                                      Apr 2, 2025 22:19:22.690169096 CEST306423192.168.2.2342.233.232.94
                                                      Apr 2, 2025 22:19:22.690175056 CEST306423192.168.2.2341.142.145.165
                                                      Apr 2, 2025 22:19:22.690197945 CEST306423192.168.2.23255.80.227.49
                                                      Apr 2, 2025 22:19:22.690229893 CEST306423192.168.2.23122.46.166.137
                                                      Apr 2, 2025 22:19:22.690231085 CEST306423192.168.2.23151.21.166.244
                                                      Apr 2, 2025 22:19:22.690253973 CEST306423192.168.2.23251.139.123.160
                                                      Apr 2, 2025 22:19:22.690254927 CEST306423192.168.2.2314.67.88.105
                                                      Apr 2, 2025 22:19:22.690275908 CEST306423192.168.2.23190.106.50.2
                                                      Apr 2, 2025 22:19:22.690280914 CEST306423192.168.2.23148.78.202.211
                                                      Apr 2, 2025 22:19:22.690296888 CEST306423192.168.2.23255.207.225.35
                                                      Apr 2, 2025 22:19:22.690296888 CEST306423192.168.2.23206.48.20.156
                                                      Apr 2, 2025 22:19:22.690296888 CEST306423192.168.2.2320.71.159.186
                                                      Apr 2, 2025 22:19:22.690309048 CEST306423192.168.2.23174.69.69.193
                                                      Apr 2, 2025 22:19:22.690321922 CEST306423192.168.2.2387.226.159.113
                                                      Apr 2, 2025 22:19:22.690321922 CEST306423192.168.2.2317.101.27.50
                                                      Apr 2, 2025 22:19:22.690335035 CEST306423192.168.2.2367.191.247.185
                                                      Apr 2, 2025 22:19:22.690337896 CEST306423192.168.2.23254.12.176.72
                                                      Apr 2, 2025 22:19:22.690341949 CEST306423192.168.2.23145.222.26.41
                                                      Apr 2, 2025 22:19:22.690347910 CEST306423192.168.2.2320.131.222.216
                                                      Apr 2, 2025 22:19:22.690349102 CEST306423192.168.2.23247.167.202.110
                                                      Apr 2, 2025 22:19:22.690361023 CEST306423192.168.2.23245.238.183.28
                                                      Apr 2, 2025 22:19:22.690383911 CEST306423192.168.2.23207.42.245.114
                                                      Apr 2, 2025 22:19:22.690383911 CEST306423192.168.2.2373.243.138.62
                                                      Apr 2, 2025 22:19:22.690392971 CEST306423192.168.2.23212.236.178.129
                                                      Apr 2, 2025 22:19:22.690402031 CEST306423192.168.2.2331.4.178.250
                                                      Apr 2, 2025 22:19:22.690409899 CEST306423192.168.2.23248.60.17.66
                                                      Apr 2, 2025 22:19:22.690411091 CEST306423192.168.2.2379.113.0.230
                                                      Apr 2, 2025 22:19:22.690423012 CEST306423192.168.2.2313.80.229.64
                                                      Apr 2, 2025 22:19:22.690426111 CEST306423192.168.2.2346.96.235.233
                                                      Apr 2, 2025 22:19:22.690440893 CEST306423192.168.2.23158.129.162.112
                                                      Apr 2, 2025 22:19:22.690440893 CEST306423192.168.2.2324.34.206.83
                                                      Apr 2, 2025 22:19:22.690457106 CEST306423192.168.2.23162.142.34.67
                                                      Apr 2, 2025 22:19:22.690458059 CEST306423192.168.2.23212.106.63.54
                                                      Apr 2, 2025 22:19:22.690464973 CEST306423192.168.2.2341.63.31.4
                                                      Apr 2, 2025 22:19:22.690475941 CEST306423192.168.2.23168.31.211.199
                                                      Apr 2, 2025 22:19:22.690485001 CEST306423192.168.2.2370.43.152.150
                                                      Apr 2, 2025 22:19:22.690505981 CEST306423192.168.2.23209.169.198.126
                                                      Apr 2, 2025 22:19:22.690506935 CEST306423192.168.2.23218.177.29.95
                                                      Apr 2, 2025 22:19:22.690675974 CEST306423192.168.2.23159.0.22.139
                                                      Apr 2, 2025 22:19:22.690680027 CEST306423192.168.2.23171.153.107.153
                                                      Apr 2, 2025 22:19:22.690701008 CEST306423192.168.2.23218.188.161.112
                                                      Apr 2, 2025 22:19:22.690704107 CEST306423192.168.2.23183.70.162.36
                                                      Apr 2, 2025 22:19:22.690720081 CEST306423192.168.2.23195.63.228.176
                                                      Apr 2, 2025 22:19:22.690731049 CEST306423192.168.2.23179.142.178.199
                                                      Apr 2, 2025 22:19:22.690809011 CEST306423192.168.2.2394.61.241.107
                                                      Apr 2, 2025 22:19:22.690813065 CEST306423192.168.2.2363.51.11.163
                                                      Apr 2, 2025 22:19:22.690826893 CEST306423192.168.2.23205.225.157.230
                                                      Apr 2, 2025 22:19:22.690830946 CEST306423192.168.2.2376.146.72.144
                                                      Apr 2, 2025 22:19:22.690849066 CEST306423192.168.2.2398.110.92.145
                                                      Apr 2, 2025 22:19:22.690850973 CEST306423192.168.2.2331.215.158.57
                                                      Apr 2, 2025 22:19:22.690855026 CEST306423192.168.2.23186.145.102.136
                                                      Apr 2, 2025 22:19:22.690855026 CEST306423192.168.2.23197.69.242.82
                                                      Apr 2, 2025 22:19:22.690875053 CEST306423192.168.2.23173.162.160.76
                                                      Apr 2, 2025 22:19:22.690929890 CEST306423192.168.2.23250.144.27.203
                                                      Apr 2, 2025 22:19:22.881573915 CEST788760526213.209.129.92192.168.2.23
                                                      Apr 2, 2025 22:19:26.418912888 CEST42836443192.168.2.2391.189.91.43
                                                      Apr 2, 2025 22:19:27.442766905 CEST4251680192.168.2.23109.202.202.202
                                                      Apr 2, 2025 22:19:32.725891113 CEST39248443192.168.2.2334.249.145.219
                                                      Apr 2, 2025 22:19:32.725939989 CEST4433924834.249.145.219192.168.2.23
                                                      Apr 2, 2025 22:19:32.726072073 CEST39248443192.168.2.2334.249.145.219
                                                      Apr 2, 2025 22:19:32.726258039 CEST39248443192.168.2.2334.249.145.219
                                                      Apr 2, 2025 22:19:32.726273060 CEST4433924834.249.145.219192.168.2.23
                                                      Apr 2, 2025 22:19:41.776748896 CEST43928443192.168.2.2391.189.91.42
                                                      Apr 2, 2025 22:19:48.649992943 CEST37604443192.168.2.23162.213.35.24
                                                      Apr 2, 2025 22:19:48.650024891 CEST44337604162.213.35.24192.168.2.23
                                                      Apr 2, 2025 22:19:48.650077105 CEST37604443192.168.2.23162.213.35.24
                                                      Apr 2, 2025 22:19:52.015255928 CEST42836443192.168.2.2391.189.91.43
                                                      Apr 2, 2025 22:19:52.960119963 CEST37604443192.168.2.23162.213.35.24
                                                      Apr 2, 2025 22:19:52.960161924 CEST44337604162.213.35.24192.168.2.23
                                                      Apr 2, 2025 22:19:53.193401098 CEST44337604162.213.35.24192.168.2.23
                                                      Apr 2, 2025 22:19:53.193486929 CEST37604443192.168.2.23162.213.35.24
                                                      Apr 2, 2025 22:19:53.193829060 CEST37604443192.168.2.23162.213.35.24
                                                      Apr 2, 2025 22:19:53.193844080 CEST44337604162.213.35.24192.168.2.23
                                                      Apr 2, 2025 22:19:53.194150925 CEST37604443192.168.2.23162.213.35.24
                                                      Apr 2, 2025 22:19:53.194164991 CEST44337604162.213.35.24192.168.2.23
                                                      Apr 2, 2025 22:19:53.194288015 CEST44337604162.213.35.24192.168.2.23
                                                      Apr 2, 2025 22:19:53.194340944 CEST37604443192.168.2.23162.213.35.24
                                                      Apr 2, 2025 22:19:53.194356918 CEST44337604162.213.35.24192.168.2.23
                                                      Apr 2, 2025 22:19:53.194397926 CEST37604443192.168.2.23162.213.35.24
                                                      Apr 2, 2025 22:19:53.194878101 CEST37604443192.168.2.23162.213.35.24
                                                      Apr 2, 2025 22:19:53.236267090 CEST44337604162.213.35.24192.168.2.23
                                                      Apr 2, 2025 22:19:53.381344080 CEST44337604162.213.35.24192.168.2.23
                                                      Apr 2, 2025 22:19:53.381417990 CEST37604443192.168.2.23162.213.35.24
                                                      Apr 2, 2025 22:19:53.381505966 CEST37604443192.168.2.23162.213.35.24
                                                      Apr 2, 2025 22:19:53.381505966 CEST37604443192.168.2.23162.213.35.24
                                                      Apr 2, 2025 22:19:53.381532907 CEST44337604162.213.35.24192.168.2.23
                                                      Apr 2, 2025 22:19:53.381546974 CEST44337604162.213.35.24192.168.2.23
                                                      Apr 2, 2025 22:19:53.381562948 CEST37604443192.168.2.23162.213.35.24
                                                      Apr 2, 2025 22:19:53.381562948 CEST37604443192.168.2.23162.213.35.24
                                                      Apr 2, 2025 22:19:53.381581068 CEST44337604162.213.35.24192.168.2.23
                                                      Apr 2, 2025 22:19:53.381582975 CEST37604443192.168.2.23162.213.35.24
                                                      Apr 2, 2025 22:19:53.381582975 CEST37604443192.168.2.23162.213.35.24
                                                      Apr 2, 2025 22:19:53.381607056 CEST37604443192.168.2.23162.213.35.24
                                                      Apr 2, 2025 22:19:53.381609917 CEST44337604162.213.35.24192.168.2.23
                                                      Apr 2, 2025 22:19:53.381620884 CEST37604443192.168.2.23162.213.35.24
                                                      Apr 2, 2025 22:19:53.381633043 CEST44337604162.213.35.24192.168.2.23
                                                      Apr 2, 2025 22:19:53.381642103 CEST37604443192.168.2.23162.213.35.24
                                                      Apr 2, 2025 22:19:53.381663084 CEST44337604162.213.35.24192.168.2.23
                                                      Apr 2, 2025 22:19:53.381668091 CEST37604443192.168.2.23162.213.35.24
                                                      Apr 2, 2025 22:19:53.381668091 CEST37604443192.168.2.23162.213.35.24
                                                      Apr 2, 2025 22:19:53.381685019 CEST37604443192.168.2.23162.213.35.24
                                                      Apr 2, 2025 22:19:53.381730080 CEST37604443192.168.2.23162.213.35.24
                                                      Apr 2, 2025 22:19:53.381730080 CEST37604443192.168.2.23162.213.35.24
                                                      Apr 2, 2025 22:19:53.381822109 CEST44337604162.213.35.24192.168.2.23
                                                      Apr 2, 2025 22:19:53.381906986 CEST37604443192.168.2.23162.213.35.24
                                                      Apr 2, 2025 22:19:53.381922007 CEST44337604162.213.35.24192.168.2.23
                                                      Apr 2, 2025 22:19:53.381936073 CEST37604443192.168.2.23162.213.35.24
                                                      Apr 2, 2025 22:19:53.381989002 CEST37604443192.168.2.23162.213.35.24
                                                      Apr 2, 2025 22:19:53.382114887 CEST44337604162.213.35.24192.168.2.23
                                                      Apr 2, 2025 22:19:53.382148981 CEST44337604162.213.35.24192.168.2.23
                                                      Apr 2, 2025 22:19:53.382181883 CEST37604443192.168.2.23162.213.35.24
                                                      Apr 2, 2025 22:19:53.382181883 CEST37604443192.168.2.23162.213.35.24
                                                      Apr 2, 2025 22:19:53.382190943 CEST44337604162.213.35.24192.168.2.23
                                                      Apr 2, 2025 22:19:53.382206917 CEST44337604162.213.35.24192.168.2.23
                                                      Apr 2, 2025 22:19:53.382236004 CEST37604443192.168.2.23162.213.35.24
                                                      Apr 2, 2025 22:19:53.382247925 CEST44337604162.213.35.24192.168.2.23
                                                      Apr 2, 2025 22:19:53.819631100 CEST44337604162.213.35.24192.168.2.23
                                                      Apr 2, 2025 22:19:53.819713116 CEST37604443192.168.2.23162.213.35.24
                                                      Apr 2, 2025 22:19:53.819745064 CEST44337604162.213.35.24192.168.2.23
                                                      Apr 2, 2025 22:19:53.819761038 CEST44337604162.213.35.24192.168.2.23
                                                      Apr 2, 2025 22:19:53.819786072 CEST37604443192.168.2.23162.213.35.24
                                                      Apr 2, 2025 22:19:53.819809914 CEST44337604162.213.35.24192.168.2.23
                                                      Apr 2, 2025 22:19:53.819856882 CEST37604443192.168.2.23162.213.35.24
                                                      Apr 2, 2025 22:19:53.819865942 CEST44337604162.213.35.24192.168.2.23
                                                      Apr 2, 2025 22:19:58.158668995 CEST4251680192.168.2.23109.202.202.202
                                                      Apr 2, 2025 22:20:22.731209993 CEST43928443192.168.2.2391.189.91.42
                                                      Apr 2, 2025 22:20:32.718406916 CEST39248443192.168.2.2334.249.145.219
                                                      Apr 2, 2025 22:20:32.764277935 CEST4433924834.249.145.219192.168.2.23
                                                      Apr 2, 2025 22:20:43.208374023 CEST42836443192.168.2.2391.189.91.43
                                                      TimestampSource PortDest PortSource IPDest IP
                                                      Apr 2, 2025 22:19:48.217657089 CEST4332453192.168.2.231.1.1.1
                                                      Apr 2, 2025 22:19:48.217657089 CEST5382853192.168.2.231.1.1.1
                                                      Apr 2, 2025 22:19:48.319693089 CEST53538281.1.1.1192.168.2.23
                                                      Apr 2, 2025 22:19:48.319808006 CEST53433241.1.1.1192.168.2.23
                                                      Apr 2, 2025 22:19:48.485068083 CEST4895553192.168.2.231.1.1.1
                                                      Apr 2, 2025 22:19:48.631278992 CEST53489551.1.1.1192.168.2.23
                                                      TimestampSource IPDest IPChecksumCodeType
                                                      Apr 2, 2025 22:19:50.457226038 CEST192.168.2.23192.168.2.18283(Port unreachable)Destination Unreachable
                                                      Apr 2, 2025 22:21:10.474150896 CEST192.168.2.23192.168.2.18283(Port unreachable)Destination Unreachable

                                                      DNS Queries

                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                      Apr 2, 2025 22:19:48.217657089 CEST192.168.2.231.1.1.10x141Standard query (0)daisy.ubuntu.comA (IP address)IN (0x0001)false
                                                      Apr 2, 2025 22:19:48.217657089 CEST192.168.2.231.1.1.10x833bStandard query (0)daisy.ubuntu.com28IN (0x0001)false
                                                      Apr 2, 2025 22:19:48.485068083 CEST192.168.2.231.1.1.10xf375Standard query (0)daisy.ubuntu.com28IN (0x0001)false

                                                      DNS Answers

                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                      Apr 2, 2025 22:19:48.319808006 CEST1.1.1.1192.168.2.230x141No error (0)daisy.ubuntu.com162.213.35.25A (IP address)IN (0x0001)false
                                                      Apr 2, 2025 22:19:48.319808006 CEST1.1.1.1192.168.2.230x141No error (0)daisy.ubuntu.com162.213.35.24A (IP address)IN (0x0001)false

                                                      HTTP Request Dependency Graph

                                                      • daisy.ubuntu.com

                                                      HTTPS Proxied Packets

                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                      0192.168.2.2337604162.213.35.24443
                                                      TimestampBytes transferredDirectionData
                                                      2025-04-02 20:19:53 UTC307OUTPOST /9aadafe2051348cd32033e1cad68f0a5fe46fba3240ac1e6e42158f31b8a1371790c09baf3996b4979fe8e533446c7dedf30f654c68b25357334c66911dc6a9e HTTP/1.1
                                                      Host: daisy.ubuntu.com
                                                      Accept: */*
                                                      Content-Type: application/octet-stream
                                                      X-Whoopsie-Version: 0.2.69ubuntu0.3
                                                      Content-Length: 164887
                                                      Expect: 100-continue
                                                      2025-04-02 20:19:53 UTC25INHTTP/1.1 100 Continue
                                                      2025-04-02 20:19:53 UTC16384OUTData Raw: 17 84 02 00 02 50 72 6f 63 45 6e 76 69 72 6f 6e 00 4e 00 00 00 50 41 54 48 3d 28 63 75 73 74 6f 6d 2c 20 6e 6f 20 75 73 65 72 29 0a 58 44 47 5f 52 55 4e 54 49 4d 45 5f 44 49 52 3d 3c 73 65 74 3e 0a 4c 41 4e 47 3d 65 6e 5f 55 53 2e 55 54 46 2d 38 0a 53 48 45 4c 4c 3d 2f 62 69 6e 2f 62 61 73 68 00 02 5f 4c 6f 67 69 6e 64 53 65 73 73 69 6f 6e 00 02 00 00 00 35 00 02 44 61 74 65 00 19 00 00 00 54 75 65 20 41 75 67 20 31 37 20 32 30 3a 31 38 3a 30 34 20 32 30 32 31 00 02 53 6f 75 72 63 65 50 61 63 6b 61 67 65 00 0d 00 00 00 6c 69 67 68 74 2d 6c 6f 63 6b 65 72 00 02 50 61 63 6b 61 67 65 41 72 63 68 69 74 65 63 74 75 72 65 00 06 00 00 00 61 6d 64 36 34 00 02 41 72 63 68 69 74 65 63 74 75 72 65 00 06 00 00 00 61 6d 64 36 34 00 02 44 69 73 74 72 6f 52 65 6c 65 61
                                                      Data Ascii: ProcEnvironNPATH=(custom, no user)XDG_RUNTIME_DIR=<set>LANG=en_US.UTF-8SHELL=/bin/bash_LogindSession5DateTue Aug 17 20:18:04 2021SourcePackagelight-lockerPackageArchitectureamd64Architectureamd64DistroRelea
                                                      2025-04-02 20:19:53 UTC16384OUTData Raw: 74 75 34 2e 31 0a 6c 69 62 70 61 6d 2d 72 75 6e 74 69 6d 65 20 31 2e 33 2e 31 2d 35 75 62 75 6e 74 75 34 2e 31 0a 6c 69 62 70 61 6d 2d 73 79 73 74 65 6d 64 20 32 34 35 2e 34 2d 34 75 62 75 6e 74 75 33 2e 31 31 0a 6c 69 62 70 61 6d 30 67 20 31 2e 33 2e 31 2d 35 75 62 75 6e 74 75 34 2e 31 0a 6c 69 62 70 61 6e 67 6f 2d 31 2e 30 2d 30 20 31 2e 34 34 2e 37 2d 32 75 62 75 6e 74 75 34 0a 6c 69 62 70 61 6e 67 6f 63 61 69 72 6f 2d 31 2e 30 2d 30 20 31 2e 34 34 2e 37 2d 32 75 62 75 6e 74 75 34 0a 6c 69 62 70 61 6e 67 6f 66 74 32 2d 31 2e 30 2d 30 20 31 2e 34 34 2e 37 2d 32 75 62 75 6e 74 75 34 0a 6c 69 62 70 61 6e 67 6f 78 66 74 2d 31 2e 30 2d 30 20 31 2e 34 34 2e 37 2d 32 75 62 75 6e 74 75 34 0a 6c 69 62 70 61 70 65 72 2d 75 74 69 6c 73 20 31 2e 31 2e 32 38 0a 6c
                                                      Data Ascii: tu4.1libpam-runtime 1.3.1-5ubuntu4.1libpam-systemd 245.4-4ubuntu3.11libpam0g 1.3.1-5ubuntu4.1libpango-1.0-0 1.44.7-2ubuntu4libpangocairo-1.0-0 1.44.7-2ubuntu4libpangoft2-1.0-0 1.44.7-2ubuntu4libpangoxft-1.0-0 1.44.7-2ubuntu4libpaper-utils 1.1.28l
                                                      2025-04-02 20:19:53 UTC16384OUTData Raw: 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 67 73 20 20 20 20 20 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 6b 30 20 20 20 20 20 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 6b 31 20 20 20 20 20 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 6b 32 20 20 20 20 20 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 6b 33 20 20 20 20 20 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 6b 34 20 20 20 20 20 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 6b 35 20
                                                      Data Ascii: 0x0 0gs 0x0 0k0 0x0 0k1 0x0 0k2 0x0 0k3 0x0 0k4 0x0 0k5
                                                      2025-04-02 20:19:53 UTC16384OUTData Raw: 20 20 20 20 20 20 20 20 20 2f 75 73 72 2f 6c 69 62 2f 78 38 36 5f 36 34 2d 6c 69 6e 75 78 2d 67 6e 75 2f 6c 69 62 78 63 62 2d 72 65 6e 64 65 72 2e 73 6f 2e 30 2e 30 2e 30 0a 37 66 37 39 31 63 30 37 34 30 30 30 2d 37 66 37 39 31 63 30 37 35 30 30 30 20 2d 2d 2d 70 20 30 30 30 30 63 30 30 30 20 66 64 3a 30 30 20 38 30 36 32 36 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2f 75 73 72 2f 6c 69 62 2f 78 38 36 5f 36 34 2d 6c 69 6e 75 78 2d 67 6e 75 2f 6c 69 62 78 63 62 2d 72 65 6e 64 65 72 2e 73 6f 2e 30 2e 30 2e 30 0a 37 66 37 39 31 63 30 37 35 30 30 30 2d 37 66 37 39 31 63 30 37 36 30 30 30 20 72 2d 2d 70 20 30 30 30 30 63 30 30 30 20 66 64 3a 30 30 20 38 30 36 32 36 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2f 75
                                                      Data Ascii: /usr/lib/x86_64-linux-gnu/libxcb-render.so.0.0.07f791c074000-7f791c075000 ---p 0000c000 fd:00 806260 /usr/lib/x86_64-linux-gnu/libxcb-render.so.0.0.07f791c075000-7f791c076000 r--p 0000c000 fd:00 806260 /u
                                                      2025-04-02 20:19:53 UTC16384OUTData Raw: 6e 75 78 2d 67 6e 75 2f 6c 69 62 67 64 6b 5f 70 69 78 62 75 66 2d 32 2e 30 2e 73 6f 2e 30 2e 34 30 30 30 2e 30 0a 37 66 37 39 31 63 37 37 33 30 30 30 2d 37 66 37 39 31 63 37 37 34 30 30 30 20 72 77 2d 70 20 30 30 30 32 36 30 30 30 20 66 64 3a 30 30 20 38 30 36 32 34 35 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2f 75 73 72 2f 6c 69 62 2f 78 38 36 5f 36 34 2d 6c 69 6e 75 78 2d 67 6e 75 2f 6c 69 62 67 64 6b 5f 70 69 78 62 75 66 2d 32 2e 30 2e 73 6f 2e 30 2e 34 30 30 30 2e 30 0a 37 66 37 39 31 63 37 37 34 30 30 30 2d 37 66 37 39 31 63 37 37 38 30 30 30 20 72 2d 2d 70 20 30 30 30 30 30 30 30 30 20 66 64 3a 30 30 20 38 30 36 32 36 38 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2f 75 73 72 2f 6c 69 62 2f 78 38 36 5f 36 34
                                                      Data Ascii: nux-gnu/libgdk_pixbuf-2.0.so.0.4000.07f791c773000-7f791c774000 rw-p 00026000 fd:00 806245 /usr/lib/x86_64-linux-gnu/libgdk_pixbuf-2.0.so.0.4000.07f791c774000-7f791c778000 r--p 00000000 fd:00 806268 /usr/lib/x86_64
                                                      2025-04-02 20:19:53 UTC16384OUTData Raw: 20 70 6c 61 74 66 6f 72 6d 20 65 69 73 61 2e 30 3a 20 43 61 6e 6e 6f 74 20 61 6c 6c 6f 63 61 74 65 20 72 65 73 6f 75 72 63 65 20 66 6f 72 20 45 49 53 41 20 73 6c 6f 74 20 37 0a 41 75 67 20 31 37 20 32 30 3a 32 34 3a 34 36 20 67 61 6c 61 73 73 69 61 20 6b 65 72 6e 65 6c 3a 20 70 6c 61 74 66 6f 72 6d 20 65 69 73 61 2e 30 3a 20 43 61 6e 6e 6f 74 20 61 6c 6c 6f 63 61 74 65 20 72 65 73 6f 75 72 63 65 20 66 6f 72 20 45 49 53 41 20 73 6c 6f 74 20 38 0a 41 75 67 20 31 37 20 32 30 3a 32 34 3a 34 36 20 67 61 6c 61 73 73 69 61 20 6b 65 72 6e 65 6c 3a 20 73 64 20 33 32 3a 30 3a 30 3a 30 3a 20 5b 73 64 61 5d 20 41 73 73 75 6d 69 6e 67 20 64 72 69 76 65 20 63 61 63 68 65 3a 20 77 72 69 74 65 20 74 68 72 6f 75 67 68 0a 41 75 67 20 31 37 20 32 30 3a 32 34 3a 34 37 20 67
                                                      Data Ascii: platform eisa.0: Cannot allocate resource for EISA slot 7Aug 17 20:24:46 galassia kernel: platform eisa.0: Cannot allocate resource for EISA slot 8Aug 17 20:24:46 galassia kernel: sd 32:0:0:0: [sda] Assuming drive cache: write throughAug 17 20:24:47 g
                                                      2025-04-02 20:19:53 UTC16384OUTData Raw: 35 35 31 5d 3a 20 28 49 49 29 20 4c 6f 61 64 4d 6f 64 75 6c 65 3a 20 22 66 62 64 65 76 68 77 22 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 34 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 49 49 29 20 4c 6f 61 64 69 6e 67 20 2f 75 73 72 2f 6c 69 62 2f 78 6f 72 67 2f 6d 6f 64 75 6c 65 73 2f 6c 69 62 66 62 64 65 76 68 77 2e 73 6f 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 34 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 49 49 29 20 4d 6f 64 75 6c 65 20 66 62 64 65 76 68 77 3a 20 76 65 6e 64 6f 72 3d 22 58 2e 4f 72 67 20 46 6f 75 6e 64 61 74 69 6f 6e 22 0a 41 75 67 20 31 37
                                                      Data Ascii: 551]: (II) LoadModule: "fbdevhw"Aug 17 20:25:04 galassia /usr/lib/gdm3/gdm-x-session[1551]: (II) Loading /usr/lib/xorg/modules/libfbdevhw.soAug 17 20:25:04 galassia /usr/lib/gdm3/gdm-x-session[1551]: (II) Module fbdevhw: vendor="X.Org Foundation"Aug 17
                                                      2025-04-02 20:19:53 UTC16384OUTData Raw: 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 49 49 29 20 76 6d 77 61 72 65 28 30 29 3a 20 4e 6f 74 20 75 73 69 6e 67 20 64 65 66 61 75 6c 74 20 6d 6f 64 65 20 22 31 39 32 30 78 31 32 30 30 22 20 28 69 6e 73 75 66 66 69 63 69 65 6e 74 20 6d 65 6d 6f 72 79 20 66 6f 72 20 6d 6f 64 65 29 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 35 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 49 49 29 20 76 6d 77 61 72 65 28 30 29 3a 20 4e 6f 74 20 75 73 69 6e 67 20 64 65 66 61 75 6c 74 20 6d 6f 64 65 20 22 39 36 30 78 36 30 30 22 20 28 62 61 64 20 6d 6f 64 65 20 63 6c 6f 63 6b 2f 69 6e 74 65 72 6c 61 63 65 2f 64 6f 75 62 6c 65 73
                                                      Data Ascii: /lib/gdm3/gdm-x-session[1551]: (II) vmware(0): Not using default mode "1920x1200" (insufficient memory for mode)Aug 17 20:25:05 galassia /usr/lib/gdm3/gdm-x-session[1551]: (II) vmware(0): Not using default mode "960x600" (bad mode clock/interlace/doubles
                                                      2025-04-02 20:19:53 UTC16384OUTData Raw: 20 31 33 33 36 20 31 35 32 30 20 20 38 36 34 20 38 36 35 20 38 36 38 20 38 39 35 20 2d 68 73 79 6e 63 20 2b 76 73 79 6e 63 20 28 35 33 2e 37 20 6b 48 7a 20 64 29 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 35 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 2a 2a 29 20 76 6d 77 61 72 65 28 30 29 3a 20 20 44 65 66 61 75 6c 74 20 6d 6f 64 65 20 22 31 30 32 34 78 37 36 38 22 3a 20 39 34 2e 35 20 4d 48 7a 2c 20 36 38 2e 37 20 6b 48 7a 2c 20 38 35 2e 30 20 48 7a 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 35 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 49 49 29 20 76 6d 77 61 72
                                                      Data Ascii: 1336 1520 864 865 868 895 -hsync +vsync (53.7 kHz d)Aug 17 20:25:05 galassia /usr/lib/gdm3/gdm-x-session[1551]: (**) vmware(0): Default mode "1024x768": 94.5 MHz, 68.7 kHz, 85.0 HzAug 17 20:25:05 galassia /usr/lib/gdm3/gdm-x-session[1551]: (II) vmwar
                                                      2025-04-02 20:19:53 UTC16384OUTData Raw: 65 64 20 53 65 74 20 32 20 6b 65 79 62 6f 61 72 64 3a 20 61 6c 77 61 79 73 20 72 65 70 6f 72 74 73 20 63 6f 72 65 20 65 76 65 6e 74 73 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 35 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 2a 2a 29 20 4f 70 74 69 6f 6e 20 22 44 65 76 69 63 65 22 20 22 2f 64 65 76 2f 69 6e 70 75 74 2f 65 76 65 6e 74 31 22 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 35 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 2a 2a 29 20 4f 70 74 69 6f 6e 20 22 5f 73 6f 75 72 63 65 22 20 22 73 65 72 76 65 72 2f 75 64 65 76 22 0a 41 75 67 20 31 37 20 32 30 3a 32 35
                                                      Data Ascii: ed Set 2 keyboard: always reports core eventsAug 17 20:25:05 galassia /usr/lib/gdm3/gdm-x-session[1551]: (**) Option "Device" "/dev/input/event1"Aug 17 20:25:05 galassia /usr/lib/gdm3/gdm-x-session[1551]: (**) Option "_source" "server/udev"Aug 17 20:25
                                                      2025-04-02 20:19:53 UTC279INHTTP/1.1 400 Bad Request
                                                      Date: Wed, 02 Apr 2025 20:19:53 GMT
                                                      Server: gunicorn/19.7.1
                                                      X-Daisy-Revision-Number: 979
                                                      X-Oops-Repository-Version: 0.0.0
                                                      Strict-Transport-Security: max-age=2592000
                                                      Connection: close
                                                      Transfer-Encoding: chunked
                                                      17
                                                      Crash already reported.
                                                      0


                                                      System Behavior

                                                      General

                                                      Start time (UTC):20:19:21
                                                      Start date (UTC):02/04/2025
                                                      Path:/tmp/xd.arm.elf
                                                      Arguments:/tmp/xd.arm.elf
                                                      File size:4956856 bytes
                                                      MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                      File Activities

                                                      Process Activities

                                                      System Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):20:19:22
                                                      Start date (UTC):02/04/2025
                                                      Path:/tmp/xd.arm.elf
                                                      Arguments:-
                                                      File size:4956856 bytes
                                                      MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                      File Activities

                                                      Process Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):20:19:22
                                                      Start date (UTC):02/04/2025
                                                      Path:/tmp/xd.arm.elf
                                                      Arguments:-
                                                      File size:4956856 bytes
                                                      MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                      File Activities

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:19:22
                                                      Start date (UTC):02/04/2025
                                                      Path:/tmp/xd.arm.elf
                                                      Arguments:-
                                                      File size:4956856 bytes
                                                      MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                      Process Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):20:19:22
                                                      Start date (UTC):02/04/2025
                                                      Path:/tmp/xd.arm.elf
                                                      Arguments:-
                                                      File size:4956856 bytes
                                                      MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                      File Activities

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:19:22
                                                      Start date (UTC):02/04/2025
                                                      Path:/tmp/xd.arm.elf
                                                      Arguments:-
                                                      File size:4956856 bytes
                                                      MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                      File Activities

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:19:22
                                                      Start date (UTC):02/04/2025
                                                      Path:/tmp/xd.arm.elf
                                                      Arguments:-
                                                      File size:4956856 bytes
                                                      MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                      Process Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):20:19:34
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:19:34
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/journalctl
                                                      Arguments:/usr/bin/journalctl --smart-relinquish-var
                                                      File size:80120 bytes
                                                      MD5 hash:bf3a987344f3bacafc44efd882abda8b

                                                      File Activities

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:19:34
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      File Activities

                                                      Process Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):20:19:34
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      File Activities

                                                      Process Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):20:19:34
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      File Activities

                                                      Process Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):20:19:35
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      File Activities

                                                      Process Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):20:19:35
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      File Activities

                                                      Process Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):20:19:46
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      File Activities

                                                      Process Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):20:19:46
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      File Activities

                                                      Process Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):20:19:46
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      File Activities

                                                      Process Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):20:19:46
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/libexec/gnome-session-binary
                                                      Arguments:-
                                                      File size:334664 bytes
                                                      MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:19:46
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      File Activities

                                                      Process Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):20:19:47
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      File Activities

                                                      Process Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):20:19:47
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:19:47
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/pulseaudio
                                                      Arguments:/usr/bin/pulseaudio --daemonize=no --log-target=journal
                                                      File size:100832 bytes
                                                      MD5 hash:0c3b4c789d8ffb12b25507f27e14c186

                                                      File Activities

                                                      Process Activities

                                                      System Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):20:19:47
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/sbin/gdm3
                                                      Arguments:-
                                                      File size:453296 bytes
                                                      MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:19:47
                                                      Start date (UTC):02/04/2025
                                                      Path:/etc/gdm3/PrimeOff/Default
                                                      Arguments:/etc/gdm3/PrimeOff/Default
                                                      File size:129816 bytes
                                                      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                      File Activities


                                                      General

                                                      Start time (UTC):20:19:47
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/sbin/gdm3
                                                      Arguments:-
                                                      File size:453296 bytes
                                                      MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:19:47
                                                      Start date (UTC):02/04/2025
                                                      Path:/etc/gdm3/PrimeOff/Default
                                                      Arguments:/etc/gdm3/PrimeOff/Default
                                                      File size:129816 bytes
                                                      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                      File Activities


                                                      General

                                                      Start time (UTC):20:19:47
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/sbin/gdm3
                                                      Arguments:-
                                                      File size:453296 bytes
                                                      MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:19:47
                                                      Start date (UTC):02/04/2025
                                                      Path:/etc/gdm3/PrimeOff/Default
                                                      Arguments:/etc/gdm3/PrimeOff/Default
                                                      File size:129816 bytes
                                                      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                      File Activities


                                                      General

                                                      Start time (UTC):20:19:48
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:19:48
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:/usr/bin/gpu-manager --log /var/log/gpu-manager.log
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      File Activities

                                                      Process Activities

                                                      System Activities


                                                      General

                                                      Start time (UTC):20:19:49
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:19:49
                                                      Start date (UTC):02/04/2025
                                                      Path:/bin/sh
                                                      Arguments:sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
                                                      File size:129816 bytes
                                                      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                      File Activities

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:19:49
                                                      Start date (UTC):02/04/2025
                                                      Path:/bin/sh
                                                      Arguments:-
                                                      File size:129816 bytes
                                                      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:19:49
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/grep
                                                      Arguments:grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
                                                      File size:199136 bytes
                                                      MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                                      File Activities


                                                      General

                                                      Start time (UTC):20:19:49
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:19:49
                                                      Start date (UTC):02/04/2025
                                                      Path:/bin/sh
                                                      Arguments:sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
                                                      File size:129816 bytes
                                                      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                      File Activities

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:19:49
                                                      Start date (UTC):02/04/2025
                                                      Path:/bin/sh
                                                      Arguments:-
                                                      File size:129816 bytes
                                                      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:19:49
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/grep
                                                      Arguments:grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
                                                      File size:199136 bytes
                                                      MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                                      File Activities


                                                      General

                                                      Start time (UTC):20:19:50
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:19:50
                                                      Start date (UTC):02/04/2025
                                                      Path:/bin/sh
                                                      Arguments:sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
                                                      File size:129816 bytes
                                                      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                      File Activities

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:19:50
                                                      Start date (UTC):02/04/2025
                                                      Path:/bin/sh
                                                      Arguments:-
                                                      File size:129816 bytes
                                                      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:19:50
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/grep
                                                      Arguments:grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
                                                      File size:199136 bytes
                                                      MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                                      File Activities


                                                      General

                                                      Start time (UTC):20:19:50
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:19:50
                                                      Start date (UTC):02/04/2025
                                                      Path:/bin/sh
                                                      Arguments:sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
                                                      File size:129816 bytes
                                                      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                      File Activities

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:19:50
                                                      Start date (UTC):02/04/2025
                                                      Path:/bin/sh
                                                      Arguments:-
                                                      File size:129816 bytes
                                                      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:19:50
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/grep
                                                      Arguments:grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
                                                      File size:199136 bytes
                                                      MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                                      File Activities


                                                      General

                                                      Start time (UTC):20:19:50
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:19:50
                                                      Start date (UTC):02/04/2025
                                                      Path:/bin/sh
                                                      Arguments:sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
                                                      File size:129816 bytes
                                                      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                      File Activities

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:19:50
                                                      Start date (UTC):02/04/2025
                                                      Path:/bin/sh
                                                      Arguments:-
                                                      File size:129816 bytes
                                                      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:19:50
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/grep
                                                      Arguments:grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
                                                      File size:199136 bytes
                                                      MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                                      File Activities


                                                      General

                                                      Start time (UTC):20:19:51
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:19:51
                                                      Start date (UTC):02/04/2025
                                                      Path:/bin/sh
                                                      Arguments:sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
                                                      File size:129816 bytes
                                                      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                      File Activities

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:19:51
                                                      Start date (UTC):02/04/2025
                                                      Path:/bin/sh
                                                      Arguments:-
                                                      File size:129816 bytes
                                                      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:19:51
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/grep
                                                      Arguments:grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
                                                      File size:199136 bytes
                                                      MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                                      File Activities


                                                      General

                                                      Start time (UTC):20:19:52
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:19:52
                                                      Start date (UTC):02/04/2025
                                                      Path:/bin/sh
                                                      Arguments:sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
                                                      File size:129816 bytes
                                                      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                      File Activities

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:19:52
                                                      Start date (UTC):02/04/2025
                                                      Path:/bin/sh
                                                      Arguments:-
                                                      File size:129816 bytes
                                                      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:19:52
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/grep
                                                      Arguments:grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
                                                      File size:199136 bytes
                                                      MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                                      File Activities


                                                      General

                                                      Start time (UTC):20:19:52
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:19:52
                                                      Start date (UTC):02/04/2025
                                                      Path:/bin/sh
                                                      Arguments:sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
                                                      File size:129816 bytes
                                                      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                      File Activities

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:19:52
                                                      Start date (UTC):02/04/2025
                                                      Path:/bin/sh
                                                      Arguments:-
                                                      File size:129816 bytes
                                                      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:19:52
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/grep
                                                      Arguments:grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
                                                      File size:199136 bytes
                                                      MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                                      File Activities


                                                      General

                                                      Start time (UTC):20:19:49
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      File Activities

                                                      Process Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):20:19:49
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      File Activities

                                                      Process Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):20:19:49
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      File Activities

                                                      Process Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):20:19:50
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      File Activities

                                                      Process Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):20:19:50
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      File Activities

                                                      Process Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):20:19:53
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:19:53
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/share/gdm/generate-config
                                                      Arguments:/usr/share/gdm/generate-config
                                                      File size:129816 bytes
                                                      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                      File Activities

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:19:53
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/share/gdm/generate-config
                                                      Arguments:-
                                                      File size:129816 bytes
                                                      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:19:53
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/pkill
                                                      Arguments:pkill --signal HUP --uid gdm dconf-service
                                                      File size:30968 bytes
                                                      MD5 hash:fa96a75a08109d8842e4865b2907d51f

                                                      File Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):20:19:56
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:19:56
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/gdm3/gdm-wait-for-drm
                                                      Arguments:/usr/lib/gdm3/gdm-wait-for-drm
                                                      File size:14640 bytes
                                                      MD5 hash:82043ba752c6930b4e6aaea2f7747545

                                                      File Activities


                                                      General

                                                      Start time (UTC):20:20:07
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd (deleted)
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:20:07
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/sbin/gdm3
                                                      Arguments:/usr/sbin/gdm3
                                                      File size:453296 bytes
                                                      MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                                                      File Activities

                                                      Process Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):20:20:20
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/libexec/gvfsd-fuse
                                                      Arguments:-
                                                      File size:47632 bytes
                                                      MD5 hash:d18fbf1cbf8eb57b17fac48b7b4be933

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:20:20
                                                      Start date (UTC):02/04/2025
                                                      Path:/bin/fusermount
                                                      Arguments:fusermount -u -q -z -- /run/user/1000/gvfs
                                                      File size:39144 bytes
                                                      MD5 hash:576a1b135c82bdcbc97a91acea900566

                                                      File Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):20:20:32
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/dash
                                                      Arguments:-
                                                      File size:129816 bytes
                                                      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:20:32
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/rm
                                                      Arguments:rm -f /tmp/tmp.OoRRg2lor3 /tmp/tmp.0LYAALYHro /tmp/tmp.phAiVfUkbz
                                                      File size:72056 bytes
                                                      MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

                                                      File Activities


                                                      General

                                                      Start time (UTC):20:20:32
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/dash
                                                      Arguments:-
                                                      File size:129816 bytes
                                                      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:20:32
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/rm
                                                      Arguments:rm -f /tmp/tmp.OoRRg2lor3 /tmp/tmp.0LYAALYHro /tmp/tmp.phAiVfUkbz
                                                      File size:72056 bytes
                                                      MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

                                                      File Activities


                                                      General

                                                      Start time (UTC):20:20:57
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd (deleted)
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      File Activities

                                                      Process Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):20:20:57
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd (deleted)
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      File Activities

                                                      Process Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):20:20:57
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd (deleted)
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      File Activities

                                                      Process Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):20:20:58
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd (deleted)
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      File Activities

                                                      Process Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):20:20:58
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd (deleted)
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:20:58
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:/usr/bin/gpu-manager --log /var/log/gpu-manager.log
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      File Activities

                                                      Process Activities

                                                      System Activities


                                                      General

                                                      Start time (UTC):20:20:58
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:20:58
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:20:58
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:20:58
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:20:58
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:20:58
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:20:58
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:20:58
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:20:58
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd (deleted)
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      File Activities

                                                      Process Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):20:20:58
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd (deleted)
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      File Activities

                                                      Process Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):20:21:00
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd (deleted)
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:21:00
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:/usr/bin/gpu-manager --log /var/log/gpu-manager.log
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      File Activities

                                                      Process Activities

                                                      System Activities


                                                      General

                                                      Start time (UTC):20:21:00
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:21:00
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:21:00
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:21:00
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:21:00
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:21:00
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:21:00
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:21:00
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:21:00
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd (deleted)
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      File Activities

                                                      Process Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):20:21:01
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd (deleted)
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:21:01
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:/usr/bin/gpu-manager --log /var/log/gpu-manager.log
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      File Activities

                                                      Process Activities

                                                      System Activities


                                                      General

                                                      Start time (UTC):20:21:02
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:21:02
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:21:02
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:21:02
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:21:02
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:21:02
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:21:02
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:21:02
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:21:02
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd (deleted)
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      File Activities

                                                      Process Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):20:21:03
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd (deleted)
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:21:03
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:/usr/bin/gpu-manager --log /var/log/gpu-manager.log
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      File Activities

                                                      Process Activities

                                                      System Activities


                                                      General

                                                      Start time (UTC):20:21:03
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:21:03
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:21:03
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:21:03
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:21:03
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:21:03
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:21:03
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:21:03
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/bin/gpu-manager
                                                      Arguments:-
                                                      File size:76616 bytes
                                                      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:21:04
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd (deleted)
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      File Activities

                                                      Process Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):20:21:05
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd (deleted)
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      File Activities

                                                      Process Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):20:21:05
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd (deleted)
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      File Activities

                                                      Process Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):20:21:06
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd (deleted)
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      Process Activities


                                                      General

                                                      Start time (UTC):20:21:06
                                                      Start date (UTC):02/04/2025
                                                      Path:/bin/plymouth
                                                      Arguments:/bin/plymouth quit
                                                      File size:51352 bytes
                                                      MD5 hash:87003efd8dad470042f5e75360a8f49f

                                                      File Activities

                                                      Network Activities


                                                      General

                                                      Start time (UTC):20:21:50
                                                      Start date (UTC):02/04/2025
                                                      Path:/usr/lib/systemd/systemd (deleted)
                                                      Arguments:-
                                                      File size:1620224 bytes
                                                      MD5 hash:9b2bec7092a40488108543f9334aab75

                                                      File Activities

                                                      Process Activities

                                                      Network Activities