Joe Sandbox Cloud Basic Analysis Report
Edit tour

Linux Analysis Report
xd.ppc.elf

Overview

General Information

Sample name:xd.ppc.elf
Analysis ID:1655048
MD5:b7aed42101a9225eb026a87e0e75d8e6
SHA1:8c63259e173abbb9e658d31d8d72292b19b43326
SHA256:c01bd36ab1677f86b8700fc03f090c1cdafbf3687558a43ad68a3ad47fb54245
Tags:elfuser-abuse_ch
Infos:

Detection

Mirai
Score:96
Range:0 - 100

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Mirai
Sample deletes itself
Sample is packed with UPX
Sample reads /proc/mounts (often used for finding a writable filesystem)
Sample tries to kill multiple processes (SIGKILL)
Detected TCP or UDP traffic on non-standard ports
ELF contains segments with high entropy indicating compressed/encrypted content
Enumerates processes within the "proc" file system
Reads CPU information from /sys indicative of miner or evasive malware
Sample contains only a LOAD segment without any section mappings
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

General Information

Joe Sandbox version:42.0.0 Malachite
Analysis ID:1655048
Start date and time:2025-04-02 22:18:33 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 46s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:xd.ppc.elf
Detection:MAL
Classification:mal96.spre.troj.evad.linELF@0/3@0/0
  • Connection to analysis system has been lost, crash info: Unknown

Process Tree

  • system is lnxubuntu20
  • xd.ppc.elf (PID: 5535, Parent: 5451, MD5: ae65271c943d3451b7f026d1fadccea6) Arguments: /tmp/xd.ppc.elf
  • systemd New Fork (PID: 5558, Parent: 1)
  • journalctl (PID: 5558, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --smart-relinquish-var
  • systemd New Fork (PID: 5575, Parent: 1)
  • systemd New Fork (PID: 5578, Parent: 1)
  • systemd New Fork (PID: 5579, Parent: 1)
  • systemd New Fork (PID: 5580, Parent: 1)
  • systemd New Fork (PID: 5581, Parent: 1)
  • gdm3 New Fork (PID: 5638, Parent: 1333)
  • Default (PID: 5638, Parent: 1333, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • systemd New Fork (PID: 5639, Parent: 1)
  • systemd New Fork (PID: 5640, Parent: 1)
  • systemd New Fork (PID: 5641, Parent: 1)
  • systemd New Fork (PID: 5642, Parent: 1)
  • systemd New Fork (PID: 5643, Parent: 1)
  • gdm3 New Fork (PID: 5644, Parent: 1333)
  • Default (PID: 5644, Parent: 1333, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • systemd New Fork (PID: 5645, Parent: 1)
  • systemd New Fork (PID: 5646, Parent: 1)
  • gdm3 New Fork (PID: 5647, Parent: 1333)
  • Default (PID: 5647, Parent: 1333, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • systemd New Fork (PID: 5648, Parent: 3044)
  • pulseaudio (PID: 5648, Parent: 3044, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal
  • systemd New Fork (PID: 5649, Parent: 1)
  • systemd New Fork (PID: 5651, Parent: 1)
  • systemd New Fork (PID: 5653, Parent: 1)
  • fusermount (PID: 5654, Parent: 3210, MD5: 576a1b135c82bdcbc97a91acea900566) Arguments: fusermount -u -q -z -- /run/user/1000/gvfs
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
5535.1.00007fc3d400a000.00007fc3d4010000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
    5535.1.00007fc3d400a000.00007fc3d4010000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
    • 0x55f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x560c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x5620:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x5634:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x5648:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x565c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x5670:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x5684:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x5698:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x56ac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x56c0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x56d4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x56e8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x56fc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x5710:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x5724:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x5738:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x574c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x5760:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x5774:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x5788:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    5535.1.00007fc3d400a000.00007fc3d4010000.r-x.sdmpLinux_Trojan_Gafgyt_ea92cca8unknownunknown
    • 0x5594:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
    5549.1.00007fc3d400a000.00007fc3d4010000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
      5549.1.00007fc3d400a000.00007fc3d4010000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
      • 0x55f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x560c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x5620:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x5634:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x5648:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x565c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x5670:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x5684:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x5698:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x56ac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x56c0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x56d4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x56e8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x56fc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x5710:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x5724:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x5738:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x574c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x5760:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x5774:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x5788:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      Click to see the 32 entries

      Suricata Signatures

      No Suricata rule has matched

      Joe Sandbox Signatures

      • AV Detection
      • Bitcoin Miner
      • Networking
      • System Summary
      • Data Obfuscation
      • Persistence and Installation Behavior
      • Hooking and other Techniques for Hiding and Protection
      • Malware Analysis System Evasion
      • Stealing of Sensitive Information
      • Remote Access Functionality

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Source: xd.ppc.elfAvira: detected
      Source: xd.ppc.elfReversingLabs: Detection: 41%
      Source: /usr/bin/pulseaudio (PID: 5648)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
      Source: global trafficTCP traffic: 192.168.2.15:33674 -> 213.209.129.92:7887
      Source: /tmp/xd.ppc.elf (PID: 5537)Socket: 0.0.0.0:23Jump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)Socket: 0.0.0.0:0Jump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)Socket: 0.0.0.0:80Jump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)Socket: 0.0.0.0:81Jump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)Socket: 0.0.0.0:8443Jump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)Socket: 0.0.0.0:9009Jump to behavior
      Source: unknownTCP traffic detected without corresponding DNS query: 213.209.129.92
      Source: unknownTCP traffic detected without corresponding DNS query: 96.126.204.193
      Source: unknownTCP traffic detected without corresponding DNS query: 255.33.56.11
      Source: unknownTCP traffic detected without corresponding DNS query: 103.36.196.56
      Source: unknownTCP traffic detected without corresponding DNS query: 223.102.172.9
      Source: unknownTCP traffic detected without corresponding DNS query: 54.117.121.146
      Source: unknownTCP traffic detected without corresponding DNS query: 31.165.19.183
      Source: unknownTCP traffic detected without corresponding DNS query: 95.175.83.89
      Source: unknownTCP traffic detected without corresponding DNS query: 75.79.182.179
      Source: unknownTCP traffic detected without corresponding DNS query: 77.38.129.162
      Source: unknownTCP traffic detected without corresponding DNS query: 84.5.52.195
      Source: unknownTCP traffic detected without corresponding DNS query: 101.81.175.175
      Source: unknownTCP traffic detected without corresponding DNS query: 163.115.168.90
      Source: unknownTCP traffic detected without corresponding DNS query: 211.189.239.55
      Source: unknownTCP traffic detected without corresponding DNS query: 27.208.250.185
      Source: unknownTCP traffic detected without corresponding DNS query: 144.94.74.242
      Source: unknownTCP traffic detected without corresponding DNS query: 84.60.66.156
      Source: unknownTCP traffic detected without corresponding DNS query: 147.18.146.46
      Source: unknownTCP traffic detected without corresponding DNS query: 102.137.18.199
      Source: unknownTCP traffic detected without corresponding DNS query: 223.143.211.148
      Source: unknownTCP traffic detected without corresponding DNS query: 200.128.62.10
      Source: unknownTCP traffic detected without corresponding DNS query: 240.85.182.112
      Source: unknownTCP traffic detected without corresponding DNS query: 41.154.135.214
      Source: unknownTCP traffic detected without corresponding DNS query: 169.112.0.146
      Source: unknownTCP traffic detected without corresponding DNS query: 78.174.151.222
      Source: unknownTCP traffic detected without corresponding DNS query: 170.97.38.108
      Source: unknownTCP traffic detected without corresponding DNS query: 2.177.135.98
      Source: unknownTCP traffic detected without corresponding DNS query: 71.163.182.86
      Source: unknownTCP traffic detected without corresponding DNS query: 196.235.233.251
      Source: unknownTCP traffic detected without corresponding DNS query: 209.196.77.33
      Source: unknownTCP traffic detected without corresponding DNS query: 163.92.62.187
      Source: unknownTCP traffic detected without corresponding DNS query: 85.40.186.21
      Source: unknownTCP traffic detected without corresponding DNS query: 38.9.225.154
      Source: unknownTCP traffic detected without corresponding DNS query: 209.231.222.246
      Source: unknownTCP traffic detected without corresponding DNS query: 101.104.125.125
      Source: unknownTCP traffic detected without corresponding DNS query: 27.146.146.90
      Source: unknownTCP traffic detected without corresponding DNS query: 206.225.137.28
      Source: unknownTCP traffic detected without corresponding DNS query: 122.58.67.17
      Source: unknownTCP traffic detected without corresponding DNS query: 166.158.69.196
      Source: unknownTCP traffic detected without corresponding DNS query: 217.136.184.104
      Source: unknownTCP traffic detected without corresponding DNS query: 115.22.186.155
      Source: unknownTCP traffic detected without corresponding DNS query: 245.6.236.51
      Source: unknownTCP traffic detected without corresponding DNS query: 220.172.205.65
      Source: unknownTCP traffic detected without corresponding DNS query: 172.105.220.30
      Source: unknownTCP traffic detected without corresponding DNS query: 217.49.69.133
      Source: unknownTCP traffic detected without corresponding DNS query: 125.71.221.68
      Source: unknownTCP traffic detected without corresponding DNS query: 139.240.220.87
      Source: unknownTCP traffic detected without corresponding DNS query: 247.241.85.206
      Source: unknownTCP traffic detected without corresponding DNS query: 155.109.205.91
      Source: unknownTCP traffic detected without corresponding DNS query: 117.130.163.112
      Source: xd.ppc.elfString found in binary or memory: http://upx.sf.net

      System Summary

      barindex
      Source: 5535.1.00007fc3d400a000.00007fc3d4010000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: 5535.1.00007fc3d400a000.00007fc3d4010000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: 5549.1.00007fc3d400a000.00007fc3d4010000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: 5549.1.00007fc3d400a000.00007fc3d4010000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: 5541.1.00007fc3d400a000.00007fc3d4010000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: 5541.1.00007fc3d400a000.00007fc3d4010000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: 5538.1.00007fc3d400a000.00007fc3d4010000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: 5538.1.00007fc3d400a000.00007fc3d4010000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: 5543.1.00007fc3d400a000.00007fc3d4010000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: 5543.1.00007fc3d400a000.00007fc3d4010000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: 5551.1.00007fc3d400a000.00007fc3d4010000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: 5551.1.00007fc3d400a000.00007fc3d4010000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: Process Memory Space: xd.ppc.elf PID: 5535, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: Process Memory Space: xd.ppc.elf PID: 5535, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: Process Memory Space: xd.ppc.elf PID: 5538, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: Process Memory Space: xd.ppc.elf PID: 5538, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: Process Memory Space: xd.ppc.elf PID: 5541, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: Process Memory Space: xd.ppc.elf PID: 5541, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: Process Memory Space: xd.ppc.elf PID: 5543, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: Process Memory Space: xd.ppc.elf PID: 5543, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: Process Memory Space: xd.ppc.elf PID: 5549, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: Process Memory Space: xd.ppc.elf PID: 5549, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: /tmp/xd.ppc.elf (PID: 5537)SIGKILL sent: pid: 933, result: successfulJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)SIGKILL sent: pid: 490, result: successfulJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)SIGKILL sent: pid: 723, result: successfulJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)SIGKILL sent: pid: 724, result: successfulJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)SIGKILL sent: pid: 764, result: successfulJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)SIGKILL sent: pid: 766, result: successfulJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)SIGKILL sent: pid: 777, result: successfulJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)SIGKILL sent: pid: 779, result: successfulJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)SIGKILL sent: pid: 782, result: successfulJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)SIGKILL sent: pid: 789, result: successfulJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)SIGKILL sent: pid: 793, result: successfulJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)SIGKILL sent: pid: 794, result: successfulJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)SIGKILL sent: pid: 796, result: successfulJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)SIGKILL sent: pid: 802, result: successfulJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)SIGKILL sent: pid: 1333, result: successfulJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)SIGKILL sent: pid: 1431, result: successfulJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)SIGKILL sent: pid: 1432, result: successfulJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)SIGKILL sent: pid: 1440, result: successfulJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)SIGKILL sent: pid: 3044, result: successfulJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)SIGKILL sent: pid: 3047, result: successfulJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)SIGKILL sent: pid: 3060, result: successfulJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)SIGKILL sent: pid: 3183, result: successfulJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)SIGKILL sent: pid: 3220, result: successfulJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)SIGKILL sent: pid: 5368, result: successfulJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)SIGKILL sent: pid: 5510, result: successfulJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)SIGKILL sent: pid: 5513, result: successfulJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)SIGKILL sent: pid: 5648, result: successfulJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5541)SIGKILL sent: pid: -5541, result: unknownJump to behavior
      Source: LOAD without section mappingsProgram segment: 0x100000
      Source: /tmp/xd.ppc.elf (PID: 5537)SIGKILL sent: pid: 933, result: successfulJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)SIGKILL sent: pid: 490, result: successfulJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)SIGKILL sent: pid: 723, result: successfulJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)SIGKILL sent: pid: 724, result: successfulJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)SIGKILL sent: pid: 764, result: successfulJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)SIGKILL sent: pid: 766, result: successfulJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)SIGKILL sent: pid: 777, result: successfulJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)SIGKILL sent: pid: 779, result: successfulJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)SIGKILL sent: pid: 782, result: successfulJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)SIGKILL sent: pid: 789, result: successfulJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)SIGKILL sent: pid: 793, result: successfulJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)SIGKILL sent: pid: 794, result: successfulJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)SIGKILL sent: pid: 796, result: successfulJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)SIGKILL sent: pid: 802, result: successfulJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)SIGKILL sent: pid: 1333, result: successfulJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)SIGKILL sent: pid: 1431, result: successfulJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)SIGKILL sent: pid: 1432, result: successfulJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)SIGKILL sent: pid: 1440, result: successfulJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)SIGKILL sent: pid: 3044, result: successfulJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)SIGKILL sent: pid: 3047, result: successfulJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)SIGKILL sent: pid: 3060, result: successfulJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)SIGKILL sent: pid: 3183, result: successfulJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)SIGKILL sent: pid: 3220, result: successfulJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)SIGKILL sent: pid: 5368, result: successfulJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)SIGKILL sent: pid: 5510, result: successfulJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)SIGKILL sent: pid: 5513, result: successfulJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)SIGKILL sent: pid: 5648, result: successfulJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5541)SIGKILL sent: pid: -5541, result: unknownJump to behavior
      Source: 5535.1.00007fc3d400a000.00007fc3d4010000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: 5535.1.00007fc3d400a000.00007fc3d4010000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: 5549.1.00007fc3d400a000.00007fc3d4010000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: 5549.1.00007fc3d400a000.00007fc3d4010000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: 5541.1.00007fc3d400a000.00007fc3d4010000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: 5541.1.00007fc3d400a000.00007fc3d4010000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: 5538.1.00007fc3d400a000.00007fc3d4010000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: 5538.1.00007fc3d400a000.00007fc3d4010000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: 5543.1.00007fc3d400a000.00007fc3d4010000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: 5543.1.00007fc3d400a000.00007fc3d4010000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: 5551.1.00007fc3d400a000.00007fc3d4010000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: 5551.1.00007fc3d400a000.00007fc3d4010000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: Process Memory Space: xd.ppc.elf PID: 5535, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: Process Memory Space: xd.ppc.elf PID: 5535, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: Process Memory Space: xd.ppc.elf PID: 5538, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: Process Memory Space: xd.ppc.elf PID: 5538, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: Process Memory Space: xd.ppc.elf PID: 5541, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: Process Memory Space: xd.ppc.elf PID: 5541, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: Process Memory Space: xd.ppc.elf PID: 5543, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: Process Memory Space: xd.ppc.elf PID: 5543, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: Process Memory Space: xd.ppc.elf PID: 5549, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: Process Memory Space: xd.ppc.elf PID: 5549, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: classification engineClassification label: mal96.spre.troj.evad.linELF@0/3@0/0

      Data Obfuscation

      barindex
      Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
      Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
      Source: initial sampleString containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $

      Persistence and Installation Behavior

      barindex
      Source: /bin/fusermount (PID: 5654)File: /proc/5654/mountsJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/5660/exeJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/1185/exeJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/3483/exeJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/793/fdJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/794/fdJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/674/exeJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/796/fdJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/675/exeJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/676/exeJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/515/exeJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/911/exeJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/914/exeJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/917/fdJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/5472/exeJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/4100/exeJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/4101/exeJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/3210/exeJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/680/exeJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/681/exeJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/3803/exeJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/1/fdJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/3804/exeJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/3205/exeJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/764/fdJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/3368/exeJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/3488/exeJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/766/fdJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/723/fdJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/800/fdJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/800/exeJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/888/fdJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/724/fdJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/802/fdJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/803/fdJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/804/fdJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/3801/exeJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/3802/exeJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/3188/exeJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/490/fdJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/3461/exeJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/1875/exeJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/850/fdJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/654/exeJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/655/exeJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/777/fdJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/931/fdJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/656/exeJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/657/exeJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/933/fdJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/812/fdJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/779/fdJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/658/fdJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/658/exeJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/418/exeJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/419/exeJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/2527/exeJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/3192/exeJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/3475/exeJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/3274/exeJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/3394/exeJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/782/fdJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/740/exeJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/3469/exeJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/3303/exeJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/1321/exeJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/3465/exeJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/789/fdJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File opened: /proc/505/exeJump to behavior

      Hooking and other Techniques for Hiding and Protection

      barindex
      Source: /tmp/xd.ppc.elf (PID: 5537)File: /usr/sbin/gdm3Jump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File: /usr/lib/systemd/systemdJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File: /usr/lib/systemd/systemd (deleted)Jump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5537)File: /usr/bin/pulseaudioJump to behavior
      Source: xd.ppc.elfSubmission file: segment LOAD with 7.9381 entropy (max. 8.0)
      Source: /usr/bin/pulseaudio (PID: 5648)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
      Source: /tmp/xd.ppc.elf (PID: 5535)Queries kernel information via 'uname': Jump to behavior
      Source: /usr/bin/pulseaudio (PID: 5648)Queries kernel information via 'uname': Jump to behavior
      Source: xd.ppc.elf, 5535.1.00007ffe485f3000.00007ffe48614000.rw-.sdmp, xd.ppc.elf, 5538.1.00007ffe485f3000.00007ffe48614000.rw-.sdmp, xd.ppc.elf, 5541.1.00007ffe485f3000.00007ffe48614000.rw-.sdmp, xd.ppc.elf, 5543.1.00007ffe485f3000.00007ffe48614000.rw-.sdmp, xd.ppc.elf, 5549.1.00007ffe485f3000.00007ffe48614000.rw-.sdmp, xd.ppc.elf, 5551.1.00007ffe485f3000.00007ffe48614000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-ppc/tmp/xd.ppc.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/xd.ppc.elf
      Source: xd.ppc.elf, 5535.1.00005596d8732000.00005596d87e2000.rw-.sdmp, xd.ppc.elf, 5541.1.00005596d8732000.00005596d87e2000.rw-.sdmp, xd.ppc.elf, 5551.1.00005596d8732000.00005596d87e2000.rw-.sdmpBinary or memory string: !/etc/qemu-binfmt/ppc11!hotpluggableq
      Source: xd.ppc.elf, 5538.1.00005596d8732000.00005596d87e2000.rw-.sdmp, xd.ppc.elf, 5543.1.00005596d8732000.00005596d87e2000.rw-.sdmp, xd.ppc.elf, 5549.1.00005596d8732000.00005596d87e2000.rw-.sdmpBinary or memory string: !/etc/qemu-binfmt/ppc1
      Source: xd.ppc.elf, 5535.1.00005596d8732000.00005596d87e2000.rw-.sdmp, xd.ppc.elf, 5538.1.00005596d8732000.00005596d87e2000.rw-.sdmp, xd.ppc.elf, 5541.1.00005596d8732000.00005596d87e2000.rw-.sdmp, xd.ppc.elf, 5543.1.00005596d8732000.00005596d87e2000.rw-.sdmp, xd.ppc.elf, 5549.1.00005596d8732000.00005596d87e2000.rw-.sdmp, xd.ppc.elf, 5551.1.00005596d8732000.00005596d87e2000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/ppc
      Source: xd.ppc.elf, 5535.1.00007ffe485f3000.00007ffe48614000.rw-.sdmp, xd.ppc.elf, 5538.1.00007ffe485f3000.00007ffe48614000.rw-.sdmp, xd.ppc.elf, 5541.1.00007ffe485f3000.00007ffe48614000.rw-.sdmp, xd.ppc.elf, 5543.1.00007ffe485f3000.00007ffe48614000.rw-.sdmp, xd.ppc.elf, 5549.1.00007ffe485f3000.00007ffe48614000.rw-.sdmp, xd.ppc.elf, 5551.1.00007ffe485f3000.00007ffe48614000.rw-.sdmpBinary or memory string: /usr/bin/qemu-ppc

      Stealing of Sensitive Information

      barindex
      Source: Yara matchFile source: Process Memory Space: xd.ppc.elf PID: 5538, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: xd.ppc.elf PID: 5541, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: xd.ppc.elf PID: 5543, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: xd.ppc.elf PID: 5549, type: MEMORYSTR
      Source: Yara matchFile source: 5535.1.00007fc3d400a000.00007fc3d4010000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 5549.1.00007fc3d400a000.00007fc3d4010000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 5541.1.00007fc3d400a000.00007fc3d4010000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 5538.1.00007fc3d400a000.00007fc3d4010000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 5543.1.00007fc3d400a000.00007fc3d4010000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 5551.1.00007fc3d400a000.00007fc3d4010000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: xd.ppc.elf PID: 5535, type: MEMORYSTR

      Remote Access Functionality

      barindex
      Source: Yara matchFile source: Process Memory Space: xd.ppc.elf PID: 5538, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: xd.ppc.elf PID: 5541, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: xd.ppc.elf PID: 5543, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: xd.ppc.elf PID: 5549, type: MEMORYSTR
      Source: Yara matchFile source: 5535.1.00007fc3d400a000.00007fc3d4010000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 5549.1.00007fc3d400a000.00007fc3d4010000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 5541.1.00007fc3d400a000.00007fc3d4010000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 5538.1.00007fc3d400a000.00007fc3d4010000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 5543.1.00007fc3d400a000.00007fc3d4010000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 5551.1.00007fc3d400a000.00007fc3d4010000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: xd.ppc.elf PID: 5535, type: MEMORYSTR

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception11
      Obfuscated Files or Information      		1
      OS Credential Dumping      		11
      Security Software Discovery      		Remote ServicesData from Local System1
      Non-Standard Port      		Exfiltration Over Other Network Medium1
      Service Stop
      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
      File Deletion      		LSASS Memory1
      File and Directory Discovery      		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account Manager1
      System Information Discovery      		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact

      Malware Configuration

      No configs have been found

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Number of created Files
      • Is malicious
      • Internet
      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1655048 Sample: xd.ppc.elf Startdate: 02/04/2025 Architecture: LINUX Score: 96 30 160.66.190.44, 23 WOODYNET-2US Italy 2->30 32 165.129.237.79, 23 WISCNET1-ASUS United States 2->32 34 98 other IPs or domains 2->34 40 Malicious sample detected (through community Yara rule) 2->40 42 Antivirus / Scanner detection for submitted sample 2->42 44 Multi AV Scanner detection for submitted file 2->44 46 2 other signatures 2->46 8 xd.ppc.elf 2->8         started        10 gvfsd-fuse fusermount 2->10         started        13 systemd journalctl 2->13         started        15 20 other processes 2->15 signatures3 process4 signatures5 17 xd.ppc.elf 8->17         started        20 xd.ppc.elf 8->20         started        22 xd.ppc.elf 8->22         started        48 Sample reads /proc/mounts (often used for finding a writable filesystem) 10->48 process6 signatures7 36 Sample tries to kill multiple processes (SIGKILL) 17->36 38 Sample deletes itself 17->38 24 xd.ppc.elf 20->24         started        26 xd.ppc.elf 20->26         started        28 xd.ppc.elf 20->28         started        process8

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      xd.ppc.elf42%ReversingLabsLinux.Trojan.Mirai
      xd.ppc.elf100%AviraEXP/ELF.Agent.F.118

      Dropped Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      No Antivirus matches

      Domains and IPs

      Download Network PCAP: filteredfull

      Contacted Domains

      No contacted domains info
      NameSourceMaliciousAntivirus DetectionReputation
      http://upx.sf.netxd.ppc.elffalse
        		high

        World Map of Contacted IPs

        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs

        Public IPs

        IPDomainCountryFlagASNASN NameMalicious
        57.234.61.234
        		unknownBelgium
        		2686ATGS-MMD-ASUSfalse
        95.248.127.244
        		unknownItaly
        		3269ASN-IBSNAZITfalse
        163.115.168.90
        		unknownFrance
        		17816CHINA169-GZChinaUnicomIPnetworkChina169Guangdongprovifalse
        126.5.59.31
        		unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
        12.81.107.152
        		unknownUnited States
        		7018ATT-INTERNET4USfalse
        101.195.171.150
        		unknownChina
        		58519CHINATELECOM-CTCLOUDCloudComputingCorporationCNfalse
        194.66.19.86
        		unknownUnited Kingdom
        		786JANETJiscServicesLimitedGBfalse
        245.97.207.123
        		unknownReserved
        		unknownunknownfalse
        78.95.129.236
        		unknownSaudi Arabia
        		39891ALJAWWALSTC-ASSAfalse
        24.115.218.245
        		unknownUnited States
        		3737AS-PTDUSfalse
        190.150.2.65
        		unknownEl Salvador
        		27773MILLICOMCABLEELSALVADORSADECVSVfalse
        20.66.132.149
        		unknownUnited States
        		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
        78.174.151.222
        		unknownTurkey
        		9121TTNETTRfalse
        211.189.239.55
        		unknownKorea Republic of
        		38096QRIXNETNW-AS-KRQrixnowoncableIncKRfalse
        197.54.224.93
        		unknownEgypt
        		8452TE-ASTE-ASEGfalse
        34.244.84.244
        		unknownUnited States
        		16509AMAZON-02USfalse
        96.126.204.193
        		unknownUnited States
        		2386INS-ASUSfalse
        19.236.83.17
        		unknownUnited States
        		3MIT-GATEWAYSUSfalse
        169.112.0.146
        		unknownUnited States
        		37611AfrihostZAfalse
        66.240.83.125
        		unknownUnited States
        		7029WINDSTREAMUSfalse
        62.196.39.109
        		unknownItaly
        		3302AS-IRIDEOS-IN-NETAPPITfalse
        27.208.250.185
        		unknownChina
        		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
        121.12.6.87
        		unknownChina
        		58543CHINATELECOM-GUANGDONG-IDCGuangdongCNfalse
        130.172.239.180
        		unknownUnited States
        		12173UAUSfalse
        66.127.42.166
        		unknownUnited States
        		7132SBIS-ASUSfalse
        72.164.153.218
        		unknownUnited States
        		209CENTURYLINK-US-LEGACY-QWESTUSfalse
        84.60.66.156
        		unknownGermany
        		3209VODANETInternationalIP-BackboneofVodafoneDEfalse
        18.167.225.218
        		unknownUnited States
        		16509AMAZON-02USfalse
        101.81.175.175
        		unknownChina
        		4812CHINANET-SH-APChinaTelecomGroupCNfalse
        14.66.106.161
        		unknownKorea Republic of
        		4766KIXS-AS-KRKoreaTelecomKRfalse
        240.83.151.95
        		unknownReserved
        		unknownunknownfalse
        64.63.148.26
        		unknownUnited States
        		53828NITELUSfalse
        116.190.65.128
        		unknownChina
        		4847CNIX-APChinaNetworksInter-ExchangeCNfalse
        105.218.224.13
        		unknownSouth Africa
        		16637MTNNS-ASZAfalse
        77.38.129.162
        		unknownLatvia
        		20910BALTKOM-ASLVfalse
        5.148.183.134
        		unknownSwitzerland
        		29691NINECHfalse
        85.40.186.21
        		unknownItaly
        		3269ASN-IBSNAZITfalse
        31.165.19.183
        		unknownSwitzerland
        		6730SUNRISECHfalse
        165.129.237.79
        		unknownUnited States
        		2381WISCNET1-ASUSfalse
        192.83.19.198
        		unknownFinland
        		1759TSF-IP-CORETeliaFinlandOyjEUfalse
        253.222.219.61
        		unknownReserved
        		unknownunknownfalse
        195.63.156.67
        		unknownGermany
        		12312ECOTELDEfalse
        210.115.31.134
        		unknownKorea Republic of
        		4766KIXS-AS-KRKoreaTelecomKRfalse
        116.62.200.175
        		unknownChina
        		37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdfalse
        169.80.16.103
        		unknownUnited States
        		37611AfrihostZAfalse
        2.177.135.98
        		unknownIran (ISLAMIC Republic Of)
        		12880DCI-ASIRfalse
        181.78.27.141
        		unknownArgentina
        		52468UFINETPANAMASAPAfalse
        139.240.220.87
        		unknownUnited States
        		37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdfalse
        72.1.23.132
        		unknownUnited States
        		7268ATHENETUSfalse
        155.109.205.91
        		unknownUnited States
        		10273FPLUSfalse
        166.50.157.255
        		unknownUnited States
        		3371MCI-ASNUSfalse
        93.163.112.100
        		unknownDenmark
        		3292TDCTDCASDKfalse
        95.175.83.89
        		unknownKuwait
        		3225GULFNET-KUWAITKWfalse
        17.208.6.28
        		unknownUnited States
        		714APPLE-ENGINEERINGUSfalse
        12.27.95.3
        		unknownUnited States
        		22024SPLUNK-WESTUSfalse
        245.214.84.163
        		unknownReserved
        		unknownunknownfalse
        173.29.237.70
        		unknownUnited States
        		30036MEDIACOM-ENTERPRISE-BUSINESSUSfalse
        99.182.134.173
        		unknownUnited States
        		7018ATT-INTERNET4USfalse
        174.93.36.108
        		unknownCanada
        		577BACOMCAfalse
        179.248.207.224
        		unknownBrazil
        		26615TIMSABRfalse
        160.66.190.44
        		unknownItaly
        		715WOODYNET-2USfalse
        46.174.42.43
        		unknownRussian Federation
        		34573OBERON-ASNRUfalse
        195.52.80.179
        		unknownGermany
        		12312ECOTELDEfalse
        102.137.18.199
        		unknownCote D'ivoire
        		36974AFNET-ASCIfalse
        57.180.184.43
        		unknownBelgium
        		2686ATGS-MMD-ASUSfalse
        146.42.108.59
        		unknownUnited States
        		197938TRAVIANGAMESDEfalse
        78.65.229.24
        		unknownSweden
        		3301TELIANET-SWEDENTeliaCompanySEfalse
        177.91.116.25
        		unknownBrazil
        		263440WAVEUPTELECOMBRASILLTDA-MEBRfalse
        200.61.27.70
        		unknownArgentina
        		7049SilicaNetworksArgentinaSAARfalse
        209.215.135.149
        		unknownUnited States
        		6389BELLSOUTH-NET-BLKUSfalse
        24.31.94.126
        		unknownUnited States
        		10796TWC-10796-MIDWESTUSfalse
        71.233.209.186
        		unknownUnited States
        		7922COMCAST-7922USfalse
        213.209.129.92
        		unknownGermany
        		42821RAPIDNET-DEHaunstetterStr19DEfalse
        70.165.167.128
        		unknownUnited States
        		62957HOSPITALITY-NETWORKUSfalse
        250.239.138.22
        		unknownReserved
        		unknownunknownfalse
        244.55.128.95
        		unknownReserved
        		unknownunknownfalse
        196.235.233.251
        		unknownTunisia
        		37492ORANGE-TNfalse
        67.75.73.121
        		unknownUnited States
        		3549LVLT-3549USfalse
        203.153.1.56
        		unknownChina
        		4765PACIFICINTERNET-AS-APPacificInternetPteLtdSGfalse
        185.48.141.69
        		unknownItaly
        		199744ITESYS-ASITfalse
        38.9.225.154
        		unknownUnited States
        		174COGENT-174USfalse
        217.136.184.104
        		unknownBelgium
        		5432PROXIMUS-ISP-ASBEfalse
        202.4.23.45
        		unknownNew Zealand
        		7306ASIANDEVBANKUSfalse
        117.130.163.112
        		unknownChina
        		56048CMNET-BEIJING-APChinaMobileCommunicaitonsCorporationCNfalse
        27.32.110.24
        		unknownAustralia
        		7545TPG-INTERNET-APTPGTelecomLimitedAUfalse
        243.87.170.199
        		unknownReserved
        		unknownunknownfalse
        54.117.121.146
        		unknownUnited States
        		16509AMAZON-02USfalse
        123.98.245.0
        		unknownJapan4721JCNJupiterTelecommunicationsCoLtdJPfalse
        217.61.88.193
        		unknownSpain
        		29119SERVIHOSTING-ASAireNetworksESfalse
        245.6.236.51
        		unknownReserved
        		unknownunknownfalse
        196.68.94.138
        		unknownMorocco
        		6713IAM-ASMAfalse
        201.61.137.47
        		unknownBrazil
        		27699TELEFONICABRASILSABRfalse
        180.43.154.192
        		unknownJapan4713OCNNTTCommunicationsCorporationJPfalse
        198.234.172.66
        		unknownUnited States
        		19902NET-STATE-OHIOUSfalse
        88.82.92.51
        		unknownRussian Federation
        		34518FATUM-ASRussiaKazan420061Kosmonavtovstr29aRUfalse
        125.71.221.68
        		unknownChina
        		38283CHINANET-SCIDC-AS-APCHINANETSiChuanTelecomInternetDatafalse
        84.173.149.200
        		unknownGermany
        		3320DTAGInternetserviceprovideroperationsDEfalse
        115.22.186.155
        		unknownKorea Republic of
        		4766KIXS-AS-KRKoreaTelecomKRfalse
        38.94.34.14
        		unknownUnited States
        		174COGENT-174USfalse
        197.108.77.248
        		unknownSouth Africa
        		37168CELL-CZAfalse

        Joe Sandbox View / Context

        IPs

        No context

        Domains

        No context

        ASNs

        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        ATGS-MMD-ASUShttps://tiny.ee/AAZ8Get hashmaliciousUnknownBrowse
        • 34.36.213.229
        xd.m68k.elfGet hashmaliciousMiraiBrowse
        • 32.109.166.110
        xd.x86.elfGet hashmaliciousMiraiBrowse
        • 48.127.0.71
        xd.powerpc-440fp.elfGet hashmaliciousMiraiBrowse
        • 57.53.25.25
        http://belastingdiensrt.nl.services.cartoriomoreirafeitosa.com.br//#mclear@securustechnologies.comGet hashmaliciousHTMLPhisherBrowse
        • 34.49.241.189
        xd.x86.elfGet hashmaliciousMiraiBrowse
        • 48.197.226.22
        https://storage.googleapis.com/m030325nw/0203010214585.html#5vnDUN109344BIiq674wapggdutoy377SJNFUWFBTNKPPJL187807EOVC18377d21Get hashmaliciousPhisherBrowse
        • 34.54.226.84
        http://westpointlife.comGet hashmaliciousUnknownBrowse
        • 34.49.23.1
        https://u7990385.ct.sendgrid.net/ls/click?upn=u001.oZ6GXC16Ztdw1ob-2F3C5yow-2FsK2YC4S8s269h9OLgp-2FGcQesCtXDXKgCEAF90Sa3OCy4-2F8kjpNgZm-2BgZsMdS1bfz52FcnP1TWB9R0E7-2F8Qnsc-2FB1JorLOHf8hisusJ4QRFAdkzlPlCtQyWV7XFlsorDlGs-2FXFaZtfILNk2CGzhOAh-2FplOBpAwbo8FEcNO6XU5yHNlcED7s9R6vn8NXl8BHGMXjZTaDIh3ednS0qpEYQlkjgdh04lqNlwUYQgfcZcrKvrl_TS1MykV2MfY4erwoSL54Fxruz3oW8XjCJ-2BoN9Zik9lnfuVgJcpfWzpZ2kemqNfDwpv0iQt9S4uySN3znm-2BVhjBDFXpavPbhp3p63OqMKE14K-2B87bgvIyQeft2IA5x5DXtXyea4x7LL3ebnAt5F3iws4moF4GGYx8i-2BOXu7XZjWH0GMPc0EM6lkOWGk0vwG-2FjwXFvt1n9jGbqE-2FkvlQWBREfPj3XI47wSs0OcIXHID47RBGllKyjoFHcTRVuRkeBPBjN4gewg0w8p4bShL-2Fr1YdURDfyviYbMM74eBBFCl2-2Bkr7ZOyuk-2FIHWpgRPOs9m54a1Lfkrfus2zBhCAWlGWoQpBcv6cXnG2svD8IGNmOfy9bqAH2OADQRmihLcQD9oUk5O-2BoVDui4816AM-2FXopyV9cYB0wzX6vtrT4EnW7jL7NESjGPrz7mdcXhfoIZCp4eInnzYxTQ8j8yFsGJ9bUK-2B8vuDffEncAbiSfBMicEq9uiA4Wk3TCDg6UfJl1sr76JQ2RYA4z5fFVT25Euw-2FCbwhWuVAyKUdFPY93NzmJl7ZYlNDPVrAclSb75dsk0rqhTu3ZTtC2bZEtzEALRsZQY4b221BytJlaaeRyyvP75v6ZmCcG7-2Bcl4WZGtsiW4-2FkDth6QE24hsfcLoAtA7pxT9uq-2BmqXz2quvSyk9-2Bm90ngMUEFVmzqJ2woki8fUYvKvsXhpNbl4YAk-2FjCY1SojpHp0OB5Ag9NAjiZCUsHiuxPmqFxotpjfwqx9h-2FIdr9skeRgttV-2FHbMYXeQfXe3eEepIS3L8j4eq-2FvVf5UOGVfefW9MIJOvr9g-2F-2F-2F1x8AnFuX1sjI30oQ-2BqYxjqJrVL0mKpiwZdEJzkC9CnhOyGpYXHtCUMTxDReigPu4J7-2B1wU5hRs85XHg597OD3ghdHNIq2Gd-2BKTtGqA99VnR9kFt3j98yvakP93-2Fxhk-2FLX4oMZzWfEjWvyJEpL17yKlwhsowtC9wvtyctQ09OLV1taCdtJx4wgtsp9tsqzNnyHObFTFv3zLFGet hashmaliciousUnknownBrowse
        • 34.160.78.217
        -Lysisfinancial_Executives_Schedule 6cLKF4B .svgGet hashmaliciousHTMLPhisherBrowse
        • 34.160.55.127
        ASN-IBSNAZITxd.m68k.elfGet hashmaliciousMiraiBrowse
        • 212.131.89.32
        xd.powerpc-440fp.elfGet hashmaliciousMiraiBrowse
        • 95.225.237.39
        xd.x86.elfGet hashmaliciousMiraiBrowse
        • 82.52.176.223
        xd.x86_64.elfGet hashmaliciousMiraiBrowse
        • 95.254.250.93
        xd.x86.elfGet hashmaliciousMiraiBrowse
        • 81.78.206.176
        xd.i686.elfGet hashmaliciousMiraiBrowse
        • 81.73.110.219
        xd.sh4.elfGet hashmaliciousMiraiBrowse
        • 85.38.164.5
        xd.mpsl.elfGet hashmaliciousMiraiBrowse
        • 85.38.154.179
        xd.i486.elfGet hashmaliciousMiraiBrowse
        • 88.46.72.233
        i686.elfGet hashmaliciousUnknownBrowse
        • 87.1.84.50
        CHINA169-GZChinaUnicomIPnetworkChina169Guangdongprovixd.m68k.elfGet hashmaliciousMiraiBrowse
        • 163.66.181.21
        xd.spc.elfGet hashmaliciousMiraiBrowse
        • 163.115.151.173
        rep.ppc.elfGet hashmaliciousMiraiBrowse
        • 163.77.150.110
        mips.elfGet hashmaliciousUnknownBrowse
        • 163.101.32.107
        bimbo-arm.elfGet hashmaliciousUnknownBrowse
        • 163.146.118.59
        bimbo-x86.elfGet hashmaliciousUnknownBrowse
        • 163.80.17.243
        bimbo-mips.elfGet hashmaliciousUnknownBrowse
        • 220.198.152.194
        k03ldc.arm7.elfGet hashmaliciousMiraiBrowse
        • 163.89.115.80
        k03ldc.mpsl.elfGet hashmaliciousUnknownBrowse
        • 27.36.92.109
        vjwe68k.elfGet hashmaliciousGafgyt, MiraiBrowse
        • 112.93.190.64
        GIGAINFRASoftbankBBCorpJPxd.m68k.elfGet hashmaliciousMiraiBrowse
        • 126.163.68.241
        xd.mips.elfGet hashmaliciousMiraiBrowse
        • 126.196.152.33
        xd.x86.elfGet hashmaliciousMiraiBrowse
        • 221.108.187.132
        xd.powerpc-440fp.elfGet hashmaliciousMiraiBrowse
        • 126.207.170.103
        xd.sh4.elfGet hashmaliciousMiraiBrowse
        • 126.184.106.140
        xd.x86_64.elfGet hashmaliciousMiraiBrowse
        • 218.134.28.158
        xd.mips.elfGet hashmaliciousMiraiBrowse
        • 126.150.53.186
        xd.powerpc-440fp.elfGet hashmaliciousMiraiBrowse
        • 60.157.121.103
        xd.ppc.elfGet hashmaliciousMiraiBrowse
        • 221.105.192.191
        xd.x86.elfGet hashmaliciousMiraiBrowse
        • 126.145.80.205

        JA3 Fingerprints

        No context

        Dropped Files

        No context

        Created / dropped Files

        Process:/usr/bin/pulseaudio
        File Type:ASCII text
        Category:dropped
        Size (bytes):10
        Entropy (8bit):2.9219280948873623
        Encrypted:false
        SSDEEP:3:5bkPn:pkP
        MD5:FF001A15CE15CF062A3704CEA2991B5F
        SHA1:B06F6855F376C3245B82212AC73ADED55DFE5DEF
        SHA-256:C54830B41ECFA1B6FBDC30397188DDA86B7B200E62AEAC21AE694A6192DCC38A
        SHA-512:65EBF7C31F6F65713CE01B38A112E97D0AE64A6BD1DA40CE4C1B998F10CD3912EE1A48BB2B279B24493062118AAB3B8753742E2AF28E56A31A7AAB27DE80E7BF
        Malicious:false
        Reputation:moderate, very likely benign file
        Preview:auto_null.
        Process:/usr/bin/pulseaudio
        File Type:ASCII text
        Category:dropped
        Size (bytes):18
        Entropy (8bit):3.4613201402110088
        Encrypted:false
        SSDEEP:3:5bkrIZsXvn:pkckv
        MD5:28FE6435F34B3367707BB1C5D5F6B430
        SHA1:EB8FE2D16BD6BBCCE106C94E4D284543B2573CF6
        SHA-256:721A37C69E555799B41D308849E8F8125441883AB021B723FED90A9B744F36C0
        SHA-512:6B6AB7C0979629D0FEF6BE47C5C6BCC367EDD0AAE3FC973F4DE2FD5F0A819C89E7656DB65D453B1B5398E54012B27EDFE02894AD87A7E0AF3A9C5F2EB24A9919
        Malicious:false
        Reputation:moderate, very likely benign file
        Preview:auto_null.monitor.
        Process:/usr/bin/pulseaudio
        File Type:ASCII text
        Category:dropped
        Size (bytes):5
        Entropy (8bit):2.321928094887362
        Encrypted:false
        SSDEEP:3:Gr:Gr
        MD5:49E82F49CB12D6DB2DF01A1F73755197
        SHA1:87C66D094192DB4C6218B45FCD344EABE643AC2C
        SHA-256:C182E121FFD239A31C071904CCB32CFAC9E3E9ECF2286984907FA47675CEFC67
        SHA-512:5A3DFEB15F2BF01FDBA88DF474EC5C7BCB53DA473990DB24CDEC4D8A16273F5C62C8D4E597EA45EFDA5D57D1E8AB00694023FCBE9C210BEB04B9F6E57E8BE60E
        Malicious:false
        Reputation:low
        Preview:5648.

        Static File Info

        General

        File type:ELF 32-bit MSB executable, PowerPC or cisco 4500, version 1 (GNU/Linux), statically linked, no section header
        Entropy (8bit):7.934918202762253
        TrID:
        • ELF Executable and Linkable format (Linux) (4029/14) 50.16%
        • ELF Executable and Linkable format (generic) (4004/1) 49.84%
        File name:xd.ppc.elf
        File size:28'264 bytes
        MD5:b7aed42101a9225eb026a87e0e75d8e6
        SHA1:8c63259e173abbb9e658d31d8d72292b19b43326
        SHA256:c01bd36ab1677f86b8700fc03f090c1cdafbf3687558a43ad68a3ad47fb54245
        SHA512:5c3724abaaf9534a17bc3a9ba9eea01941fc5c366b036e20ec3358b5aca2950c7832240af5df18ff72e6fa0fbffd45a17c7c92992b7879c4a6dce4f64d809857
        SSDEEP:768:QxfbzmLjERNLNZYhKJwReEzOWkCp7FZd4uVcqgw0+nn:8S8NmmbEqxCrZd4u+qgw0+n
        TLSH:C2C2E120E1C4A659D6DF62F638C18661B770071357A2C955F38D9F209723A30F92AEFC
        File Content Preview:.ELF......................[....4.........4. ...(......................mh..mh........................................dt.Q.............................?..UPX!...........X...X.......Q.......?.E.h4...@b.............[GnE..M.........#...s_[..........F.......DKP

        Static ELF Info

        ELF header

        Class:ELF32
        Data:2's complement, big endian
        Version:1 (current)
        Machine:PowerPC
        Version Number:0x1
        Type:EXEC (Executable file)
        OS/ABI:UNIX - Linux
        ABI Version:0
        Entry Point Address:0x105b80
        Flags:0x0
        ELF Header Size:52
        Program Header Offset:52
        Program Header Size:32
        Number of Program Headers:3
        Section Header Offset:0
        Section Header Size:40
        Number of Section Headers:0
        Header String Table Index:0

        Program Segments

        TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
        LOAD0x00x1000000x1000000x6d680x6d687.93810x5R E0x10000
        LOAD0x7040x100107040x100107040x00x00.00000x6RW 0x10000
        GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

        Network Behavior

        Download Network PCAP: filteredfull

        Network Port Distribution

        • Total Packets: 299
        • 7887 undefined
        • 23 (Telnet)
        TimestampSource PortDest PortSource IPDest IP
        Apr 2, 2025 22:19:30.606215000 CEST336747887192.168.2.15213.209.129.92
        Apr 2, 2025 22:19:30.616646051 CEST839223192.168.2.1596.126.204.193
        Apr 2, 2025 22:19:30.616756916 CEST839223192.168.2.15255.33.56.11
        Apr 2, 2025 22:19:30.616781950 CEST839223192.168.2.15103.36.196.56
        Apr 2, 2025 22:19:30.616786957 CEST839223192.168.2.15223.102.172.9
        Apr 2, 2025 22:19:30.616835117 CEST839223192.168.2.1554.117.121.146
        Apr 2, 2025 22:19:30.616842985 CEST839223192.168.2.1531.165.19.183
        Apr 2, 2025 22:19:30.616903067 CEST839223192.168.2.1595.175.83.89
        Apr 2, 2025 22:19:30.616918087 CEST839223192.168.2.1575.79.182.179
        Apr 2, 2025 22:19:30.616925001 CEST839223192.168.2.1577.38.129.162
        Apr 2, 2025 22:19:30.617026091 CEST839223192.168.2.1584.5.52.195
        Apr 2, 2025 22:19:30.617038012 CEST839223192.168.2.15101.81.175.175
        Apr 2, 2025 22:19:30.617094040 CEST839223192.168.2.15163.115.168.90
        Apr 2, 2025 22:19:30.618396044 CEST839223192.168.2.15211.189.239.55
        Apr 2, 2025 22:19:30.618439913 CEST839223192.168.2.1527.208.250.185
        Apr 2, 2025 22:19:30.618524075 CEST839223192.168.2.15144.94.74.242
        Apr 2, 2025 22:19:30.618537903 CEST839223192.168.2.1584.60.66.156
        Apr 2, 2025 22:19:30.618617058 CEST839223192.168.2.15147.18.146.46
        Apr 2, 2025 22:19:30.618628025 CEST839223192.168.2.15102.137.18.199
        Apr 2, 2025 22:19:30.618639946 CEST839223192.168.2.15223.143.211.148
        Apr 2, 2025 22:19:30.618662119 CEST839223192.168.2.15200.128.62.10
        Apr 2, 2025 22:19:30.618663073 CEST839223192.168.2.15240.85.182.112
        Apr 2, 2025 22:19:30.618664980 CEST839223192.168.2.1541.154.135.214
        Apr 2, 2025 22:19:30.618710041 CEST839223192.168.2.15169.112.0.146
        Apr 2, 2025 22:19:30.618746042 CEST839223192.168.2.1578.174.151.222
        Apr 2, 2025 22:19:30.618762970 CEST839223192.168.2.15170.97.38.108
        Apr 2, 2025 22:19:30.618783951 CEST839223192.168.2.152.177.135.98
        Apr 2, 2025 22:19:30.618814945 CEST839223192.168.2.1571.163.182.86
        Apr 2, 2025 22:19:30.618837118 CEST839223192.168.2.15196.235.233.251
        Apr 2, 2025 22:19:30.618860960 CEST839223192.168.2.15209.196.77.33
        Apr 2, 2025 22:19:30.618870020 CEST839223192.168.2.15163.92.62.187
        Apr 2, 2025 22:19:30.618885040 CEST839223192.168.2.1585.40.186.21
        Apr 2, 2025 22:19:30.618912935 CEST839223192.168.2.1538.9.225.154
        Apr 2, 2025 22:19:30.618927002 CEST839223192.168.2.15209.231.222.246
        Apr 2, 2025 22:19:30.618930101 CEST839223192.168.2.15101.104.125.125
        Apr 2, 2025 22:19:30.618951082 CEST839223192.168.2.1527.146.146.90
        Apr 2, 2025 22:19:30.618968964 CEST839223192.168.2.15206.225.137.28
        Apr 2, 2025 22:19:30.618974924 CEST839223192.168.2.15122.58.67.17
        Apr 2, 2025 22:19:30.619009972 CEST839223192.168.2.15166.158.69.196
        Apr 2, 2025 22:19:30.619050026 CEST839223192.168.2.15217.136.184.104
        Apr 2, 2025 22:19:30.619050026 CEST839223192.168.2.15115.22.186.155
        Apr 2, 2025 22:19:30.619124889 CEST839223192.168.2.15245.6.236.51
        Apr 2, 2025 22:19:30.619138002 CEST839223192.168.2.15220.172.205.65
        Apr 2, 2025 22:19:30.619203091 CEST839223192.168.2.15172.105.220.30
        Apr 2, 2025 22:19:30.619215012 CEST839223192.168.2.15217.49.69.133
        Apr 2, 2025 22:19:30.619220972 CEST839223192.168.2.15125.71.221.68
        Apr 2, 2025 22:19:30.619287014 CEST839223192.168.2.15139.240.220.87
        Apr 2, 2025 22:19:30.619292021 CEST839223192.168.2.15247.241.85.206
        Apr 2, 2025 22:19:30.619405985 CEST839223192.168.2.15155.109.205.91
        Apr 2, 2025 22:19:30.619477034 CEST839223192.168.2.15117.130.163.112
        Apr 2, 2025 22:19:30.619517088 CEST839223192.168.2.1587.192.8.116
        Apr 2, 2025 22:19:30.619539022 CEST839223192.168.2.15216.106.163.145
        Apr 2, 2025 22:19:30.619560003 CEST839223192.168.2.15220.18.191.119
        Apr 2, 2025 22:19:30.619565010 CEST839223192.168.2.15105.228.196.255
        Apr 2, 2025 22:19:30.619587898 CEST839223192.168.2.15163.133.217.14
        Apr 2, 2025 22:19:30.619600058 CEST839223192.168.2.158.24.88.126
        Apr 2, 2025 22:19:30.619659901 CEST839223192.168.2.15164.42.31.199
        Apr 2, 2025 22:19:30.619677067 CEST839223192.168.2.1534.233.250.229
        Apr 2, 2025 22:19:30.619699001 CEST839223192.168.2.1517.208.6.28
        Apr 2, 2025 22:19:30.619707108 CEST839223192.168.2.15116.190.65.128
        Apr 2, 2025 22:19:30.619795084 CEST839223192.168.2.1537.82.128.184
        Apr 2, 2025 22:19:30.619810104 CEST839223192.168.2.1562.108.193.56
        Apr 2, 2025 22:19:30.619843006 CEST839223192.168.2.1591.18.65.116
        Apr 2, 2025 22:19:30.619853973 CEST839223192.168.2.15253.225.216.4
        Apr 2, 2025 22:19:30.619873047 CEST839223192.168.2.15179.175.6.229
        Apr 2, 2025 22:19:30.619883060 CEST839223192.168.2.15165.129.237.79
        Apr 2, 2025 22:19:30.619966030 CEST839223192.168.2.15161.75.19.75
        Apr 2, 2025 22:19:30.620016098 CEST839223192.168.2.15145.32.88.117
        Apr 2, 2025 22:19:30.620027065 CEST839223192.168.2.1524.31.94.126
        Apr 2, 2025 22:19:30.620033026 CEST839223192.168.2.1590.169.144.41
        Apr 2, 2025 22:19:30.620054007 CEST839223192.168.2.1514.249.252.58
        Apr 2, 2025 22:19:30.620065928 CEST839223192.168.2.1537.113.219.201
        Apr 2, 2025 22:19:30.620074987 CEST839223192.168.2.15241.166.68.4
        Apr 2, 2025 22:19:30.620078087 CEST839223192.168.2.1518.178.87.29
        Apr 2, 2025 22:19:30.620093107 CEST839223192.168.2.15181.78.27.141
        Apr 2, 2025 22:19:30.620157003 CEST839223192.168.2.15157.182.29.159
        Apr 2, 2025 22:19:30.620194912 CEST839223192.168.2.15160.66.190.44
        Apr 2, 2025 22:19:30.620215893 CEST839223192.168.2.15194.163.203.40
        Apr 2, 2025 22:19:30.620218992 CEST839223192.168.2.15195.52.80.179
        Apr 2, 2025 22:19:30.620224953 CEST839223192.168.2.15182.107.194.133
        Apr 2, 2025 22:19:30.620260954 CEST839223192.168.2.15101.195.171.150
        Apr 2, 2025 22:19:30.620260954 CEST839223192.168.2.15179.248.207.224
        Apr 2, 2025 22:19:30.620269060 CEST839223192.168.2.1595.248.127.244
        Apr 2, 2025 22:19:30.620310068 CEST839223192.168.2.1580.117.43.74
        Apr 2, 2025 22:19:30.620311022 CEST839223192.168.2.1534.244.84.244
        Apr 2, 2025 22:19:30.620353937 CEST839223192.168.2.15160.182.118.192
        Apr 2, 2025 22:19:30.620363951 CEST839223192.168.2.15252.15.36.45
        Apr 2, 2025 22:19:30.620378017 CEST839223192.168.2.1532.54.67.208
        Apr 2, 2025 22:19:30.620383978 CEST839223192.168.2.15179.30.22.54
        Apr 2, 2025 22:19:30.620404959 CEST839223192.168.2.1536.97.158.10
        Apr 2, 2025 22:19:30.620404959 CEST839223192.168.2.1518.167.225.218
        Apr 2, 2025 22:19:30.620431900 CEST839223192.168.2.1557.180.184.43
        Apr 2, 2025 22:19:30.620446920 CEST839223192.168.2.15254.247.100.98
        Apr 2, 2025 22:19:30.621850967 CEST839223192.168.2.15138.3.207.206
        Apr 2, 2025 22:19:30.621869087 CEST839223192.168.2.15115.229.46.125
        Apr 2, 2025 22:19:30.621876955 CEST839223192.168.2.1514.66.106.161
        Apr 2, 2025 22:19:30.621891022 CEST839223192.168.2.15189.41.70.72
        Apr 2, 2025 22:19:30.621912003 CEST839223192.168.2.15245.214.84.163
        Apr 2, 2025 22:19:30.621926069 CEST839223192.168.2.15252.194.246.240
        Apr 2, 2025 22:19:30.621965885 CEST839223192.168.2.15148.215.198.74
        Apr 2, 2025 22:19:30.622059107 CEST839223192.168.2.1567.67.220.17
        Apr 2, 2025 22:19:30.622059107 CEST839223192.168.2.15194.66.19.86
        Apr 2, 2025 22:19:30.622060061 CEST839223192.168.2.15166.87.66.74
        Apr 2, 2025 22:19:30.622061014 CEST839223192.168.2.15197.54.224.93
        Apr 2, 2025 22:19:30.622060061 CEST839223192.168.2.15246.91.9.89
        Apr 2, 2025 22:19:30.622061014 CEST839223192.168.2.1577.90.2.51
        Apr 2, 2025 22:19:30.622065067 CEST839223192.168.2.15121.12.6.87
        Apr 2, 2025 22:19:30.622076988 CEST839223192.168.2.15196.68.94.138
        Apr 2, 2025 22:19:30.622088909 CEST839223192.168.2.15153.147.230.251
        Apr 2, 2025 22:19:30.622129917 CEST839223192.168.2.15174.93.36.108
        Apr 2, 2025 22:19:30.622144938 CEST839223192.168.2.1566.240.83.125
        Apr 2, 2025 22:19:30.622155905 CEST839223192.168.2.15194.182.233.75
        Apr 2, 2025 22:19:30.622170925 CEST839223192.168.2.15209.9.113.51
        Apr 2, 2025 22:19:30.622230053 CEST839223192.168.2.152.79.60.46
        Apr 2, 2025 22:19:30.622281075 CEST839223192.168.2.15110.54.52.231
        Apr 2, 2025 22:19:30.622282028 CEST839223192.168.2.1567.75.73.121
        Apr 2, 2025 22:19:30.622282028 CEST839223192.168.2.15149.86.104.109
        Apr 2, 2025 22:19:30.622308016 CEST839223192.168.2.15188.131.3.225
        Apr 2, 2025 22:19:30.622312069 CEST839223192.168.2.1538.64.168.169
        Apr 2, 2025 22:19:30.622330904 CEST839223192.168.2.1512.81.107.152
        Apr 2, 2025 22:19:30.622519970 CEST839223192.168.2.1544.14.187.46
        Apr 2, 2025 22:19:30.622525930 CEST839223192.168.2.15242.26.185.195
        Apr 2, 2025 22:19:30.622530937 CEST839223192.168.2.1538.201.187.154
        Apr 2, 2025 22:19:30.622531891 CEST839223192.168.2.1557.234.61.234
        Apr 2, 2025 22:19:30.622553110 CEST839223192.168.2.1560.132.16.138
        Apr 2, 2025 22:19:30.622556925 CEST839223192.168.2.15223.80.230.126
        Apr 2, 2025 22:19:30.622626066 CEST839223192.168.2.15245.91.143.235
        Apr 2, 2025 22:19:30.622628927 CEST839223192.168.2.1563.106.211.239
        Apr 2, 2025 22:19:30.622670889 CEST839223192.168.2.1598.165.94.27
        Apr 2, 2025 22:19:30.622678995 CEST839223192.168.2.15169.80.16.103
        Apr 2, 2025 22:19:30.622679949 CEST839223192.168.2.15167.159.89.55
        Apr 2, 2025 22:19:30.622682095 CEST839223192.168.2.15200.8.160.172
        Apr 2, 2025 22:19:30.622682095 CEST839223192.168.2.15166.50.157.255
        Apr 2, 2025 22:19:30.622682095 CEST839223192.168.2.1537.122.208.131
        Apr 2, 2025 22:19:30.622694016 CEST839223192.168.2.154.156.18.205
        Apr 2, 2025 22:19:30.622694969 CEST839223192.168.2.1546.174.42.43
        Apr 2, 2025 22:19:30.622697115 CEST839223192.168.2.1585.7.160.241
        Apr 2, 2025 22:19:30.622699976 CEST839223192.168.2.1569.239.95.188
        Apr 2, 2025 22:19:30.622750998 CEST839223192.168.2.15185.48.141.69
        Apr 2, 2025 22:19:30.622791052 CEST839223192.168.2.1599.91.189.74
        Apr 2, 2025 22:19:30.622795105 CEST839223192.168.2.1558.23.181.62
        Apr 2, 2025 22:19:30.622795105 CEST839223192.168.2.15190.150.2.65
        Apr 2, 2025 22:19:30.622999907 CEST839223192.168.2.15168.234.38.89
        Apr 2, 2025 22:19:30.623049021 CEST839223192.168.2.15177.91.116.25
        Apr 2, 2025 22:19:30.623060942 CEST839223192.168.2.15253.222.219.61
        Apr 2, 2025 22:19:30.623060942 CEST839223192.168.2.1558.75.130.112
        Apr 2, 2025 22:19:30.623060942 CEST839223192.168.2.15244.55.128.95
        Apr 2, 2025 22:19:30.623060942 CEST839223192.168.2.1520.66.132.149
        Apr 2, 2025 22:19:30.623066902 CEST839223192.168.2.1531.17.150.198
        Apr 2, 2025 22:19:31.608274937 CEST336747887192.168.2.15213.209.129.92
        Apr 2, 2025 22:19:31.624677896 CEST839223192.168.2.15163.29.82.25
        Apr 2, 2025 22:19:31.624677896 CEST839223192.168.2.15100.34.245.130
        Apr 2, 2025 22:19:31.624681950 CEST839223192.168.2.158.71.226.192
        Apr 2, 2025 22:19:31.624677896 CEST839223192.168.2.15105.218.224.13
        Apr 2, 2025 22:19:31.624681950 CEST839223192.168.2.1596.179.225.224
        Apr 2, 2025 22:19:31.624681950 CEST839223192.168.2.15206.85.23.113
        Apr 2, 2025 22:19:31.624703884 CEST839223192.168.2.15149.151.207.207
        Apr 2, 2025 22:19:31.624747992 CEST839223192.168.2.15198.179.82.144
        Apr 2, 2025 22:19:31.624752045 CEST839223192.168.2.1519.236.83.17
        Apr 2, 2025 22:19:31.624752045 CEST839223192.168.2.15197.108.77.248
        Apr 2, 2025 22:19:31.624752045 CEST839223192.168.2.15114.200.80.156
        Apr 2, 2025 22:19:31.624752045 CEST839223192.168.2.15180.43.154.192
        Apr 2, 2025 22:19:31.624764919 CEST839223192.168.2.1547.169.16.144
        Apr 2, 2025 22:19:31.624788046 CEST839223192.168.2.15165.161.30.110
        Apr 2, 2025 22:19:31.624840975 CEST839223192.168.2.15207.54.227.46
        Apr 2, 2025 22:19:31.624857903 CEST839223192.168.2.15116.9.111.138
        Apr 2, 2025 22:19:31.624861956 CEST839223192.168.2.1572.164.153.218
        Apr 2, 2025 22:19:31.624871969 CEST839223192.168.2.15185.6.4.254
        Apr 2, 2025 22:19:31.624871969 CEST839223192.168.2.15126.129.157.224
        Apr 2, 2025 22:19:31.624871969 CEST839223192.168.2.15145.146.224.26
        Apr 2, 2025 22:19:31.624871969 CEST839223192.168.2.15138.240.208.64
        Apr 2, 2025 22:19:31.624882936 CEST839223192.168.2.15255.189.184.39
        Apr 2, 2025 22:19:31.624937057 CEST839223192.168.2.1584.34.142.96
        Apr 2, 2025 22:19:31.624937057 CEST839223192.168.2.1585.187.9.56
        Apr 2, 2025 22:19:31.624937057 CEST839223192.168.2.15184.122.226.74
        Apr 2, 2025 22:19:31.624948978 CEST839223192.168.2.15216.134.58.41
        Apr 2, 2025 22:19:31.624963999 CEST839223192.168.2.1571.233.209.186
        Apr 2, 2025 22:19:31.624979019 CEST839223192.168.2.1538.94.34.14
        Apr 2, 2025 22:19:31.625005960 CEST839223192.168.2.15156.153.35.220
        Apr 2, 2025 22:19:31.625006914 CEST839223192.168.2.1590.110.162.64
        Apr 2, 2025 22:19:31.625008106 CEST839223192.168.2.1537.94.0.197
        Apr 2, 2025 22:19:31.625008106 CEST839223192.168.2.15173.137.219.175
        Apr 2, 2025 22:19:31.625030994 CEST839223192.168.2.15192.117.95.206
        Apr 2, 2025 22:19:31.625045061 CEST839223192.168.2.15126.5.59.31
        Apr 2, 2025 22:19:31.625067949 CEST839223192.168.2.15130.172.239.180
        Apr 2, 2025 22:19:31.625112057 CEST839223192.168.2.15146.42.108.59
        Apr 2, 2025 22:19:31.625114918 CEST839223192.168.2.15195.63.156.67
        Apr 2, 2025 22:19:31.625117064 CEST839223192.168.2.15142.78.153.193
        Apr 2, 2025 22:19:31.625118017 CEST839223192.168.2.1567.224.0.87
        Apr 2, 2025 22:19:31.625118017 CEST839223192.168.2.15101.144.169.143
        Apr 2, 2025 22:19:31.625118017 CEST839223192.168.2.1566.127.42.166
        Apr 2, 2025 22:19:31.625165939 CEST839223192.168.2.1578.227.116.111
        Apr 2, 2025 22:19:31.625165939 CEST839223192.168.2.15218.237.226.160
        Apr 2, 2025 22:19:31.625166893 CEST839223192.168.2.15119.155.147.20
        Apr 2, 2025 22:19:31.625166893 CEST839223192.168.2.1539.38.159.10
        Apr 2, 2025 22:19:31.625170946 CEST839223192.168.2.15136.52.105.129
        Apr 2, 2025 22:19:31.625174999 CEST839223192.168.2.15240.83.151.95
        Apr 2, 2025 22:19:31.625194073 CEST839223192.168.2.15103.66.76.95
        Apr 2, 2025 22:19:31.625216007 CEST839223192.168.2.1524.16.82.233
        Apr 2, 2025 22:19:31.625219107 CEST839223192.168.2.15204.183.56.145
        Apr 2, 2025 22:19:31.625219107 CEST839223192.168.2.15243.87.170.199
        Apr 2, 2025 22:19:31.625233889 CEST839223192.168.2.15202.4.23.45
        Apr 2, 2025 22:19:31.625243902 CEST839223192.168.2.1553.80.108.103
        Apr 2, 2025 22:19:31.625243902 CEST839223192.168.2.15184.131.111.125
        Apr 2, 2025 22:19:31.625243902 CEST839223192.168.2.1514.213.70.224
        Apr 2, 2025 22:19:31.625243902 CEST839223192.168.2.1542.175.145.183
        Apr 2, 2025 22:19:31.625243902 CEST839223192.168.2.15209.93.44.27
        Apr 2, 2025 22:19:31.625243902 CEST839223192.168.2.1578.95.129.236
        Apr 2, 2025 22:19:31.625253916 CEST839223192.168.2.1568.166.164.74
        Apr 2, 2025 22:19:31.625279903 CEST839223192.168.2.15117.124.159.231
        Apr 2, 2025 22:19:31.625287056 CEST839223192.168.2.159.220.202.219
        Apr 2, 2025 22:19:31.625322104 CEST839223192.168.2.1584.173.149.200
        Apr 2, 2025 22:19:31.625322104 CEST839223192.168.2.1524.115.218.245
        Apr 2, 2025 22:19:31.625323057 CEST839223192.168.2.1564.63.148.26
        Apr 2, 2025 22:19:31.625324011 CEST839223192.168.2.1543.232.165.126
        Apr 2, 2025 22:19:31.625324011 CEST839223192.168.2.1563.6.206.170
        Apr 2, 2025 22:19:31.625324011 CEST839223192.168.2.15222.227.17.7
        Apr 2, 2025 22:19:31.625339031 CEST839223192.168.2.1536.93.16.22
        Apr 2, 2025 22:19:31.625345945 CEST839223192.168.2.15217.142.200.164
        Apr 2, 2025 22:19:31.625375986 CEST839223192.168.2.1585.2.179.245
        Apr 2, 2025 22:19:31.625380039 CEST839223192.168.2.15162.88.138.204
        Apr 2, 2025 22:19:31.625391960 CEST839223192.168.2.1570.165.167.128
        Apr 2, 2025 22:19:31.625425100 CEST839223192.168.2.1594.137.177.105
        Apr 2, 2025 22:19:31.625427961 CEST839223192.168.2.15198.234.172.66
        Apr 2, 2025 22:19:31.625435114 CEST839223192.168.2.15187.73.214.207
        Apr 2, 2025 22:19:31.625442028 CEST839223192.168.2.15218.232.74.163
        Apr 2, 2025 22:19:31.625459909 CEST839223192.168.2.15189.250.210.67
        Apr 2, 2025 22:19:31.625459909 CEST839223192.168.2.1572.1.23.132
        Apr 2, 2025 22:19:31.625459909 CEST839223192.168.2.1595.187.95.233
        Apr 2, 2025 22:19:31.625479937 CEST839223192.168.2.15106.204.8.165
        Apr 2, 2025 22:19:31.625497103 CEST839223192.168.2.15157.40.145.150
        Apr 2, 2025 22:19:31.625499010 CEST839223192.168.2.152.210.144.244
        Apr 2, 2025 22:19:31.625509024 CEST839223192.168.2.15175.74.171.43
        Apr 2, 2025 22:19:31.625520945 CEST839223192.168.2.15123.98.245.0
        Apr 2, 2025 22:19:31.625539064 CEST839223192.168.2.15142.189.90.116
        Apr 2, 2025 22:19:31.625539064 CEST839223192.168.2.1561.39.97.195
        Apr 2, 2025 22:19:31.625539064 CEST839223192.168.2.15245.97.207.123
        Apr 2, 2025 22:19:31.625562906 CEST839223192.168.2.1513.138.219.2
        Apr 2, 2025 22:19:31.625570059 CEST839223192.168.2.1527.32.110.24
        Apr 2, 2025 22:19:31.625581980 CEST839223192.168.2.15116.239.202.177
        Apr 2, 2025 22:19:31.625581980 CEST839223192.168.2.1578.65.229.24
        Apr 2, 2025 22:19:31.625581980 CEST839223192.168.2.15156.48.237.51
        Apr 2, 2025 22:19:31.625583887 CEST839223192.168.2.15242.93.68.70
        Apr 2, 2025 22:19:31.625607014 CEST839223192.168.2.15174.201.55.165
        Apr 2, 2025 22:19:31.625621080 CEST839223192.168.2.1523.220.117.246
        Apr 2, 2025 22:19:31.625632048 CEST839223192.168.2.15219.17.112.227
        Apr 2, 2025 22:19:31.625633955 CEST839223192.168.2.15240.11.174.97
        Apr 2, 2025 22:19:31.625650883 CEST839223192.168.2.15174.150.122.92
        Apr 2, 2025 22:19:31.625654936 CEST839223192.168.2.1542.227.50.107
        Apr 2, 2025 22:19:31.625654936 CEST839223192.168.2.15222.185.162.225
        Apr 2, 2025 22:19:31.625654936 CEST839223192.168.2.1583.144.249.243
        Apr 2, 2025 22:19:31.625669956 CEST839223192.168.2.1517.102.52.61
        Apr 2, 2025 22:19:31.625680923 CEST839223192.168.2.15219.41.195.202
        Apr 2, 2025 22:19:31.625684977 CEST839223192.168.2.1559.152.50.52
        Apr 2, 2025 22:19:31.625684977 CEST839223192.168.2.15124.98.39.102
        Apr 2, 2025 22:19:31.625684977 CEST839223192.168.2.15172.200.223.114
        Apr 2, 2025 22:19:31.625684977 CEST839223192.168.2.1532.233.13.100
        Apr 2, 2025 22:19:31.625703096 CEST839223192.168.2.15240.143.99.143
        Apr 2, 2025 22:19:31.625705957 CEST839223192.168.2.15204.230.71.26
        Apr 2, 2025 22:19:31.625719070 CEST839223192.168.2.15173.29.237.70
        Apr 2, 2025 22:19:31.625724077 CEST839223192.168.2.1512.27.95.3
        Apr 2, 2025 22:19:31.625725031 CEST839223192.168.2.1599.182.134.173
        Apr 2, 2025 22:19:31.625724077 CEST839223192.168.2.15201.61.137.47
        Apr 2, 2025 22:19:31.625724077 CEST839223192.168.2.15218.193.128.110
        Apr 2, 2025 22:19:31.625740051 CEST839223192.168.2.1588.82.92.51
        Apr 2, 2025 22:19:31.625746965 CEST839223192.168.2.15255.249.199.223
        Apr 2, 2025 22:19:31.625751019 CEST839223192.168.2.15217.11.172.154
        Apr 2, 2025 22:19:31.625752926 CEST839223192.168.2.15196.228.94.244
        Apr 2, 2025 22:19:31.625752926 CEST839223192.168.2.1559.26.31.131
        Apr 2, 2025 22:19:31.625762939 CEST839223192.168.2.15203.153.1.56
        Apr 2, 2025 22:19:31.625776052 CEST839223192.168.2.15200.61.27.70
        Apr 2, 2025 22:19:31.625781059 CEST839223192.168.2.15209.215.135.149
        Apr 2, 2025 22:19:31.625782013 CEST839223192.168.2.1588.144.146.121
        Apr 2, 2025 22:19:31.625794888 CEST839223192.168.2.15168.147.103.22
        Apr 2, 2025 22:19:31.625799894 CEST839223192.168.2.1592.28.115.73
        Apr 2, 2025 22:19:31.625801086 CEST839223192.168.2.15217.154.101.221
        Apr 2, 2025 22:19:31.625801086 CEST839223192.168.2.1570.114.70.229
        Apr 2, 2025 22:19:31.625801086 CEST839223192.168.2.1518.63.140.226
        Apr 2, 2025 22:19:31.625827074 CEST839223192.168.2.15119.214.28.80
        Apr 2, 2025 22:19:31.625827074 CEST839223192.168.2.15217.61.88.193
        Apr 2, 2025 22:19:31.625827074 CEST839223192.168.2.1599.77.95.130
        Apr 2, 2025 22:19:31.628269911 CEST839223192.168.2.15116.62.200.175
        Apr 2, 2025 22:19:31.628276110 CEST839223192.168.2.15154.79.133.113
        Apr 2, 2025 22:19:31.628276110 CEST839223192.168.2.155.148.183.134
        Apr 2, 2025 22:19:31.628276110 CEST839223192.168.2.15191.132.97.42
        Apr 2, 2025 22:19:31.628276110 CEST839223192.168.2.15210.115.31.134
        Apr 2, 2025 22:19:31.628276110 CEST839223192.168.2.15190.136.251.97
        Apr 2, 2025 22:19:31.628336906 CEST839223192.168.2.15158.133.190.164
        Apr 2, 2025 22:19:31.628338099 CEST839223192.168.2.1544.36.24.235
        Apr 2, 2025 22:19:31.628338099 CEST839223192.168.2.1589.250.199.10
        Apr 2, 2025 22:19:31.628338099 CEST839223192.168.2.15246.124.14.70
        Apr 2, 2025 22:19:31.628338099 CEST839223192.168.2.15247.135.249.97
        Apr 2, 2025 22:19:31.628338099 CEST839223192.168.2.15192.83.19.198
        Apr 2, 2025 22:19:31.628338099 CEST839223192.168.2.15159.201.179.127
        Apr 2, 2025 22:19:31.628338099 CEST839223192.168.2.15113.39.89.121
        Apr 2, 2025 22:19:31.628365993 CEST839223192.168.2.15182.96.31.133
        Apr 2, 2025 22:19:31.628365993 CEST839223192.168.2.1593.163.112.100
        Apr 2, 2025 22:19:31.628365993 CEST839223192.168.2.15250.239.138.22
        Apr 2, 2025 22:19:31.628365993 CEST839223192.168.2.15187.69.184.43
        Apr 2, 2025 22:19:31.628365993 CEST839223192.168.2.1519.27.222.207
        Apr 2, 2025 22:19:31.628365993 CEST839223192.168.2.15165.90.196.230
        Apr 2, 2025 22:19:31.628365993 CEST839223192.168.2.1562.196.39.109
        Apr 2, 2025 22:19:31.834605932 CEST788733674213.209.129.92192.168.2.15
        TimestampSource IPDest IPChecksumCodeType
        Apr 2, 2025 22:21:18.040993929 CEST192.168.2.15192.168.2.1827b(Port unreachable)Destination Unreachable

        System Behavior

        General

        Start time (UTC):20:19:29
        Start date (UTC):02/04/2025
        Path:/tmp/xd.ppc.elf
        Arguments:/tmp/xd.ppc.elf
        File size:5388968 bytes
        MD5 hash:ae65271c943d3451b7f026d1fadccea6

        File Activities

        Process Activities

        System Activities

        Network Activities


        General

        Start time (UTC):20:19:29
        Start date (UTC):02/04/2025
        Path:/tmp/xd.ppc.elf
        Arguments:-
        File size:5388968 bytes
        MD5 hash:ae65271c943d3451b7f026d1fadccea6

        File Activities

        Process Activities

        Network Activities


        General

        Start time (UTC):20:19:29
        Start date (UTC):02/04/2025
        Path:/tmp/xd.ppc.elf
        Arguments:-
        File size:5388968 bytes
        MD5 hash:ae65271c943d3451b7f026d1fadccea6

        File Activities

        Process Activities


        General

        Start time (UTC):20:19:29
        Start date (UTC):02/04/2025
        Path:/tmp/xd.ppc.elf
        Arguments:-
        File size:5388968 bytes
        MD5 hash:ae65271c943d3451b7f026d1fadccea6

        Process Activities

        Network Activities


        General

        Start time (UTC):20:19:29
        Start date (UTC):02/04/2025
        Path:/tmp/xd.ppc.elf
        Arguments:-
        File size:5388968 bytes
        MD5 hash:ae65271c943d3451b7f026d1fadccea6

        File Activities

        Process Activities


        General

        Start time (UTC):20:19:29
        Start date (UTC):02/04/2025
        Path:/tmp/xd.ppc.elf
        Arguments:-
        File size:5388968 bytes
        MD5 hash:ae65271c943d3451b7f026d1fadccea6

        File Activities

        Process Activities


        General

        Start time (UTC):20:19:29
        Start date (UTC):02/04/2025
        Path:/tmp/xd.ppc.elf
        Arguments:-
        File size:5388968 bytes
        MD5 hash:ae65271c943d3451b7f026d1fadccea6

        Process Activities

        Network Activities


        General

        Start time (UTC):20:19:42
        Start date (UTC):02/04/2025
        Path:/usr/lib/systemd/systemd
        Arguments:-
        File size:1620224 bytes
        MD5 hash:9b2bec7092a40488108543f9334aab75

        Process Activities


        General

        Start time (UTC):20:19:42
        Start date (UTC):02/04/2025
        Path:/usr/bin/journalctl
        Arguments:/usr/bin/journalctl --smart-relinquish-var
        File size:80120 bytes
        MD5 hash:bf3a987344f3bacafc44efd882abda8b

        File Activities

        Process Activities


        General

        Start time (UTC):20:19:42
        Start date (UTC):02/04/2025
        Path:/usr/lib/systemd/systemd
        Arguments:-
        File size:1620224 bytes
        MD5 hash:9b2bec7092a40488108543f9334aab75

        File Activities

        Process Activities

        Network Activities


        General

        Start time (UTC):20:19:42
        Start date (UTC):02/04/2025
        Path:/usr/lib/systemd/systemd
        Arguments:-
        File size:1620224 bytes
        MD5 hash:9b2bec7092a40488108543f9334aab75

        File Activities

        Process Activities

        Network Activities


        General

        Start time (UTC):20:19:42
        Start date (UTC):02/04/2025
        Path:/usr/lib/systemd/systemd
        Arguments:-
        File size:1620224 bytes
        MD5 hash:9b2bec7092a40488108543f9334aab75

        File Activities

        Process Activities

        Network Activities


        General

        Start time (UTC):20:19:42
        Start date (UTC):02/04/2025
        Path:/usr/lib/systemd/systemd
        Arguments:-
        File size:1620224 bytes
        MD5 hash:9b2bec7092a40488108543f9334aab75

        File Activities

        Process Activities

        Network Activities


        General

        Start time (UTC):20:19:42
        Start date (UTC):02/04/2025
        Path:/usr/lib/systemd/systemd
        Arguments:-
        File size:1620224 bytes
        MD5 hash:9b2bec7092a40488108543f9334aab75

        File Activities

        Process Activities

        Network Activities


        General

        Start time (UTC):20:19:55
        Start date (UTC):02/04/2025
        Path:/usr/sbin/gdm3
        Arguments:-
        File size:453296 bytes
        MD5 hash:2492e2d8d34f9377e3e530a61a15674f

        Process Activities


        General

        Start time (UTC):20:19:55
        Start date (UTC):02/04/2025
        Path:/etc/gdm3/PrimeOff/Default
        Arguments:/etc/gdm3/PrimeOff/Default
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        File Activities


        General

        Start time (UTC):20:19:55
        Start date (UTC):02/04/2025
        Path:/usr/lib/systemd/systemd
        Arguments:-
        File size:1620224 bytes
        MD5 hash:9b2bec7092a40488108543f9334aab75

        File Activities

        Process Activities

        Network Activities


        General

        Start time (UTC):20:19:55
        Start date (UTC):02/04/2025
        Path:/usr/lib/systemd/systemd
        Arguments:-
        File size:1620224 bytes
        MD5 hash:9b2bec7092a40488108543f9334aab75

        File Activities

        Process Activities

        Network Activities


        General

        Start time (UTC):20:19:55
        Start date (UTC):02/04/2025
        Path:/usr/lib/systemd/systemd
        Arguments:-
        File size:1620224 bytes
        MD5 hash:9b2bec7092a40488108543f9334aab75

        File Activities

        Process Activities

        Network Activities


        General

        Start time (UTC):20:19:55
        Start date (UTC):02/04/2025
        Path:/usr/lib/systemd/systemd
        Arguments:-
        File size:1620224 bytes
        MD5 hash:9b2bec7092a40488108543f9334aab75

        File Activities

        Process Activities

        Network Activities


        General

        Start time (UTC):20:19:55
        Start date (UTC):02/04/2025
        Path:/usr/lib/systemd/systemd
        Arguments:-
        File size:1620224 bytes
        MD5 hash:9b2bec7092a40488108543f9334aab75

        File Activities

        Process Activities

        Network Activities


        General

        Start time (UTC):20:19:55
        Start date (UTC):02/04/2025
        Path:/usr/sbin/gdm3
        Arguments:-
        File size:453296 bytes
        MD5 hash:2492e2d8d34f9377e3e530a61a15674f

        Process Activities


        General

        Start time (UTC):20:19:55
        Start date (UTC):02/04/2025
        Path:/etc/gdm3/PrimeOff/Default
        Arguments:/etc/gdm3/PrimeOff/Default
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        File Activities


        General

        Start time (UTC):20:19:55
        Start date (UTC):02/04/2025
        Path:/usr/lib/systemd/systemd
        Arguments:-
        File size:1620224 bytes
        MD5 hash:9b2bec7092a40488108543f9334aab75

        File Activities

        Process Activities

        Network Activities


        General

        Start time (UTC):20:19:55
        Start date (UTC):02/04/2025
        Path:/usr/lib/systemd/systemd
        Arguments:-
        File size:1620224 bytes
        MD5 hash:9b2bec7092a40488108543f9334aab75

        File Activities

        Process Activities

        Network Activities


        General

        Start time (UTC):20:19:55
        Start date (UTC):02/04/2025
        Path:/usr/sbin/gdm3
        Arguments:-
        File size:453296 bytes
        MD5 hash:2492e2d8d34f9377e3e530a61a15674f

        Process Activities


        General

        Start time (UTC):20:19:55
        Start date (UTC):02/04/2025
        Path:/etc/gdm3/PrimeOff/Default
        Arguments:/etc/gdm3/PrimeOff/Default
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        File Activities


        General

        Start time (UTC):20:19:56
        Start date (UTC):02/04/2025
        Path:/usr/lib/systemd/systemd
        Arguments:-
        File size:1620224 bytes
        MD5 hash:9b2bec7092a40488108543f9334aab75

        Process Activities


        General

        Start time (UTC):20:19:56
        Start date (UTC):02/04/2025
        Path:/usr/bin/pulseaudio
        Arguments:/usr/bin/pulseaudio --daemonize=no --log-target=journal
        File size:100832 bytes
        MD5 hash:0c3b4c789d8ffb12b25507f27e14c186

        File Activities

        Process Activities

        System Activities

        Network Activities


        General

        Start time (UTC):20:19:56
        Start date (UTC):02/04/2025
        Path:/usr/lib/systemd/systemd
        Arguments:-
        File size:1620224 bytes
        MD5 hash:9b2bec7092a40488108543f9334aab75

        File Activities

        Process Activities

        Network Activities


        General

        Start time (UTC):20:19:56
        Start date (UTC):02/04/2025
        Path:/usr/lib/systemd/systemd
        Arguments:-
        File size:1620224 bytes
        MD5 hash:9b2bec7092a40488108543f9334aab75

        File Activities

        Process Activities

        Network Activities


        General

        Start time (UTC):20:19:56
        Start date (UTC):02/04/2025
        Path:/usr/lib/systemd/systemd
        Arguments:-
        File size:1620224 bytes
        MD5 hash:9b2bec7092a40488108543f9334aab75

        File Activities

        Process Activities

        Network Activities


        General

        Start time (UTC):20:20:02
        Start date (UTC):02/04/2025
        Path:/usr/libexec/gvfsd-fuse
        Arguments:-
        File size:47632 bytes
        MD5 hash:d18fbf1cbf8eb57b17fac48b7b4be933

        Process Activities


        General

        Start time (UTC):20:20:02
        Start date (UTC):02/04/2025
        Path:/bin/fusermount
        Arguments:fusermount -u -q -z -- /run/user/1000/gvfs
        File size:39144 bytes
        MD5 hash:576a1b135c82bdcbc97a91acea900566

        File Activities

        Network Activities


        General

        Start time (UTC):20:21:32
        Start date (UTC):02/04/2025
        Path:/usr/lib/systemd/systemd (deleted)
        Arguments:-
        File size:1620224 bytes
        MD5 hash:9b2bec7092a40488108543f9334aab75

        File Activities

        Process Activities

        Network Activities