Create Interactive Tour

Linux Analysis Report
xd.mpsl.elf

Overview

General Information

Sample name:xd.mpsl.elf
Analysis ID:1655055
MD5:0a450ed1af6d7859d660cb5493e5ca88
SHA1:bc664793ae8b447fa7297e99c6e04ccb4a02bd96
SHA256:5139565baf80cdd3a237fbf73d787096cf0ef7f41a32eb8af7b20383fd9efab7
Tags:elfuser-abuse_ch
Infos:

Detection

Mirai
Score:100
Range:0 - 100

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Mirai
Sample deletes itself
Sample is packed with UPX
Sample reads /proc/mounts (often used for finding a writable filesystem)
Sample tries to kill multiple processes (SIGKILL)
Deletes log files
Detected TCP or UDP traffic on non-standard ports
ELF contains segments with high entropy indicating compressed/encrypted content
Enumerates processes within the "proc" file system
Executes commands using a shell command-line interpreter
Executes the "grep" command used to find patterns in files or piped streams
Executes the "kill" or "pkill" command typically used to terminate processes
Executes the "rm" command used to delete files or directories
Reads CPU information from /sys indicative of miner or evasive malware
Sample contains only a LOAD segment without any section mappings
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Sample tries to set the executable flag
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
Joe Sandbox version:42.0.0 Malachite
Analysis ID:1655055
Start date and time:2025-04-02 22:23:37 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 37s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:xd.mpsl.elf
Detection:MAL
Classification:mal100.spre.troj.evad.linELF@0/16@0/0
  • Connection to analysis system has been lost, crash info: Unknown
  • system is lnxubuntu20
  • systemd New Fork (PID: 5466, Parent: 1)
  • journalctl (PID: 5466, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --smart-relinquish-var
  • systemd New Fork (PID: 5480, Parent: 1)
  • systemd New Fork (PID: 5481, Parent: 1)
  • systemd New Fork (PID: 5482, Parent: 1)
  • systemd New Fork (PID: 5483, Parent: 1)
  • systemd New Fork (PID: 5484, Parent: 1)
  • systemd New Fork (PID: 5539, Parent: 1)
  • systemd New Fork (PID: 5540, Parent: 1)
  • systemd New Fork (PID: 5543, Parent: 1)
  • systemd New Fork (PID: 5545, Parent: 1)
  • systemd New Fork (PID: 5546, Parent: 1)
  • systemd New Fork (PID: 5547, Parent: 1)
  • systemd New Fork (PID: 5548, Parent: 1)
  • systemd New Fork (PID: 5549, Parent: 2935)
  • pulseaudio (PID: 5549, Parent: 2935, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal
  • gdm3 New Fork (PID: 5550, Parent: 1400)
  • Default (PID: 5550, Parent: 1400, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 5551, Parent: 1400)
  • Default (PID: 5551, Parent: 1400, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 5552, Parent: 1400)
  • Default (PID: 5552, Parent: 1400, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • systemd New Fork (PID: 5553, Parent: 1)
  • systemd New Fork (PID: 5555, Parent: 1)
  • systemd New Fork (PID: 5556, Parent: 1)
  • systemd New Fork (PID: 5558, Parent: 1)
  • gpu-manager (PID: 5558, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log
    • sh (PID: 5559, Parent: 5558, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 5560, Parent: 5559)
      • grep (PID: 5560, Parent: 5559, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 5561, Parent: 5558, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 5562, Parent: 5561)
      • grep (PID: 5562, Parent: 5561, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 5563, Parent: 5558, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 5564, Parent: 5563)
      • grep (PID: 5564, Parent: 5563, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 5565, Parent: 5558, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 5566, Parent: 5565)
      • grep (PID: 5566, Parent: 5565, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 5567, Parent: 5558, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 5568, Parent: 5567)
      • grep (PID: 5568, Parent: 5567, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 5569, Parent: 5558, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 5570, Parent: 5569)
      • grep (PID: 5570, Parent: 5569, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 5571, Parent: 5558, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 5572, Parent: 5571)
      • grep (PID: 5572, Parent: 5571, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 5573, Parent: 5558, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 5574, Parent: 5573)
      • grep (PID: 5574, Parent: 5573, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
  • systemd New Fork (PID: 5575, Parent: 1)
  • generate-config (PID: 5575, Parent: 1, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/gdm/generate-config
    • pkill (PID: 5576, Parent: 5575, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill --signal HUP --uid gdm dconf-service
  • gdm-wait-for-drm (PID: 5577, Parent: 1, MD5: 82043ba752c6930b4e6aaea2f7747545) Arguments: /usr/lib/gdm3/gdm-wait-for-drm
  • fusermount (PID: 5578, Parent: 3122, MD5: 576a1b135c82bdcbc97a91acea900566) Arguments: fusermount -u -q -z -- /run/user/1000/gvfs
  • dash New Fork (PID: 5582, Parent: 3578)
  • rm (PID: 5582, Parent: 3578, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.06jbdO8dPm /tmp/tmp.0Tm9n5dnO5 /tmp/tmp.2hKiLMWhVp
  • dash New Fork (PID: 5583, Parent: 3578)
  • rm (PID: 5583, Parent: 3578, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.06jbdO8dPm /tmp/tmp.0Tm9n5dnO5 /tmp/tmp.2hKiLMWhVp
  • gdm3 (PID: 5584, Parent: 1, MD5: 2492e2d8d34f9377e3e530a61a15674f) Arguments: /usr/sbin/gdm3
  • gpu-manager (PID: 5604, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log
  • gpu-manager (PID: 5614, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log
  • gpu-manager (PID: 5624, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log
  • gpu-manager (PID: 5634, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log
  • gpu-manager (PID: 5644, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log
  • plymouth (PID: 5654, Parent: 1, MD5: 87003efd8dad470042f5e75360a8f49f) Arguments: /bin/plymouth quit
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai
SourceRuleDescriptionAuthorStrings
5442.1.00007fba10400000.00007fba10416000.r-x.sdmpJoeSecurity_Mirai_9Yara detected MiraiJoe Security
    5442.1.00007fba10400000.00007fba10416000.r-x.sdmpJoeSecurity_Mirai_5Yara detected MiraiJoe Security
      5442.1.00007fba10400000.00007fba10416000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
        5442.1.00007fba10400000.00007fba10416000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
        • 0x14118:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x1412c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x14140:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x14154:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x14168:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x1417c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x14190:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x141a4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x141b8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x141cc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x141e0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x141f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x14208:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x1421c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x14230:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x14244:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x14258:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x1426c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x14280:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x14294:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x142a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        5442.1.00007fba10400000.00007fba10416000.r-x.sdmpLinux_Trojan_Gafgyt_ea92cca8unknownunknown
        • 0x140b4:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
        Click to see the 61 entries
        No Suricata rule has matched

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Source: xd.mpsl.elfAvira: detected
        Source: xd.mpsl.elfReversingLabs: Detection: 47%
        Source: /usr/bin/pulseaudio (PID: 5549)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
        Source: /usr/bin/pkill (PID: 5576)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
        Source: global trafficTCP traffic: 192.168.2.13:52644 -> 213.209.129.92:7887
        Source: /tmp/xd.mpsl.elf (PID: 5434)Socket: 0.0.0.0:23Jump to behavior
        Source: /tmp/xd.mpsl.elf (PID: 5434)Socket: 0.0.0.0:0Jump to behavior
        Source: /tmp/xd.mpsl.elf (PID: 5434)Socket: 0.0.0.0:80Jump to behavior
        Source: /tmp/xd.mpsl.elf (PID: 5434)Socket: 0.0.0.0:81Jump to behavior
        Source: /tmp/xd.mpsl.elf (PID: 5434)Socket: 0.0.0.0:8443Jump to behavior
        Source: /tmp/xd.mpsl.elf (PID: 5434)Socket: 0.0.0.0:9009Jump to behavior
        Source: unknownTCP traffic detected without corresponding DNS query: 213.209.129.92
        Source: unknownTCP traffic detected without corresponding DNS query: 14.84.119.9
        Source: unknownTCP traffic detected without corresponding DNS query: 152.93.124.9
        Source: unknownTCP traffic detected without corresponding DNS query: 222.223.55.255
        Source: unknownTCP traffic detected without corresponding DNS query: 4.97.44.22
        Source: unknownTCP traffic detected without corresponding DNS query: 109.111.166.193
        Source: unknownTCP traffic detected without corresponding DNS query: 122.4.160.198
        Source: unknownTCP traffic detected without corresponding DNS query: 45.245.237.178
        Source: unknownTCP traffic detected without corresponding DNS query: 90.115.153.192
        Source: unknownTCP traffic detected without corresponding DNS query: 47.11.249.16
        Source: unknownTCP traffic detected without corresponding DNS query: 190.252.140.36
        Source: unknownTCP traffic detected without corresponding DNS query: 196.23.175.62
        Source: unknownTCP traffic detected without corresponding DNS query: 47.92.114.226
        Source: unknownTCP traffic detected without corresponding DNS query: 142.133.2.248
        Source: unknownTCP traffic detected without corresponding DNS query: 2.61.155.91
        Source: unknownTCP traffic detected without corresponding DNS query: 198.28.95.213
        Source: unknownTCP traffic detected without corresponding DNS query: 38.142.138.76
        Source: unknownTCP traffic detected without corresponding DNS query: 182.213.177.216
        Source: unknownTCP traffic detected without corresponding DNS query: 95.177.191.224
        Source: unknownTCP traffic detected without corresponding DNS query: 182.254.0.207
        Source: unknownTCP traffic detected without corresponding DNS query: 48.164.220.253
        Source: unknownTCP traffic detected without corresponding DNS query: 115.68.124.126
        Source: unknownTCP traffic detected without corresponding DNS query: 14.170.155.177
        Source: unknownTCP traffic detected without corresponding DNS query: 63.161.244.199
        Source: unknownTCP traffic detected without corresponding DNS query: 80.253.101.182
        Source: unknownTCP traffic detected without corresponding DNS query: 207.233.127.98
        Source: unknownTCP traffic detected without corresponding DNS query: 150.251.116.154
        Source: unknownTCP traffic detected without corresponding DNS query: 192.243.145.59
        Source: unknownTCP traffic detected without corresponding DNS query: 206.15.115.110
        Source: unknownTCP traffic detected without corresponding DNS query: 207.168.136.247
        Source: unknownTCP traffic detected without corresponding DNS query: 1.117.25.77
        Source: unknownTCP traffic detected without corresponding DNS query: 93.127.151.156
        Source: unknownTCP traffic detected without corresponding DNS query: 123.175.214.49
        Source: unknownTCP traffic detected without corresponding DNS query: 250.224.5.163
        Source: unknownTCP traffic detected without corresponding DNS query: 86.90.190.65
        Source: unknownTCP traffic detected without corresponding DNS query: 189.146.142.12
        Source: unknownTCP traffic detected without corresponding DNS query: 205.246.98.139
        Source: unknownTCP traffic detected without corresponding DNS query: 75.11.20.93
        Source: unknownTCP traffic detected without corresponding DNS query: 109.137.220.217
        Source: unknownTCP traffic detected without corresponding DNS query: 143.4.0.72
        Source: unknownTCP traffic detected without corresponding DNS query: 182.230.197.164
        Source: unknownTCP traffic detected without corresponding DNS query: 248.219.125.121
        Source: unknownTCP traffic detected without corresponding DNS query: 178.104.82.212
        Source: unknownTCP traffic detected without corresponding DNS query: 5.51.226.254
        Source: unknownTCP traffic detected without corresponding DNS query: 165.82.14.146
        Source: unknownTCP traffic detected without corresponding DNS query: 167.167.167.168
        Source: unknownTCP traffic detected without corresponding DNS query: 44.21.0.13
        Source: unknownTCP traffic detected without corresponding DNS query: 249.29.163.251
        Source: unknownTCP traffic detected without corresponding DNS query: 57.67.31.196
        Source: unknownTCP traffic detected without corresponding DNS query: 220.198.254.21
        Source: xd.mpsl.elfString found in binary or memory: http://upx.sf.net
        Source: unknownNetwork traffic detected: HTTP traffic on port 57216 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57216

        System Summary

        barindex
        Source: 5442.1.00007fba10400000.00007fba10416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: 5442.1.00007fba10400000.00007fba10416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: 5442.1.00007fba10400000.00007fba10416000.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
        Source: 5442.1.00007fba10400000.00007fba10416000.r-x.sdmp, type: MEMORYMatched rule: Detects ELF malware Mirai related Author: Florian Roth
        Source: 5438.1.00007fba10400000.00007fba10416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: 5438.1.00007fba10400000.00007fba10416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: 5438.1.00007fba10400000.00007fba10416000.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
        Source: 5438.1.00007fba10400000.00007fba10416000.r-x.sdmp, type: MEMORYMatched rule: Detects ELF malware Mirai related Author: Florian Roth
        Source: 5449.1.00007fba10400000.00007fba10416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: 5449.1.00007fba10400000.00007fba10416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: 5449.1.00007fba10400000.00007fba10416000.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
        Source: 5449.1.00007fba10400000.00007fba10416000.r-x.sdmp, type: MEMORYMatched rule: Detects ELF malware Mirai related Author: Florian Roth
        Source: 5436.1.00007fba10400000.00007fba10416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: 5436.1.00007fba10400000.00007fba10416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: 5436.1.00007fba10400000.00007fba10416000.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
        Source: 5436.1.00007fba10400000.00007fba10416000.r-x.sdmp, type: MEMORYMatched rule: Detects ELF malware Mirai related Author: Florian Roth
        Source: 5446.1.00007fba10400000.00007fba10416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: 5446.1.00007fba10400000.00007fba10416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: 5446.1.00007fba10400000.00007fba10416000.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
        Source: 5446.1.00007fba10400000.00007fba10416000.r-x.sdmp, type: MEMORYMatched rule: Detects ELF malware Mirai related Author: Florian Roth
        Source: 5432.1.00007fba10400000.00007fba10416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: 5432.1.00007fba10400000.00007fba10416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: 5432.1.00007fba10400000.00007fba10416000.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
        Source: 5432.1.00007fba10400000.00007fba10416000.r-x.sdmp, type: MEMORYMatched rule: Detects ELF malware Mirai related Author: Florian Roth
        Source: Process Memory Space: xd.mpsl.elf PID: 5432, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: Process Memory Space: xd.mpsl.elf PID: 5432, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: Process Memory Space: xd.mpsl.elf PID: 5436, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: Process Memory Space: xd.mpsl.elf PID: 5436, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: Process Memory Space: xd.mpsl.elf PID: 5438, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: Process Memory Space: xd.mpsl.elf PID: 5438, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: Process Memory Space: xd.mpsl.elf PID: 5442, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: Process Memory Space: xd.mpsl.elf PID: 5442, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: Process Memory Space: xd.mpsl.elf PID: 5446, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: Process Memory Space: xd.mpsl.elf PID: 5446, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: Process Memory Space: xd.mpsl.elf PID: 5449, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: Process Memory Space: xd.mpsl.elf PID: 5449, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: /tmp/xd.mpsl.elf (PID: 5434)SIGKILL sent: pid: 936, result: successfulJump to behavior
        Source: /tmp/xd.mpsl.elf (PID: 5434)SIGKILL sent: pid: 490, result: successfulJump to behavior
        Source: /tmp/xd.mpsl.elf (PID: 5434)SIGKILL sent: pid: 726, result: successfulJump to behavior
        Source: /tmp/xd.mpsl.elf (PID: 5434)SIGKILL sent: pid: 727, result: successfulJump to behavior
        Source: /tmp/xd.mpsl.elf (PID: 5434)SIGKILL sent: pid: 765, result: successfulJump to behavior
        Source: /tmp/xd.mpsl.elf (PID: 5434)SIGKILL sent: pid: 767, result: successfulJump to behavior
        Source: /tmp/xd.mpsl.elf (PID: 5434)SIGKILL sent: pid: 778, result: successfulJump to behavior
        Source: /tmp/xd.mpsl.elf (PID: 5434)SIGKILL sent: pid: 780, result: successfulJump to behavior
        Source: /tmp/xd.mpsl.elf (PID: 5434)SIGKILL sent: pid: 783, result: successfulJump to behavior
        Source: /tmp/xd.mpsl.elf (PID: 5434)SIGKILL sent: pid: 790, result: successfulJump to behavior
        Source: /tmp/xd.mpsl.elf (PID: 5434)SIGKILL sent: pid: 792, result: successfulJump to behavior
        Source: /tmp/xd.mpsl.elf (PID: 5434)SIGKILL sent: pid: 793, result: successfulJump to behavior
        Source: /tmp/xd.mpsl.elf (PID: 5434)SIGKILL sent: pid: 795, result: successfulJump to behavior
        Source: /tmp/xd.mpsl.elf (PID: 5434)SIGKILL sent: pid: 800, result: successfulJump to behavior
        Source: /tmp/xd.mpsl.elf (PID: 5434)SIGKILL sent: pid: 1410, result: successfulJump to behavior
        Source: /tmp/xd.mpsl.elf (PID: 5434)SIGKILL sent: pid: 1411, result: successfulJump to behavior
        Source: /tmp/xd.mpsl.elf (PID: 5434)SIGKILL sent: pid: 1432, result: successfulJump to behavior
        Source: /tmp/xd.mpsl.elf (PID: 5434)SIGKILL sent: pid: 2935, result: successfulJump to behavior
        Source: /tmp/xd.mpsl.elf (PID: 5434)SIGKILL sent: pid: 2936, result: successfulJump to behavior
        Source: /tmp/xd.mpsl.elf (PID: 5434)SIGKILL sent: pid: 2970, result: successfulJump to behavior
        Source: /tmp/xd.mpsl.elf (PID: 5434)SIGKILL sent: pid: 3069, result: successfulJump to behavior
        Source: /tmp/xd.mpsl.elf (PID: 5434)SIGKILL sent: pid: 3132, result: successfulJump to behavior
        Source: /tmp/xd.mpsl.elf (PID: 5434)SIGKILL sent: pid: 5275, result: successfulJump to behavior
        Source: /tmp/xd.mpsl.elf (PID: 5434)SIGKILL sent: pid: 5417, result: successfulJump to behavior
        Source: /tmp/xd.mpsl.elf (PID: 5434)SIGKILL sent: pid: 5418, result: successfulJump to behavior
        Source: /tmp/xd.mpsl.elf (PID: 5434)SIGKILL sent: pid: 5549, result: successfulJump to behavior
        Source: /tmp/xd.mpsl.elf (PID: 5434)SIGKILL sent: pid: 5584, result: successfulJump to behavior
        Source: /tmp/xd.mpsl.elf (PID: 5438)SIGKILL sent: pid: -5438, result: unknownJump to behavior
        Source: LOAD without section mappingsProgram segment: 0x100000
        Source: /tmp/xd.mpsl.elf (PID: 5434)SIGKILL sent: pid: 936, result: successfulJump to behavior
        Source: /tmp/xd.mpsl.elf (PID: 5434)SIGKILL sent: pid: 490, result: successfulJump to behavior
        Source: /tmp/xd.mpsl.elf (PID: 5434)SIGKILL sent: pid: 726, result: successfulJump to behavior
        Source: /tmp/xd.mpsl.elf (PID: 5434)SIGKILL sent: pid: 727, result: successfulJump to behavior
        Source: /tmp/xd.mpsl.elf (PID: 5434)SIGKILL sent: pid: 765, result: successfulJump to behavior
        Source: /tmp/xd.mpsl.elf (PID: 5434)SIGKILL sent: pid: 767, result: successfulJump to behavior
        Source: /tmp/xd.mpsl.elf (PID: 5434)SIGKILL sent: pid: 778, result: successfulJump to behavior
        Source: /tmp/xd.mpsl.elf (PID: 5434)SIGKILL sent: pid: 780, result: successfulJump to behavior
        Source: /tmp/xd.mpsl.elf (PID: 5434)SIGKILL sent: pid: 783, result: successfulJump to behavior
        Source: /tmp/xd.mpsl.elf (PID: 5434)SIGKILL sent: pid: 790, result: successfulJump to behavior
        Source: /tmp/xd.mpsl.elf (PID: 5434)SIGKILL sent: pid: 792, result: successfulJump to behavior
        Source: /tmp/xd.mpsl.elf (PID: 5434)SIGKILL sent: pid: 793, result: successfulJump to behavior
        Source: /tmp/xd.mpsl.elf (PID: 5434)SIGKILL sent: pid: 795, result: successfulJump to behavior
        Source: /tmp/xd.mpsl.elf (PID: 5434)SIGKILL sent: pid: 800, result: successfulJump to behavior
        Source: /tmp/xd.mpsl.elf (PID: 5434)SIGKILL sent: pid: 1410, result: successfulJump to behavior
        Source: /tmp/xd.mpsl.elf (PID: 5434)SIGKILL sent: pid: 1411, result: successfulJump to behavior
        Source: /tmp/xd.mpsl.elf (PID: 5434)SIGKILL sent: pid: 1432, result: successfulJump to behavior
        Source: /tmp/xd.mpsl.elf (PID: 5434)SIGKILL sent: pid: 2935, result: successfulJump to behavior
        Source: /tmp/xd.mpsl.elf (PID: 5434)SIGKILL sent: pid: 2936, result: successfulJump to behavior
        Source: /tmp/xd.mpsl.elf (PID: 5434)SIGKILL sent: pid: 2970, result: successfulJump to behavior
        Source: /tmp/xd.mpsl.elf (PID: 5434)SIGKILL sent: pid: 3069, result: successfulJump to behavior
        Source: /tmp/xd.mpsl.elf (PID: 5434)SIGKILL sent: pid: 3132, result: successfulJump to behavior
        Source: /tmp/xd.mpsl.elf (PID: 5434)SIGKILL sent: pid: 5275, result: successfulJump to behavior
        Source: /tmp/xd.mpsl.elf (PID: 5434)SIGKILL sent: pid: 5417, result: successfulJump to behavior
        Source: /tmp/xd.mpsl.elf (PID: 5434)SIGKILL sent: pid: 5418, result: successfulJump to behavior
        Source: /tmp/xd.mpsl.elf (PID: 5434)SIGKILL sent: pid: 5549, result: successfulJump to behavior
        Source: /tmp/xd.mpsl.elf (PID: 5434)SIGKILL sent: pid: 5584, result: successfulJump to behavior
        Source: /tmp/xd.mpsl.elf (PID: 5438)SIGKILL sent: pid: -5438, result: unknownJump to behavior
        Source: 5442.1.00007fba10400000.00007fba10416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: 5442.1.00007fba10400000.00007fba10416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: 5442.1.00007fba10400000.00007fba10416000.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
        Source: 5442.1.00007fba10400000.00007fba10416000.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
        Source: 5438.1.00007fba10400000.00007fba10416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: 5438.1.00007fba10400000.00007fba10416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: 5438.1.00007fba10400000.00007fba10416000.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
        Source: 5438.1.00007fba10400000.00007fba10416000.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
        Source: 5449.1.00007fba10400000.00007fba10416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: 5449.1.00007fba10400000.00007fba10416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: 5449.1.00007fba10400000.00007fba10416000.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
        Source: 5449.1.00007fba10400000.00007fba10416000.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
        Source: 5436.1.00007fba10400000.00007fba10416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: 5436.1.00007fba10400000.00007fba10416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: 5436.1.00007fba10400000.00007fba10416000.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
        Source: 5436.1.00007fba10400000.00007fba10416000.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
        Source: 5446.1.00007fba10400000.00007fba10416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: 5446.1.00007fba10400000.00007fba10416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: 5446.1.00007fba10400000.00007fba10416000.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
        Source: 5446.1.00007fba10400000.00007fba10416000.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
        Source: 5432.1.00007fba10400000.00007fba10416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: 5432.1.00007fba10400000.00007fba10416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: 5432.1.00007fba10400000.00007fba10416000.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
        Source: 5432.1.00007fba10400000.00007fba10416000.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
        Source: Process Memory Space: xd.mpsl.elf PID: 5432, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: Process Memory Space: xd.mpsl.elf PID: 5432, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: Process Memory Space: xd.mpsl.elf PID: 5436, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: Process Memory Space: xd.mpsl.elf PID: 5436, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: Process Memory Space: xd.mpsl.elf PID: 5438, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: Process Memory Space: xd.mpsl.elf PID: 5438, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: Process Memory Space: xd.mpsl.elf PID: 5442, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: Process Memory Space: xd.mpsl.elf PID: 5442, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: Process Memory Space: xd.mpsl.elf PID: 5446, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: Process Memory Space: xd.mpsl.elf PID: 5446, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: Process Memory Space: xd.mpsl.elf PID: 5449, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: Process Memory Space: xd.mpsl.elf PID: 5449, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: classification engineClassification label: mal100.spre.troj.evad.linELF@0/16@0/0

        Data Obfuscation

        barindex
        Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
        Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
        Source: initial sampleString containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $

        Persistence and Installation Behavior

        barindex
        Source: /bin/fusermount (PID: 5578)File: /proc/5578/mountsJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/230/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/230/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/110/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/110/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/231/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/231/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/111/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/111/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/232/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/232/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/112/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/112/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/233/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/233/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/113/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/113/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/234/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/234/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/114/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/114/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/235/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/235/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/115/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/115/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/236/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/236/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/116/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/116/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/237/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/237/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/117/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/117/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/238/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/238/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/118/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/118/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/239/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/239/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/119/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/119/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/10/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/10/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/11/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/11/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/12/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/12/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/13/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/13/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/14/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/14/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/5275/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/5275/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/15/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/15/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/16/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/16/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/17/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/17/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/18/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/18/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/19/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/19/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/240/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/240/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/3095/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/3095/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/120/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/120/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/241/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/241/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/121/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/121/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/242/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/242/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/1/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/1/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/122/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/122/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/243/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/243/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/2/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/2/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/123/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/123/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/244/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/244/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/3/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/3/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/124/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/124/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/245/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/245/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/125/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/125/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/4/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/4/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/246/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/246/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/126/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/126/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/5/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/5/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/247/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/247/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/127/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5576)File opened: /proc/127/cmdlineJump to behavior
        Source: /usr/bin/gpu-manager (PID: 5559)Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"Jump to behavior
        Source: /usr/bin/gpu-manager (PID: 5561)Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"Jump to behavior
        Source: /usr/bin/gpu-manager (PID: 5563)Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"Jump to behavior
        Source: /usr/bin/gpu-manager (PID: 5565)Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"Jump to behavior
        Source: /usr/bin/gpu-manager (PID: 5567)Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"Jump to behavior
        Source: /usr/bin/gpu-manager (PID: 5569)Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"Jump to behavior
        Source: /usr/bin/gpu-manager (PID: 5571)Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"Jump to behavior
        Source: /usr/bin/gpu-manager (PID: 5573)Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"Jump to behavior
        Source: /bin/sh (PID: 5560)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.confJump to behavior
        Source: /bin/sh (PID: 5562)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.confJump to behavior
        Source: /bin/sh (PID: 5564)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.confJump to behavior
        Source: /bin/sh (PID: 5566)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.confJump to behavior
        Source: /bin/sh (PID: 5568)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.confJump to behavior
        Source: /bin/sh (PID: 5570)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.confJump to behavior
        Source: /bin/sh (PID: 5572)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.confJump to behavior
        Source: /bin/sh (PID: 5574)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.confJump to behavior
        Source: /usr/share/gdm/generate-config (PID: 5576)Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-serviceJump to behavior
        Source: /usr/bin/dash (PID: 5582)Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.06jbdO8dPm /tmp/tmp.0Tm9n5dnO5 /tmp/tmp.2hKiLMWhVpJump to behavior
        Source: /usr/bin/dash (PID: 5583)Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.06jbdO8dPm /tmp/tmp.0Tm9n5dnO5 /tmp/tmp.2hKiLMWhVpJump to behavior
        Source: /usr/sbin/gdm3 (PID: 5584)File: /var/run/gdm3 (bits: - usr: -x grp: x all: rwx)Jump to behavior
        Source: /usr/sbin/gdm3 (PID: 5584)File: /var/log/gdm3 (bits: - usr: -x grp: x all: rwx)Jump to behavior
        Source: /usr/bin/gpu-manager (PID: 5558)Log file created: /var/log/gpu-manager.log
        Source: /usr/bin/gpu-manager (PID: 5604)Log file created: /var/log/gpu-manager.log
        Source: /usr/bin/gpu-manager (PID: 5614)Log file created: /var/log/gpu-manager.log
        Source: /usr/bin/gpu-manager (PID: 5624)Log file created: /var/log/gpu-manager.log
        Source: /usr/bin/gpu-manager (PID: 5634)Log file created: /var/log/gpu-manager.log
        Source: /usr/bin/gpu-manager (PID: 5644)Log file created: /var/log/gpu-manager.logJump to dropped file

        Hooking and other Techniques for Hiding and Protection

        barindex
        Source: /tmp/xd.mpsl.elf (PID: 5434)File: /usr/lib/systemd/systemdJump to behavior
        Source: /tmp/xd.mpsl.elf (PID: 5434)File: /usr/lib/systemd/systemd (deleted)Jump to behavior
        Source: /tmp/xd.mpsl.elf (PID: 5434)File: /usr/bin/dashJump to behavior
        Source: /tmp/xd.mpsl.elf (PID: 5434)File: /usr/bin/pulseaudioJump to behavior
        Source: /tmp/xd.mpsl.elf (PID: 5434)File: /usr/sbin/gdm3Jump to behavior
        Source: xd.mpsl.elfSubmission file: segment LOAD with 7.9083 entropy (max. 8.0)
        Source: /usr/bin/gpu-manager (PID: 5558)Truncated file: /var/log/gpu-manager.logJump to behavior
        Source: /usr/bin/gpu-manager (PID: 5604)Truncated file: /var/log/gpu-manager.logJump to behavior
        Source: /usr/bin/gpu-manager (PID: 5614)Truncated file: /var/log/gpu-manager.logJump to behavior
        Source: /usr/bin/gpu-manager (PID: 5624)Truncated file: /var/log/gpu-manager.logJump to behavior
        Source: /usr/bin/gpu-manager (PID: 5634)Truncated file: /var/log/gpu-manager.logJump to behavior
        Source: /usr/bin/gpu-manager (PID: 5644)Truncated file: /var/log/gpu-manager.logJump to behavior
        Source: /usr/bin/pulseaudio (PID: 5549)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
        Source: /usr/bin/pkill (PID: 5576)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
        Source: /tmp/xd.mpsl.elf (PID: 5432)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/bin/pulseaudio (PID: 5549)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/bin/gpu-manager (PID: 5558)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/bin/gpu-manager (PID: 5604)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/bin/gpu-manager (PID: 5614)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/bin/gpu-manager (PID: 5624)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/bin/gpu-manager (PID: 5634)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/bin/gpu-manager (PID: 5644)Queries kernel information via 'uname': Jump to behavior
        Source: xd.mpsl.elf, 5432.1.00005557927f2000.0000555792879000.rw-.sdmp, xd.mpsl.elf, 5436.1.00005557927f2000.0000555792879000.rw-.sdmp, xd.mpsl.elf, 5438.1.00005557927f2000.0000555792879000.rw-.sdmp, xd.mpsl.elf, 5442.1.00005557927f2000.0000555792879000.rw-.sdmp, xd.mpsl.elf, 5446.1.00005557927f2000.0000555792879000.rw-.sdmp, xd.mpsl.elf, 5449.1.00005557927f2000.0000555792879000.rw-.sdmpBinary or memory string: WU!/etc/qemu-binfmt/mipsel
        Source: xd.mpsl.elf, 5432.1.00005557927f2000.0000555792879000.rw-.sdmp, xd.mpsl.elf, 5436.1.00005557927f2000.0000555792879000.rw-.sdmp, xd.mpsl.elf, 5438.1.00005557927f2000.0000555792879000.rw-.sdmp, xd.mpsl.elf, 5442.1.00005557927f2000.0000555792879000.rw-.sdmp, xd.mpsl.elf, 5446.1.00005557927f2000.0000555792879000.rw-.sdmp, xd.mpsl.elf, 5449.1.00005557927f2000.0000555792879000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/mipsel
        Source: xd.mpsl.elf, 5432.1.00007ffdc5b4c000.00007ffdc5b6d000.rw-.sdmp, xd.mpsl.elf, 5436.1.00007ffdc5b4c000.00007ffdc5b6d000.rw-.sdmp, xd.mpsl.elf, 5438.1.00007ffdc5b4c000.00007ffdc5b6d000.rw-.sdmp, xd.mpsl.elf, 5442.1.00007ffdc5b4c000.00007ffdc5b6d000.rw-.sdmp, xd.mpsl.elf, 5446.1.00007ffdc5b4c000.00007ffdc5b6d000.rw-.sdmp, xd.mpsl.elf, 5449.1.00007ffdc5b4c000.00007ffdc5b6d000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-mipsel/tmp/xd.mpsl.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/xd.mpsl.elf
        Source: xd.mpsl.elf, 5432.1.00007ffdc5b4c000.00007ffdc5b6d000.rw-.sdmp, xd.mpsl.elf, 5436.1.00007ffdc5b4c000.00007ffdc5b6d000.rw-.sdmp, xd.mpsl.elf, 5438.1.00007ffdc5b4c000.00007ffdc5b6d000.rw-.sdmp, xd.mpsl.elf, 5442.1.00007ffdc5b4c000.00007ffdc5b6d000.rw-.sdmp, xd.mpsl.elf, 5446.1.00007ffdc5b4c000.00007ffdc5b6d000.rw-.sdmp, xd.mpsl.elf, 5449.1.00007ffdc5b4c000.00007ffdc5b6d000.rw-.sdmpBinary or memory string: /usr/bin/qemu-mipsel

        Stealing of Sensitive Information

        barindex
        Source: Yara matchFile source: 5442.1.00007fba10400000.00007fba10416000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 5438.1.00007fba10400000.00007fba10416000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 5449.1.00007fba10400000.00007fba10416000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 5436.1.00007fba10400000.00007fba10416000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 5446.1.00007fba10400000.00007fba10416000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 5432.1.00007fba10400000.00007fba10416000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: xd.mpsl.elf PID: 5432, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: xd.mpsl.elf PID: 5436, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: xd.mpsl.elf PID: 5438, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: xd.mpsl.elf PID: 5442, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: xd.mpsl.elf PID: 5446, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: xd.mpsl.elf PID: 5449, type: MEMORYSTR

        Remote Access Functionality

        barindex
        Source: Yara matchFile source: 5442.1.00007fba10400000.00007fba10416000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 5438.1.00007fba10400000.00007fba10416000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 5449.1.00007fba10400000.00007fba10416000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 5436.1.00007fba10400000.00007fba10416000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 5446.1.00007fba10400000.00007fba10416000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 5432.1.00007fba10400000.00007fba10416000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: xd.mpsl.elf PID: 5432, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: xd.mpsl.elf PID: 5436, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: xd.mpsl.elf PID: 5438, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: xd.mpsl.elf PID: 5442, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: xd.mpsl.elf PID: 5446, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: xd.mpsl.elf PID: 5449, type: MEMORYSTR
        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity Information1
        Scripting
        Valid AccountsWindows Management Instrumentation1
        Scripting
        Path Interception1
        File and Directory Permissions Modification
        1
        OS Credential Dumping
        11
        Security Software Discovery
        Remote ServicesData from Local System1
        Encrypted Channel
        Exfiltration Over Other Network Medium1
        Service Stop
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
        Disable or Modify Tools
        LSASS Memory1
        File and Directory Discovery
        Remote Desktop ProtocolData from Removable Media1
        Non-Standard Port
        Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
        Obfuscated Files or Information
        Security Account Manager1
        System Information Discovery
        SMB/Windows Admin SharesData from Network Shared Drive1
        Application Layer Protocol
        Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
        Indicator Removal
        NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
        File Deletion
        LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
        No configs have been found
        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Number of created Files
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1655055 Sample: xd.mpsl.elf Startdate: 02/04/2025 Architecture: LINUX Score: 100 54 155.89.78.12, 23 movicel-asAO Angola 2->54 56 41.174.93.32, 23 ZOL-ASGB South Africa 2->56 58 98 other IPs or domains 2->58 64 Malicious sample detected (through community Yara rule) 2->64 66 Antivirus / Scanner detection for submitted sample 2->66 68 Multi AV Scanner detection for submitted file 2->68 70 2 other signatures 2->70 8 xd.mpsl.elf 2->8         started        10 systemd gpu-manager 2->10         started        12 gvfsd-fuse fusermount 2->12         started        15 42 other processes 2->15 signatures3 process4 signatures5 17 xd.mpsl.elf 8->17         started        20 xd.mpsl.elf 8->20         started        22 xd.mpsl.elf 8->22         started        24 gpu-manager sh 10->24         started        26 gpu-manager sh 10->26         started        28 gpu-manager sh 10->28         started        32 5 other processes 10->32 72 Sample reads /proc/mounts (often used for finding a writable filesystem) 12->72 30 generate-config pkill 15->30         started        34 40 other processes 15->34 process6 signatures7 60 Sample tries to kill multiple processes (SIGKILL) 17->60 62 Sample deletes itself 17->62 36 xd.mpsl.elf 20->36         started        50 2 other processes 20->50 38 sh grep 24->38         started        40 sh grep 26->40         started        42 sh grep 28->42         started        44 sh grep 32->44         started        46 sh grep 32->46         started        48 sh grep 32->48         started        52 2 other processes 32->52 process8
        SourceDetectionScannerLabelLink
        xd.mpsl.elf47%ReversingLabsLinux.Trojan.Mirai
        xd.mpsl.elf100%AviraEXP/ELF.Agent.M.28
        No Antivirus matches
        No Antivirus matches
        No Antivirus matches

        Download Network PCAP: filteredfull

        No contacted domains info
        NameSourceMaliciousAntivirus DetectionReputation
        http://upx.sf.netxd.mpsl.elffalse
          high
          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs
          IPDomainCountryFlagASNASN NameMalicious
          97.62.209.101
          unknownUnited States
          22394CELLCOUSfalse
          119.203.10.181
          unknownKorea Republic of
          4766KIXS-AS-KRKoreaTelecomKRfalse
          86.125.177.22
          unknownRomania
          8708RCS-RDS73-75DrStaicoviciROfalse
          180.117.61.248
          unknownChina
          137702CHINATELECOM-JIANGSU-NANJING-IDCNanjingJiangsuProvincefalse
          208.87.9.44
          unknownUnited States
          22107COLLABNETUSfalse
          2.61.155.91
          unknownRussian Federation
          12389ROSTELECOM-ASRUfalse
          99.195.58.224
          unknownUnited States
          22561CENTURYLINK-LEGACY-LIGHTCOREUSfalse
          109.137.220.217
          unknownBelgium
          5432PROXIMUS-ISP-ASBEfalse
          104.45.164.55
          unknownUnited States
          8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
          192.138.242.154
          unknownUnited States
          393902CIC-PLUS-INCUSfalse
          16.243.109.221
          unknownUnited States
          unknownunknownfalse
          192.243.145.59
          unknownUnited States
          22284AS22284-DOI-OPSUSfalse
          211.62.217.24
          unknownKorea Republic of
          3786LGDACOMLGDACOMCorporationKRfalse
          123.175.214.49
          unknownChina
          4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
          38.142.138.76
          unknownUnited States
          174COGENT-174USfalse
          182.254.0.207
          unknownChina
          45090CNNIC-TENCENT-NET-APShenzhenTencentComputerSystemsCompafalse
          24.181.109.112
          unknownUnited States
          20115CHARTER-20115USfalse
          113.244.94.110
          unknownChina
          4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
          155.89.78.12
          unknownAngola
          37081movicel-asAOfalse
          106.152.236.194
          unknownJapan2516KDDIKDDICORPORATIONJPfalse
          165.82.14.146
          unknownUnited States
          3777HAVERFORDUSfalse
          63.161.244.199
          unknownUnited States
          1239SPRINTLINKUSfalse
          150.251.116.154
          unknownBelgium
          48647SOLVAYNLfalse
          210.61.175.22
          unknownTaiwan; Republic of China (ROC)
          3462HINETDataCommunicationBusinessGroupTWfalse
          97.18.251.177
          unknownUnited States
          22394CELLCOUSfalse
          109.111.166.193
          unknownRussian Federation
          40995SIBSET-NKZ-ASRUfalse
          197.93.232.222
          unknownSouth Africa
          10474OPTINETZAfalse
          206.15.115.110
          unknownUnited States
          5088AS5088USfalse
          141.49.34.44
          unknownGermany
          60344ASKLEPIOS-ASDEfalse
          32.124.107.121
          unknownUnited States
          7018ATT-INTERNET4USfalse
          181.46.167.154
          unknownArgentina
          27747TelecentroSAARfalse
          45.245.237.178
          unknownEgypt
          24863LINKdotNET-ASEGfalse
          179.228.199.52
          unknownBrazil
          27699TELEFONICABRASILSABRfalse
          222.55.102.165
          unknownChina
          9394CTTNETChinaTieTongTelecommunicationsCorporationCNfalse
          47.92.114.226
          unknownChina
          37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdfalse
          90.115.153.192
          unknownFrance
          3215FranceTelecom-OrangeFRfalse
          71.24.101.190
          unknownUnited States
          7922COMCAST-7922USfalse
          71.13.230.103
          unknownUnited States
          20115CHARTER-20115USfalse
          72.229.209.226
          unknownUnited States
          12271TWC-12271-NYCUSfalse
          106.73.18.109
          unknownJapan2516KDDIKDDICORPORATIONJPfalse
          111.60.66.239
          unknownChina
          9808CMNET-GDGuangdongMobileCommunicationCoLtdCNfalse
          185.28.112.152
          unknownUnited Kingdom
          60228C24-ASGBfalse
          254.233.232.240
          unknownReserved
          unknownunknownfalse
          83.37.26.41
          unknownSpain
          3352TELEFONICA_DE_ESPANAESfalse
          13.208.36.79
          unknownUnited States
          16509AMAZON-02USfalse
          12.53.0.241
          unknownUnited States
          7018ATT-INTERNET4USfalse
          253.87.186.79
          unknownReserved
          unknownunknownfalse
          198.28.95.213
          unknownUnited States
          3902GLAXOSMITHKLINEUSfalse
          187.12.132.94
          unknownBrazil
          7738TelemarNorteLesteSABRfalse
          12.175.207.62
          unknownUnited States
          7018ATT-INTERNET4USfalse
          242.141.230.173
          unknownReserved
          unknownunknownfalse
          204.37.135.91
          unknownUnited States
          1580DNIC-ASBLK-01550-01601USfalse
          150.108.253.187
          unknownUnited States
          32531FORDHAM-UNIVERSITYUSfalse
          248.193.88.141
          unknownReserved
          unknownunknownfalse
          247.214.74.59
          unknownReserved
          unknownunknownfalse
          141.108.113.41
          unknownItaly
          137ASGARRConsortiumGARREUfalse
          207.233.127.98
          unknownUnited States
          2152CSUNET-NWUSfalse
          47.11.249.16
          unknownIndia
          55836RELIANCEJIO-INRelianceJioInfocommLimitedINfalse
          4.97.44.22
          unknownUnited States
          3356LEVEL3USfalse
          85.220.230.68
          unknownGermany
          25394MK-NETZDIENSTE-ASDEfalse
          101.47.181.207
          unknownChina
          131536SHGWBNNETShanghaiGreatWallBroadbandNetworkServiceCofalse
          223.214.236.67
          unknownChina
          4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
          249.235.230.125
          unknownReserved
          unknownunknownfalse
          47.150.231.88
          unknownUnited States
          5650FRONTIER-FRTRUSfalse
          167.167.167.168
          unknownUnited States
          59447SAYFANETTRfalse
          41.174.93.32
          unknownSouth Africa
          30969ZOL-ASGBfalse
          117.234.162.255
          unknownIndia
          9829BSNL-NIBNationalInternetBackboneINfalse
          178.104.82.212
          unknownUnited Kingdom
          12576EELtdGBfalse
          69.190.220.200
          unknownUnited States
          3801MISNETUSfalse
          102.172.209.25
          unknownTunisia
          37693TUNISIANATNfalse
          220.95.23.25
          unknownKorea Republic of
          4766KIXS-AS-KRKoreaTelecomKRfalse
          189.146.142.12
          unknownMexico
          8151UninetSAdeCVMXfalse
          40.151.101.148
          unknownUnited States
          4249LILLY-ASUSfalse
          213.209.129.92
          unknownGermany
          42821RAPIDNET-DEHaunstetterStr19DEfalse
          63.16.233.138
          unknownUnited States
          701UUNETUSfalse
          79.166.195.224
          unknownGreece
          3329HOL-GRAthensGreeceGRfalse
          19.5.27.105
          unknownUnited States
          3MIT-GATEWAYSUSfalse
          223.76.14.186
          unknownChina
          9808CMNET-GDGuangdongMobileCommunicationCoLtdCNfalse
          187.49.191.145
          unknownunknown
          269973OLANCHONETSRLDECVHNfalse
          89.189.176.46
          unknownRussian Federation
          34757SIBSET-NSK-ASRUfalse
          85.239.102.98
          unknownGermany
          16097HLKOMM04107LeipzigDEfalse
          182.213.177.216
          unknownKorea Republic of
          17858POWERVIS-AS-KRLGPOWERCOMMKRfalse
          83.176.241.214
          unknownSweden
          1257TELE2EUfalse
          67.188.100.213
          unknownUnited States
          7922COMCAST-7922USfalse
          153.75.181.56
          unknownUnited States
          14962NCR-252USfalse
          213.218.209.36
          unknownUnited Kingdom
          8851EDGEtaGCIComGBfalse
          155.193.156.43
          unknownReserved
          8698NationwideBuildingSocietyGBfalse
          152.93.124.9
          unknownNorway
          25400TELIA-NORWAY-ASTeliaNorwayCoreNetworksNOfalse
          250.224.5.163
          unknownReserved
          unknownunknownfalse
          159.23.72.247
          unknownUnited States
          36351SOFTLAYERUSfalse
          196.138.10.47
          unknownEgypt
          36935Vodafone-EGfalse
          219.138.124.41
          unknownChina
          4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
          152.189.207.148
          unknownUnited States
          701UUNETUSfalse
          175.93.126.134
          unknownChina
          9394CTTNETChinaTieTongTelecommunicationsCorporationCNfalse
          8.155.63.182
          unknownSingapore
          37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdfalse
          143.4.0.72
          unknownUnited States
          11003PANDGUSfalse
          5.51.226.254
          unknownFrance
          5410BOUYGTEL-ISPFRfalse
          100.59.85.209
          unknownUnited States
          701UUNETUSfalse
          41.29.25.209
          unknownSouth Africa
          29975VODACOM-ZAfalse
          123.186.87.113
          unknownChina
          4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
          No context
          No context
          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          CELLCOUSxd.x86_64.elfGet hashmaliciousMiraiBrowse
          • 75.224.83.251
          xd.x86.elfGet hashmaliciousMiraiBrowse
          • 72.115.230.249
          xd.ppc.elfGet hashmaliciousMiraiBrowse
          • 97.55.5.69
          xd.spc.elfGet hashmaliciousMiraiBrowse
          • 97.48.147.2
          xd.mpsl.elfGet hashmaliciousMiraiBrowse
          • 174.237.103.93
          i686.elfGet hashmaliciousUnknownBrowse
          • 166.159.76.122
          rep.ppc.elfGet hashmaliciousMiraiBrowse
          • 97.51.54.229
          arm5.elfGet hashmaliciousUnknownBrowse
          • 75.230.214.20
          ppc.elfGet hashmaliciousMiraiBrowse
          • 97.9.240.164
          sh4.elfGet hashmaliciousUnknownBrowse
          • 174.229.234.95
          KIXS-AS-KRKoreaTelecomKRxd.x86_64.elfGet hashmaliciousMiraiBrowse
          • 119.204.98.215
          xd.arm.elfGet hashmaliciousMiraiBrowse
          • 14.67.88.105
          xd.ppc.elfGet hashmaliciousMiraiBrowse
          • 115.22.186.155
          xd.spc.elfGet hashmaliciousMiraiBrowse
          • 211.217.0.60
          xd.m68k.elfGet hashmaliciousMiraiBrowse
          • 1.111.156.50
          xd.x86.elfGet hashmaliciousMiraiBrowse
          • 221.152.125.162
          xd.powerpc-440fp.elfGet hashmaliciousMiraiBrowse
          • 115.3.126.22
          xd.sh4.elfGet hashmaliciousMiraiBrowse
          • 118.59.160.166
          xd.x86_64.elfGet hashmaliciousMiraiBrowse
          • 121.184.107.27
          utorrent_installer.exeGet hashmaliciousUnknownBrowse
          • 121.175.1.107
          RCS-RDS73-75DrStaicoviciROxd.arm.elfGet hashmaliciousMiraiBrowse
          • 79.113.0.230
          xd.x86.elfGet hashmaliciousMiraiBrowse
          • 86.123.155.72
          xd.x86.elfGet hashmaliciousMiraiBrowse
          • 86.121.135.28
          xd.sh4.elfGet hashmaliciousMiraiBrowse
          • 86.126.217.138
          rep.ppc.elfGet hashmaliciousMiraiBrowse
          • 86.126.115.122
          k03ldc.i486.elfGet hashmaliciousUnknownBrowse
          • 79.117.158.81
          rjfe686.elfGet hashmaliciousMiraiBrowse
          • 79.113.116.100
          mips.elfGet hashmaliciousGafgyt, OkiruBrowse
          • 5.13.37.194
          loligang.sh4.elfGet hashmaliciousMiraiBrowse
          • 86.121.32.76
          Nyx4r.spc.elfGet hashmaliciousOkiruBrowse
          • 5.15.196.0
          No context
          No context
          Process:/usr/bin/pulseaudio
          File Type:ASCII text
          Category:dropped
          Size (bytes):10
          Entropy (8bit):2.9219280948873623
          Encrypted:false
          SSDEEP:3:5bkPn:pkP
          MD5:FF001A15CE15CF062A3704CEA2991B5F
          SHA1:B06F6855F376C3245B82212AC73ADED55DFE5DEF
          SHA-256:C54830B41ECFA1B6FBDC30397188DDA86B7B200E62AEAC21AE694A6192DCC38A
          SHA-512:65EBF7C31F6F65713CE01B38A112E97D0AE64A6BD1DA40CE4C1B998F10CD3912EE1A48BB2B279B24493062118AAB3B8753742E2AF28E56A31A7AAB27DE80E7BF
          Malicious:false
          Reputation:moderate, very likely benign file
          Preview:auto_null.
          Process:/usr/bin/pulseaudio
          File Type:ASCII text
          Category:dropped
          Size (bytes):18
          Entropy (8bit):3.4613201402110088
          Encrypted:false
          SSDEEP:3:5bkrIZsXvn:pkckv
          MD5:28FE6435F34B3367707BB1C5D5F6B430
          SHA1:EB8FE2D16BD6BBCCE106C94E4D284543B2573CF6
          SHA-256:721A37C69E555799B41D308849E8F8125441883AB021B723FED90A9B744F36C0
          SHA-512:6B6AB7C0979629D0FEF6BE47C5C6BCC367EDD0AAE3FC973F4DE2FD5F0A819C89E7656DB65D453B1B5398E54012B27EDFE02894AD87A7E0AF3A9C5F2EB24A9919
          Malicious:false
          Reputation:moderate, very likely benign file
          Preview:auto_null.monitor.
          Process:/usr/sbin/gdm3
          File Type:ASCII text
          Category:dropped
          Size (bytes):5
          Entropy (8bit):1.9219280948873623
          Encrypted:false
          SSDEEP:3:FdJn:nJn
          MD5:531EC9267EFDC9B27A218411F60559B0
          SHA1:4B3852666367821A309AEE2D9B399354C9B18D5B
          SHA-256:0819FB915F438E87B3553B0E74D2EB4B873F1A9857824DEFA3CF77DD9F237BF6
          SHA-512:CE9712D908071E718EB4FEA775002FD2B20A4C1F109DA2059FD766079CF432223F05CAC59635B8C18A7552E1085C80B4387ED4F3248D9A4769F6936C41DDC70C
          Malicious:false
          Reputation:low
          Preview:5584.
          Process:/usr/bin/pulseaudio
          File Type:ASCII text
          Category:dropped
          Size (bytes):5
          Entropy (8bit):1.9219280948873623
          Encrypted:false
          SSDEEP:3:FRe:re
          MD5:1CA8DD7435C07B05CE29DFE438579AE5
          SHA1:59E8B3F00C71D6C4E8500A8B5A3E548507694804
          SHA-256:32308DC1BB41642AB1879D0B84ABD1BFBC9A9F333EE742008539BC42E4D6E964
          SHA-512:60A870B0D16E0873FCF8177F12483080982E45D6A2EFD0D29DAE255D7403CCC4D7BDB75158AEAF4B9F8E4ABDF5AC64A83E057BA8BE3FC66C84EFCD7DDC2EEE16
          Malicious:false
          Reputation:low
          Preview:5549.
          Process:/usr/bin/gpu-manager
          File Type:ASCII text
          Category:dropped
          Size (bytes):25
          Entropy (8bit):2.7550849518197795
          Encrypted:false
          SSDEEP:3:JoT/V9fDVbn:M/V3n
          MD5:078760523943E160756979906B85FB5E
          SHA1:0962643266F4C5537F7D125046F28F21D6DD0C89
          SHA-256:048416AC7A9A99690B8B53718CD39F32F637B55CC8DD8E67E58E5AEF060DD41C
          SHA-512:DEFAAE8F8B54C61A716A0B0B4884358FEB8EB44DFEA01AAA5A687FDA7182792B7DEBB34AA840672EB3B40EB59FD0186749E08E47D181786C7FAA8C8F73F0104D
          Malicious:false
          Reputation:moderate, very likely benign file
          Preview:15ad:0405;0000:00:0f:0;1.
          Process:/usr/bin/gpu-manager
          File Type:ASCII text
          Category:dropped
          Size (bytes):1371
          Entropy (8bit):4.8296848499188485
          Encrypted:false
          SSDEEP:24:wPXXX9uV6BNu3WDF3GF3XFFxFFed2uk2HUvJlfWkpPpx7uvvAdow9555cJz:wPXXXe6vejpeC2HUR5WkpPpcvAdow95O
          MD5:3AF77E630DA00B3BE24F4E8AA5D78B13
          SHA1:BCF2D99E002F6DE2413A183227B011CFBEF5673D
          SHA-256:EB1CBBA20845237B4409274D693FEAE13F835274DA3337B7A9D14F4D7FDF9DEA
          SHA-512:8524B1E8A761F962B32F396812099B9B0B2DCF3C9FCA8605424753CFCFF4DC67EDC5EE1D8C91B9C0ED7FAE6BB1E752898B8D514B7C421D1839D6FEDA609C593C
          Malicious:false
          Reputation:moderate, very likely benign file
          Preview:log_file: /var/log/gpu-manager.log.last_boot_file: /var/lib/ubuntu-drivers-common/last_gfx_boot.new_boot_file: /var/lib/ubuntu-drivers-common/last_gfx_boot.can't access /run/u-d-c-nvidia-was-loaded file.can't get module info via kmodcan't access /opt/amdgpu-pro/bin/amdgpu-pro-px.Looking for nvidia modules in /lib/modules/5.4.0-72-generic/kernel.Looking for nvidia modules in /lib/modules/5.4.0-72-generic/updates/dkms.Looking for amdgpu modules in /lib/modules/5.4.0-72-generic/kernel.Looking for amdgpu modules in /lib/modules/5.4.0-72-generic/updates/dkms.Is nvidia loaded? no.Was nvidia unloaded? no.Is nvidia blacklisted? no.Is intel loaded? no.Is radeon loaded? no.Is radeon blacklisted? no.Is amdgpu loaded? no.Is amdgpu blacklisted? no.Is amdgpu versioned? no.Is amdgpu pro stack? no.Is nouveau loaded? no.Is nouveau blacklisted? no.Is nvidia kernel module available? no.Is amdgpu kernel module available? no.Vendor/Device Id: 15ad:405.BusID "PCI:0@0:15:0".Is boot vga? yes.Error: can't acce
          File type:ELF 32-bit LSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, no section header
          Entropy (8bit):7.904969656800203
          TrID:
          • ELF Executable and Linkable format (generic) (4004/1) 100.00%
          File name:xd.mpsl.elf
          File size:32'032 bytes
          MD5:0a450ed1af6d7859d660cb5493e5ca88
          SHA1:bc664793ae8b447fa7297e99c6e04ccb4a02bd96
          SHA256:5139565baf80cdd3a237fbf73d787096cf0ef7f41a32eb8af7b20383fd9efab7
          SHA512:3449adc9c822f711c472e0eff786bfcce4510c838abd9e231b7fe45fe986dd20eb807a8ae1968338748969e40e23c00a8431abae3c26648d63b930126a800f8a
          SSDEEP:768:DsYsX5pv9AfHSOiGiH1MqM59bbfLXODdiCWY:4Ysfv6fXBqYbbfL+Ddb
          TLSH:61E2D0EF57451C91C9EE0CBE50AD06C4F924F1F222EC4B9ED71298CAE52C692FD490B4
          File Content Preview:.ELF.....................h..4...........4. ...(......................{...{..............Xk..XkE.XkE...................+.UPX!`........h...h......T..........?.E.h;....#......b.L#8..9I.N.5.K..N.-^.....q.):..pJ.........$....+y.r..W.qh......<U...d.............

          ELF header

          Class:ELF32
          Data:2's complement, little endian
          Version:1 (current)
          Machine:MIPS R3000
          Version Number:0x1
          Type:EXEC (Executable file)
          OS/ABI:UNIX - System V
          ABI Version:0
          Entry Point Address:0x1068a0
          Flags:0x1007
          ELF Header Size:52
          Program Header Offset:52
          Program Header Size:32
          Number of Program Headers:2
          Section Header Offset:0
          Section Header Size:40
          Number of Section Headers:0
          Header String Table Index:0
          TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
          LOAD0x00x1000000x1000000x7bdd0x7bdd7.90830x5R E0x10000
          LOAD0x6b580x456b580x456b580x00x00.00000x6RW 0x10000

          Download Network PCAP: filteredfull

          • Total Packets: 155
          • 7887 undefined
          • 443 (HTTPS)
          • 23 (Telnet)
          TimestampSource PortDest PortSource IPDest IP
          Apr 2, 2025 22:24:24.505034924 CEST526447887192.168.2.13213.209.129.92
          Apr 2, 2025 22:24:24.514775038 CEST4203023192.168.2.1314.84.119.9
          Apr 2, 2025 22:24:24.516333103 CEST4203023192.168.2.13152.93.124.9
          Apr 2, 2025 22:24:24.516419888 CEST4203023192.168.2.13222.223.55.255
          Apr 2, 2025 22:24:24.516419888 CEST4203023192.168.2.134.97.44.22
          Apr 2, 2025 22:24:24.516426086 CEST4203023192.168.2.13109.111.166.193
          Apr 2, 2025 22:24:24.516444921 CEST4203023192.168.2.13122.4.160.198
          Apr 2, 2025 22:24:24.516509056 CEST4203023192.168.2.1345.245.237.178
          Apr 2, 2025 22:24:24.516519070 CEST4203023192.168.2.1390.115.153.192
          Apr 2, 2025 22:24:24.516545057 CEST4203023192.168.2.1347.11.249.16
          Apr 2, 2025 22:24:24.516549110 CEST4203023192.168.2.13190.252.140.36
          Apr 2, 2025 22:24:24.516551971 CEST4203023192.168.2.13196.23.175.62
          Apr 2, 2025 22:24:24.516825914 CEST4203023192.168.2.1347.92.114.226
          Apr 2, 2025 22:24:24.516829967 CEST4203023192.168.2.13142.133.2.248
          Apr 2, 2025 22:24:24.516829967 CEST4203023192.168.2.132.61.155.91
          Apr 2, 2025 22:24:24.516829967 CEST4203023192.168.2.13198.28.95.213
          Apr 2, 2025 22:24:24.516830921 CEST4203023192.168.2.1338.142.138.76
          Apr 2, 2025 22:24:24.516829967 CEST4203023192.168.2.13182.213.177.216
          Apr 2, 2025 22:24:24.516832113 CEST4203023192.168.2.1395.177.191.224
          Apr 2, 2025 22:24:24.516834974 CEST4203023192.168.2.13182.254.0.207
          Apr 2, 2025 22:24:24.516835928 CEST4203023192.168.2.1348.164.220.253
          Apr 2, 2025 22:24:24.516835928 CEST4203023192.168.2.13115.68.124.126
          Apr 2, 2025 22:24:24.516836882 CEST4203023192.168.2.1314.170.155.177
          Apr 2, 2025 22:24:24.516849041 CEST4203023192.168.2.13119.203.10.181
          Apr 2, 2025 22:24:24.516849995 CEST4203023192.168.2.1363.161.244.199
          Apr 2, 2025 22:24:24.516855001 CEST4203023192.168.2.1380.253.101.182
          Apr 2, 2025 22:24:24.516860008 CEST4203023192.168.2.13207.233.127.98
          Apr 2, 2025 22:24:24.516860008 CEST4203023192.168.2.13150.251.116.154
          Apr 2, 2025 22:24:24.516860008 CEST4203023192.168.2.13192.243.145.59
          Apr 2, 2025 22:24:24.516860962 CEST4203023192.168.2.13206.15.115.110
          Apr 2, 2025 22:24:24.516860008 CEST4203023192.168.2.13207.168.136.247
          Apr 2, 2025 22:24:24.516860962 CEST4203023192.168.2.131.117.25.77
          Apr 2, 2025 22:24:24.516860008 CEST4203023192.168.2.1393.127.151.156
          Apr 2, 2025 22:24:24.516860008 CEST4203023192.168.2.13123.175.214.49
          Apr 2, 2025 22:24:24.516860008 CEST4203023192.168.2.13250.224.5.163
          Apr 2, 2025 22:24:24.516860008 CEST4203023192.168.2.1386.90.190.65
          Apr 2, 2025 22:24:24.516879082 CEST4203023192.168.2.13189.146.142.12
          Apr 2, 2025 22:24:24.516879082 CEST4203023192.168.2.13205.246.98.139
          Apr 2, 2025 22:24:24.516884089 CEST4203023192.168.2.1375.11.20.93
          Apr 2, 2025 22:24:24.516901016 CEST4203023192.168.2.13196.138.10.47
          Apr 2, 2025 22:24:24.516915083 CEST4203023192.168.2.13109.137.220.217
          Apr 2, 2025 22:24:24.516918898 CEST4203023192.168.2.13143.4.0.72
          Apr 2, 2025 22:24:24.516918898 CEST4203023192.168.2.13182.230.197.164
          Apr 2, 2025 22:24:24.516942978 CEST4203023192.168.2.13248.219.125.121
          Apr 2, 2025 22:24:24.516976118 CEST4203023192.168.2.13178.104.82.212
          Apr 2, 2025 22:24:24.517035007 CEST4203023192.168.2.135.51.226.254
          Apr 2, 2025 22:24:24.517045021 CEST4203023192.168.2.13165.82.14.146
          Apr 2, 2025 22:24:24.517065048 CEST4203023192.168.2.13210.61.175.22
          Apr 2, 2025 22:24:24.517069101 CEST4203023192.168.2.13167.167.167.168
          Apr 2, 2025 22:24:24.517072916 CEST4203023192.168.2.1344.21.0.13
          Apr 2, 2025 22:24:24.517080069 CEST4203023192.168.2.13249.29.163.251
          Apr 2, 2025 22:24:24.517080069 CEST4203023192.168.2.1357.67.31.196
          Apr 2, 2025 22:24:24.517086029 CEST4203023192.168.2.13220.198.254.21
          Apr 2, 2025 22:24:24.517086029 CEST4203023192.168.2.1363.16.233.138
          Apr 2, 2025 22:24:24.517095089 CEST4203023192.168.2.1324.181.109.112
          Apr 2, 2025 22:24:24.517115116 CEST4203023192.168.2.13204.37.135.91
          Apr 2, 2025 22:24:24.517137051 CEST4203023192.168.2.13123.186.87.113
          Apr 2, 2025 22:24:24.517141104 CEST4203023192.168.2.1347.150.231.88
          Apr 2, 2025 22:24:24.517194986 CEST4203023192.168.2.13104.45.164.55
          Apr 2, 2025 22:24:24.517195940 CEST4203023192.168.2.13248.193.88.141
          Apr 2, 2025 22:24:24.517210960 CEST4203023192.168.2.1392.163.232.206
          Apr 2, 2025 22:24:24.517240047 CEST4203023192.168.2.13159.23.72.247
          Apr 2, 2025 22:24:24.517263889 CEST4203023192.168.2.1391.73.211.232
          Apr 2, 2025 22:24:24.517271042 CEST4203023192.168.2.1371.13.230.103
          Apr 2, 2025 22:24:24.517275095 CEST4203023192.168.2.13187.12.132.94
          Apr 2, 2025 22:24:24.517283916 CEST4203023192.168.2.1379.166.195.224
          Apr 2, 2025 22:24:24.517332077 CEST4203023192.168.2.1313.208.36.79
          Apr 2, 2025 22:24:24.517334938 CEST4203023192.168.2.13175.93.126.134
          Apr 2, 2025 22:24:24.517345905 CEST4203023192.168.2.13181.46.167.154
          Apr 2, 2025 22:24:24.517359972 CEST4203023192.168.2.13159.131.32.7
          Apr 2, 2025 22:24:24.517359972 CEST4203023192.168.2.1341.29.25.209
          Apr 2, 2025 22:24:24.517427921 CEST4203023192.168.2.13185.28.112.152
          Apr 2, 2025 22:24:24.517435074 CEST4203023192.168.2.1397.18.251.177
          Apr 2, 2025 22:24:24.517453909 CEST4203023192.168.2.13116.132.167.28
          Apr 2, 2025 22:24:24.517463923 CEST4203023192.168.2.13141.49.34.44
          Apr 2, 2025 22:24:24.517474890 CEST4203023192.168.2.13172.156.18.100
          Apr 2, 2025 22:24:24.517493963 CEST4203023192.168.2.13208.87.9.44
          Apr 2, 2025 22:24:24.517519951 CEST4203023192.168.2.1342.15.118.251
          Apr 2, 2025 22:24:24.517525911 CEST4203023192.168.2.1341.174.93.32
          Apr 2, 2025 22:24:24.517532110 CEST4203023192.168.2.13223.214.236.67
          Apr 2, 2025 22:24:24.517541885 CEST4203023192.168.2.13114.189.85.40
          Apr 2, 2025 22:24:24.517549992 CEST4203023192.168.2.13222.253.89.7
          Apr 2, 2025 22:24:24.517555952 CEST4203023192.168.2.13249.68.170.92
          Apr 2, 2025 22:24:24.517563105 CEST4203023192.168.2.13113.200.85.5
          Apr 2, 2025 22:24:24.517569065 CEST4203023192.168.2.1371.24.101.190
          Apr 2, 2025 22:24:24.517615080 CEST4203023192.168.2.13153.75.181.56
          Apr 2, 2025 22:24:24.517615080 CEST4203023192.168.2.1342.58.125.121
          Apr 2, 2025 22:24:24.517621994 CEST4203023192.168.2.13175.165.195.99
          Apr 2, 2025 22:24:24.517625093 CEST4203023192.168.2.1316.243.109.221
          Apr 2, 2025 22:24:24.517647982 CEST4203023192.168.2.1358.247.203.226
          Apr 2, 2025 22:24:24.517673016 CEST4203023192.168.2.13172.60.155.46
          Apr 2, 2025 22:24:24.517673016 CEST4203023192.168.2.1389.189.176.46
          Apr 2, 2025 22:24:24.517719030 CEST4203023192.168.2.13164.4.146.220
          Apr 2, 2025 22:24:24.517733097 CEST4203023192.168.2.13193.51.254.148
          Apr 2, 2025 22:24:24.517733097 CEST4203023192.168.2.1386.125.177.22
          Apr 2, 2025 22:24:24.517733097 CEST4203023192.168.2.13179.228.199.52
          Apr 2, 2025 22:24:24.517748117 CEST4203023192.168.2.13222.55.102.165
          Apr 2, 2025 22:24:24.517760992 CEST4203023192.168.2.13223.76.14.186
          Apr 2, 2025 22:24:24.517762899 CEST4203023192.168.2.13112.115.194.12
          Apr 2, 2025 22:24:24.517770052 CEST4203023192.168.2.1397.62.209.101
          Apr 2, 2025 22:24:24.517775059 CEST4203023192.168.2.1372.229.209.226
          Apr 2, 2025 22:24:24.517775059 CEST4203023192.168.2.13187.49.191.145
          Apr 2, 2025 22:24:24.517777920 CEST4203023192.168.2.13150.108.253.187
          Apr 2, 2025 22:24:24.517802000 CEST4203023192.168.2.13152.245.41.117
          Apr 2, 2025 22:24:24.517812014 CEST4203023192.168.2.13106.73.18.109
          Apr 2, 2025 22:24:24.517816067 CEST4203023192.168.2.1383.176.241.214
          Apr 2, 2025 22:24:24.517867088 CEST4203023192.168.2.13160.181.75.178
          Apr 2, 2025 22:24:24.517867088 CEST4203023192.168.2.13249.235.230.125
          Apr 2, 2025 22:24:24.517867088 CEST4203023192.168.2.13247.214.74.59
          Apr 2, 2025 22:24:24.517868042 CEST4203023192.168.2.139.34.59.108
          Apr 2, 2025 22:24:24.517940998 CEST4203023192.168.2.13100.59.85.209
          Apr 2, 2025 22:24:24.519423008 CEST4203023192.168.2.1313.26.40.29
          Apr 2, 2025 22:24:24.519428968 CEST4203023192.168.2.1385.239.102.98
          Apr 2, 2025 22:24:24.519443989 CEST4203023192.168.2.13187.33.212.99
          Apr 2, 2025 22:24:24.519478083 CEST4203023192.168.2.13213.218.209.36
          Apr 2, 2025 22:24:24.519498110 CEST4203023192.168.2.13197.93.232.222
          Apr 2, 2025 22:24:24.519500017 CEST4203023192.168.2.1399.195.58.224
          Apr 2, 2025 22:24:24.519500971 CEST4203023192.168.2.13211.182.119.68
          Apr 2, 2025 22:24:24.519500971 CEST4203023192.168.2.13192.138.242.154
          Apr 2, 2025 22:24:24.519504070 CEST4203023192.168.2.1312.175.207.62
          Apr 2, 2025 22:24:24.519505024 CEST4203023192.168.2.1319.5.27.105
          Apr 2, 2025 22:24:24.519506931 CEST4203023192.168.2.13121.135.21.103
          Apr 2, 2025 22:24:24.519529104 CEST4203023192.168.2.13174.76.175.233
          Apr 2, 2025 22:24:24.519530058 CEST4203023192.168.2.13254.233.232.240
          Apr 2, 2025 22:24:24.519567013 CEST4203023192.168.2.1340.151.101.148
          Apr 2, 2025 22:24:24.519577980 CEST4203023192.168.2.13222.148.244.179
          Apr 2, 2025 22:24:24.519577980 CEST4203023192.168.2.13192.83.184.219
          Apr 2, 2025 22:24:24.519577980 CEST4203023192.168.2.1385.220.230.68
          Apr 2, 2025 22:24:24.519582987 CEST4203023192.168.2.13111.60.66.239
          Apr 2, 2025 22:24:24.519582987 CEST4203023192.168.2.13180.117.61.248
          Apr 2, 2025 22:24:24.519619942 CEST4203023192.168.2.138.155.63.182
          Apr 2, 2025 22:24:24.519622087 CEST4203023192.168.2.13102.172.209.25
          Apr 2, 2025 22:24:24.519622087 CEST4203023192.168.2.1369.190.220.200
          Apr 2, 2025 22:24:24.519627094 CEST4203023192.168.2.13211.62.217.24
          Apr 2, 2025 22:24:24.519627094 CEST4203023192.168.2.13117.234.162.255
          Apr 2, 2025 22:24:24.519633055 CEST4203023192.168.2.13116.239.121.129
          Apr 2, 2025 22:24:24.519634962 CEST4203023192.168.2.1383.37.26.41
          Apr 2, 2025 22:24:24.519637108 CEST4203023192.168.2.1367.188.100.213
          Apr 2, 2025 22:24:24.519637108 CEST4203023192.168.2.13220.95.23.25
          Apr 2, 2025 22:24:24.519695044 CEST4203023192.168.2.13155.193.156.43
          Apr 2, 2025 22:24:24.519695044 CEST4203023192.168.2.13106.152.236.194
          Apr 2, 2025 22:24:24.519696951 CEST4203023192.168.2.1312.53.0.241
          Apr 2, 2025 22:24:24.519696951 CEST4203023192.168.2.13219.138.124.41
          Apr 2, 2025 22:24:24.519709110 CEST4203023192.168.2.13155.89.78.12
          Apr 2, 2025 22:24:24.519709110 CEST4203023192.168.2.1332.124.107.121
          Apr 2, 2025 22:24:24.519715071 CEST4203023192.168.2.13101.47.181.207
          Apr 2, 2025 22:24:24.519715071 CEST4203023192.168.2.13113.244.94.110
          Apr 2, 2025 22:24:24.519717932 CEST4203023192.168.2.13222.71.45.132
          Apr 2, 2025 22:24:24.519723892 CEST4203023192.168.2.13242.141.230.173
          Apr 2, 2025 22:24:24.519829988 CEST4203023192.168.2.13251.144.43.121
          Apr 2, 2025 22:24:24.519844055 CEST4203023192.168.2.1393.224.178.111
          Apr 2, 2025 22:24:24.519861937 CEST4203023192.168.2.13179.59.146.113
          Apr 2, 2025 22:24:24.519866943 CEST4203023192.168.2.13253.87.186.79
          Apr 2, 2025 22:24:24.519866943 CEST4203023192.168.2.13120.52.206.108
          Apr 2, 2025 22:24:24.519898891 CEST4203023192.168.2.13141.108.113.41
          Apr 2, 2025 22:24:24.519901037 CEST4203023192.168.2.13152.189.207.148
          Apr 2, 2025 22:24:24.732568979 CEST788752644213.209.129.92192.168.2.13
          Apr 2, 2025 22:24:32.755558014 CEST57216443192.168.2.1354.247.62.1
          Apr 2, 2025 22:24:56.452831030 CEST57216443192.168.2.1354.247.62.1
          Apr 2, 2025 22:24:56.630472898 CEST4435721654.247.62.1192.168.2.13
          TimestampSource IPDest IPChecksumCodeType
          Apr 2, 2025 22:24:52.938177109 CEST192.168.2.13192.168.2.18279(Port unreachable)Destination Unreachable
          Apr 2, 2025 22:26:12.961169004 CEST192.168.2.13192.168.2.18279(Port unreachable)Destination Unreachable

          System Behavior

          Start time (UTC):20:24:23
          Start date (UTC):02/04/2025
          Path:/tmp/xd.mpsl.elf
          Arguments:/tmp/xd.mpsl.elf
          File size:5773336 bytes
          MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

          Start time (UTC):20:24:23
          Start date (UTC):02/04/2025
          Path:/tmp/xd.mpsl.elf
          Arguments:-
          File size:5773336 bytes
          MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

          Start time (UTC):20:24:23
          Start date (UTC):02/04/2025
          Path:/tmp/xd.mpsl.elf
          Arguments:-
          File size:5773336 bytes
          MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

          Start time (UTC):20:24:23
          Start date (UTC):02/04/2025
          Path:/tmp/xd.mpsl.elf
          Arguments:-
          File size:5773336 bytes
          MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

          Start time (UTC):20:24:23
          Start date (UTC):02/04/2025
          Path:/tmp/xd.mpsl.elf
          Arguments:-
          File size:5773336 bytes
          MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

          Start time (UTC):20:24:23
          Start date (UTC):02/04/2025
          Path:/tmp/xd.mpsl.elf
          Arguments:-
          File size:5773336 bytes
          MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

          Start time (UTC):20:24:23
          Start date (UTC):02/04/2025
          Path:/tmp/xd.mpsl.elf
          Arguments:-
          File size:5773336 bytes
          MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

          Start time (UTC):20:24:35
          Start date (UTC):02/04/2025
          Path:/usr/lib/systemd/systemd
          Arguments:-
          File size:1620224 bytes
          MD5 hash:9b2bec7092a40488108543f9334aab75

          Start time (UTC):20:24:35
          Start date (UTC):02/04/2025
          Path:/usr/bin/journalctl
          Arguments:/usr/bin/journalctl --smart-relinquish-var
          File size:80120 bytes
          MD5 hash:bf3a987344f3bacafc44efd882abda8b

          Start time (UTC):20:24:35
          Start date (UTC):02/04/2025
          Path:/usr/lib/systemd/systemd
          Arguments:-
          File size:1620224 bytes
          MD5 hash:9b2bec7092a40488108543f9334aab75

          Start time (UTC):20:24:35
          Start date (UTC):02/04/2025
          Path:/usr/lib/systemd/systemd
          Arguments:-
          File size:1620224 bytes
          MD5 hash:9b2bec7092a40488108543f9334aab75

          Start time (UTC):20:24:35
          Start date (UTC):02/04/2025
          Path:/usr/lib/systemd/systemd
          Arguments:-
          File size:1620224 bytes
          MD5 hash:9b2bec7092a40488108543f9334aab75

          Start time (UTC):20:24:35
          Start date (UTC):02/04/2025
          Path:/usr/lib/systemd/systemd
          Arguments:-
          File size:1620224 bytes
          MD5 hash:9b2bec7092a40488108543f9334aab75

          Start time (UTC):20:24:35
          Start date (UTC):02/04/2025
          Path:/usr/lib/systemd/systemd
          Arguments:-
          File size:1620224 bytes
          MD5 hash:9b2bec7092a40488108543f9334aab75

          Start time (UTC):20:24:49
          Start date (UTC):02/04/2025
          Path:/usr/lib/systemd/systemd
          Arguments:-
          File size:1620224 bytes
          MD5 hash:9b2bec7092a40488108543f9334aab75

          Start time (UTC):20:24:49
          Start date (UTC):02/04/2025
          Path:/usr/lib/systemd/systemd
          Arguments:-
          File size:1620224 bytes
          MD5 hash:9b2bec7092a40488108543f9334aab75

          Start time (UTC):20:24:49
          Start date (UTC):02/04/2025
          Path:/usr/lib/systemd/systemd
          Arguments:-
          File size:1620224 bytes
          MD5 hash:9b2bec7092a40488108543f9334aab75

          Start time (UTC):20:24:49
          Start date (UTC):02/04/2025
          Path:/usr/lib/systemd/systemd
          Arguments:-
          File size:1620224 bytes
          MD5 hash:9b2bec7092a40488108543f9334aab75

          Start time (UTC):20:24:49
          Start date (UTC):02/04/2025
          Path:/usr/lib/systemd/systemd
          Arguments:-
          File size:1620224 bytes
          MD5 hash:9b2bec7092a40488108543f9334aab75

          Start time (UTC):20:24:49
          Start date (UTC):02/04/2025
          Path:/usr/lib/systemd/systemd
          Arguments:-
          File size:1620224 bytes
          MD5 hash:9b2bec7092a40488108543f9334aab75

          Start time (UTC):20:24:49
          Start date (UTC):02/04/2025
          Path:/usr/lib/systemd/systemd
          Arguments:-
          File size:1620224 bytes
          MD5 hash:9b2bec7092a40488108543f9334aab75

          Start time (UTC):20:24:49
          Start date (UTC):02/04/2025
          Path:/usr/lib/systemd/systemd
          Arguments:-
          File size:1620224 bytes
          MD5 hash:9b2bec7092a40488108543f9334aab75

          Start time (UTC):20:24:49
          Start date (UTC):02/04/2025
          Path:/usr/bin/pulseaudio
          Arguments:/usr/bin/pulseaudio --daemonize=no --log-target=journal
          File size:100832 bytes
          MD5 hash:0c3b4c789d8ffb12b25507f27e14c186

          Start time (UTC):20:24:49
          Start date (UTC):02/04/2025
          Path:/usr/sbin/gdm3
          Arguments:-
          File size:453296 bytes
          MD5 hash:2492e2d8d34f9377e3e530a61a15674f

          Start time (UTC):20:24:49
          Start date (UTC):02/04/2025
          Path:/etc/gdm3/PrimeOff/Default
          Arguments:/etc/gdm3/PrimeOff/Default
          File size:129816 bytes
          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

          Start time (UTC):20:24:49
          Start date (UTC):02/04/2025
          Path:/usr/sbin/gdm3
          Arguments:-
          File size:453296 bytes
          MD5 hash:2492e2d8d34f9377e3e530a61a15674f

          Start time (UTC):20:24:49
          Start date (UTC):02/04/2025
          Path:/etc/gdm3/PrimeOff/Default
          Arguments:/etc/gdm3/PrimeOff/Default
          File size:129816 bytes
          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

          Start time (UTC):20:24:49
          Start date (UTC):02/04/2025
          Path:/usr/sbin/gdm3
          Arguments:-
          File size:453296 bytes
          MD5 hash:2492e2d8d34f9377e3e530a61a15674f

          Start time (UTC):20:24:49
          Start date (UTC):02/04/2025
          Path:/etc/gdm3/PrimeOff/Default
          Arguments:/etc/gdm3/PrimeOff/Default
          File size:129816 bytes
          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

          Start time (UTC):20:24:49
          Start date (UTC):02/04/2025
          Path:/usr/lib/systemd/systemd
          Arguments:-
          File size:1620224 bytes
          MD5 hash:9b2bec7092a40488108543f9334aab75

          Start time (UTC):20:24:50
          Start date (UTC):02/04/2025
          Path:/usr/lib/systemd/systemd
          Arguments:-
          File size:1620224 bytes
          MD5 hash:9b2bec7092a40488108543f9334aab75

          Start time (UTC):20:24:50
          Start date (UTC):02/04/2025
          Path:/usr/lib/systemd/systemd
          Arguments:-
          File size:1620224 bytes
          MD5 hash:9b2bec7092a40488108543f9334aab75

          Start time (UTC):20:24:51
          Start date (UTC):02/04/2025
          Path:/usr/lib/systemd/systemd
          Arguments:-
          File size:1620224 bytes
          MD5 hash:9b2bec7092a40488108543f9334aab75

          Start time (UTC):20:24:51
          Start date (UTC):02/04/2025
          Path:/usr/bin/gpu-manager
          Arguments:/usr/bin/gpu-manager --log /var/log/gpu-manager.log
          File size:76616 bytes
          MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

          Start time (UTC):20:24:51
          Start date (UTC):02/04/2025
          Path:/usr/bin/gpu-manager
          Arguments:-
          File size:76616 bytes
          MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

          Start time (UTC):20:24:51
          Start date (UTC):02/04/2025
          Path:/bin/sh
          Arguments:sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
          File size:129816 bytes
          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

          Start time (UTC):20:24:51
          Start date (UTC):02/04/2025
          Path:/bin/sh
          Arguments:-
          File size:129816 bytes
          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

          Start time (UTC):20:24:51
          Start date (UTC):02/04/2025
          Path:/usr/bin/grep
          Arguments:grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
          File size:199136 bytes
          MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

          Start time (UTC):20:24:51
          Start date (UTC):02/04/2025
          Path:/usr/bin/gpu-manager
          Arguments:-
          File size:76616 bytes
          MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

          Start time (UTC):20:24:51
          Start date (UTC):02/04/2025
          Path:/bin/sh
          Arguments:sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
          File size:129816 bytes
          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

          Start time (UTC):20:24:51
          Start date (UTC):02/04/2025
          Path:/bin/sh
          Arguments:-
          File size:129816 bytes
          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

          Start time (UTC):20:24:51
          Start date (UTC):02/04/2025
          Path:/usr/bin/grep
          Arguments:grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
          File size:199136 bytes
          MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

          Start time (UTC):20:24:51
          Start date (UTC):02/04/2025
          Path:/usr/bin/gpu-manager
          Arguments:-
          File size:76616 bytes
          MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

          Start time (UTC):20:24:51
          Start date (UTC):02/04/2025
          Path:/bin/sh
          Arguments:sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
          File size:129816 bytes
          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

          Start time (UTC):20:24:51
          Start date (UTC):02/04/2025
          Path:/bin/sh
          Arguments:-
          File size:129816 bytes
          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

          Start time (UTC):20:24:51
          Start date (UTC):02/04/2025
          Path:/usr/bin/grep
          Arguments:grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
          File size:199136 bytes
          MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

          Start time (UTC):20:24:51
          Start date (UTC):02/04/2025
          Path:/usr/bin/gpu-manager
          Arguments:-
          File size:76616 bytes
          MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

          Start time (UTC):20:24:51
          Start date (UTC):02/04/2025
          Path:/bin/sh
          Arguments:sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
          File size:129816 bytes
          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

          Start time (UTC):20:24:51
          Start date (UTC):02/04/2025
          Path:/bin/sh
          Arguments:-
          File size:129816 bytes
          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

          Start time (UTC):20:24:51
          Start date (UTC):02/04/2025
          Path:/usr/bin/grep
          Arguments:grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
          File size:199136 bytes
          MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

          Start time (UTC):20:24:51
          Start date (UTC):02/04/2025
          Path:/usr/bin/gpu-manager
          Arguments:-
          File size:76616 bytes
          MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

          Start time (UTC):20:24:51
          Start date (UTC):02/04/2025
          Path:/bin/sh
          Arguments:sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
          File size:129816 bytes
          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

          Start time (UTC):20:24:51
          Start date (UTC):02/04/2025
          Path:/bin/sh
          Arguments:-
          File size:129816 bytes
          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

          Start time (UTC):20:24:51
          Start date (UTC):02/04/2025
          Path:/usr/bin/grep
          Arguments:grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
          File size:199136 bytes
          MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

          Start time (UTC):20:24:51
          Start date (UTC):02/04/2025
          Path:/usr/bin/gpu-manager
          Arguments:-
          File size:76616 bytes
          MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

          Start time (UTC):20:24:51
          Start date (UTC):02/04/2025
          Path:/bin/sh
          Arguments:sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
          File size:129816 bytes
          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

          Start time (UTC):20:24:51
          Start date (UTC):02/04/2025
          Path:/bin/sh
          Arguments:-
          File size:129816 bytes
          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

          Start time (UTC):20:24:51
          Start date (UTC):02/04/2025
          Path:/usr/bin/grep
          Arguments:grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
          File size:199136 bytes
          MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

          Start time (UTC):20:24:51
          Start date (UTC):02/04/2025
          Path:/usr/bin/gpu-manager
          Arguments:-
          File size:76616 bytes
          MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

          Start time (UTC):20:24:51
          Start date (UTC):02/04/2025
          Path:/bin/sh
          Arguments:sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
          File size:129816 bytes
          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

          Start time (UTC):20:24:51
          Start date (UTC):02/04/2025
          Path:/bin/sh
          Arguments:-
          File size:129816 bytes
          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

          Start time (UTC):20:24:51
          Start date (UTC):02/04/2025
          Path:/usr/bin/grep
          Arguments:grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
          File size:199136 bytes
          MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

          Start time (UTC):20:24:51
          Start date (UTC):02/04/2025
          Path:/usr/bin/gpu-manager
          Arguments:-
          File size:76616 bytes
          MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

          Start time (UTC):20:24:51
          Start date (UTC):02/04/2025
          Path:/bin/sh
          Arguments:sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
          File size:129816 bytes
          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

          Start time (UTC):20:24:51
          Start date (UTC):02/04/2025
          Path:/bin/sh
          Arguments:-
          File size:129816 bytes
          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

          Start time (UTC):20:24:51
          Start date (UTC):02/04/2025
          Path:/usr/bin/grep
          Arguments:grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
          File size:199136 bytes
          MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

          Start time (UTC):20:24:52
          Start date (UTC):02/04/2025
          Path:/usr/lib/systemd/systemd
          Arguments:-
          File size:1620224 bytes
          MD5 hash:9b2bec7092a40488108543f9334aab75

          Start time (UTC):20:24:52
          Start date (UTC):02/04/2025
          Path:/usr/share/gdm/generate-config
          Arguments:/usr/share/gdm/generate-config
          File size:129816 bytes
          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

          Start time (UTC):20:24:52
          Start date (UTC):02/04/2025
          Path:/usr/share/gdm/generate-config
          Arguments:-
          File size:129816 bytes
          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

          Start time (UTC):20:24:52
          Start date (UTC):02/04/2025
          Path:/usr/bin/pkill
          Arguments:pkill --signal HUP --uid gdm dconf-service
          File size:30968 bytes
          MD5 hash:fa96a75a08109d8842e4865b2907d51f

          Start time (UTC):20:24:53
          Start date (UTC):02/04/2025
          Path:/usr/lib/systemd/systemd (deleted)
          Arguments:-
          File size:1620224 bytes
          MD5 hash:9b2bec7092a40488108543f9334aab75

          Start time (UTC):20:24:53
          Start date (UTC):02/04/2025
          Path:/usr/lib/gdm3/gdm-wait-for-drm
          Arguments:/usr/lib/gdm3/gdm-wait-for-drm
          File size:14640 bytes
          MD5 hash:82043ba752c6930b4e6aaea2f7747545

          Start time (UTC):20:24:54
          Start date (UTC):02/04/2025
          Path:/usr/libexec/gvfsd-fuse
          Arguments:-
          File size:47632 bytes
          MD5 hash:d18fbf1cbf8eb57b17fac48b7b4be933

          Start time (UTC):20:24:54
          Start date (UTC):02/04/2025
          Path:/bin/fusermount
          Arguments:fusermount -u -q -z -- /run/user/1000/gvfs
          File size:39144 bytes
          MD5 hash:576a1b135c82bdcbc97a91acea900566

          Start time (UTC):20:24:55
          Start date (UTC):02/04/2025
          Path:/usr/bin/dash
          Arguments:-
          File size:129816 bytes
          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

          Start time (UTC):20:24:55
          Start date (UTC):02/04/2025
          Path:/usr/bin/rm
          Arguments:rm -f /tmp/tmp.06jbdO8dPm /tmp/tmp.0Tm9n5dnO5 /tmp/tmp.2hKiLMWhVp
          File size:72056 bytes
          MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

          Start time (UTC):20:24:55
          Start date (UTC):02/04/2025
          Path:/usr/bin/dash
          Arguments:-
          File size:129816 bytes
          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

          Start time (UTC):20:24:55
          Start date (UTC):02/04/2025
          Path:/usr/bin/rm
          Arguments:rm -f /tmp/tmp.06jbdO8dPm /tmp/tmp.0Tm9n5dnO5 /tmp/tmp.2hKiLMWhVp
          File size:72056 bytes
          MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

          Start time (UTC):20:25:03
          Start date (UTC):02/04/2025
          Path:/usr/lib/systemd/systemd (deleted)
          Arguments:-
          File size:1620224 bytes
          MD5 hash:9b2bec7092a40488108543f9334aab75

          Start time (UTC):20:25:03
          Start date (UTC):02/04/2025
          Path:/usr/sbin/gdm3
          Arguments:/usr/sbin/gdm3
          File size:453296 bytes
          MD5 hash:2492e2d8d34f9377e3e530a61a15674f

          Start time (UTC):20:25:03
          Start date (UTC):02/04/2025
          Path:/usr/lib/systemd/systemd (deleted)
          Arguments:-
          File size:1620224 bytes
          MD5 hash:9b2bec7092a40488108543f9334aab75

          Start time (UTC):20:25:03
          Start date (UTC):02/04/2025
          Path:/usr/lib/systemd/systemd (deleted)
          Arguments:-
          File size:1620224 bytes
          MD5 hash:9b2bec7092a40488108543f9334aab75

          Start time (UTC):20:25:03
          Start date (UTC):02/04/2025
          Path:/usr/lib/systemd/systemd (deleted)
          Arguments:-
          File size:1620224 bytes
          MD5 hash:9b2bec7092a40488108543f9334aab75

          Start time (UTC):20:25:03
          Start date (UTC):02/04/2025
          Path:/usr/lib/systemd/systemd (deleted)
          Arguments:-
          File size:1620224 bytes
          MD5 hash:9b2bec7092a40488108543f9334aab75

          Start time (UTC):20:25:03
          Start date (UTC):02/04/2025
          Path:/usr/lib/systemd/systemd (deleted)
          Arguments:-
          File size:1620224 bytes
          MD5 hash:9b2bec7092a40488108543f9334aab75

          Start time (UTC):20:25:23
          Start date (UTC):02/04/2025
          Path:/usr/lib/systemd/systemd (deleted)
          Arguments:-
          File size:1620224 bytes
          MD5 hash:9b2bec7092a40488108543f9334aab75

          Start time (UTC):20:25:23
          Start date (UTC):02/04/2025
          Path:/usr/bin/gpu-manager
          Arguments:/usr/bin/gpu-manager --log /var/log/gpu-manager.log
          File size:76616 bytes
          MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

          Start time (UTC):20:25:23
          Start date (UTC):02/04/2025
          Path:/usr/bin/gpu-manager
          Arguments:-
          File size:76616 bytes
          MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

          Start time (UTC):20:25:23
          Start date (UTC):02/04/2025
          Path:/usr/bin/gpu-manager
          Arguments:-
          File size:76616 bytes
          MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

          Start time (UTC):20:25:23
          Start date (UTC):02/04/2025
          Path:/usr/bin/gpu-manager
          Arguments:-
          File size:76616 bytes
          MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

          Start time (UTC):20:25:23
          Start date (UTC):02/04/2025
          Path:/usr/bin/gpu-manager
          Arguments:-
          File size:76616 bytes
          MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

          Start time (UTC):20:25:23
          Start date (UTC):02/04/2025
          Path:/usr/bin/gpu-manager
          Arguments:-
          File size:76616 bytes
          MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

          Start time (UTC):20:25:23
          Start date (UTC):02/04/2025
          Path:/usr/bin/gpu-manager
          Arguments:-
          File size:76616 bytes
          MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

          Start time (UTC):20:25:24
          Start date (UTC):02/04/2025
          Path:/usr/bin/gpu-manager
          Arguments:-
          File size:76616 bytes
          MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

          Start time (UTC):20:25:24
          Start date (UTC):02/04/2025
          Path:/usr/bin/gpu-manager
          Arguments:-
          File size:76616 bytes
          MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

          Start time (UTC):20:25:24
          Start date (UTC):02/04/2025
          Path:/usr/lib/systemd/systemd (deleted)
          Arguments:-
          File size:1620224 bytes
          MD5 hash:9b2bec7092a40488108543f9334aab75

          Start time (UTC):20:25:25
          Start date (UTC):02/04/2025
          Path:/usr/lib/systemd/systemd (deleted)
          Arguments:-
          File size:1620224 bytes
          MD5 hash:9b2bec7092a40488108543f9334aab75

          Start time (UTC):20:25:25
          Start date (UTC):02/04/2025
          Path:/usr/bin/gpu-manager
          Arguments:/usr/bin/gpu-manager --log /var/log/gpu-manager.log
          File size:76616 bytes
          MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

          Start time (UTC):20:25:25
          Start date (UTC):02/04/2025
          Path:/usr/bin/gpu-manager
          Arguments:-
          File size:76616 bytes
          MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

          Start time (UTC):20:25:25
          Start date (UTC):02/04/2025
          Path:/usr/bin/gpu-manager
          Arguments:-
          File size:76616 bytes
          MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

          Start time (UTC):20:25:25
          Start date (UTC):02/04/2025
          Path:/usr/bin/gpu-manager
          Arguments:-
          File size:76616 bytes
          MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

          Start time (UTC):20:25:25
          Start date (UTC):02/04/2025
          Path:/usr/bin/gpu-manager
          Arguments:-
          File size:76616 bytes
          MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

          Start time (UTC):20:25:25
          Start date (UTC):02/04/2025
          Path:/usr/bin/gpu-manager
          Arguments:-
          File size:76616 bytes
          MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

          Start time (UTC):20:25:25
          Start date (UTC):02/04/2025
          Path:/usr/bin/gpu-manager
          Arguments:-
          File size:76616 bytes
          MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

          Start time (UTC):20:25:25
          Start date (UTC):02/04/2025
          Path:/usr/bin/gpu-manager
          Arguments:-
          File size:76616 bytes
          MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

          Start time (UTC):20:25:25
          Start date (UTC):02/04/2025
          Path:/usr/bin/gpu-manager
          Arguments:-
          File size:76616 bytes
          MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

          Start time (UTC):20:25:26
          Start date (UTC):02/04/2025
          Path:/usr/lib/systemd/systemd (deleted)
          Arguments:-
          File size:1620224 bytes
          MD5 hash:9b2bec7092a40488108543f9334aab75

          Start time (UTC):20:25:27
          Start date (UTC):02/04/2025
          Path:/usr/lib/systemd/systemd (deleted)
          Arguments:-
          File size:1620224 bytes
          MD5 hash:9b2bec7092a40488108543f9334aab75

          Start time (UTC):20:25:27
          Start date (UTC):02/04/2025
          Path:/usr/bin/gpu-manager
          Arguments:/usr/bin/gpu-manager --log /var/log/gpu-manager.log
          File size:76616 bytes
          MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

          Start time (UTC):20:25:27
          Start date (UTC):02/04/2025
          Path:/usr/bin/gpu-manager
          Arguments:-
          File size:76616 bytes
          MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

          Start time (UTC):20:25:27
          Start date (UTC):02/04/2025
          Path:/usr/bin/gpu-manager
          Arguments:-
          File size:76616 bytes
          MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

          Start time (UTC):20:25:27
          Start date (UTC):02/04/2025
          Path:/usr/bin/gpu-manager
          Arguments:-
          File size:76616 bytes
          MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

          Start time (UTC):20:25:27
          Start date (UTC):02/04/2025
          Path:/usr/bin/gpu-manager
          Arguments:-
          File size:76616 bytes
          MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

          Start time (UTC):20:25:27
          Start date (UTC):02/04/2025
          Path:/usr/bin/gpu-manager
          Arguments:-
          File size:76616 bytes
          MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

          Start time (UTC):20:25:27
          Start date (UTC):02/04/2025
          Path:/usr/bin/gpu-manager
          Arguments:-
          File size:76616 bytes
          MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

          Start time (UTC):20:25:27
          Start date (UTC):02/04/2025
          Path:/usr/bin/gpu-manager
          Arguments:-
          File size:76616 bytes
          MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

          Start time (UTC):20:25:27
          Start date (UTC):02/04/2025
          Path:/usr/bin/gpu-manager
          Arguments:-
          File size:76616 bytes
          MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

          Start time (UTC):20:25:27
          Start date (UTC):02/04/2025
          Path:/usr/lib/systemd/systemd (deleted)
          Arguments:-
          File size:1620224 bytes
          MD5 hash:9b2bec7092a40488108543f9334aab75

          Start time (UTC):20:25:28
          Start date (UTC):02/04/2025
          Path:/usr/lib/systemd/systemd (deleted)
          Arguments:-
          File size:1620224 bytes
          MD5 hash:9b2bec7092a40488108543f9334aab75

          Start time (UTC):20:25:28
          Start date (UTC):02/04/2025
          Path:/usr/bin/gpu-manager
          Arguments:/usr/bin/gpu-manager --log /var/log/gpu-manager.log
          File size:76616 bytes
          MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

          Start time (UTC):20:25:28
          Start date (UTC):02/04/2025
          Path:/usr/bin/gpu-manager
          Arguments:-
          File size:76616 bytes
          MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

          Start time (UTC):20:25:28
          Start date (UTC):02/04/2025
          Path:/usr/bin/gpu-manager
          Arguments:-
          File size:76616 bytes
          MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

          Start time (UTC):20:25:28
          Start date (UTC):02/04/2025
          Path:/usr/bin/gpu-manager
          Arguments:-
          File size:76616 bytes
          MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

          Start time (UTC):20:25:28
          Start date (UTC):02/04/2025
          Path:/usr/bin/gpu-manager
          Arguments:-
          File size:76616 bytes
          MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

          Start time (UTC):20:25:28
          Start date (UTC):02/04/2025
          Path:/usr/bin/gpu-manager
          Arguments:-
          File size:76616 bytes
          MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

          Start time (UTC):20:25:28
          Start date (UTC):02/04/2025
          Path:/usr/bin/gpu-manager
          Arguments:-
          File size:76616 bytes
          MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

          Start time (UTC):20:25:29
          Start date (UTC):02/04/2025
          Path:/usr/bin/gpu-manager
          Arguments:-
          File size:76616 bytes
          MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

          Start time (UTC):20:25:29
          Start date (UTC):02/04/2025
          Path:/usr/bin/gpu-manager
          Arguments:-
          File size:76616 bytes
          MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

          Start time (UTC):20:25:29
          Start date (UTC):02/04/2025
          Path:/usr/lib/systemd/systemd (deleted)
          Arguments:-
          File size:1620224 bytes
          MD5 hash:9b2bec7092a40488108543f9334aab75

          Start time (UTC):20:25:30
          Start date (UTC):02/04/2025
          Path:/usr/lib/systemd/systemd (deleted)
          Arguments:-
          File size:1620224 bytes
          MD5 hash:9b2bec7092a40488108543f9334aab75

          Start time (UTC):20:25:30
          Start date (UTC):02/04/2025
          Path:/usr/bin/gpu-manager
          Arguments:/usr/bin/gpu-manager --log /var/log/gpu-manager.log
          File size:76616 bytes
          MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

          Start time (UTC):20:25:30
          Start date (UTC):02/04/2025
          Path:/usr/bin/gpu-manager
          Arguments:-
          File size:76616 bytes
          MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

          Start time (UTC):20:25:30
          Start date (UTC):02/04/2025
          Path:/usr/bin/gpu-manager
          Arguments:-
          File size:76616 bytes
          MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

          Start time (UTC):20:25:30
          Start date (UTC):02/04/2025
          Path:/usr/bin/gpu-manager
          Arguments:-
          File size:76616 bytes
          MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

          Start time (UTC):20:25:30
          Start date (UTC):02/04/2025
          Path:/usr/bin/gpu-manager
          Arguments:-
          File size:76616 bytes
          MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

          Start time (UTC):20:25:30
          Start date (UTC):02/04/2025
          Path:/usr/bin/gpu-manager
          Arguments:-
          File size:76616 bytes
          MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

          Start time (UTC):20:25:30
          Start date (UTC):02/04/2025
          Path:/usr/bin/gpu-manager
          Arguments:-
          File size:76616 bytes
          MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

          Start time (UTC):20:25:30
          Start date (UTC):02/04/2025
          Path:/usr/bin/gpu-manager
          Arguments:-
          File size:76616 bytes
          MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

          Start time (UTC):20:25:30
          Start date (UTC):02/04/2025
          Path:/usr/bin/gpu-manager
          Arguments:-
          File size:76616 bytes
          MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

          Start time (UTC):20:25:31
          Start date (UTC):02/04/2025
          Path:/usr/lib/systemd/systemd (deleted)
          Arguments:-
          File size:1620224 bytes
          MD5 hash:9b2bec7092a40488108543f9334aab75

          Start time (UTC):20:25:32
          Start date (UTC):02/04/2025
          Path:/usr/lib/systemd/systemd (deleted)
          Arguments:-
          File size:1620224 bytes
          MD5 hash:9b2bec7092a40488108543f9334aab75

          Start time (UTC):20:25:32
          Start date (UTC):02/04/2025
          Path:/bin/plymouth
          Arguments:/bin/plymouth quit
          File size:51352 bytes
          MD5 hash:87003efd8dad470042f5e75360a8f49f

          Start time (UTC):20:26:24
          Start date (UTC):02/04/2025
          Path:/usr/lib/systemd/systemd (deleted)
          Arguments:-
          File size:1620224 bytes
          MD5 hash:9b2bec7092a40488108543f9334aab75