Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Linux Analysis Report arm

Overview

General Information

Sample Name:arm
Analysis ID:518884
MD5:b31e3180a6bf96af79f2b181a494d87f
SHA1:ff8adee220db2416071830ff02f8ea64e13bd4ef
SHA256:f693c8fe32d094d0b6ae8f4d68d8f98789d8c57e997b1f4ba0163587d150f27e
Tags:Mirai
Infos:

Detection

Mirai
Score:84
Range:0 - 100
Whitelisted:false

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Mirai
Multi AV Scanner detection for submitted file
Sample tries to kill many processes (SIGKILL)
Reads system files that contain records of logged in users
Sample is packed with UPX
Uses known network protocols on non-standard ports
Sample reads /proc/mounts (often used for finding a writable filesystem)
Sample contains only a LOAD segment without any section mappings
Reads CPU information from /sys indicative of miner or evasive malware
Yara signature match
Executes the "grep" command used to find patterns in files or piped streams
Uses the "uname" system call to query kernel version information (possible evasion)
Enumerates processes within the "proc" file system
Detected TCP or UDP traffic on non-standard ports
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Deletes log files
Creates hidden files and/or directories
Sample tries to set the executable flag
Executes commands using a shell command-line interpreter
Executes the "rm" command used to delete files or directories

Classification

Analysis Advice

Static ELF header machine description suggests that the sample might only run correctly on MIPS or ARM architectures
Static ELF header machine description suggests that the sample might not execute correctly on this machine

General Information

Joe Sandbox Version:34.0.0 Boulder Opal
Analysis ID:518884
Start date:10.11.2021
Start time:03:44:01
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 6m 10s
Hypervisor based Inspection enabled:false
Report type:light
Sample file name:arm
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Detection:MAL
Classification:mal84.spre.troj.evad.lin@0/52@3/0
Warnings:
Show All
  • Connection to analysis system has been lost, crash info: Unknown
  • TCP Packets have been reduced to 100
  • Report size exceeded maximum capacity and may have missing behavior information.
  • Report size exceeded maximum capacity and may have missing network information.

Process Tree

  • system is lnxubuntu20
  • dash New Fork (PID: 5200, Parent: 4331)
  • cat (PID: 5200, Parent: 4331, MD5: 7e9d213e404ad3bb82e4ebb2e1f2c1b3) Arguments: cat /tmp/tmp.0ZsCqe1shq
  • dash New Fork (PID: 5201, Parent: 4331)
  • head (PID: 5201, Parent: 4331, MD5: fd96a67145172477dd57131396fc9608) Arguments: head -n 10
  • dash New Fork (PID: 5202, Parent: 4331)
  • tr (PID: 5202, Parent: 4331, MD5: fbd1402dd9f72d8ebfff00ce7c3a7bb5) Arguments: tr -d \\000-\\011\\013\\014\\016-\\037
  • dash New Fork (PID: 5203, Parent: 4331)
  • cut (PID: 5203, Parent: 4331, MD5: d8ed0ea8f22c0de0f8692d4d9f1759d3) Arguments: cut -c -80
  • dash New Fork (PID: 5204, Parent: 4331)
  • cat (PID: 5204, Parent: 4331, MD5: 7e9d213e404ad3bb82e4ebb2e1f2c1b3) Arguments: cat /tmp/tmp.0ZsCqe1shq
  • dash New Fork (PID: 5205, Parent: 4331)
  • head (PID: 5205, Parent: 4331, MD5: fd96a67145172477dd57131396fc9608) Arguments: head -n 10
  • dash New Fork (PID: 5206, Parent: 4331)
  • tr (PID: 5206, Parent: 4331, MD5: fbd1402dd9f72d8ebfff00ce7c3a7bb5) Arguments: tr -d \\000-\\011\\013\\014\\016-\\037
  • dash New Fork (PID: 5207, Parent: 4331)
  • cut (PID: 5207, Parent: 4331, MD5: d8ed0ea8f22c0de0f8692d4d9f1759d3) Arguments: cut -c -80
  • dash New Fork (PID: 5208, Parent: 4331)
  • rm (PID: 5208, Parent: 4331, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.0ZsCqe1shq /tmp/tmp.EYKo36YtKI /tmp/tmp.yzVwFZ13h1
  • arm (PID: 5255, Parent: 5105, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /tmp/arm
    • arm New Fork (PID: 5257, Parent: 5255)
    • arm New Fork (PID: 5259, Parent: 5255)
      • arm New Fork (PID: 5261, Parent: 5259)
      • arm New Fork (PID: 5264, Parent: 5259)
        • arm New Fork (PID: 5266, Parent: 5264)
  • systemd New Fork (PID: 5303, Parent: 1)
  • whoopsie (PID: 5303, Parent: 1, MD5: d3a6915d0e7398fb4c89a037c13959c8) Arguments: /usr/bin/whoopsie -f
  • systemd New Fork (PID: 5316, Parent: 1)
  • sshd (PID: 5316, Parent: 1, MD5: dbca7a6bbf7bf57fedac243d4b2cb340) Arguments: /usr/sbin/sshd -t
  • systemd New Fork (PID: 5317, Parent: 1)
  • sshd (PID: 5317, Parent: 1, MD5: dbca7a6bbf7bf57fedac243d4b2cb340) Arguments: /usr/sbin/sshd -D
  • gdm3 New Fork (PID: 5326, Parent: 1320)
  • Default (PID: 5326, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 5329, Parent: 1320)
  • Default (PID: 5329, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • systemd New Fork (PID: 5330, Parent: 1)
  • accounts-daemon (PID: 5330, Parent: 1, MD5: 01a899e3fb5e7e434bea1290255a1f30) Arguments: /usr/lib/accountsservice/accounts-daemon
    • language-validate (PID: 5348, Parent: 5330, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/language-tools/language-validate en_US.UTF-8
      • language-options (PID: 5349, Parent: 5348, MD5: 16a21f464119ea7fad1d3660de963637) Arguments: /usr/share/language-tools/language-options
        • sh (PID: 5350, Parent: 5349, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "locale -a | grep -F .utf8 "
          • sh New Fork (PID: 5351, Parent: 5350)
          • locale (PID: 5351, Parent: 5350, MD5: c72a78792469db86d91369c9057f20d2) Arguments: locale -a
          • sh New Fork (PID: 5352, Parent: 5350)
          • grep (PID: 5352, Parent: 5350, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -F .utf8
  • gdm3 New Fork (PID: 5353, Parent: 1320)
  • gdm-session-worker (PID: 5353, Parent: 1320, MD5: 692243754bd9f38fe9bd7e230b5c060a) Arguments: "gdm-session-worker [pam/gdm-launch-environment]"
    • gdm-wayland-session (PID: 5357, Parent: 5353, MD5: d3def63cf1e83f7fb8a0f13b1744ff7c) Arguments: /usr/lib/gdm3/gdm-wayland-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"
      • dbus-run-session (PID: 5360, Parent: 5357, MD5: 245f3ef6a268850b33b0225a8753b7f4) Arguments: dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart
        • dbus-daemon (PID: 5361, Parent: 5360, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: dbus-daemon --nofork --print-address 4 --session
          • dbus-daemon New Fork (PID: 5367, Parent: 5361)
            • false (PID: 5368, Parent: 5367, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
          • dbus-daemon New Fork (PID: 5370, Parent: 5361)
            • false (PID: 5371, Parent: 5370, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
          • dbus-daemon New Fork (PID: 5372, Parent: 5361)
            • false (PID: 5373, Parent: 5372, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
          • dbus-daemon New Fork (PID: 5374, Parent: 5361)
            • false (PID: 5375, Parent: 5374, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
          • dbus-daemon New Fork (PID: 5376, Parent: 5361)
            • false (PID: 5377, Parent: 5376, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
          • dbus-daemon New Fork (PID: 5378, Parent: 5361)
            • false (PID: 5379, Parent: 5378, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
          • dbus-daemon New Fork (PID: 5381, Parent: 5361)
            • false (PID: 5382, Parent: 5381, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
        • gnome-session (PID: 5362, Parent: 5360, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: gnome-session --autostart /usr/share/gdm/greeter/autostart
        • gnome-session-binary (PID: 5362, Parent: 5360, MD5: d9b90be4f7db60cb3c2d3da6a1d31bfb) Arguments: /usr/libexec/gnome-session-binary --systemd --autostart /usr/share/gdm/greeter/autostart
          • session-migration (PID: 5383, Parent: 5362, MD5: 5227af42ebf14ac2fe2acddb002f68dc) Arguments: session-migration
          • sh (PID: 5384, Parent: 5362, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell
          • gnome-shell (PID: 5384, Parent: 5362, MD5: da7a257239677622fe4b3a65972c9e87) Arguments: /usr/bin/gnome-shell
  • gdm3 New Fork (PID: 5411, Parent: 1320)
  • gdm-session-worker (PID: 5411, Parent: 1320, MD5: 692243754bd9f38fe9bd7e230b5c060a) Arguments: "gdm-session-worker [pam/gdm-launch-environment]"
    • gdm-x-session (PID: 5416, Parent: 5411, MD5: 498a824333f1c1ec7767f4612d1887cc) Arguments: /usr/lib/gdm3/gdm-x-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"
      • Xorg (PID: 5418, Parent: 5416, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/bin/Xorg vt1 -displayfd 3 -auth /run/user/127/gdm/Xauthority -background none -noreset -keeptty -verbose 3
      • Xorg.wrap (PID: 5418, Parent: 5416, MD5: 48993830888200ecf19dd7def0884dfd) Arguments: /usr/lib/xorg/Xorg.wrap vt1 -displayfd 3 -auth /run/user/127/gdm/Xauthority -background none -noreset -keeptty -verbose 3
      • Xorg (PID: 5418, Parent: 5416, MD5: 730cf4c45a7ee8bea88abf165463b7f8) Arguments: /usr/lib/xorg/Xorg vt1 -displayfd 3 -auth /run/user/127/gdm/Xauthority -background none -noreset -keeptty -verbose 3
        • Xorg New Fork (PID: 5428, Parent: 5418)
        • sh (PID: 5428, Parent: 5418, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""
          • sh New Fork (PID: 5429, Parent: 5428)
          • xkbcomp (PID: 5429, Parent: 5428, MD5: c5f953aec4c00d2a1cc27acb75d62c9b) Arguments: /usr/bin/xkbcomp -w 1 -R/usr/share/X11/xkb -xkm - -em1 "The XKEYBOARD keymap compiler (xkbcomp) reports:" -emp "> " -eml "Errors from xkbcomp are not fatal to the X server" /tmp/server-0.xkm
        • Xorg New Fork (PID: 5872, Parent: 5418)
        • sh (PID: 5872, Parent: 5418, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""
          • sh New Fork (PID: 5873, Parent: 5872)
          • xkbcomp (PID: 5873, Parent: 5872, MD5: c5f953aec4c00d2a1cc27acb75d62c9b) Arguments: /usr/bin/xkbcomp -w 1 -R/usr/share/X11/xkb -xkm - -em1 "The XKEYBOARD keymap compiler (xkbcomp) reports:" -emp "> " -eml "Errors from xkbcomp are not fatal to the X server" /tmp/server-0.xkm
      • Default (PID: 5462, Parent: 5416, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/Prime/Default
      • dbus-run-session (PID: 5463, Parent: 5416, MD5: 245f3ef6a268850b33b0225a8753b7f4) Arguments: dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart
        • dbus-daemon (PID: 5464, Parent: 5463, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: dbus-daemon --nofork --print-address 4 --session
          • dbus-daemon New Fork (PID: 5520, Parent: 5464)
            • at-spi-bus-launcher (PID: 5521, Parent: 5520, MD5: 1563f274acd4e7ba530a55bdc4c95682) Arguments: /usr/libexec/at-spi-bus-launcher
              • dbus-daemon (PID: 5526, Parent: 5521, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --config-file=/usr/share/defaults/at-spi2/accessibility.conf --nofork --print-address 3
                • dbus-daemon New Fork (PID: 5882, Parent: 5526)
                  • at-spi2-registryd (PID: 5883, Parent: 5882, MD5: 1d904c2693452edebc7ede3a9e24d440) Arguments: /usr/libexec/at-spi2-registryd --use-gnome-session
          • dbus-daemon New Fork (PID: 5549, Parent: 5464)
            • false (PID: 5550, Parent: 5549, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
          • dbus-daemon New Fork (PID: 5552, Parent: 5464)
            • false (PID: 5553, Parent: 5552, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
          • dbus-daemon New Fork (PID: 5554, Parent: 5464)
            • false (PID: 5555, Parent: 5554, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
          • dbus-daemon New Fork (PID: 5556, Parent: 5464)
            • false (PID: 5557, Parent: 5556, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
          • dbus-daemon New Fork (PID: 5558, Parent: 5464)
            • false (PID: 5559, Parent: 5558, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
          • dbus-daemon New Fork (PID: 5560, Parent: 5464)
            • false (PID: 5561, Parent: 5560, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
          • dbus-daemon New Fork (PID: 5563, Parent: 5464)
            • false (PID: 5564, Parent: 5563, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
          • dbus-daemon New Fork (PID: 5868, Parent: 5464)
            • ibus-portal (PID: 5869, Parent: 5868, MD5: 562ad55bd9a4d54bd7b76746b01e37d3) Arguments: /usr/libexec/ibus-portal
          • dbus-daemon New Fork (PID: 6091, Parent: 5464)
            • gjs (PID: 6092, Parent: 6091, MD5: 5f3eceb792bb65c22f23d1efb4fde3ad) Arguments: /usr/bin/gjs /usr/share/gnome-shell/org.gnome.Shell.Notifications
          • dbus-daemon New Fork (PID: 6428, Parent: 5464)
            • false (PID: 6429, Parent: 6428, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
        • gnome-session (PID: 5467, Parent: 5463, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: gnome-session --autostart /usr/share/gdm/greeter/autostart
        • gnome-session-binary (PID: 5467, Parent: 5463, MD5: d9b90be4f7db60cb3c2d3da6a1d31bfb) Arguments: /usr/libexec/gnome-session-binary --systemd --autostart /usr/share/gdm/greeter/autostart
          • session-migration (PID: 5565, Parent: 5467, MD5: 5227af42ebf14ac2fe2acddb002f68dc) Arguments: session-migration
          • sh (PID: 5566, Parent: 5467, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell
          • gnome-shell (PID: 5566, Parent: 5467, MD5: da7a257239677622fe4b3a65972c9e87) Arguments: /usr/bin/gnome-shell
            • ibus-daemon (PID: 5623, Parent: 5566, MD5: 1e00fb9860b198c73f6e364e3ff16f31) Arguments: ibus-daemon --panel disable --xim
              • ibus-memconf (PID: 5864, Parent: 5623, MD5: 523e939905910d06598e66385761a822) Arguments: /usr/libexec/ibus-memconf
              • ibus-daemon New Fork (PID: 5866, Parent: 5623)
                • ibus-x11 (PID: 5867, Parent: 1, MD5: 2aa1e54666191243814c2733d6992dbd) Arguments: /usr/libexec/ibus-x11 --kill-daemon
              • ibus-engine-simple (PID: 6133, Parent: 5623, MD5: 0238866d5e8802a0ce1b1b9af8cb1376) Arguments: /usr/libexec/ibus-engine-simple
          • sh (PID: 6110, Parent: 5467, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing
          • gsd-sharing (PID: 6110, Parent: 5467, MD5: e29d9025d98590fbb69f89fdbd4438b3) Arguments: /usr/libexec/gsd-sharing
          • sh (PID: 6112, Parent: 5467, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-wacom
          • gsd-wacom (PID: 6112, Parent: 5467, MD5: 13778dd1a23a4e94ddc17ac9caa4fcc1) Arguments: /usr/libexec/gsd-wacom
          • sh (PID: 6114, Parent: 5467, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-color
          • gsd-color (PID: 6114, Parent: 5467, MD5: ac2861ad93ce047283e8e87cefef9a19) Arguments: /usr/libexec/gsd-color
          • sh (PID: 6115, Parent: 5467, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-keyboard
          • gsd-keyboard (PID: 6115, Parent: 5467, MD5: 8e288fd17c80bb0a1148b964b2ac2279) Arguments: /usr/libexec/gsd-keyboard
          • sh (PID: 6116, Parent: 5467, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications
          • sh (PID: 6117, Parent: 5467, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
          • gsd-rfkill (PID: 6117, Parent: 5467, MD5: 88a16a3c0aba1759358c06215ecfb5cc) Arguments: /usr/libexec/gsd-rfkill
          • sh (PID: 6118, Parent: 5467, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-smartcard
          • gsd-smartcard (PID: 6118, Parent: 5467, MD5: ea1fbd7f62e4cd0331eae2ef754ee605) Arguments: /usr/libexec/gsd-smartcard
          • sh (PID: 6120, Parent: 5467, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-datetime
          • gsd-datetime (PID: 6120, Parent: 5467, MD5: d80d39745740de37d6634d36e344d4bc) Arguments: /usr/libexec/gsd-datetime
          • sh (PID: 6121, Parent: 5467, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-media-keys
          • gsd-media-keys (PID: 6121, Parent: 5467, MD5: a425448c135afb4b8bfd79cc0b6b74da) Arguments: /usr/libexec/gsd-media-keys
          • sh (PID: 6126, Parent: 5467, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-screensaver-proxy
          • gsd-screensaver-proxy (PID: 6126, Parent: 5467, MD5: 77e309450c87dceee43f1a9e50cc0d02) Arguments: /usr/libexec/gsd-screensaver-proxy
          • sh (PID: 6128, Parent: 5467, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sound
          • gsd-sound (PID: 6128, Parent: 5467, MD5: 4c7d3fb993463337b4a0eb5c80c760ee) Arguments: /usr/libexec/gsd-sound
          • sh (PID: 6130, Parent: 5467, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-a11y-settings
          • gsd-a11y-settings (PID: 6130, Parent: 5467, MD5: 18e243d2cf30ecee7ea89d1462725c5c) Arguments: /usr/libexec/gsd-a11y-settings
          • sh (PID: 6134, Parent: 5467, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-housekeeping
          • gsd-housekeeping (PID: 6134, Parent: 5467, MD5: b55f3394a84976ddb92a2915e5d76914) Arguments: /usr/libexec/gsd-housekeeping
          • sh (PID: 6137, Parent: 5467, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-power
          • gsd-power (PID: 6137, Parent: 5467, MD5: 28b8e1b43c3e7f1db6741ea1ecd978b7) Arguments: /usr/libexec/gsd-power
          • sh (PID: 6978, Parent: 5467, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/spice-vdagent
          • spice-vdagent (PID: 6978, Parent: 5467, MD5: 80fb7f613aa78d1b8a229dbcf4577a9d) Arguments: /usr/bin/spice-vdagent
          • sh (PID: 6981, Parent: 5467, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh xbrlapi -q
          • xbrlapi (PID: 6981, Parent: 5467, MD5: 0cfe25df39d38af32d6265ed947ca5b9) Arguments: xbrlapi -q
  • gdm3 New Fork (PID: 5412, Parent: 1320)
  • Default (PID: 5412, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 5413, Parent: 1320)
  • Default (PID: 5413, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 5421, Parent: 1320)
  • Default (PID: 5421, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • systemd New Fork (PID: 5455, Parent: 1860)
  • pulseaudio (PID: 5455, Parent: 1860, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal
  • fusermount (PID: 5471, Parent: 2038, MD5: 576a1b135c82bdcbc97a91acea900566) Arguments: fusermount -u -q -z -- /run/user/1000/gvfs
  • systemd New Fork (PID: 5487, Parent: 1)
  • systemd-user-runtime-dir (PID: 5487, Parent: 1, MD5: d55f4b0847f88131dbcfb07435178e54) Arguments: /lib/systemd/systemd-user-runtime-dir stop 1000
  • systemd New Fork (PID: 5591, Parent: 1)
  • systemd-localed (PID: 5591, Parent: 1, MD5: 1244af9646256d49594f2a8203329aa9) Arguments: /lib/systemd/systemd-localed
  • systemd New Fork (PID: 5879, Parent: 1334)
  • pulseaudio (PID: 5879, Parent: 1334, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal
  • systemd New Fork (PID: 5884, Parent: 1)
  • geoclue (PID: 5884, Parent: 1, MD5: 30ac5455f3c598dde91dc87477fb19f7) Arguments: /usr/libexec/geoclue
  • systemd New Fork (PID: 6155, Parent: 1)
  • systemd-hostnamed (PID: 6155, Parent: 1, MD5: 2cc8a5576629a2d5bd98e49a4b8bef65) Arguments: /lib/systemd/systemd-hostnamed
  • systemd New Fork (PID: 6507, Parent: 1)
  • fprintd (PID: 6507, Parent: 1, MD5: b0d8829f05cd028529b84b061b660e84) Arguments: /usr/libexec/fprintd
  • systemd New Fork (PID: 6715, Parent: 1)
  • systemd-localed (PID: 6715, Parent: 1, MD5: 1244af9646256d49594f2a8203329aa9) Arguments: /lib/systemd/systemd-localed
  • cleanup

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
armSUSP_ELF_LNX_UPX_Compressed_FileDetects a suspicious ELF binary with UPX compressionFlorian Roth
  • 0x8e68:$s1: PROT_EXEC|PROT_WRITE failed.
  • 0x8ed7:$s2: $Id: UPX
  • 0x8e88:$s3: $Info: This file is packed with the UPX executable packer

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_Mirai_12Yara detected MiraiJoe Security

    Jbx Signature Overview

    Click to jump to signature section

    Show All Signature Results

    AV Detection:

    barindex
    Multi AV Scanner detection for submitted fileShow sources
    Source: armVirustotal: Detection: 18%Perma Link
    Source: armReversingLabs: Detection: 15%
    Source: /usr/lib/xorg/Xorg (PID: 5418)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/libexec/gnome-session-check-accelerated (PID: 5468)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/libexec/gnome-session-check-accelerated-gl-helper (PID: 5527)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/libexec/gnome-session-check-accelerated-gles-helper (PID: 5536)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/bin/gnome-shell (PID: 5566)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/bin/pulseaudio (PID: 5455)Reads CPU info from /sys: /sys/devices/system/cpu/online
    Source: /usr/bin/pulseaudio (PID: 5879)Reads CPU info from /sys: /sys/devices/system/cpu/online
    Source: unknownHTTPS traffic detected: 162.213.33.132:443 -> 192.168.2.23:36184 version: TLS 1.2

    Networking:

    barindex
    Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
    Source: TrafficSnort IDS: 716 INFO TELNET access 122.102.45.162:23 -> 192.168.2.23:51630
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 218.84.2.131:23 -> 192.168.2.23:41380
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 162.255.252.206:23 -> 192.168.2.23:60614
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 162.255.252.206:23 -> 192.168.2.23:60614
    Source: TrafficSnort IDS: 716 INFO TELNET access 210.104.175.158:23 -> 192.168.2.23:52502
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 218.84.2.131:23 -> 192.168.2.23:41634
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 210.104.175.158:23 -> 192.168.2.23:52502
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 210.104.175.158:23 -> 192.168.2.23:52502
    Source: TrafficSnort IDS: 716 INFO TELNET access 77.247.89.100:23 -> 192.168.2.23:48582
    Source: TrafficSnort IDS: 716 INFO TELNET access 77.247.89.100:23 -> 192.168.2.23:48618
    Source: TrafficSnort IDS: 716 INFO TELNET access 77.247.89.100:23 -> 192.168.2.23:48632
    Source: TrafficSnort IDS: 716 INFO TELNET access 77.247.89.100:23 -> 192.168.2.23:48670
    Source: TrafficSnort IDS: 716 INFO TELNET access 122.102.45.162:23 -> 192.168.2.23:52236
    Source: TrafficSnort IDS: 716 INFO TELNET access 210.104.175.158:23 -> 192.168.2.23:52928
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 210.104.175.158:23 -> 192.168.2.23:52928
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 210.104.175.158:23 -> 192.168.2.23:52928
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 218.84.2.131:23 -> 192.168.2.23:42066
    Source: TrafficSnort IDS: 716 INFO TELNET access 210.104.175.158:23 -> 192.168.2.23:53134
    Source: TrafficSnort IDS: 716 INFO TELNET access 173.212.153.87:23 -> 192.168.2.23:52974
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 218.84.2.131:23 -> 192.168.2.23:42188
    Source: TrafficSnort IDS: 716 INFO TELNET access 173.212.153.87:23 -> 192.168.2.23:52992
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 210.104.175.158:23 -> 192.168.2.23:53134
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 210.104.175.158:23 -> 192.168.2.23:53134
    Source: TrafficSnort IDS: 716 INFO TELNET access 173.212.153.87:23 -> 192.168.2.23:53008
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 162.255.252.206:23 -> 192.168.2.23:33240
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 162.255.252.206:23 -> 192.168.2.23:33240
    Source: TrafficSnort IDS: 716 INFO TELNET access 173.212.153.87:23 -> 192.168.2.23:53028
    Source: TrafficSnort IDS: 716 INFO TELNET access 173.212.153.87:23 -> 192.168.2.23:53052
    Source: TrafficSnort IDS: 716 INFO TELNET access 173.212.153.87:23 -> 192.168.2.23:53072
    Source: TrafficSnort IDS: 716 INFO TELNET access 173.212.153.87:23 -> 192.168.2.23:53088
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 218.84.2.131:23 -> 192.168.2.23:42296
    Source: TrafficSnort IDS: 716 INFO TELNET access 173.212.153.87:23 -> 192.168.2.23:53114
    Source: TrafficSnort IDS: 716 INFO TELNET access 186.200.199.169:23 -> 192.168.2.23:53360
    Source: TrafficSnort IDS: 716 INFO TELNET access 173.212.153.87:23 -> 192.168.2.23:53156
    Source: TrafficSnort IDS: 716 INFO TELNET access 210.104.175.158:23 -> 192.168.2.23:53350
    Source: TrafficSnort IDS: 716 INFO TELNET access 77.247.89.100:23 -> 192.168.2.23:49266
    Source: TrafficSnort IDS: 716 INFO TELNET access 173.212.153.87:23 -> 192.168.2.23:53200
    Source: TrafficSnort IDS: 716 INFO TELNET access 210.104.175.158:23 -> 192.168.2.23:53396
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 186.200.199.169:23 -> 192.168.2.23:53360
    Source: TrafficSnort IDS: 716 INFO TELNET access 77.247.89.100:23 -> 192.168.2.23:49296
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 90.189.197.215:23 -> 192.168.2.23:51680
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 90.189.197.215:23 -> 192.168.2.23:51680
    Source: TrafficSnort IDS: 716 INFO TELNET access 173.212.153.87:23 -> 192.168.2.23:53236
    Source: TrafficSnort IDS: 716 INFO TELNET access 210.104.175.158:23 -> 192.168.2.23:53428
    Source: TrafficSnort IDS: 716 INFO TELNET access 122.102.45.162:23 -> 192.168.2.23:52858
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 81.139.172.106:23 -> 192.168.2.23:45172
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 81.139.172.106:23 -> 192.168.2.23:45172
    Source: TrafficSnort IDS: 716 INFO TELNET access 77.247.89.100:23 -> 192.168.2.23:49338
    Source: TrafficSnort IDS: 716 INFO TELNET access 173.212.153.87:23 -> 192.168.2.23:53278
    Source: TrafficSnort IDS: 716 INFO TELNET access 210.104.175.158:23 -> 192.168.2.23:53470
    Source: TrafficSnort IDS: 716 INFO TELNET access 77.247.89.100:23 -> 192.168.2.23:49374
    Source: TrafficSnort IDS: 716 INFO TELNET access 173.212.153.87:23 -> 192.168.2.23:53308
    Source: TrafficSnort IDS: 716 INFO TELNET access 186.200.199.169:23 -> 192.168.2.23:53568
    Source: TrafficSnort IDS: 716 INFO TELNET access 77.247.89.100:23 -> 192.168.2.23:49408
    Source: TrafficSnort IDS: 716 INFO TELNET access 173.212.153.87:23 -> 192.168.2.23:53342
    Source: TrafficSnort IDS: 716 INFO TELNET access 77.247.89.100:23 -> 192.168.2.23:49446
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 117.175.71.135:23 -> 192.168.2.23:40822
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 117.175.71.135:23 -> 192.168.2.23:40822
    Source: TrafficSnort IDS: 716 INFO TELNET access 77.247.89.100:23 -> 192.168.2.23:49452
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 210.104.175.158:23 -> 192.168.2.23:53470
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 210.104.175.158:23 -> 192.168.2.23:53470
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 218.84.2.131:23 -> 192.168.2.23:42580
    Source: TrafficSnort IDS: 716 INFO TELNET access 77.247.89.100:23 -> 192.168.2.23:49468
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 186.200.199.169:23 -> 192.168.2.23:53568
    Source: TrafficSnort IDS: 716 INFO TELNET access 77.247.89.100:23 -> 192.168.2.23:49482
    Source: TrafficSnort IDS: 716 INFO TELNET access 77.247.89.100:23 -> 192.168.2.23:49486
    Source: TrafficSnort IDS: 716 INFO TELNET access 77.247.89.100:23 -> 192.168.2.23:49504
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 138.186.179.11:23 -> 192.168.2.23:42786
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 138.186.179.11:23 -> 192.168.2.23:42786
    Source: TrafficSnort IDS: 716 INFO TELNET access 186.200.199.169:23 -> 192.168.2.23:53712
    Source: TrafficSnort IDS: 716 INFO TELNET access 77.247.89.100:23 -> 192.168.2.23:49530
    Source: TrafficSnort IDS: 716 INFO TELNET access 77.247.89.100:23 -> 192.168.2.23:49546
    Source: TrafficSnort IDS: 716 INFO TELNET access 77.247.89.100:23 -> 192.168.2.23:49572
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 186.200.199.169:23 -> 192.168.2.23:53712
    Source: TrafficSnort IDS: 716 INFO TELNET access 77.247.89.100:23 -> 192.168.2.23:49590
    Source: TrafficSnort IDS: 716 INFO TELNET access 210.104.175.158:23 -> 192.168.2.23:53732
    Source: TrafficSnort IDS: 716 INFO TELNET access 77.247.89.100:23 -> 192.168.2.23:49632
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 218.84.2.131:23 -> 192.168.2.23:42750
    Source: TrafficSnort IDS: 716 INFO TELNET access 77.247.89.100:23 -> 192.168.2.23:49640
    Source: TrafficSnort IDS: 716 INFO TELNET access 210.169.117.62:23 -> 192.168.2.23:34238
    Source: TrafficSnort IDS: 716 INFO TELNET access 77.247.89.100:23 -> 192.168.2.23:49666
    Source: TrafficSnort IDS: 716 INFO TELNET access 77.247.89.100:23 -> 192.168.2.23:49676
    Source: TrafficSnort IDS: 716 INFO TELNET access 186.200.199.169:23 -> 192.168.2.23:53858
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 138.186.179.11:23 -> 192.168.2.23:43436
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 138.186.179.11:23 -> 192.168.2.23:43436
    Source: TrafficSnort IDS: 716 INFO TELNET access 77.247.89.100:23 -> 192.168.2.23:49694
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 117.175.71.135:23 -> 192.168.2.23:41092
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 117.175.71.135:23 -> 192.168.2.23:41092
    Source: TrafficSnort IDS: 716 INFO TELNET access 210.169.117.62:23 -> 192.168.2.23:34310
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 210.104.175.158:23 -> 192.168.2.23:53732
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 210.104.175.158:23 -> 192.168.2.23:53732
    Source: TrafficSnort IDS: 716 INFO TELNET access 77.247.89.100:23 -> 192.168.2.23:49716
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 186.200.199.169:23 -> 192.168.2.23:53858
    Source: TrafficSnort IDS: 716 INFO TELNET access 77.247.89.100:23 -> 192.168.2.23:49724
    Uses known network protocols on non-standard portsShow sources
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41280
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41302
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41332
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41352
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41378
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41388
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41396
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41412
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41420
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41432
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41446
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41460
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41470
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41476
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41482
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41490
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41500
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41504
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41514
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41524
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41534
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41540
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41546
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41552
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41560
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41568
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41578
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41582
    Source: global trafficTCP traffic: 192.168.2.23:56100 -> 185.227.108.66:40485
    Source: /tmp/arm (PID: 5261)Socket: 0.0.0.0::23
    Source: /usr/sbin/sshd (PID: 5317)Socket: 0.0.0.0::22
    Source: /usr/sbin/sshd (PID: 5317)Socket: [::]::22
    Source: /usr/bin/dbus-daemon (PID: 5361)Socket: <unknown socket type>:unknown
    Source: /usr/libexec/gnome-session-binary (PID: 5362)Socket: <unknown socket type>:unknown
    Source: /usr/lib/xorg/Xorg (PID: 5418)Socket: <unknown socket type>:unknown
    Source: /usr/bin/dbus-daemon (PID: 5464)Socket: <unknown socket type>:unknown
    Source: /usr/bin/dbus-daemon (PID: 5526)Socket: <unknown socket type>:unknown
    Source: /usr/libexec/gnome-session-binary (PID: 5467)Socket: <unknown socket type>:unknown
    Source: /usr/bin/ibus-daemon (PID: 5623)Socket: <unknown socket type>:unknown
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 36184
    Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 36184 -> 443
    Source: unknownTCP traffic detected without corresponding DNS query: 58.192.102.140
    Source: unknownTCP traffic detected without corresponding DNS query: 118.90.93.140
    Source: unknownTCP traffic detected without corresponding DNS query: 222.254.186.81
    Source: unknownTCP traffic detected without corresponding DNS query: 112.79.204.222
    Source: unknownTCP traffic detected without corresponding DNS query: 115.99.96.203
    Source: unknownTCP traffic detected without corresponding DNS query: 39.186.234.77
    Source: unknownTCP traffic detected without corresponding DNS query: 118.254.74.66
    Source: unknownTCP traffic detected without corresponding DNS query: 69.57.172.31
    Source: unknownTCP traffic detected without corresponding DNS query: 165.164.156.146
    Source: unknownTCP traffic detected without corresponding DNS query: 212.118.144.26
    Source: unknownTCP traffic detected without corresponding DNS query: 68.199.17.222
    Source: unknownTCP traffic detected without corresponding DNS query: 65.150.194.143
    Source: unknownTCP traffic detected without corresponding DNS query: 174.119.60.47
    Source: unknownTCP traffic detected without corresponding DNS query: 164.197.144.199
    Source: unknownTCP traffic detected without corresponding DNS query: 39.222.123.132
    Source: unknownTCP traffic detected without corresponding DNS query: 212.30.136.39
    Source: unknownTCP traffic detected without corresponding DNS query: 168.36.199.89
    Source: unknownTCP traffic detected without corresponding DNS query: 125.34.199.107
    Source: unknownTCP traffic detected without corresponding DNS query: 218.168.142.107
    Source: unknownTCP traffic detected without corresponding DNS query: 105.49.181.148
    Source: unknownTCP traffic detected without corresponding DNS query: 46.50.133.70
    Source: unknownTCP traffic detected without corresponding DNS query: 165.204.204.251
    Source: unknownTCP traffic detected without corresponding DNS query: 32.156.0.113
    Source: unknownTCP traffic detected without corresponding DNS query: 163.229.40.17
    Source: unknownTCP traffic detected without corresponding DNS query: 8.2.229.112
    Source: unknownTCP traffic detected without corresponding DNS query: 134.53.255.240
    Source: unknownTCP traffic detected without corresponding DNS query: 99.41.17.213
    Source: unknownTCP traffic detected without corresponding DNS query: 64.240.111.77
    Source: unknownTCP traffic detected without corresponding DNS query: 59.128.128.107
    Source: unknownTCP traffic detected without corresponding DNS query: 136.67.175.29
    Source: unknownTCP traffic detected without corresponding DNS query: 147.162.243.53
    Source: unknownTCP traffic detected without corresponding DNS query: 99.28.118.224
    Source: unknownTCP traffic detected without corresponding DNS query: 180.58.192.149
    Source: unknownTCP traffic detected without corresponding DNS query: 36.98.216.54
    Source: unknownTCP traffic detected without corresponding DNS query: 37.139.221.157
    Source: unknownTCP traffic detected without corresponding DNS query: 122.141.191.122
    Source: unknownTCP traffic detected without corresponding DNS query: 128.64.153.81
    Source: unknownTCP traffic detected without corresponding DNS query: 164.109.131.199
    Source: unknownTCP traffic detected without corresponding DNS query: 148.2.164.76
    Source: unknownTCP traffic detected without corresponding DNS query: 216.222.206.186
    Source: unknownTCP traffic detected without corresponding DNS query: 138.163.27.65
    Source: unknownTCP traffic detected without corresponding DNS query: 91.226.215.137
    Source: unknownTCP traffic detected without corresponding DNS query: 153.172.192.198
    Source: unknownTCP traffic detected without corresponding DNS query: 166.219.128.17
    Source: unknownTCP traffic detected without corresponding DNS query: 218.152.250.82
    Source: unknownTCP traffic detected without corresponding DNS query: 70.235.42.197
    Source: unknownTCP traffic detected without corresponding DNS query: 39.37.193.19
    Source: unknownTCP traffic detected without corresponding DNS query: 118.24.229.81
    Source: unknownTCP traffic detected without corresponding DNS query: 150.220.28.38
    Source: unknownTCP traffic detected without corresponding DNS query: 169.70.125.56
    Source: armString found in binary or memory: http://upx.sf.net
    Source: Xorg.0.log.104.drString found in binary or memory: http://wiki.x.org
    Source: Xorg.0.log.104.drString found in binary or memory: http://www.ubuntu.com/support)
    Source: motd-news.17.drString found in binary or memory: https://ubuntu.com/blog/microk8s-memory-optimisation
    Source: unknownDNS traffic detected: queries for: daisy.ubuntu.com
    Source: unknownHTTPS traffic detected: 162.213.33.132:443 -> 192.168.2.23:36184 version: TLS 1.2

    System Summary:

    barindex
    Sample tries to kill many processes (SIGKILL)Show sources
    Source: /tmp/arm (PID: 5261)SIGKILL sent: pid: 658, result: successful
    Source: /tmp/arm (PID: 5261)SIGKILL sent: pid: 720, result: successful
    Source: /tmp/arm (PID: 5261)SIGKILL sent: pid: 759, result: successful
    Source: /tmp/arm (PID: 5261)SIGKILL sent: pid: 772, result: successful
    Source: /tmp/arm (PID: 5261)SIGKILL sent: pid: 789, result: successful
    Source: /tmp/arm (PID: 5261)SIGKILL sent: pid: 800, result: successful
    Source: /tmp/arm (PID: 5261)SIGKILL sent: pid: 904, result: successful
    Source: /tmp/arm (PID: 5261)SIGKILL sent: pid: 936, result: successful
    Source: /tmp/arm (PID: 5261)SIGKILL sent: pid: 1320, result: successful
    Source: /tmp/arm (PID: 5261)SIGKILL sent: pid: 1334, result: successful
    Source: /tmp/arm (PID: 5261)SIGKILL sent: pid: 1335, result: successful
    Source: /tmp/arm (PID: 5261)SIGKILL sent: pid: 1389, result: successful
    Source: /tmp/arm (PID: 5261)SIGKILL sent: pid: 1809, result: successful
    Source: /tmp/arm (PID: 5261)SIGKILL sent: pid: 1872, result: successful
    Source: /tmp/arm (PID: 5261)SIGKILL sent: pid: 1888, result: successful
    Source: /usr/bin/dbus-daemon (PID: 5464)SIGKILL sent: pid: 5520, result: successful
    Source: /usr/bin/dbus-daemon (PID: 5464)SIGKILL sent: pid: 5868, result: successful
    Source: /usr/bin/dbus-daemon (PID: 5464)SIGKILL sent: pid: 6091, result: successful
    Source: /usr/bin/dbus-daemon (PID: 5526)SIGKILL sent: pid: 5882, result: successful
    Source: LOAD without section mappingsProgram segment: 0x8000
    Source: arm, type: SAMPLEMatched rule: SUSP_ELF_LNX_UPX_Compressed_File date = 2018-12-12, author = Florian Roth, description = Detects a suspicious ELF binary with UPX compression, reference = Internal Research, score = 038ff8b2fef16f8ee9d70e6c219c5f380afe1a21761791e8cbda21fa4d09fdb4
    Source: /tmp/arm (PID: 5261)SIGKILL sent: pid: 658, result: successful
    Source: /tmp/arm (PID: 5261)SIGKILL sent: pid: 720, result: successful
    Source: /tmp/arm (PID: 5261)SIGKILL sent: pid: 759, result: successful
    Source: /tmp/arm (PID: 5261)SIGKILL sent: pid: 772, result: successful
    Source: /tmp/arm (PID: 5261)SIGKILL sent: pid: 789, result: successful
    Source: /tmp/arm (PID: 5261)SIGKILL sent: pid: 800, result: successful
    Source: /tmp/arm (PID: 5261)SIGKILL sent: pid: 904, result: successful
    Source: /tmp/arm (PID: 5261)SIGKILL sent: pid: 936, result: successful
    Source: /tmp/arm (PID: 5261)SIGKILL sent: pid: 1320, result: successful
    Source: /tmp/arm (PID: 5261)SIGKILL sent: pid: 1334, result: successful
    Source: /tmp/arm (PID: 5261)SIGKILL sent: pid: 1335, result: successful
    Source: /tmp/arm (PID: 5261)SIGKILL sent: pid: 1389, result: successful
    Source: /tmp/arm (PID: 5261)SIGKILL sent: pid: 1809, result: successful
    Source: /tmp/arm (PID: 5261)SIGKILL sent: pid: 1872, result: successful
    Source: /tmp/arm (PID: 5261)SIGKILL sent: pid: 1888, result: successful
    Source: /usr/bin/dbus-daemon (PID: 5464)SIGKILL sent: pid: 5520, result: successful
    Source: /usr/bin/dbus-daemon (PID: 5464)SIGKILL sent: pid: 5868, result: successful
    Source: /usr/bin/dbus-daemon (PID: 5464)SIGKILL sent: pid: 6091, result: successful
    Source: /usr/bin/dbus-daemon (PID: 5526)SIGKILL sent: pid: 5882, result: successful
    Source: armJoe Sandbox Cloud Basic: Detection: clean Score: 0Perma Link
    Source: classification engineClassification label: mal84.spre.troj.evad.lin@0/52@3/0

    Data Obfuscation:

    barindex
    Sample is packed with UPXShow sources
    Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
    Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
    Source: initial sampleString containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $

    Persistence and Installation Behavior:

    barindex
    Sample reads /proc/mounts (often used for finding a writable filesystem)Show sources
    Source: /usr/bin/dbus-daemon (PID: 5361)File: /proc/5361/mountsJump to behavior
    Source: /usr/bin/dbus-daemon (PID: 5464)File: /proc/5464/mountsJump to behavior
    Source: /usr/bin/dbus-daemon (PID: 5526)File: /proc/5526/mountsJump to behavior
    Source: /usr/bin/gjs (PID: 6092)File: /proc/6092/mountsJump to behavior
    Source: /usr/bin/gnome-shell (PID: 5566)File: /proc/5566/mountsJump to behavior
    Source: /bin/fusermount (PID: 5471)File: /proc/5471/mounts
    Source: /bin/sh (PID: 5352)Grep executable: /usr/bin/grep -> grep -F .utf8
    Source: /tmp/arm (PID: 5261)File opened: /proc/1582/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/2033/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/670/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/793/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/1579/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/1612/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/1699/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/674/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/1335/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/2028/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/675/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/796/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/1334/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/1532/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/1576/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/797/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/676/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/677/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/2025/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/799/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/910/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/912/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/517/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/759/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/918/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/1594/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/1349/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/761/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/884/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/1389/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/1983/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/2038/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/720/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/1344/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/1465/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/1586/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/721/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/1463/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/800/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/801/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/847/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/1900/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/491/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/1877/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/2009/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/772/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/1599/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/774/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/1477/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/654/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/896/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/1476/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/1872/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/655/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/1475/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/656/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/777/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/657/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/658/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/419/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/936/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/1809/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/1494/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/1890/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/1888/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/1601/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/420/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/1886/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/2018/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/1489/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/785/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/2014/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/1320/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/788/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/667/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/789/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/904/exe
    Source: /tmp/arm (PID: 5261)File opened: /proc/1207/exe
    Source: /usr/bin/dbus-daemon (PID: 5464)File opened: /proc/6130/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5464)File opened: /proc/6152/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5464)File opened: /proc/6110/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5464)File opened: /proc/5464/status
    Source: /usr/bin/dbus-daemon (PID: 5464)File opened: /proc/5464/attr/current
    Source: /usr/bin/dbus-daemon (PID: 5464)File opened: /proc/6134/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5464)File opened: /proc/6112/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5464)File opened: /proc/5883/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5464)File opened: /proc/6115/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5464)File opened: /proc/6137/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5464)File opened: /proc/5521/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5464)File opened: /proc/6114/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5464)File opened: /proc/6092/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5464)File opened: /proc/6128/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5464)File opened: /proc/6120/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5464)File opened: /proc/6121/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5464)File opened: /proc/6126/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5464)File opened: /proc/6117/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5464)File opened: /proc/5566/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5464)File opened: /proc/5467/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5464)File opened: /proc/5467/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5464)File opened: /proc/5468/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5464)File opened: /proc/6116/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5464)File opened: /proc/5623/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5464)File opened: /proc/6118/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5464)File opened: /proc/5869/cmdline
    Source: /usr/bin/dbus-daemon (PID: 5526)File opened: /proc/6121/cmdline
    Source: /usr/bin/whoopsie (PID: 5303)Directory: /nonexistent/.cacheJump to behavior
    Source: /usr/lib/accountsservice/accounts-daemon (PID: 5330)Directory: /root/.cacheJump to behavior
    Source: /usr/lib/accountsservice/accounts-daemon (PID: 5330)File: /var/lib/AccountsService/icons (bits: - usr: rx grp: rwx all: rwx)Jump to behavior
    Source: /usr/lib/accountsservice/accounts-daemon (PID: 5330)File: /var/lib/AccountsService/users (bits: - usr: - grp: - all: rwx)Jump to behavior
    Source: /usr/share/language-tools/language-options (PID: 5350)Shell command executed: sh -c "locale -a | grep -F .utf8 "
    Source: /usr/lib/xorg/Xorg (PID: 5428)Shell command executed: sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""
    Source: /usr/lib/xorg/Xorg (PID: 5872)Shell command executed: sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""
    Source: /usr/bin/dash (PID: 5208)Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.0ZsCqe1shq /tmp/tmp.EYKo36YtKI /tmp/tmp.yzVwFZ13h1
    Source: /usr/lib/xorg/Xorg (PID: 5418)Log file created: /var/log/Xorg.0.logJump to dropped file

    Hooking and other Techniques for Hiding and Protection:

    barindex
    Uses known network protocols on non-standard portsShow sources
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41280
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41302
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41332
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41352
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41378
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41388
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41396
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41412
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41420
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41432
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41446
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41460
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41470
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41476
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41482
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41490
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41500
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41504
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41514
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41524
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41534
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41540
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41546
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41552
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41560
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41568
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41578
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41582
    Source: /usr/lib/xorg/Xorg (PID: 5418)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/libexec/gnome-session-check-accelerated (PID: 5468)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/libexec/gnome-session-check-accelerated-gl-helper (PID: 5527)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/libexec/gnome-session-check-accelerated-gles-helper (PID: 5536)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/bin/gnome-shell (PID: 5566)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/bin/pulseaudio (PID: 5455)Reads CPU info from /sys: /sys/devices/system/cpu/online
    Source: /usr/bin/pulseaudio (PID: 5879)Reads CPU info from /sys: /sys/devices/system/cpu/online
    Source: /tmp/arm (PID: 5255)Queries kernel information via 'uname':
    Source: /usr/bin/whoopsie (PID: 5303)Queries kernel information via 'uname':
    Source: /usr/lib/gdm3/gdm-session-worker (PID: 5353)Queries kernel information via 'uname':
    Source: /usr/libexec/gnome-session-binary (PID: 5362)Queries kernel information via 'uname':
    Source: /usr/lib/gdm3/gdm-session-worker (PID: 5411)Queries kernel information via 'uname':
    Source: /usr/lib/gdm3/gdm-x-session (PID: 5416)Queries kernel information via 'uname':
    Source: /usr/lib/xorg/Xorg (PID: 5418)Queries kernel information via 'uname':
    Source: /usr/libexec/at-spi-bus-launcher (PID: 5521)Queries kernel information via 'uname':
    Source: /usr/libexec/at-spi2-registryd (PID: 5883)Queries kernel information via 'uname':
    Source: /usr/libexec/gnome-session-binary (PID: 5467)Queries kernel information via 'uname':
    Source: /usr/libexec/gnome-session-check-accelerated (PID: 5468)Queries kernel information via 'uname':
    Source: /usr/libexec/gnome-session-check-accelerated-gl-helper (PID: 5527)Queries kernel information via 'uname':
    Source: /usr/libexec/gnome-session-check-accelerated-gles-helper (PID: 5536)Queries kernel information via 'uname':
    Source: /usr/bin/gnome-shell (PID: 5566)Queries kernel information via 'uname':
    Source: /usr/libexec/ibus-x11 (PID: 5867)Queries kernel information via 'uname':
    Source: /usr/libexec/gsd-wacom (PID: 6112)Queries kernel information via 'uname':
    Source: /usr/libexec/gsd-color (PID: 6114)Queries kernel information via 'uname':
    Source: /usr/libexec/gsd-keyboard (PID: 6115)Queries kernel information via 'uname':
    Source: /usr/libexec/gsd-smartcard (PID: 6118)Queries kernel information via 'uname':
    Source: /usr/libexec/gsd-media-keys (PID: 6121)Queries kernel information via 'uname':
    Source: /usr/libexec/gsd-power (PID: 6137)Queries kernel information via 'uname':
    Source: /usr/bin/pulseaudio (PID: 5455)Queries kernel information via 'uname':
    Source: /usr/bin/pulseaudio (PID: 5879)Queries kernel information via 'uname':
    Source: /lib/systemd/systemd-hostnamed (PID: 6155)Queries kernel information via 'uname':
    Source: /usr/libexec/fprintd (PID: 6507)Queries kernel information via 'uname':
    Source: /usr/lib/xorg/Xorg (PID: 5418)Truncated file: /var/log/Xorg.pid-5418.log
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.697] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.902] (II) vmware(0): Not using default mode "960x540" (monitor doesn't support reduced blanking)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.492] (II) vmware(0): Not using default mode "1280x960" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.662] (II) vmware(0): Not using default mode "1920x1440" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.653] (II) vmware(0): Not using default mode "1856x1392" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.327] (II) vmware(0): Not using default mode "1400x900" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.772] (II) vmware(0): Not using default mode "800x512" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.463] (II) vmware(0): Not using default mode "512x384" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.617] (II) vmware(0): Modeline "1152x864"x75.0 108.00 1152 1216 1344 1600 864 865 868 900 +hsync +vsync (67.5 kHz d)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.911] (II) vmware(0): Not using default mode "480x270" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.353] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.575] (II) vmware(0): Not using default mode "640x512" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.639] (II) vmware(0): Not using default mode "896x672" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 481.892] (--) vmware(0): depth: 24
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.705] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.916] (II) vmware(0): Not using default mode "1024x576" (monitor doesn't support reduced blanking)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.951] (II) vmware(0): Not using default mode "684x384" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 484.503] (**) vmware(0): Default mode "720x400": 35.5 MHz, 37.9 kHz, 85.0 Hz
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.179] (II) vmware(0): Not using default mode "1920x1080" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.767] (II) vmware(0): Modeline "1024x768"x60.0 65.00 1024 1048 1184 1344 768 771 777 806 -hsync -vsync (48.4 kHz d)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.658] (II) vmware(0): Not using default mode "928x696" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.967] (II) vmware(0): Not using default mode "800x450" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.743] (II) vmware(0): Not using default mode "700x525" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 492.570] (**) VirtualPS/2 VMware VMMouse: Applying InputClass "libinput pointer catchall"
    Source: Xorg.0.log.104.drBinary or memory string: [ 481.223] (WW) vmware(0): Disabling Render Acceleration.
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.251] (II) vmware(0): Not using default mode "320x240" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 492.704] (**) VirtualPS/2 VMware VMMouse: (accel) acceleration factor: 2.000
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.725] (**) vmware(0): Default mode "1024x768": 75.0 MHz, 56.5 kHz, 70.1 Hz
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.855] (II) vmware(0): Not using default mode "2048x1536" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 492.736] (II) event2 - VirtualPS/2 VMware VMMouse: is tagged by udev as: Mouse
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.708] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.716] (II) vmware(0): Not using default mode "680x384" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.694] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.610] (II) vmware(0): Not using default mode "1600x1200" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.825] (II) vmware(0): Not using default mode "960x600" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.695] (II) vmware(0): Modeline "1024x768"x85.0 94.50 1024 1072 1168 1376 768 769 772 808 +hsync +vsync (68.7 kHz d)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.266] (II) vmware(0): Not using default mode "400x300" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 484.435] (II) vmware(0): Modeline "864x486"x59.9 32.50 864 888 968 1072 486 489 494 506 -hsync +vsync (30.3 kHz d)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.777] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.050] (II) vmware(0): Not using default mode "2880x1620" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.343] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 492.575] (II) Using input driver 'libinput' for 'VirtualPS/2 VMware VMMouse'
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.683] (**) vmware(0): Default mode "1024x768": 94.5 MHz, 68.7 kHz, 85.0 Hz
    Source: Xorg.0.log.104.drBinary or memory string: [ 484.465] (**) vmware(0): Default mode "640x480": 31.5 MHz, 37.9 kHz, 72.8 Hz
    Source: Xorg.0.log.104.drBinary or memory string: [ 481.926] (--) vmware(0): pbase: 0xe8000000
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.044] (II) vmware(0): Not using default mode "1280x720" (width requires unsupported line pitch)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.754] (II) vmware(0): Not using default mode "1400x1050" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.941] (II) vmware(0): Not using default mode "640x360" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 492.608] (**) VirtualPS/2 VMware VMMouse: always reports core events
    Source: arm, 5255.1.0000000039dd1254.00000000e616feff.rw-.sdmpBinary or memory string: U!/etc/qemu-binfmt/arm
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.749] (**) vmware(0): Default mode "1024x768": 65.0 MHz, 48.4 kHz, 60.0 Hz
    Source: Xorg.0.log.104.drBinary or memory string: [ 481.236] (--) vmware(0): VMware SVGA regs at (0x1070, 0x1071)
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.203] (II) vmware(0): Not using default mode "4096x2304" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 492.394] (II) event3 - VirtualPS/2 VMware VMMouse: device is a pointer
    Source: Xorg.0.log.104.drBinary or memory string: [ 484.523] (**) vmware(0): Default mode "640x360": 18.0 MHz, 22.5 kHz, 59.8 Hz
    Source: Xorg.0.log.104.drBinary or memory string: [ 492.480] (**) VirtualPS/2 VMware VMMouse: (accel) acceleration threshold: 4
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.747] (II) vmware(0): Not using default mode "1400x1050" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.959] (II) vmware(0): Not using default mode "684x384" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 484.548] (==) vmware(0): DPI set to (96, 96)
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.317] (II) vmware(0): Not using default mode "1400x900" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 492.669] (II) event2 - VirtualPS/2 VMware VMMouse: device removed
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.822] (II) vmware(0): Not using default mode "1920x1200" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.221] (II) vmware(0): Not using default mode "2560x1440" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.332] (II) vmware(0): Not using default mode "700x450" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.519] (II) vmware(0): Not using default mode "640x480" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.780] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.794] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 491.489] (II) config/udev: Adding input device VirtualPS/2 VMware VMMouse (/dev/input/event3)
    Source: Xorg.0.log.104.drBinary or memory string: [ 492.513] (II) event3 - VirtualPS/2 VMware VMMouse: is tagged by udev as: Mouse
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.859] (II) vmware(0): Not using default mode "1024x768" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.869] (II) vmware(0): Not using default mode "320x180" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.068] (II) vmware(0): Not using default mode "1440x810" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 484.539] (**) vmware(0): Default mode "640x350": 31.5 MHz, 37.9 kHz, 85.1 Hz
    Source: Xorg.0.log.104.drBinary or memory string: [ 485.139] (==) vmware(0): Silken mouse enabled
    Source: Xorg.0.log.104.drBinary or memory string: [ 484.382] (**) vmware(0): Default mode "800x600": 50.0 MHz, 48.1 kHz, 72.2 Hz
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.963] (II) vmware(0): Not using default mode "1600x900" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.301] (II) vmware(0): Not using default mode "640x400" (bad mode clock/interlace/doublescan)
    Source: arm, 5255.1.000000004a06d35e.00000000a75fc404.rw-.sdmpBinary or memory string: /usr/bin/qemu-arm
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.832] (II) vmware(0): Not using default mode "960x720" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.717] (II) vmware(0): Modeline "1024x768"x75.0 78.75 1024 1040 1136 1312 768 769 772 800 +hsync +vsync (60.0 kHz d)
    Source: Xorg.0.log.104.drBinary or memory string: [ 484.514] (**) vmware(0): Default mode "640x400": 31.5 MHz, 37.9 kHz, 85.1 Hz
    Source: Xorg.0.log.104.drBinary or memory string: [ 492.710] (**) VirtualPS/2 VMware VMMouse: (accel) acceleration threshold: 4
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.874] (II) vmware(0): Not using default mode "720x405" (monitor doesn't support reduced blanking)
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.477] (II) vmware(0): Not using default mode "1280x800" (width requires unsupported line pitch)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.469] (II) vmware(0): Not using default mode "512x384" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.511] (II) vmware(0): Not using default mode "1280x960" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.610] (**) vmware(0): Default mode "1152x864": 108.0 MHz, 67.5 kHz, 75.0 Hz
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.898] (II) vmware(0): Not using default mode "432x243" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 481.217] (WW) vmware(0): Disabling 3D support.
    Source: Xorg.0.log.104.drBinary or memory string: [ 484.389] (II) vmware(0): Modeline "800x600"x72.2 50.00 800 856 976 1040 600 637 643 666 +hsync +vsync (48.1 kHz d)
    Source: Xorg.0.log.104.drBinary or memory string: [ 484.349] (**) vmware(0): Default mode "800x600": 56.3 MHz, 53.7 kHz, 85.1 Hz
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.262] (II) vmware(0): Not using default mode "3840x2160" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.579] (**) vmware(0): Default mode "1152x864": 119.7 MHz, 77.1 kHz, 85.0 Hz
    Source: Xorg.0.log.104.drBinary or memory string: [ 480.677] (==) Matched vmware as autoconfigured driver 0
    Source: arm, 5255.1.000000004a06d35e.00000000a75fc404.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-arm/tmp/armSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/arm
    Source: Xorg.0.log.104.drBinary or memory string: [ 484.527] (II) vmware(0): Modeline "640x360"x59.8 18.00 640 664 720 800 360 363 368 376 -hsync +vsync (22.5 kHz d)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.864] (II) vmware(0): Not using default mode "320x180" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.345] (II) vmware(0): Not using default mode "1024x768i" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.990] (II) vmware(0): Modeline "832x624"x74.6 57.28 832 864 928 1152 624 625 628 667 -hsync -vsync (49.7 kHz d)
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.062] (II) vmware(0): Not using default mode "2880x1620" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.894] (II) vmware(0): Not using default mode "432x243" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.173] (II) vmware(0): Not using default mode "3840x2160" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 481.995] (--) vmware(0): w.red: 8
    Source: Xorg.0.log.104.drBinary or memory string: [ 480.906] (II) vmware: driver for VMware SVGA: vmware0405, vmware0710
    Source: Xorg.0.log.104.drBinary or memory string: [ 484.361] (II) vmware(0): Modeline "800x600"x85.1 56.30 800 832 896 1048 600 601 604 631 +hsync +vsync (53.7 kHz d)
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.000] (II) vmware(0): Not using default mode "2048x1152" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.974] (II) vmware(0): Not using default mode "800x450" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.017] (II) vmware(0): Not using default mode "2048x1152" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.787] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.818] (II) vmware(0): Not using default mode "960x540" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 481.956] (--) vmware(0): depth: 24
    Source: Xorg.0.log.104.drBinary or memory string: [ 485.146] (II) vmware(0): Initialized VMware Xv extension successfully.
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.815] (II) vmware(0): Not using default mode "1920x1080" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.428] (II) vmware(0): Not using default mode "1920x1200" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 484.470] (II) vmware(0): Modeline "640x480"x72.8 31.50 640 664 704 832 480 489 492 520 -hsync -vsync (37.9 kHz d)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.724] (II) vmware(0): Not using default mode "680x384" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.886] (**) vmware(0): Default mode "832x624": 57.3 MHz, 49.7 kHz, 74.6 Hz
    Source: Xorg.0.log.104.drBinary or memory string: [ 484.375] (II) vmware(0): Modeline "800x600"x75.0 49.50 800 816 896 1056 600 601 604 625 +hsync +vsync (46.9 kHz d)
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.056] (II) vmware(0): Not using default mode "1440x810" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 484.441] (**) vmware(0): Default mode "640x480": 36.0 MHz, 43.3 kHz, 85.0 Hz
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.197] (II) vmware(0): Not using default mode "2048x1152" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.720] (II) vmware(0): Not using default mode "1360x768" (width requires unsupported line pitch)
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.709] (**) vmware(0): Default mode "1024x768": 78.8 MHz, 60.0 kHz, 75.0 Hz
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.689] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.671] (II) vmware(0): Not using default mode "1920x1440" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.209] (II) vmware(0): Not using default mode "2048x1152" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.228] (II) vmware(0): Not using default mode "5120x2880" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.633] (II) vmware(0): Modeline "1152x864"x75.0 104.99 1152 1224 1352 1552 864 865 868 902 -hsync +vsync (67.6 kHz d)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.829] (II) vmware(0): Not using default mode "1920x1440" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 484.454] (**) vmware(0): Default mode "640x480": 31.5 MHz, 37.5 kHz, 75.0 Hz
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.846] (II) vmware(0): Not using default mode "2048x1536" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.701] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.553] (II) vmware(0): Modeline "1152x864"x85.1 121.50 1152 1216 1344 1568 864 865 868 911 +hsync -vsync (77.5 kHz d)
    Source: Xorg.0.log.104.drBinary or memory string: [ 492.564] (II) config/udev: Adding input device VirtualPS/2 VMware VMMouse (/dev/input/event2)
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.250] (II) vmware(0): Not using default mode "3840x2160" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.982] (II) vmware(0): Not using default mode "960x540" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.580] (II) vmware(0): Not using default mode "1600x1200" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.288] (II) vmware(0): Not using default mode "400x300" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 484.429] (**) vmware(0): Default mode "864x486": 32.5 MHz, 30.3 kHz, 59.9 Hz
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.792] (II) vmware(0): Modeline "1024x576"x59.9 46.50 1024 1064 1160 1296 576 579 584 599 -hsync +vsync (35.9 kHz d)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.623] (II) vmware(0): Not using default mode "1792x1344" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.307] (II) vmware(0): Not using default mode "1280x800" (width requires unsupported line pitch)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.613] (II) vmware(0): Not using default mode "800x600" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.775] (**) vmware(0): Default mode "1024x576": 46.5 MHz, 35.9 kHz, 59.9 Hz
    Source: Xorg.0.log.104.drBinary or memory string: [ 492.683] (II) XINPUT: Adding extended input device "VirtualPS/2 VMware VMMouse" (type: MOUSE, id 9)
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.366] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.129] (==) vmware(0): RGB weight 888
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.840] (II) vmware(0): Not using default mode "1024x768" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 484.883] (II) vmware(0): Initialized VMWARE_CTRL extension version 0.2
    Source: Xorg.0.log.104.drBinary or memory string: [ 480.770] (II) Module vmware: vendor="X.Org Foundation"
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.376] (II) vmware(0): Not using default mode "1920x1200" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.937] (II) vmware(0): Not using default mode "1280x720" (width requires unsupported line pitch)
    Source: Xorg.0.log.104.drBinary or memory string: [ 481.030] (II) vmware(0): Creating default Display subsection in Screen section
    Source: Xorg.0.log.104.drBinary or memory string: [ 484.509] (II) vmware(0): Modeline "720x400"x85.0 35.50 720 756 828 936 400 401 404 446 -hsync +vsync (37.9 kHz d)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.991] (II) vmware(0): Not using default mode "1920x1080" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.100] (II) vmware(0): Not using default mode "1600x900" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.279] (II) vmware(0): Not using default mode "15360x8640" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.259] (II) vmware(0): Not using default mode "320x240" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 484.494] (II) vmware(0): Modeline "720x405"x59.5 22.50 720 744 808 896 405 408 413 422 -hsync +vsync (25.1 kHz d)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.805] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 484.486] (**) vmware(0): Default mode "720x405": 22.5 MHz, 25.1 kHz, 59.5 Hz
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.215] (II) vmware(0): Not using default mode "5120x2880" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 484.535] (II) vmware(0): Modeline "640x360"x59.3 17.75 640 688 720 800 360 363 368 374 +hsync -vsync (22.2 kHz d)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.676] (II) vmware(0): Not using default mode "960x720" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 480.711] (II) Loading /usr/lib/xorg/modules/drivers/vmware_drv.so
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.081] (II) vmware(0): Not using default mode "3200x1800" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.602] (II) vmware(0): Not using default mode "1600x1200" (insufficient memory for mode)
    Source: arm, 5261.1.00000000e616feff.000000000c04f09f.rw-.sdmpBinary or memory string: /usr/bin/vmtoolsd
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.740] (II) vmware(0): Modeline "1024x768"x70.1 75.00 1024 1048 1184 1328 768 771 777 806 -hsync -vsync (56.5 kHz d)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.758] (II) vmware(0): Not using default mode "700x525" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.590] (II) vmware(0): Not using default mode "800x600" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.234] (II) vmware(0): Not using default mode "2560x1440" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.136] (==) vmware(0): Default visual is TrueColor
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.468] (II) vmware(0): Not using default mode "2560x1600" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 485.130] (==) vmware(0): Backing store enabled
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.450] (II) vmware(0): Not using default mode "512x384" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.649] (II) vmware(0): Not using default mode "928x696" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.734] (II) vmware(0): Not using default mode "1400x1050" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.312] (II) vmware(0): Not using default mode "640x400" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.680] (II) vmware(0): Not using default mode "416x312" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.625] (**) vmware(0): Default mode "1152x864": 105.0 MHz, 67.6 kHz, 75.0 Hz
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.513] (II) vmware(0): Modeline "vmwlegacy-default-800x600"x60.0 36.25 800 801 802 1002 600 601 602 603 (36.2 kHz ez)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.498] (II) vmware(0): Not using default mode "640x480" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.594] (II) vmware(0): Not using default mode "1600x1200" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 481.946] (--) vmware(0): mheig: 885
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.152] (II) vmware(0): Not using default mode "1600x900" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 484.475] (**) vmware(0): Default mode "640x480": 25.2 MHz, 31.5 kHz, 59.9 Hz
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.751] (II) vmware(0): Not using default mode "700x525" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.712] (II) vmware(0): Not using default mode "1360x768" (width requires unsupported line pitch)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.243] (II) vmware(0): Not using default mode "320x240" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 491.504] (II) Using input driver 'libinput' for 'VirtualPS/2 VMware VMMouse'
    Source: arm, 5261.1.00000000e616feff.000000000c04f09f.rw-.sdmpBinary or memory string: !/proc/1594/exe0!/usr/bin/vmtoolsd1P
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.093] (--) vmware(0): vis: 4
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.539] (II) vmware(0): Not using default mode "640x512" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.836] (II) vmware(0): Not using default mode "2048x1536" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.384] (II) vmware(0): Not using default mode "960x600" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.028] (II) vmware(0): Not using default mode "2560x1440" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.598] (II) vmware(0): Not using default mode "800x600" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 492.661] (II) event2 - VirtualPS/2 VMware VMMouse: is tagged by udev as: Mouse
    Source: Xorg.0.log.104.drBinary or memory string: [ 492.536] (II) config/udev: Adding input device VirtualPS/2 VMware VMMouse (/dev/input/mouse1)
    Source: Xorg.0.log.104.drBinary or memory string: [ 492.741] (II) event2 - VirtualPS/2 VMware VMMouse: device is a pointer
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.108] (==) vmware(0): Depth 24, (==) framebuffer bpp 32
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.905] (II) vmware(0): Not using default mode "480x270" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.563] (II) vmware(0): Not using default mode "640x512" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.274] (II) vmware(0): Not using default mode "400x300" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.978] (II) vmware(0): Not using default mode "1920x1080" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 484.422] (II) vmware(0): Modeline "800x600"x56.2 36.00 800 824 896 1024 600 601 603 625 +hsync +vsync (35.2 kHz d)
    Source: Xorg.0.log.104.drBinary or memory string: [ 481.975] (--) vmware(0): bpp: 32
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.339] (II) vmware(0): Not using default mode "400x300" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.731] (II) vmware(0): Not using default mode "700x525" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 484.902] (II) vmware(0): Initialized VMware Xinerama extension.
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.644] (II) vmware(0): Not using default mode "1856x1392" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 484.907] (II) vmware(0): vgaHWGetIOBase: hwp->IOBase is 0x03d0
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.268] (II) vmware(0): Not using default mode "15360x8640" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.214] (II) vmware(0): Not using default mode "360x200" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.458] (II) vmware(0): Not using default mode "512x384" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.878] (II) vmware(0): Not using default mode "360x202" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.322] (II) vmware(0): Not using default mode "700x450" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 481.910] (--) vmware(0): bpp: 32
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.549] (II) vmware(0): Not using default mode "1280x1024" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.657] (II) vmware(0): Modeline "1152x864"x70.0 96.77 1152 1224 1344 1536 864 865 868 900 -hsync +vsync (63.0 kHz d)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.769] (II) vmware(0): Not using default mode "1600x1024" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 481.231] (WW) vmware(0): Disabling RandR12+ support.
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.727] (II) vmware(0): Not using default mode "1400x1050" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.185] (II) vmware(0): Not using default mode "4096x2304" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 481.211] (EE) vmware(0): Failed to open drm.
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.185] (II) vmware(0): Not using default mode "320x175" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 492.757] (II) config/udev: Adding input device VirtualPS/2 VMware VMMouse (/dev/input/mouse0)
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.438] (II) vmware(0): Not using default mode "960x600" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.882] (II) vmware(0): Not using default mode "360x202" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.159] (==) vmware(0): Will set up a driver mode with dimensions 800x600.
    Source: Xorg.0.log.104.drBinary or memory string: [ 480.700] (II) LoadModule: "vmware"
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.039] (II) vmware(0): Not using default mode "2560x1440" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 492.700] (**) VirtualPS/2 VMware VMMouse: (accel) selected scheme none/0
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.761] (II) vmware(0): Not using default mode "1440x900" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.006] (II) vmware(0): Not using default mode "1024x576" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 484.459] (II) vmware(0): Modeline "640x480"x75.0 31.50 640 656 720 840 480 481 484 500 -hsync -vsync (37.5 kHz d)
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.537] (**) vmware(0): Default mode "1152x864": 121.5 MHz, 77.5 kHz, 85.1 Hz
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.036] (--) vmware(0): w.grn: 8
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.765] (II) vmware(0): Not using default mode "720x450" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 492.461] (**) VirtualPS/2 VMware VMMouse: (accel) selected scheme none/0
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.627] (II) vmware(0): Not using default mode "896x672" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.890] (II) vmware(0): Not using default mode "864x486" (monitor doesn't support reduced blanking)
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.034] (II) vmware(0): Not using default mode "1280x720" (width requires unsupported line pitch)
    Source: Xorg.0.log.104.drBinary or memory string: [ 492.401] (II) event3 - VirtualPS/2 VMware VMMouse: device removed
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.791] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.675] (II) vmware(0): Modeline "1152x864"x60.0 81.62 1152 1216 1336 1520 864 865 868 895 -hsync +vsync (53.7 kHz d)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.568] (II) vmware(0): Not using default mode "1280x1024" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.166] (==) vmware(0): Using gamma correction (1.0, 1.0, 1.0)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.476] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.273] (II) vmware(0): Not using default mode "7680x4320" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 484.224] (II) vmware(0): Modeline "960x540"x59.6 40.75 960 992 1088 1216 540 543 548 562 -hsync +vsync (33.5 kHz d)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.933] (II) vmware(0): Not using default mode "640x360" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.925] (II) vmware(0): Not using default mode "512x288" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.460] (II) vmware(0): Not using default mode "1280x800" (width requires unsupported line pitch)
    Source: Xorg.0.log.104.drBinary or memory string: [ 484.403] (**) vmware(0): Default mode "800x600": 40.0 MHz, 37.9 kHz, 60.3 Hz
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.971] (II) vmware(0): Not using default mode "1600x900" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.597] (II) vmware(0): Modeline "1152x864"x85.0 119.65 1152 1224 1352 1552 864 865 868 907 -hsync +vsync (77.1 kHz d)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.996] (II) vmware(0): Not using default mode "960x540" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.256] (II) vmware(0): Not using default mode "7680x4320" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.223] (II) vmware(0): Not using default mode "320x240" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.631] (II) vmware(0): Not using default mode "1792x1344" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.850] (II) vmware(0): Not using default mode "1024x768" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.641] (**) vmware(0): Default mode "1152x864": 96.8 MHz, 63.0 kHz, 70.0 Hz
    Source: Xorg.0.log.104.drBinary or memory string: [ 481.933] (--) vmware(0): mwidt: 1176
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.521] (**) vmware(0): Default mode "1152x864": 143.5 MHz, 91.5 kHz, 100.0 Hz
    Source: Xorg.0.log.104.drBinary or memory string: [ 484.092] (**) vmware(0): Default mode "960x540": 40.8 MHz, 33.5 kHz, 59.6 Hz
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.808] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 484.416] (**) vmware(0): Default mode "800x600": 36.0 MHz, 35.2 kHz, 56.2 Hz
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.617] (II) vmware(0): Not using default mode "1600x1200" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 484.531] (**) vmware(0): Default mode "640x360": 17.8 MHz, 22.2 kHz, 59.3 Hz
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.798] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.144] (==) vmware(0): Using HW cursor
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.284] (II) vmware(0): Not using default mode "7680x4320" (insufficient memory for mode)
    Source: arm, 5255.1.0000000039dd1254.00000000e616feff.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/arm
    Source: Xorg.0.log.104.drBinary or memory string: [ 484.410] (II) vmware(0): Modeline "800x600"x60.3 40.00 800 840 968 1056 600 601 605 628 +hsync +vsync (37.9 kHz d)
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.337] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.197] (II) vmware(0): Not using default mode "320x200" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.174] (II) vmware(0): Clock range: 0.00 to 400000.00 MHz
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.126] (II) vmware(0): Not using default mode "3200x1800" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 492.379] (II) event3 - VirtualPS/2 VMware VMMouse: is tagged by udev as: Mouse
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.312] (II) vmware(0): Not using default mode "400x300" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.504] (**) vmware(0): *Driver mode "vmwlegacy-default-800x600": 36.3 MHz, 36.2 kHz, 60.0 Hz
    Source: Xorg.0.log.104.drBinary or memory string: [ 484.518] (II) vmware(0): Modeline "640x400"x85.1 31.50 640 672 736 832 400 401 404 445 -hsync +vsync (37.9 kHz d)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.801] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 484.543] (II) vmware(0): Modeline "640x350"x85.1 31.50 640 672 736 832 350 382 385 445 +hsync -vsync (37.9 kHz d)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.534] (II) vmware(0): Not using default mode "1280x1024" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.160] (II) vmware(0): Not using default mode "3840x2160" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 484.448] (II) vmware(0): Modeline "640x480"x85.0 36.00 640 696 752 832 480 481 484 509 -hsync -vsync (43.3 kHz d)
    Source: Xorg.0.log.104.drBinary or memory string: [ 491.496] (**) VirtualPS/2 VMware VMMouse: Applying InputClass "libinput pointer catchall"
    Source: Xorg.0.log.104.drBinary or memory string: [ 492.665] (II) event2 - VirtualPS/2 VMware VMMouse: device is a pointer
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.167] (II) vmware(0): Not using default mode "1920x1080" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.076] (--) vmware(0): w.blu: 8
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.929] (II) vmware(0): Not using default mode "1280x720" (width requires unsupported line pitch)
    Source: Xorg.0.log.104.drBinary or memory string: [ 484.481] (II) vmware(0): Modeline "640x480"x59.9 25.18 640 656 752 800 480 490 492 525 -hsync -vsync (31.5 kHz d)
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.023] (II) vmware(0): Not using default mode "1024x576" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.486] (II) vmware(0): Virtual size is 800x600 (pitch 1176)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.955] (II) vmware(0): Not using default mode "1368x768" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 492.466] (**) VirtualPS/2 VMware VMMouse: (accel) acceleration factor: 2.000
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.620] (II) vmware(0): Not using default mode "800x600" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.244] (II) vmware(0): Not using default mode "7680x4320" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.812] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 481.918] (--) vmware(0): vram: 4194304
    Source: Xorg.0.log.104.drBinary or memory string: [ 492.441] (II) XINPUT: Adding extended input device "VirtualPS/2 VMware VMMouse" (type: MOUSE, id 8)
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.529] (II) vmware(0): Modeline "1152x864"x100.0 143.47 1152 1232 1360 1568 864 865 868 915 -hsync +vsync (91.5 kHz d)
    Source: Xorg.0.log.104.drBinary or memory string: [ 491.582] (**) VirtualPS/2 VMware VMMouse: always reports core events
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.665] (**) vmware(0): Default mode "1152x864": 81.6 MHz, 53.7 kHz, 60.0 Hz
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.295] (II) vmware(0): Not using default mode "1280x800" (width requires unsupported line pitch)
    Source: Xorg.0.log.104.drBinary or memory string: [ 484.368] (**) vmware(0): Default mode "800x600": 49.5 MHz, 46.9 kHz, 75.0 Hz
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.667] (II) vmware(0): Not using default mode "960x720" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.921] (II) vmware(0): Not using default mode "512x288" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.947] (II) vmware(0): Not using default mode "1368x768" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 481.880] (--) vmware(0): caps: 0xFDFF83E2
    Source: Xorg.0.log.104.drBinary or memory string: [ 483.452] (II) vmware(0): Not using default mode "2560x1600" (insufficient memory for mode)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.441] (II) vmware(0): Not using default mode "512x384i" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 482.606] (II) vmware(0): Not using default mode "800x600" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.104.drBinary or memory string: [ 492.519] (II) event3 - VirtualPS/2 VMware VMMouse: device is a pointer

    Language, Device and Operating System Detection:

    barindex
    Reads system files that contain records of logged in usersShow sources
    Source: /usr/lib/accountsservice/accounts-daemon (PID: 5330)Logged in records file read: /var/log/wtmpJump to behavior

    Stealing of Sensitive Information:

    barindex
    Yara detected MiraiShow sources
    Source: Yara matchFile source: dump.pcap, type: PCAP

    Remote Access Functionality:

    barindex
    Yara detected MiraiShow sources
    Source: Yara matchFile source: dump.pcap, type: PCAP

    Mitre Att&ck Matrix

    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
    Valid AccountsScripting1Path InterceptionPath InterceptionFile and Directory Permissions Modification1OS Credential Dumping1Security Software Discovery11Remote ServicesData from Local SystemExfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
    Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsScripting1LSASS MemorySystem Owner/User Discovery1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothNon-Standard Port11Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
    Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Hidden Files and Directories1Security Account ManagerFile and Directory Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
    Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Obfuscated Files or Information1NTDSSystem Information Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol2SIM Card SwapCarrier Billing Fraud
    Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptIndicator Removal on Host1LSA SecretsRemote System DiscoverySSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
    Replication Through Removable MediaLaunchdRc.commonRc.commonFile Deletion1Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features

    Malware Configuration

    No configs have been found

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Number of created Files
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 518884 Sample: arm Startdate: 10/11/2021 Architecture: LINUX Score: 84 120 65.47.69.39 XO-AS15US United States 2->120 122 187.18.175.75 VideomarRedeNordesteSABR Brazil 2->122 124 99 other IPs or domains 2->124 134 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->134 136 Multi AV Scanner detection for submitted file 2->136 138 Yara detected Mirai 2->138 140 2 other signatures 2->140 14 gdm3 gdm-session-worker 2->14         started        16 gdm3 gdm-session-worker 2->16         started        18 systemd accounts-daemon 2->18         started        21 26 other processes 2->21 signatures3 process4 signatures5 23 gdm-session-worker gdm-x-session 14->23         started        25 gdm-session-worker gdm-wayland-session 16->25         started        130 Reads system files that contain records of logged in users 18->130 27 accounts-daemon language-validate 18->27         started        132 Sample reads /proc/mounts (often used for finding a writable filesystem) 21->132 29 arm 21->29         started        31 arm 21->31         started        process6 process7 33 gdm-x-session dbus-run-session 23->33         started        35 gdm-x-session Xorg Xorg.wrap Xorg 23->35         started        37 gdm-x-session Default 23->37         started        39 gdm-wayland-session dbus-run-session 25->39         started        41 language-validate language-options 27->41         started        43 arm 29->43         started        46 arm 29->46         started        signatures8 48 dbus-run-session dbus-daemon 33->48         started        51 dbus-run-session gnome-session gnome-session-binary 1 33->51         started        53 Xorg sh 35->53         started        55 Xorg sh 35->55         started        57 dbus-run-session dbus-daemon 39->57         started        59 dbus-run-session gnome-session gnome-session-binary 1 39->59         started        61 language-options sh 41->61         started        148 Sample tries to kill many processes (SIGKILL) 43->148 63 arm 46->63         started        process9 signatures10 126 Sample tries to kill many processes (SIGKILL) 48->126 128 Sample reads /proc/mounts (often used for finding a writable filesystem) 48->128 65 dbus-daemon 48->65         started        67 dbus-daemon 48->67         started        73 9 other processes 48->73 75 19 other processes 51->75 69 sh xkbcomp 53->69         started        71 sh xkbcomp 55->71         started        78 7 other processes 57->78 80 2 other processes 59->80 82 2 other processes 61->82 process11 signatures12 84 dbus-daemon at-spi-bus-launcher 65->84         started        86 dbus-daemon gjs 67->86         started        99 9 other processes 73->99 150 Sample reads /proc/mounts (often used for finding a writable filesystem) 75->150 89 gnome-shell ibus-daemon 75->89         started        91 gsd-print-notifications 75->91         started        93 gnome-session-check-accelerated gnome-session-check-accelerated-gl-helper 75->93         started        95 gnome-session-check-accelerated gnome-session-check-accelerated-gles-helper 75->95         started        97 dbus-daemon false 78->97         started        101 6 other processes 78->101 process13 signatures14 103 at-spi-bus-launcher dbus-daemon 84->103         started        142 Sample reads /proc/mounts (often used for finding a writable filesystem) 86->142 106 ibus-daemon 89->106         started        108 ibus-daemon ibus-memconf 89->108         started        110 ibus-daemon ibus-engine-simple 89->110         started        112 gsd-print-notifications gsd-printer 91->112         started        process15 signatures16 144 Sample tries to kill many processes (SIGKILL) 103->144 146 Sample reads /proc/mounts (often used for finding a writable filesystem) 103->146 114 dbus-daemon 103->114         started        116 ibus-daemon ibus-x11 106->116         started        process17 process18 118 dbus-daemon at-spi2-registryd 114->118         started       

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    arm18%VirustotalBrowse
    arm16%ReversingLabsLinux.Trojan.Mirai

    Dropped Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    No Antivirus matches

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    daisy.ubuntu.com
    		162.213.33.108
    		truefalse
      		high

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      http://upx.sf.netarmfalse
        		high
        http://wiki.x.orgXorg.0.log.104.drfalse
          		high
          http://www.ubuntu.com/support)Xorg.0.log.104.drfalse
            		high
            https://ubuntu.com/blog/microk8s-memory-optimisationmotd-news.17.drfalse
              		high

              Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public

              IPDomainCountryFlagASNASN NameMalicious
              19.59.48.218
              		unknownUnited States
              		3MIT-GATEWAYSUSfalse
              39.250.129.180
              		unknownIndonesia
              		23693TELKOMSEL-ASN-IDPTTelekomunikasiSelularIDfalse
              175.237.148.1
              		unknownKorea Republic of
              		4766KIXS-AS-KRKoreaTelecomKRfalse
              91.198.46.37
              		unknownRussian Federation
              		206012AXIOSTV-AS---UpStreams---RUfalse
              122.191.250.25
              		unknownChina
              		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
              206.10.220.48
              		unknownUnited States
              		5006VOYANTUSfalse
              218.158.104.94
              		unknownKorea Republic of
              		4766KIXS-AS-KRKoreaTelecomKRfalse
              149.120.38.179
              		unknownUnited States
              		174COGENT-174USfalse
              82.62.61.200
              		unknownItaly
              		3269ASN-IBSNAZITfalse
              41.49.7.102
              		unknownSouth Africa
              		37168CELL-CZAfalse
              41.78.123.10
              		unknownCentral African Republic
              		22351INTELSAT-1USfalse
              107.169.202.164
              		unknownReserved
              		40676AS40676USfalse
              65.47.69.39
              		unknownUnited States
              		2828XO-AS15USfalse
              209.77.22.192
              		unknownUnited States
              		7132SBIS-ASUSfalse
              176.53.19.93
              		unknownTurkey
              		197328INETLTDTRfalse
              45.241.178.112
              		unknownEgypt
              		24863LINKdotNET-ASEGfalse
              160.109.64.10
              		unknownUnited States
              		1294NTTDATA-SERVICES-AS1USfalse
              53.148.44.7
              		unknownGermany
              		31399DAIMLER-ASITIGNGlobalNetworkDEfalse
              47.99.216.211
              		unknownChina
              		37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdfalse
              133.118.225.139
              		unknownJapan2522PPP-EXPJapanNetworkInformationCenterJPfalse
              193.105.108.56
              		unknownUnited Kingdom
              		207476LV_IZSLVfalse
              124.142.37.83
              		unknownJapan9824JTCL-JP-ASJupiterTelecommunicationCoLtdJPfalse
              98.38.68.191
              		unknownUnited States
              		7922COMCAST-7922USfalse
              110.76.137.58
              		unknownAustralia
              		59362KSNETWORK-AS-APKSNetworkLimitedBDfalse
              9.136.107.117
              		unknownUnited States
              		3356LEVEL3USfalse
              23.169.25.13
              		unknownReserved
              		395574CAMBIOBBUSfalse
              84.73.6.176
              		unknownSwitzerland
              		6830LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHoldingfalse
              4.221.60.8
              		unknownUnited States
              		3356LEVEL3USfalse
              83.171.81.78
              		unknownRussian Federation
              		12389ROSTELECOM-ASRUfalse
              159.104.120.251
              		unknownUnited States
              		16050REUTERS-DOCKLANDS-RES-ASReutersDocklandsresiliancyGBfalse
              170.183.207.232
              		unknownUnited States
              		11685HNBCOL-ASUSfalse
              187.18.175.75
              		unknownBrazil
              		28270VideomarRedeNordesteSABRfalse
              195.65.218.77
              		unknownSwitzerland
              		199642AS_ADUNO_2CHfalse
              152.90.39.20
              		unknownNorway
              		21171SCHIBSTEDSchibstedASAAutonomoussystemOsloNorwayNOfalse
              75.204.186.218
              		unknownUnited States
              		22394CELLCOUSfalse
              134.190.100.180
              		unknownCanada
              		8111DALUNIVCAfalse
              184.99.204.99
              		unknownUnited States
              		209CENTURYLINK-US-LEGACY-QWESTUSfalse
              79.103.170.149
              		unknownGreece
              		1241FORTHNET-GRForthnetEUfalse
              113.72.119.63
              		unknownChina
              		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
              205.143.49.27
              		unknownUnited States
              		393341SPOKANE-COUNTYUSfalse
              171.221.148.233
              		unknownChina
              		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
              171.40.189.88
              		unknownChina
              		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
              79.204.53.161
              		unknownGermany
              		3320DTAGInternetserviceprovideroperationsDEfalse
              63.84.141.231
              		unknownUnited States
              		14414CROSSBRDG-ASN01USfalse
              64.242.160.158
              		unknownUnited States
              		3561CENTURYLINK-LEGACY-SAVVISUSfalse
              109.252.60.144
              		unknownRussian Federation
              		25513ASN-MGTS-USPDRUfalse
              57.223.59.4
              		unknownBelgium
              		2686ATGS-MMD-ASUSfalse
              96.162.12.219
              		unknownUnited States
              		7922COMCAST-7922USfalse
              109.36.132.123
              		unknownNetherlands
              		15480VFNL-ASVodafoneNLAutonomousSystemNLfalse
              104.199.183.21
              		unknownUnited States
              		15169GOOGLEUSfalse
              197.84.227.233
              		unknownSouth Africa
              		10474OPTINETZAfalse
              216.175.40.141
              		unknownUnited States
              		12285ONE-ELEVENUSfalse
              223.124.158.159
              		unknownChina
              		58453CMI-INT-HKLevel30Tower1HKfalse
              203.13.26.6
              		unknownAustralia
              		2764AAPTAAPTLimitedAUfalse
              132.165.52.220
              		unknownFrance
              		777CEA-SaclayEUfalse
              97.254.245.162
              		unknownUnited States
              		6167CELLCO-PARTUSfalse
              155.225.196.253
              		unknownUnited States
              		2939SCAROLINA-ASUSfalse
              152.225.116.218
              		unknownUnited States
              		701UUNETUSfalse
              59.118.62.107
              		unknownTaiwan; Republic of China (ROC)
              		3462HINETDataCommunicationBusinessGroupTWfalse
              183.188.162.145
              		unknownChina
              		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
              13.6.139.40
              		unknownUnited States
              		33631PARC-ASNUSfalse
              200.235.176.71
              		unknownBrazil
              		1916AssociacaoRedeNacionaldeEnsinoePesquisaBRfalse
              198.46.69.160
              		unknownUnited States
              		54290HOSTWINDSUSfalse
              96.11.115.242
              		unknownUnited States
              		10796TWC-10796-MIDWESTUSfalse
              207.46.5.115
              		unknownUnited States
              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
              165.41.215.82
              		unknownUnited States
              		37053RSAWEB-ASZAfalse
              39.18.72.112
              		unknownKorea Republic of
              		4766KIXS-AS-KRKoreaTelecomKRfalse
              197.2.168.186
              		unknownTunisia
              		37705TOPNETTNfalse
              128.232.85.144
              		unknownUnited Kingdom
              		786JANETJiscServicesLimitedGBfalse
              53.75.197.37
              		unknownGermany
              		31399DAIMLER-ASITIGNGlobalNetworkDEfalse
              110.209.121.115
              		unknownChina
              		9394CTTNETChinaTieTongTelecommunicationsCorporationCNfalse
              178.129.66.47
              		unknownRussian Federation
              		28812JSCBIS-ASRUfalse
              107.149.237.180
              		unknownUnited States
              		54600PEGTECHINCUSfalse
              4.219.83.226
              		unknownUnited States
              		3356LEVEL3USfalse
              176.197.214.42
              		unknownRussian Federation
              		39927ELIGHT-ASRUfalse
              84.124.131.163
              		unknownSpain
              		6739ONO-ASCableuropa-ONOESfalse
              207.58.227.111
              		unknownUnited States
              		22958FIDELITY-001USfalse
              24.54.255.188
              		unknownPuerto Rico
              		14638LCPRLUSfalse
              128.228.133.9
              		unknownUnited States
              		31822CITY-UNIVERSITY-OF-NEW-YORKUSfalse
              118.199.26.215
              		unknownChina
              		4808CHINA169-BJChinaUnicomBeijingProvinceNetworkCNfalse
              5.97.10.84
              		unknownItaly
              		3269ASN-IBSNAZITfalse
              62.44.42.143
              		unknownGermany
              		41707ASN-HSDG-DEfalse
              178.230.74.165
              		unknownNetherlands
              		31615TMO-NL-ASNLfalse
              115.93.208.23
              		unknownKorea Republic of
              		3786LGDACOMLGDACOMCorporationKRfalse
              187.205.197.115
              		unknownMexico
              		8151UninetSAdeCVMXfalse
              171.159.234.243
              		unknownUnited States
              		10794BANKAMERICAUSfalse
              152.0.94.5
              		unknownDominican Republic
              		6400CompaniaDominicanadeTelefonosSADOfalse
              9.83.120.175
              		unknownUnited States
              		3356LEVEL3USfalse
              39.163.117.41
              		unknownChina
              		24445CMNET-V4HENAN-AS-APHenanMobileCommunicationsCoLtdCNfalse
              70.60.131.165
              		unknownUnited States
              		10796TWC-10796-MIDWESTUSfalse
              97.152.11.1
              		unknownUnited States
              		6167CELLCO-PARTUSfalse
              159.140.225.169
              		unknownUnited States
              		17264CERNER-COMUSfalse
              176.127.118.25
              		unknownSwitzerland
              		3303SWISSCOMSwisscomSwitzerlandLtdCHfalse
              120.3.224.35
              		unknownChina
              		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
              12.156.59.159
              		unknownUnited States
              		7018ATT-INTERNET4USfalse
              73.107.169.67
              		unknownUnited States
              		7922COMCAST-7922USfalse
              185.163.151.57
              		unknownIsrael
              		57259BROADNET-ASNILfalse
              175.55.216.46
              		unknownChina
              		134810CMNET-JILIN-AS-APChinaMobileGroupJiLincommunicationscofalse
              181.131.145.230
              		unknownColombia
              		13489EPMTelecomunicacionesSAESPCOfalse
              191.239.1.239
              		unknownBrazil
              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse

              Joe Sandbox View / Context

              IPs

              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
              45.241.178.112x86Get hashmaliciousBrowse

                Domains

                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                daisy.ubuntu.comarmGet hashmaliciousBrowse
                • 162.213.33.132
                x86Get hashmaliciousBrowse
                • 162.213.33.108
                arm7Get hashmaliciousBrowse
                • 162.213.33.132
                Filecoder.Hive_linux.binGet hashmaliciousBrowse
                • 162.213.33.108
                yFbmGHoONEGet hashmaliciousBrowse
                • 162.213.33.108
                zju8TB277lGet hashmaliciousBrowse
                • 162.213.33.108
                JYWllP5wHPGet hashmaliciousBrowse
                • 162.213.33.108
                uwgXkY20gBGet hashmaliciousBrowse
                • 162.213.33.108
                arm7Get hashmaliciousBrowse
                • 162.213.33.108
                armGet hashmaliciousBrowse
                • 162.213.33.132
                x86Get hashmaliciousBrowse
                • 162.213.33.132
                FWsCarsq8QGet hashmaliciousBrowse
                • 162.213.33.108
                x86Get hashmaliciousBrowse
                • 162.213.33.108
                arm7Get hashmaliciousBrowse
                • 162.213.33.132
                armGet hashmaliciousBrowse
                • 162.213.33.132
                7qvn4qlmi3Get hashmaliciousBrowse
                • 162.213.33.132
                JuofJwjQMTGet hashmaliciousBrowse
                • 162.213.33.108
                GRPVtMlbK5Get hashmaliciousBrowse
                • 162.213.33.108
                arm7Get hashmaliciousBrowse
                • 162.213.33.108
                x86Get hashmaliciousBrowse
                • 162.213.33.108

                ASN

                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                KIXS-AS-KRKoreaTelecomKRsora.armGet hashmaliciousBrowse
                • 211.217.82.4
                KKveTTgaAAsecNNaaaa.armGet hashmaliciousBrowse
                • 39.23.193.144
                v9o2vinbUjGet hashmaliciousBrowse
                • 39.17.222.203
                QaCRsRGMybGet hashmaliciousBrowse
                • 121.159.7.54
                x86_64Get hashmaliciousBrowse
                • 14.72.253.39
                armGet hashmaliciousBrowse
                • 222.109.126.151
                arm6Get hashmaliciousBrowse
                • 116.205.131.201
                arm5Get hashmaliciousBrowse
                • 222.105.112.87
                qgxgn5fQU1Get hashmaliciousBrowse
                • 183.97.210.171
                BS0Dxmu2goGet hashmaliciousBrowse
                • 121.186.106.126
                GB0O1NUtmJGet hashmaliciousBrowse
                • 183.118.206.44
                4DrtSJOLjrGet hashmaliciousBrowse
                • 125.151.18.134
                LAQh74RNElGet hashmaliciousBrowse
                • 211.39.71.34
                dYgJ72oG4fGet hashmaliciousBrowse
                • 1.99.144.8
                Kz2SeJpaxwGet hashmaliciousBrowse
                • 59.23.254.34
                O4aHLhCviLGet hashmaliciousBrowse
                • 121.170.35.65
                skonwRkAlJGet hashmaliciousBrowse
                • 14.79.35.160
                OoeA4dABtVGet hashmaliciousBrowse
                • 221.154.242.40
                b8xw7rKh8FGet hashmaliciousBrowse
                • 218.155.160.231
                mktkJhN1FdGet hashmaliciousBrowse
                • 183.124.154.123
                MIT-GATEWAYSUSsora.armGet hashmaliciousBrowse
                • 19.206.131.222
                KKveTTgaAAsecNNaaaa.armGet hashmaliciousBrowse
                • 19.26.188.187
                mipsGet hashmaliciousBrowse
                • 19.44.33.246
                arm6Get hashmaliciousBrowse
                • 18.38.73.10
                qgxgn5fQU1Get hashmaliciousBrowse
                • 19.80.107.224
                BS0Dxmu2goGet hashmaliciousBrowse
                • 18.170.106.149
                GB0O1NUtmJGet hashmaliciousBrowse
                • 18.44.7.53
                4DrtSJOLjrGet hashmaliciousBrowse
                • 18.7.222.233
                LAQh74RNElGet hashmaliciousBrowse
                • 19.201.108.84
                dYgJ72oG4fGet hashmaliciousBrowse
                • 18.40.250.115
                O4aHLhCviLGet hashmaliciousBrowse
                • 18.11.134.23
                fMGehkjmPvGet hashmaliciousBrowse
                • 18.42.251.87
                BKyU0T5xcwGet hashmaliciousBrowse
                • 18.165.74.155
                skonwRkAlJGet hashmaliciousBrowse
                • 18.34.238.241
                ZvUGMRqJrxGet hashmaliciousBrowse
                • 19.24.137.141
                P8NtIPe7f0Get hashmaliciousBrowse
                • 18.160.247.23
                OoeA4dABtVGet hashmaliciousBrowse
                • 19.211.216.127
                gFn4iz8ygLGet hashmaliciousBrowse
                • 19.228.158.223
                mktkJhN1FdGet hashmaliciousBrowse
                • 19.35.144.57
                Zhh51946EqGet hashmaliciousBrowse
                • 19.11.43.50
                TELKOMSEL-ASN-IDPTTelekomunikasiSelularIDarm6Get hashmaliciousBrowse
                • 39.237.35.121
                jyTZMJKPD2Get hashmaliciousBrowse
                • 39.196.48.231
                OoeA4dABtVGet hashmaliciousBrowse
                • 39.209.226.105
                pZvr71PT9vGet hashmaliciousBrowse
                • 39.221.88.153
                cpnO27Hi5QGet hashmaliciousBrowse
                • 39.198.187.9
                7L38cWaJpWGet hashmaliciousBrowse
                • 39.203.239.235
                62G7F4Mgt0Get hashmaliciousBrowse
                • 39.199.110.45
                rXFu2DZdQqGet hashmaliciousBrowse
                • 39.235.30.120
                rMwxCtXmuJGet hashmaliciousBrowse
                • 182.0.167.151
                fukfKHAGMeGet hashmaliciousBrowse
                • 39.239.180.71
                uV1rj8v43FGet hashmaliciousBrowse
                • 39.192.36.97
                mL883e3xGwGet hashmaliciousBrowse
                • 39.212.244.121
                B94t90YyozGet hashmaliciousBrowse
                • 39.206.145.166
                sora.x86Get hashmaliciousBrowse
                • 39.222.174.221
                sora.x86Get hashmaliciousBrowse
                • 39.221.88.106
                sora.arm7Get hashmaliciousBrowse
                • 39.192.245.80
                sora.arm7Get hashmaliciousBrowse
                • 182.3.113.159
                8PRjJeUifBGet hashmaliciousBrowse
                • 39.203.199.128
                SZAYTvvY9YGet hashmaliciousBrowse
                • 182.8.245.166
                ENYxttDmO1Get hashmaliciousBrowse
                • 39.240.223.231

                JA3 Fingerprints

                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                8662467bc96db2d387755570446a7946Filecoder.Hive_linux.binGet hashmaliciousBrowse
                • 162.213.33.132
                mirai.armGet hashmaliciousBrowse
                • 162.213.33.132
                2j7dEG022bGet hashmaliciousBrowse
                • 162.213.33.132
                sora.arm7Get hashmaliciousBrowse
                • 162.213.33.132
                sora.x86Get hashmaliciousBrowse
                • 162.213.33.132
                sora.armGet hashmaliciousBrowse
                • 162.213.33.132
                EHqBakwhNUGet hashmaliciousBrowse
                • 162.213.33.132
                vq0sPlNJDKGet hashmaliciousBrowse
                • 162.213.33.132
                w07UCYGzBeGet hashmaliciousBrowse
                • 162.213.33.132
                Rry5mHEWuHGet hashmaliciousBrowse
                • 162.213.33.132
                ofgE8wetW4Get hashmaliciousBrowse
                • 162.213.33.132
                0bqzNIp9PVGet hashmaliciousBrowse
                • 162.213.33.132
                yjJXz4a3u6Get hashmaliciousBrowse
                • 162.213.33.132
                g3wyMOTecEGet hashmaliciousBrowse
                • 162.213.33.132
                7k6FKvDl0xGet hashmaliciousBrowse
                • 162.213.33.132
                KSzA1ujvlVGet hashmaliciousBrowse
                • 162.213.33.132
                y66dLhUn0GGet hashmaliciousBrowse
                • 162.213.33.132
                5j9ZIHs8fDGet hashmaliciousBrowse
                • 162.213.33.132
                1isequal9.arm7Get hashmaliciousBrowse
                • 162.213.33.132
                1isequal9.x86Get hashmaliciousBrowse
                • 162.213.33.132

                Dropped Files

                No context

                Created / dropped Files

                /home/saturnino/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-sink
                Process:/usr/bin/pulseaudio
                File Type:ASCII text
                Category:dropped
                Size (bytes):10
                Entropy (8bit):2.9219280948873623
                Encrypted:false
                SSDEEP:3:5bkPn:pkP
                MD5:FF001A15CE15CF062A3704CEA2991B5F
                SHA1:B06F6855F376C3245B82212AC73ADED55DFE5DEF
                SHA-256:C54830B41ECFA1B6FBDC30397188DDA86B7B200E62AEAC21AE694A6192DCC38A
                SHA-512:65EBF7C31F6F65713CE01B38A112E97D0AE64A6BD1DA40CE4C1B998F10CD3912EE1A48BB2B279B24493062118AAB3B8753742E2AF28E56A31A7AAB27DE80E7BF
                Malicious:false
                Reputation:moderate, very likely benign file
                Preview: auto_null.
                /home/saturnino/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-source
                Process:/usr/bin/pulseaudio
                File Type:ASCII text
                Category:dropped
                Size (bytes):18
                Entropy (8bit):3.4613201402110088
                Encrypted:false
                SSDEEP:3:5bkrIZsXvn:pkckv
                MD5:28FE6435F34B3367707BB1C5D5F6B430
                SHA1:EB8FE2D16BD6BBCCE106C94E4D284543B2573CF6
                SHA-256:721A37C69E555799B41D308849E8F8125441883AB021B723FED90A9B744F36C0
                SHA-512:6B6AB7C0979629D0FEF6BE47C5C6BCC367EDD0AAE3FC973F4DE2FD5F0A819C89E7656DB65D453B1B5398E54012B27EDFE02894AD87A7E0AF3A9C5F2EB24A9919
                Malicious:false
                Reputation:moderate, very likely benign file
                Preview: auto_null.monitor.
                /proc/5317/oom_score_adj
                Process:/usr/sbin/sshd
                File Type:ASCII text
                Category:dropped
                Size (bytes):6
                Entropy (8bit):1.7924812503605778
                Encrypted:false
                SSDEEP:3:ptn:Dn
                MD5:CBF282CC55ED0792C33D10003D1F760A
                SHA1:007DD8BD75468E6B7ABA4285E9B267202C7EAEED
                SHA-256:FCDBAB99FCC0F4409E5F9D7D6FC497780288B4C441698126BB62832412774D22
                SHA-512:4643A8675D213C7DA35CC0C2BFB3B6F20324F9C48AEA7BA79F470615698C9A0CEFDA45CAA1957FC29110EE746BC8458AB8AB1E43EB513912A5E1E8858812CC00
                Malicious:false
                Reputation:high, very likely benign file
                Preview: -1000.
                /proc/5368/oom_score_adj
                Process:/usr/bin/dbus-daemon
                File Type:very short file (no magic)
                Category:dropped
                Size (bytes):1
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:3:V:V
                MD5:CFCD208495D565EF66E7DFF9F98764DA
                SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                Malicious:false
                Reputation:moderate, very likely benign file
                Preview: 0
                /proc/5371/oom_score_adj
                Process:/usr/bin/dbus-daemon
                File Type:very short file (no magic)
                Category:dropped
                Size (bytes):1
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:3:V:V
                MD5:CFCD208495D565EF66E7DFF9F98764DA
                SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                Malicious:false
                Reputation:moderate, very likely benign file
                Preview: 0
                /proc/5373/oom_score_adj
                Process:/usr/bin/dbus-daemon
                File Type:very short file (no magic)
                Category:dropped
                Size (bytes):1
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:3:V:V
                MD5:CFCD208495D565EF66E7DFF9F98764DA
                SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                Malicious:false
                Reputation:moderate, very likely benign file
                Preview: 0
                /proc/5375/oom_score_adj
                Process:/usr/bin/dbus-daemon
                File Type:very short file (no magic)
                Category:dropped
                Size (bytes):1
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:3:V:V
                MD5:CFCD208495D565EF66E7DFF9F98764DA
                SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                Malicious:false
                Reputation:moderate, very likely benign file
                Preview: 0
                /proc/5377/oom_score_adj
                Process:/usr/bin/dbus-daemon
                File Type:very short file (no magic)
                Category:dropped
                Size (bytes):1
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:3:V:V
                MD5:CFCD208495D565EF66E7DFF9F98764DA
                SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                Malicious:false
                Preview: 0
                /proc/5379/oom_score_adj
                Process:/usr/bin/dbus-daemon
                File Type:very short file (no magic)
                Category:dropped
                Size (bytes):1
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:3:V:V
                MD5:CFCD208495D565EF66E7DFF9F98764DA
                SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                Malicious:false
                Preview: 0
                /proc/5382/oom_score_adj
                Process:/usr/bin/dbus-daemon
                File Type:very short file (no magic)
                Category:dropped
                Size (bytes):1
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:3:V:V
                MD5:CFCD208495D565EF66E7DFF9F98764DA
                SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                Malicious:false
                Preview: 0
                /proc/5521/oom_score_adj
                Process:/usr/bin/dbus-daemon
                File Type:very short file (no magic)
                Category:dropped
                Size (bytes):1
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:3:V:V
                MD5:CFCD208495D565EF66E7DFF9F98764DA
                SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                Malicious:false
                Preview: 0
                /proc/5550/oom_score_adj
                Process:/usr/bin/dbus-daemon
                File Type:very short file (no magic)
                Category:dropped
                Size (bytes):1
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:3:V:V
                MD5:CFCD208495D565EF66E7DFF9F98764DA
                SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                Malicious:false
                Preview: 0
                /proc/5553/oom_score_adj
                Process:/usr/bin/dbus-daemon
                File Type:very short file (no magic)
                Category:dropped
                Size (bytes):1
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:3:V:V
                MD5:CFCD208495D565EF66E7DFF9F98764DA
                SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                Malicious:false
                Preview: 0
                /proc/5555/oom_score_adj
                Process:/usr/bin/dbus-daemon
                File Type:very short file (no magic)
                Category:dropped
                Size (bytes):1
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:3:V:V
                MD5:CFCD208495D565EF66E7DFF9F98764DA
                SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                Malicious:false
                Preview: 0
                /proc/5557/oom_score_adj
                Process:/usr/bin/dbus-daemon
                File Type:very short file (no magic)
                Category:dropped
                Size (bytes):1
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:3:V:V
                MD5:CFCD208495D565EF66E7DFF9F98764DA
                SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                Malicious:false
                Preview: 0
                /proc/5559/oom_score_adj
                Process:/usr/bin/dbus-daemon
                File Type:very short file (no magic)
                Category:dropped
                Size (bytes):1
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:3:V:V
                MD5:CFCD208495D565EF66E7DFF9F98764DA
                SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                Malicious:false
                Preview: 0
                /proc/5561/oom_score_adj
                Process:/usr/bin/dbus-daemon
                File Type:very short file (no magic)
                Category:dropped
                Size (bytes):1
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:3:V:V
                MD5:CFCD208495D565EF66E7DFF9F98764DA
                SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                Malicious:false
                Preview: 0
                /proc/5564/oom_score_adj
                Process:/usr/bin/dbus-daemon
                File Type:very short file (no magic)
                Category:dropped
                Size (bytes):1
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:3:V:V
                MD5:CFCD208495D565EF66E7DFF9F98764DA
                SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                Malicious:false
                Preview: 0
                /proc/5869/oom_score_adj
                Process:/usr/bin/dbus-daemon
                File Type:very short file (no magic)
                Category:dropped
                Size (bytes):1
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:3:V:V
                MD5:CFCD208495D565EF66E7DFF9F98764DA
                SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                Malicious:false
                Preview: 0
                /proc/5883/oom_score_adj
                Process:/usr/bin/dbus-daemon
                File Type:very short file (no magic)
                Category:dropped
                Size (bytes):1
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:3:V:V
                MD5:CFCD208495D565EF66E7DFF9F98764DA
                SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                Malicious:false
                Preview: 0
                /proc/6092/oom_score_adj
                Process:/usr/bin/dbus-daemon
                File Type:very short file (no magic)
                Category:dropped
                Size (bytes):1
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:3:V:V
                MD5:CFCD208495D565EF66E7DFF9F98764DA
                SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                Malicious:false
                Preview: 0
                /proc/6429/oom_score_adj
                Process:/usr/bin/dbus-daemon
                File Type:very short file (no magic)
                Category:dropped
                Size (bytes):1
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:3:V:V
                MD5:CFCD208495D565EF66E7DFF9F98764DA
                SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                Malicious:false
                Preview: 0
                /run/sshd.pid
                Process:/usr/sbin/sshd
                File Type:ASCII text
                Category:dropped
                Size (bytes):5
                Entropy (8bit):2.321928094887362
                Encrypted:false
                SSDEEP:3:DUc:3
                MD5:3464AA45932E8B6C43906DD27DECD892
                SHA1:3DBF53863A9D9308DA2250E2CF1931F1E6D21F96
                SHA-256:3C1DACA8B1C7BBA79E5E56D3033A58521BEC1DB1731F8DEC527760165F7483DF
                SHA-512:2F9054AE0D74F5ADB703FC78500CF17A024D8EE5C7692B8BFFF50B5D810E2D0448A1781485109F62A03D9C11F4846096F56CE70BD82A553D40C626C75331AD7C
                Malicious:false
                Preview: 5317.
                /run/user/1000/pulse/pid
                Process:/usr/bin/pulseaudio
                File Type:ASCII text
                Category:dropped
                Size (bytes):5
                Entropy (8bit):1.3709505944546687
                Encrypted:false
                SSDEEP:3:EV:EV
                MD5:B0819B8CE0B3868B0308B95E94CBFB37
                SHA1:583BE8C77A0E79A2506F350961DBED71FE540D36
                SHA-256:0219AAF9F1644A9A5B589DBD474D773BCBA7664E4C032E960C57389B4A09F96A
                SHA-512:4ACC72BC18BFBB7DD7585465C76EEE7A7BD6777DCA6406C709D8B8B696CFAD0B6C39AE86D18C89027B794217788FB5A6E31324757EFCA502FF849B708E2BC4B1
                Malicious:false
                Preview: 5455.
                /run/user/127/ICEauthority
                Process:/usr/libexec/gnome-session-binary
                File Type:data
                Category:dropped
                Size (bytes):1304
                Entropy (8bit):6.033101627291036
                Encrypted:false
                SSDEEP:12:OxP3u2PveY+3uvAMqyxP8QOzJOveY+84kzxP5mhijveY+5tWmxPwWoveY+wcZVvJ:UfEytOlA7wqrPAIJcN
                MD5:8C4E4555DD5F12DDE86880AC6BCBE207
                SHA1:EB2E6A6F5BFB07AB93EC8E42A508AB04637E05CD
                SHA-256:0207005CE8FA2D37F29AC7B87F34C81BAC038BCAB2060702886285A57C6DB294
                SHA-512:F6676E4B06B9EA7C84128CBC457778CD5AE14165857BC541ADAC280A0B92DA1F9AC801AA203659AB6BE692BBFC0A0D6022A9CAA298D37E50375598E3D6F94DF1
                Malicious:false
                Preview: ..XSMP...!unix/galassia:/tmp/.ICE-unix/5467..MIT-MAGIC-COOKIE-1.....e..."8}m..E.7..XSMP...#local/galassia:@/tmp/.ICE-unix/5467..MIT-MAGIC-COOKIE-1....dp~..%$........ICE...!unix/galassia:/tmp/.ICE-unix/5362..MIT-MAGIC-COOKIE-1....0'..S[b.~*......ICE...#local/galassia:@/tmp/.ICE-unix/5362..MIT-MAGIC-COOKIE-1....(......Ek.a;R...XSMP...!unix/galassia:/tmp/.ICE-unix/1477..MIT-MAGIC-COOKIE-1...p.......A.9%..XSMP...#local/galassia:@/tmp/.ICE-unix/1477..MIT-MAGIC-COOKIE-1.....o.(R...}.9...ICE...!unix/galassia:/tmp/.ICE-unix/1348..MIT-MAGIC-COOKIE-1...w$....^.'fI..1..ICE...#local/galassia:@/tmp/.ICE-unix/1348..MIT-MAGIC-COOKIE-1...^f........E..c..XSMP...#local/galassia:@/tmp/.ICE-unix/1348..MIT-MAGIC-COOKIE-1... ......Y...@.t...XSMP...!unix/galassia:/tmp/.ICE-unix/1348..MIT-MAGIC-COOKIE-1...#...,.:B.o......ICE...#local/galassia:@/tmp/.ICE-unix/1477..MIT-MAGIC-COOKIE-1..N..yte|4yXJ...Mf..ICE...!unix/galassia:/tmp/.ICE-unix/1477..MIT-MAGIC-COOKIE-1.....cN.....N+..$..XSMP...#local/galass
                /run/user/127/dconf/user
                Process:/usr/libexec/gsd-power
                File Type:very short file (no magic)
                Category:dropped
                Size (bytes):1
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:3::
                MD5:93B885ADFE0DA089CDF634904FD59F71
                SHA1:5BA93C9DB0CFF93F52B521D7420E43F6EDA2784F
                SHA-256:6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D
                SHA-512:B8244D028981D693AF7B456AF8EFA4CAD63D282E19FF14942C246E50D9351D22704A802A71C3580B6370DE4CEB293C324A8423342557D4E5C38438F0E36910EE
                Malicious:false
                Preview: .
                /run/user/127/gdm/Xauthority
                Process:/usr/lib/gdm3/gdm-x-session
                File Type:X11 Xauthority data
                Category:dropped
                Size (bytes):104
                Entropy (8bit):4.944833248737334
                Encrypted:false
                SSDEEP:3:rg/WFllasO93pGAPitWFllasO93pGAPi9:rg/WFl25GTWFl25GH
                MD5:EA979BEE1075891F5733F4B0C0309F04
                SHA1:773618497E653908AE838E76961EE36F57962567
                SHA-256:28EF07491182543EBD581C2787B659281628D536F0D5B306D8759FADB666CD94
                SHA-512:3EE12DE9822DE4968BECA0A58FE2C909AC8532C161E0D313B32F898CA774C7CC74F14B9195691BFF3A0D5CF40C5C2D35BDCD01C7EDCE33FFD7A90F0BC43B7CE3
                Malicious:false
                Preview: ....galassia....MIT-MAGIC-COOKIE-1..m5.}.%j\.nm..~.....galassia....MIT-MAGIC-COOKIE-1..m5.}.%j\.nm..~.
                /run/user/127/pulse/pid
                Process:/usr/bin/pulseaudio
                File Type:ASCII text
                Category:dropped
                Size (bytes):5
                Entropy (8bit):2.321928094887362
                Encrypted:false
                SSDEEP:3:Ivv:Ivv
                MD5:C7B66FB9C2EBE5274E1EDCD3D26D2431
                SHA1:C24A04AA713BA2E321BC7EFF1CAF5B487609E152
                SHA-256:1A70833789D66610A535470830C3B41442B307B233AB23B38847B2A826847F01
                SHA-512:0AA9BA9D69E4C326FFEA5F56CCF4C6FEB8C576A89B1644C60AC89F78F5AD7C689C56DC773A179AFAA475E256E6FAD8BABB6E6CF5A77608A09A43DE0F343F6375
                Malicious:false
                Preview: 5879.
                /tmp/server-0.xkm
                Process:/usr/bin/xkbcomp
                File Type:Compiled XKB Keymap: lsb, version 15
                Category:dropped
                Size (bytes):12060
                Entropy (8bit):4.8492493153178975
                Encrypted:false
                SSDEEP:192:tDyb2zOmnECQmwTVFfLaSLus4UVcqLkjoqdD//HJeCQ1+JdDx0s2T:tDyAxvYhFf+S6tUzmp7/1MJ
                MD5:B4E3EB0B8B6B0FC1F46740C573E18D86
                SHA1:7D35426357695EBA77850757E8939A62DCEFF2D1
                SHA-256:7951135CC89A6E89493E3A9997C3D9054439459F8BFCE3DDEC76B943DA79FA91
                SHA-512:8196A23E2B5E525A5581562A2D7F2EE4FF5B694FEF3E218206D52EA9BFE80600BB0C6AA8968CA58E93E1AAD478FA05E157D08DB6D4D1224DDEA6754E377BE001
                Malicious:false
                Preview: .mkx..............D.......................h.......<.....P.@%.......&......D.......NumLock.....Alt.....LevelThree..LAlt....RAlt....RControl....LControl....ScrollLock..LevelFive...AltGr...Meta....Super...Hyper...........evdev+aliases(qwerty)...!.....ESC.AE01AE02AE03AE04AE05AE06AE07AE08AE09AE10AE11AE12BKSPTAB.AD01AD02AD03AD04AD05AD06AD07AD08AD09AD10AD11AD12RTRNLCTLAC01AC02AC03AC04AC05AC06AC07AC08AC09AC10AC11TLDELFSHBKSLAB01AB02AB03AB04AB05AB06AB07AB08AB09AB10RTSHKPMULALTSPCECAPSFK01FK02FK03FK04FK05FK06FK07FK08FK09FK10NMLKSCLKKP7.KP8.KP9.KPSUKP4.KP5.KP6.KPADKP1.KP2.KP3.KP0.KPDLLVL3....LSGTFK11FK12AB11KATAHIRAHENKHKTGMUHEJPCMKPENRCTLKPDVPRSCRALTLNFDHOMEUP..PGUPLEFTRGHTEND.DOWNPGDNINS.DELEI120MUTEVOL-VOL+POWRKPEQI126PAUSI128I129HNGLHJCVAE13LWINRWINCOMPSTOPAGAIPROPUNDOFRNTCOPYOPENPASTFINDCUT.HELPI147I148I149I150I151I152I153I154I155I156I157I158I159I160I161I162I163I164I165I166I167I168I169I170I171I172I173I174I175I176I177I178I179I180I181I182I183I184I185I186I187I188I189I190FK13FK14FK15FK16FK17FK18
                /var/cache/motd-news
                Process:/usr/bin/cut
                File Type:ASCII text
                Category:dropped
                Size (bytes):191
                Entropy (8bit):4.515771857099866
                Encrypted:false
                SSDEEP:3:P2lnI+5MsqqzNLz+FRNScHUBfRau95++sZzR5woLB1Fh0VTGTl/X5kURn:OZ8uNLzDc0pR75+9Zz/woFmIT52URn
                MD5:DD514F892B5F93ED615D366E58AC58AF
                SHA1:BA75EDB3C2232CC260BC187F604DC8F25AA72C11
                SHA-256:F40D0DCE6E83DF74109FEF5E68E51CC255727783EEAE04C3E34677E23F7552CF
                SHA-512:9150BDE63F6C4850C5340D8877892B4D9BBF9EBDC98CDCF557A93FA304C1222CEE446418F5BE2ACCDBF38393778AFA5D4F3EDCB37A47BF57D3A4B2DEAD42A2D0
                Malicious:false
                Preview: * Super-optimized for small spaces - read how we shrank the memory. footprint of MicroK8s to make it the smallest full K8s around... https://ubuntu.com/blog/microk8s-memory-optimisation.
                /var/lib/AccountsService/users/gdm.120LC1
                Process:/usr/lib/accountsservice/accounts-daemon
                File Type:ASCII text
                Category:dropped
                Size (bytes):61
                Entropy (8bit):4.66214589518167
                Encrypted:false
                SSDEEP:3:urzMQvNT+PzKLrAan4R8AKn:gzMQIzKLrAa4M
                MD5:542BA3FB41206AE43928AF1C5E61FEBC
                SHA1:F56F574DAF50D609526B36B5B54FDD59EA4D6A26
                SHA-256:730D9509D4EAA7266829A8F5A8CFEBA6BBDDD5873FC2BD580AD464F4A237E11A
                SHA-512:D774B8F191A5C65228D1B3CA1181701CFCD07A3D91C5571B0DDF32AD3E241C2D7BDFC0697AB97DC10441EF9CDC8AEE5B19BC34E13E5C8B0B91AD06EEF42F5AEA
                Malicious:false
                Preview: [User].XSession=.Icon=/var/lib/gdm3/.face.SystemAccount=true.
                /var/lib/AccountsService/users/gdm.NWB7B1
                Process:/usr/lib/accountsservice/accounts-daemon
                File Type:ASCII text
                Category:dropped
                Size (bytes):61
                Entropy (8bit):4.66214589518167
                Encrypted:false
                SSDEEP:3:urzMQvNT+PzKLrAan4R8AKn:gzMQIzKLrAa4M
                MD5:542BA3FB41206AE43928AF1C5E61FEBC
                SHA1:F56F574DAF50D609526B36B5B54FDD59EA4D6A26
                SHA-256:730D9509D4EAA7266829A8F5A8CFEBA6BBDDD5873FC2BD580AD464F4A237E11A
                SHA-512:D774B8F191A5C65228D1B3CA1181701CFCD07A3D91C5571B0DDF32AD3E241C2D7BDFC0697AB97DC10441EF9CDC8AEE5B19BC34E13E5C8B0B91AD06EEF42F5AEA
                Malicious:false
                Preview: [User].XSession=.Icon=/var/lib/gdm3/.face.SystemAccount=true.
                /var/lib/gdm3/.config/ibus/bus/ee49dfd4fa47433baee88884e2d7de7c-unix-0
                Process:/usr/bin/ibus-daemon
                File Type:ASCII text
                Category:dropped
                Size (bytes):381
                Entropy (8bit):5.140478984778867
                Encrypted:false
                SSDEEP:6:SbF4b2sONeZVkSoQ65EfqFFAU+qmnQT23msRvkTFacecf8h/zKLGWWaGgFs5x41V:q5sU3LWfLUDmQymqSFbfomSQfFsMfD
                MD5:ACADDA30E8B9EC30F1D2378433410145
                SHA1:3E47E696D4920442999A89BFF9BBC11D65357EC2
                SHA-256:AB1ED58C200DB4E7CDD4D4955DB742A25C34C1EF834612A067091272F7AAC7BE
                SHA-512:1241CCFFBB31D31A532152BF498D3F4286607EA600F6F77A4F0866720CF335F92DDBC57589815B23B9EE20F42F365E75EDD298D1961A4EC32BBE8ED16BDBA860
                Malicious:false
                Preview: # This file is created by ibus-daemon, please do not modify it..# This file allows processes on the machine to find the.# ibus session bus with the below address..# If the IBUS_ADDRESS environment variable is set, it will.# be used rather than this file..IBUS_ADDRESS=unix:abstract=/var/lib/gdm3/.cache/ibus/dbus-OoBJDqbO,guid=dd5c0481c44edb80fea755d6618b4095.IBUS_DAEMON_PID=5623.
                /var/lib/gdm3/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-sink
                Process:/usr/bin/pulseaudio
                File Type:very short file (no magic)
                Category:dropped
                Size (bytes):1
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:3:v:v
                MD5:68B329DA9893E34099C7D8AD5CB9C940
                SHA1:ADC83B19E793491B1C6EA0FD8B46CD9F32E592FC
                SHA-256:01BA4719C80B6FE911B091A7C05124B64EEECE964E09C058EF8F9805DACA546B
                SHA-512:BE688838CA8686E5C90689BF2AB585CEF1137C999B48C70B92F67A5C34DC15697B5D11C982ED6D71BE1E1E7F7B4E0733884AA97C3F7A339A8ED03577CF74BE09
                Malicious:false
                Preview: .
                /var/lib/gdm3/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-source
                Process:/usr/bin/pulseaudio
                File Type:very short file (no magic)
                Category:dropped
                Size (bytes):1
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:3:v:v
                MD5:68B329DA9893E34099C7D8AD5CB9C940
                SHA1:ADC83B19E793491B1C6EA0FD8B46CD9F32E592FC
                SHA-256:01BA4719C80B6FE911B091A7C05124B64EEECE964E09C058EF8F9805DACA546B
                SHA-512:BE688838CA8686E5C90689BF2AB585CEF1137C999B48C70B92F67A5C34DC15697B5D11C982ED6D71BE1E1E7F7B4E0733884AA97C3F7A339A8ED03577CF74BE09
                Malicious:false
                Preview: .
                /var/lib/whoopsie/whoopsie-id.SM0OC1
                Process:/usr/bin/whoopsie
                File Type:ASCII text, with no line terminators
                Category:dropped
                Size (bytes):128
                Entropy (8bit):3.9410969045919657
                Encrypted:false
                SSDEEP:3:19y6UTAvBTdDVEQcNgAT0XUQhd3tjCZccCKcsVQWQ7JW:3y6BlVEfQXU8djCZd40
                MD5:D2B5AAF22916F8D6665CF9E835EAD5E7
                SHA1:AAEF3CE527B8F1E3733BCD03EF7A6C0F30881E15
                SHA-256:FEB925D4465BF6D30A42B19112406AD1B59BA90673DC4F91B25005A90FEFEB36
                SHA-512:B55A45FA0DECE5A3B0348BC3F3031A7329590E57BAD5013690AFEAA9825C0DE4B75D27057A56C33800F1626935840DA2262AAF14E795C75F39362B728D95F18A
                Malicious:false
                Preview: 9aadafe2051348cd32033e1cad68f0a5fe46fba3240ac1e6e42158f31b8a1371790c09baf3996b4979fe8e533446c7dedf30f654c68b25357334c66911dc6a9e
                /var/log/Xorg.0.log
                Process:/usr/lib/xorg/Xorg
                File Type:ASCII text
                Category:dropped
                Size (bytes):41347
                Entropy (8bit):5.287418776373432
                Encrypted:false
                SSDEEP:384:HjqbYzyKRlBMadudadcdKdNdldXd8dzdXd0dBdbd4dwdydIdCdWdkdy0dGzdjEdR:Dq0tRk4m5BGgLnFoGcRaH
                MD5:6993108A019300B64B5837773E45A742
                SHA1:7774BE47351C1D88FE54631D1695C2E72D0DF8F3
                SHA-256:A6CDA3A16B803ABD014FBF49D98841A62F79BFD5B5DA020F36A13D4B099FAE2F
                SHA-512:BC66B25A951754697482E3CF79E62A29DC4DB490B9D7418AAA90E4CB5FEACB973B57B34B96F1EEFA8B4B9CA2680B80549BC26E7B6B269CAA2E2126E136CE5AF4
                Malicious:false
                Preview: [ 478.406] (--) Log file renamed from "/var/log/Xorg.pid-5418.log" to "/var/log/Xorg.0.log".[ 478.428] .X.Org X Server 1.20.11.X Protocol Version 11, Revision 0.[ 478.438] Build Operating System: linux Ubuntu.[ 478.443] Current Operating System: Linux galassia 5.4.0-72-generic #80-Ubuntu SMP Mon Apr 12 17:35:00 UTC 2021 x86_64.[ 478.449] Kernel command line: Patched by Joe: BOOT_IMAGE=/vmlinuz-5.4.0-72-generic root=/dev/mapper/ubuntu--vg-ubuntu--lv ro maybe-ubiquity.[ 478.465] Build Date: 06 July 2021 10:17:51AM.[ 478.470] xorg-server 2:1.20.11-1ubuntu1~20.04.2 (For technical support please see http://www.ubuntu.com/support) .[ 478.475] Current version of pixman: 0.38.4.[ 478.480] .Before reporting problems, check http://wiki.x.org..to make sure that you have the latest version..[ 478.485] Markers: (--) probed, (**) from config file, (==) default setting,..(++) from command line, (!!) notice, (II) informational,..(WW) warning, (EE) error, (NI) not implemented, (??)

                Static File Info

                General

                File type:ELF 32-bit LSB executable, ARM, version 1 (ARM), statically linked, stripped
                Entropy (8bit):7.964798540868149
                TrID:
                • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                File name:arm
                File size:38460
                MD5:b31e3180a6bf96af79f2b181a494d87f
                SHA1:ff8adee220db2416071830ff02f8ea64e13bd4ef
                SHA256:f693c8fe32d094d0b6ae8f4d68d8f98789d8c57e997b1f4ba0163587d150f27e
                SHA512:2b1c12729b8a8b4deaa48c50db87d044e377a77b8c32105cfcda6c5017e7c44f14cdb2c500a7ad6d2be50c64ddb6df30a09c5c3f07a5d573277aa9e7266c145c
                SSDEEP:768:NFFDuUbk6s2BrnLDwzmS7ps5k/oNLHPuv9JduU7psUcxDqs3Uozwk+:LZJQ6s25Lc6S7e5kOD+9JkU7pFcdza
                File Content Preview:.ELF...a..........(.........4...........4. ...(.....................G...G................(..........................Q.td................................UPX!.........E...E......R..........?.E.h;.}...^..........e.&.3n....._.@..J.... ....z.G.q......bZP.F.~io

                Static ELF Info

                ELF header

                Class:ELF32
                Data:2's complement, little endian
                Version:1 (current)
                Machine:ARM
                Version Number:0x1
                Type:EXEC (Executable file)
                OS/ABI:ARM - ABI
                ABI Version:0
                Entry Point Address:0x10398
                Flags:0x202
                ELF Header Size:52
                Program Header Offset:52
                Program Header Size:32
                Number of Program Headers:3
                Section Header Offset:0
                Section Header Size:40
                Number of Section Headers:0
                Header String Table Index:0

                Program Segments

                TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                LOAD0x00x80000x80000x95470x95474.02470x5R E0x8000
                LOAD0x28ac0x2a8ac0x2a8ac0x00x00.00000x6RW 0x8000
                GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

                Network Behavior

                Network Port Distribution

                TCP Packets

                TimestampSource PortDest PortSource IPDest IP
                Nov 10, 2021 03:44:42.424458027 CET1346623192.168.2.2358.192.102.140
                Nov 10, 2021 03:44:42.424613953 CET1346623192.168.2.23118.90.93.140
                Nov 10, 2021 03:44:42.424628019 CET1346623192.168.2.23222.254.186.81
                Nov 10, 2021 03:44:42.424662113 CET1346623192.168.2.23110.237.108.129
                Nov 10, 2021 03:44:42.424663067 CET1346623192.168.2.23112.79.204.222
                Nov 10, 2021 03:44:42.424673080 CET1346623192.168.2.23115.99.96.203
                Nov 10, 2021 03:44:42.424673080 CET1346623192.168.2.23189.10.170.25
                Nov 10, 2021 03:44:42.424683094 CET1346623192.168.2.2339.186.234.77
                Nov 10, 2021 03:44:42.424709082 CET1346623192.168.2.23119.10.146.240
                Nov 10, 2021 03:44:42.424711943 CET1346623192.168.2.23118.254.74.66
                Nov 10, 2021 03:44:42.424715996 CET1346623192.168.2.23164.210.225.110
                Nov 10, 2021 03:44:42.424731970 CET1346623192.168.2.2369.57.172.31
                Nov 10, 2021 03:44:42.424741983 CET1346623192.168.2.23165.164.156.146
                Nov 10, 2021 03:44:42.424751997 CET1346623192.168.2.23212.118.144.26
                Nov 10, 2021 03:44:42.424755096 CET1346623192.168.2.2368.199.17.222
                Nov 10, 2021 03:44:42.424761057 CET1346623192.168.2.2382.50.210.99
                Nov 10, 2021 03:44:42.424791098 CET1346623192.168.2.2365.150.194.143
                Nov 10, 2021 03:44:42.424798965 CET1346623192.168.2.23174.119.60.47
                Nov 10, 2021 03:44:42.424818039 CET1346623192.168.2.23164.197.144.199
                Nov 10, 2021 03:44:42.424819946 CET1346623192.168.2.2339.222.123.132
                Nov 10, 2021 03:44:42.424835920 CET1346623192.168.2.23212.30.136.39
                Nov 10, 2021 03:44:42.424848080 CET1346623192.168.2.23168.36.199.89
                Nov 10, 2021 03:44:42.424860954 CET1346623192.168.2.23125.34.199.107
                Nov 10, 2021 03:44:42.424869061 CET1346623192.168.2.23218.168.142.107
                Nov 10, 2021 03:44:42.424870014 CET1346623192.168.2.23105.49.181.148
                Nov 10, 2021 03:44:42.424896002 CET1346623192.168.2.2346.50.133.70
                Nov 10, 2021 03:44:42.424906969 CET1346623192.168.2.23165.204.204.251
                Nov 10, 2021 03:44:42.424923897 CET1346623192.168.2.2332.156.0.113
                Nov 10, 2021 03:44:42.424926043 CET1346623192.168.2.23163.229.40.17
                Nov 10, 2021 03:44:42.424943924 CET1346623192.168.2.238.2.229.112
                Nov 10, 2021 03:44:42.424945116 CET1346623192.168.2.23134.53.255.240
                Nov 10, 2021 03:44:42.424946070 CET1346623192.168.2.2399.41.17.213
                Nov 10, 2021 03:44:42.424952030 CET1346623192.168.2.2364.240.111.77
                Nov 10, 2021 03:44:42.424957991 CET1346623192.168.2.2359.128.128.107
                Nov 10, 2021 03:44:42.424957991 CET1346623192.168.2.23136.67.175.29
                Nov 10, 2021 03:44:42.424968958 CET1346623192.168.2.23147.162.243.53
                Nov 10, 2021 03:44:42.424978018 CET1346623192.168.2.2399.28.118.224
                Nov 10, 2021 03:44:42.424978971 CET1346623192.168.2.23180.58.192.149
                Nov 10, 2021 03:44:42.424978971 CET1346623192.168.2.2336.98.216.54
                Nov 10, 2021 03:44:42.424989939 CET1346623192.168.2.2337.139.221.157
                Nov 10, 2021 03:44:42.424994946 CET1346623192.168.2.23122.141.191.122
                Nov 10, 2021 03:44:42.425004959 CET1346623192.168.2.23128.64.153.81
                Nov 10, 2021 03:44:42.425018072 CET1346623192.168.2.23164.109.131.199
                Nov 10, 2021 03:44:42.425025940 CET1346623192.168.2.23148.2.164.76
                Nov 10, 2021 03:44:42.425034046 CET1346623192.168.2.23216.222.206.186
                Nov 10, 2021 03:44:42.425041914 CET1346623192.168.2.23138.163.27.65
                Nov 10, 2021 03:44:42.425043106 CET1346623192.168.2.2391.226.215.137
                Nov 10, 2021 03:44:42.425046921 CET1346623192.168.2.23153.172.192.198
                Nov 10, 2021 03:44:42.425055027 CET1346623192.168.2.23166.219.128.17
                Nov 10, 2021 03:44:42.425059080 CET1346623192.168.2.23218.152.250.82
                Nov 10, 2021 03:44:42.425065994 CET1346623192.168.2.2370.235.42.197
                Nov 10, 2021 03:44:42.425076008 CET1346623192.168.2.2339.37.193.19
                Nov 10, 2021 03:44:42.425076008 CET1346623192.168.2.23118.24.229.81
                Nov 10, 2021 03:44:42.425077915 CET1346623192.168.2.23150.220.28.38
                Nov 10, 2021 03:44:42.425079107 CET1346623192.168.2.23169.70.125.56
                Nov 10, 2021 03:44:42.425081968 CET1346623192.168.2.23222.183.120.174
                Nov 10, 2021 03:44:42.425084114 CET1346623192.168.2.23188.77.90.246
                Nov 10, 2021 03:44:42.425093889 CET1346623192.168.2.2317.43.18.48
                Nov 10, 2021 03:44:42.425107002 CET1346623192.168.2.23156.11.168.12
                Nov 10, 2021 03:44:42.425141096 CET1346623192.168.2.23197.118.173.222
                Nov 10, 2021 03:44:42.425143957 CET1346623192.168.2.23155.185.226.232
                Nov 10, 2021 03:44:42.425146103 CET1346623192.168.2.2388.155.150.49
                Nov 10, 2021 03:44:42.425158978 CET1346623192.168.2.23157.160.86.86
                Nov 10, 2021 03:44:42.425170898 CET1346623192.168.2.23200.250.56.111
                Nov 10, 2021 03:44:42.425170898 CET1346623192.168.2.2382.12.74.89
                Nov 10, 2021 03:44:42.425179005 CET1346623192.168.2.2396.79.93.70
                Nov 10, 2021 03:44:42.425190926 CET1346623192.168.2.2392.161.147.24
                Nov 10, 2021 03:44:42.425194979 CET1346623192.168.2.2380.77.212.190
                Nov 10, 2021 03:44:42.425200939 CET1346623192.168.2.2353.237.216.246
                Nov 10, 2021 03:44:42.425204992 CET1346623192.168.2.23101.215.58.248
                Nov 10, 2021 03:44:42.425209999 CET1346623192.168.2.2380.3.216.201
                Nov 10, 2021 03:44:42.425215960 CET1346623192.168.2.23208.69.107.132
                Nov 10, 2021 03:44:42.425219059 CET1346623192.168.2.2371.219.88.162
                Nov 10, 2021 03:44:42.425229073 CET1346623192.168.2.23196.51.1.181
                Nov 10, 2021 03:44:42.425230980 CET1346623192.168.2.23152.189.169.212
                Nov 10, 2021 03:44:42.425235033 CET1346623192.168.2.2365.138.240.205
                Nov 10, 2021 03:44:42.425250053 CET1346623192.168.2.23126.226.239.153
                Nov 10, 2021 03:44:42.425256968 CET1346623192.168.2.2342.76.238.87
                Nov 10, 2021 03:44:42.425451994 CET1346623192.168.2.2316.225.77.154
                Nov 10, 2021 03:44:42.425452948 CET1346623192.168.2.2336.74.234.152
                Nov 10, 2021 03:44:42.425477028 CET1346623192.168.2.23185.37.33.70
                Nov 10, 2021 03:44:42.425492048 CET1346623192.168.2.23109.133.164.174
                Nov 10, 2021 03:44:42.425534010 CET1346623192.168.2.23138.108.122.9
                Nov 10, 2021 03:44:42.425535917 CET1346623192.168.2.2319.185.157.184
                Nov 10, 2021 03:44:42.425553083 CET1346623192.168.2.2331.85.148.89
                Nov 10, 2021 03:44:42.425581932 CET1346623192.168.2.2387.78.33.147
                Nov 10, 2021 03:44:42.425596952 CET1346623192.168.2.2391.205.1.42
                Nov 10, 2021 03:44:42.425605059 CET1346623192.168.2.231.39.70.11
                Nov 10, 2021 03:44:42.425606012 CET1346623192.168.2.23132.194.167.248
                Nov 10, 2021 03:44:42.425606012 CET1346623192.168.2.2367.145.184.230
                Nov 10, 2021 03:44:42.425615072 CET1346623192.168.2.23159.233.5.81
                Nov 10, 2021 03:44:42.425621986 CET1346623192.168.2.2336.23.225.220
                Nov 10, 2021 03:44:42.425632000 CET1346623192.168.2.23175.61.12.73
                Nov 10, 2021 03:44:42.425662994 CET1346623192.168.2.2390.68.80.153
                Nov 10, 2021 03:44:42.425720930 CET1346623192.168.2.23180.236.114.7
                Nov 10, 2021 03:44:42.425725937 CET1346623192.168.2.2332.128.149.174
                Nov 10, 2021 03:44:42.425741911 CET1346623192.168.2.23209.128.213.180
                Nov 10, 2021 03:44:42.425745010 CET1346623192.168.2.23105.44.174.4
                Nov 10, 2021 03:44:42.425751925 CET1346623192.168.2.2345.206.41.89
                Nov 10, 2021 03:44:42.425754070 CET1346623192.168.2.23146.184.95.190

                DNS Queries

                TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                Nov 10, 2021 03:45:24.916140079 CET192.168.2.231.1.1.10xf59Standard query (0)daisy.ubuntu.comA (IP address)IN (0x0001)
                Nov 10, 2021 03:45:24.916378021 CET192.168.2.231.1.1.10xf7e5Standard query (0)daisy.ubuntu.com28IN (0x0001)
                Nov 10, 2021 03:45:25.033551931 CET192.168.2.231.1.1.10xdb75Standard query (0)daisy.ubuntu.com28IN (0x0001)

                DNS Answers

                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                Nov 10, 2021 03:45:24.943732977 CET1.1.1.1192.168.2.230xf59No error (0)daisy.ubuntu.com162.213.33.108A (IP address)IN (0x0001)
                Nov 10, 2021 03:45:24.943732977 CET1.1.1.1192.168.2.230xf59No error (0)daisy.ubuntu.com162.213.33.132A (IP address)IN (0x0001)

                System Behavior

                Analysis Process: dash PID: 5200 Parent PID: 4331

                General

                Start time:03:44:32
                Start date:10/11/2021
                Path:/usr/bin/dash
                Arguments:n/a
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                Analysis Process: cat PID: 5200 Parent PID: 4331

                General

                Start time:03:44:32
                Start date:10/11/2021
                Path:/usr/bin/cat
                Arguments:cat /tmp/tmp.0ZsCqe1shq
                File size:43416 bytes
                MD5 hash:7e9d213e404ad3bb82e4ebb2e1f2c1b3

                Analysis Process: dash PID: 5201 Parent PID: 4331

                General

                Start time:03:44:32
                Start date:10/11/2021
                Path:/usr/bin/dash
                Arguments:n/a
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                Analysis Process: head PID: 5201 Parent PID: 4331

                General

                Start time:03:44:32
                Start date:10/11/2021
                Path:/usr/bin/head
                Arguments:head -n 10
                File size:47480 bytes
                MD5 hash:fd96a67145172477dd57131396fc9608

                Analysis Process: dash PID: 5202 Parent PID: 4331

                General

                Start time:03:44:32
                Start date:10/11/2021
                Path:/usr/bin/dash
                Arguments:n/a
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                Analysis Process: tr PID: 5202 Parent PID: 4331

                General

                Start time:03:44:32
                Start date:10/11/2021
                Path:/usr/bin/tr
                Arguments:tr -d \\000-\\011\\013\\014\\016-\\037
                File size:51544 bytes
                MD5 hash:fbd1402dd9f72d8ebfff00ce7c3a7bb5

                Analysis Process: dash PID: 5203 Parent PID: 4331

                General

                Start time:03:44:32
                Start date:10/11/2021
                Path:/usr/bin/dash
                Arguments:n/a
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                Analysis Process: cut PID: 5203 Parent PID: 4331

                General

                Start time:03:44:32
                Start date:10/11/2021
                Path:/usr/bin/cut
                Arguments:cut -c -80
                File size:47480 bytes
                MD5 hash:d8ed0ea8f22c0de0f8692d4d9f1759d3

                Analysis Process: dash PID: 5204 Parent PID: 4331

                General

                Start time:03:44:32
                Start date:10/11/2021
                Path:/usr/bin/dash
                Arguments:n/a
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                Analysis Process: cat PID: 5204 Parent PID: 4331

                General

                Start time:03:44:32
                Start date:10/11/2021
                Path:/usr/bin/cat
                Arguments:cat /tmp/tmp.0ZsCqe1shq
                File size:43416 bytes
                MD5 hash:7e9d213e404ad3bb82e4ebb2e1f2c1b3

                Analysis Process: dash PID: 5205 Parent PID: 4331

                General

                Start time:03:44:32
                Start date:10/11/2021
                Path:/usr/bin/dash
                Arguments:n/a
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                Analysis Process: head PID: 5205 Parent PID: 4331

                General

                Start time:03:44:32
                Start date:10/11/2021
                Path:/usr/bin/head
                Arguments:head -n 10
                File size:47480 bytes
                MD5 hash:fd96a67145172477dd57131396fc9608

                Analysis Process: dash PID: 5206 Parent PID: 4331

                General

                Start time:03:44:32
                Start date:10/11/2021
                Path:/usr/bin/dash
                Arguments:n/a
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                Analysis Process: tr PID: 5206 Parent PID: 4331

                General

                Start time:03:44:32
                Start date:10/11/2021
                Path:/usr/bin/tr
                Arguments:tr -d \\000-\\011\\013\\014\\016-\\037
                File size:51544 bytes
                MD5 hash:fbd1402dd9f72d8ebfff00ce7c3a7bb5

                Analysis Process: dash PID: 5207 Parent PID: 4331

                General

                Start time:03:44:32
                Start date:10/11/2021
                Path:/usr/bin/dash
                Arguments:n/a
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                Analysis Process: cut PID: 5207 Parent PID: 4331

                General

                Start time:03:44:32
                Start date:10/11/2021
                Path:/usr/bin/cut
                Arguments:cut -c -80
                File size:47480 bytes
                MD5 hash:d8ed0ea8f22c0de0f8692d4d9f1759d3

                Analysis Process: dash PID: 5208 Parent PID: 4331

                General

                Start time:03:44:32
                Start date:10/11/2021
                Path:/usr/bin/dash
                Arguments:n/a
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                Analysis Process: rm PID: 5208 Parent PID: 4331

                General

                Start time:03:44:32
                Start date:10/11/2021
                Path:/usr/bin/rm
                Arguments:rm -f /tmp/tmp.0ZsCqe1shq /tmp/tmp.EYKo36YtKI /tmp/tmp.yzVwFZ13h1
                File size:72056 bytes
                MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

                Analysis Process: arm PID: 5255 Parent PID: 5105

                General

                Start time:03:44:41
                Start date:10/11/2021
                Path:/tmp/arm
                Arguments:/tmp/arm
                File size:4956856 bytes
                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                Analysis Process: arm PID: 5257 Parent PID: 5255

                General

                Start time:03:44:42
                Start date:10/11/2021
                Path:/tmp/arm
                Arguments:n/a
                File size:4956856 bytes
                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                Analysis Process: arm PID: 5259 Parent PID: 5255

                General

                Start time:03:44:42
                Start date:10/11/2021
                Path:/tmp/arm
                Arguments:n/a
                File size:4956856 bytes
                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                Analysis Process: arm PID: 5261 Parent PID: 5259

                General

                Start time:03:44:42
                Start date:10/11/2021
                Path:/tmp/arm
                Arguments:n/a
                File size:4956856 bytes
                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                Analysis Process: arm PID: 5264 Parent PID: 5259

                General

                Start time:03:44:42
                Start date:10/11/2021
                Path:/tmp/arm
                Arguments:n/a
                File size:4956856 bytes
                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                Analysis Process: arm PID: 5266 Parent PID: 5264

                General

                Start time:03:44:42
                Start date:10/11/2021
                Path:/tmp/arm
                Arguments:n/a
                File size:4956856 bytes
                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                Analysis Process: systemd PID: 5303 Parent PID: 1

                General

                Start time:03:45:24
                Start date:10/11/2021
                Path:/usr/lib/systemd/systemd
                Arguments:n/a
                File size:1620224 bytes
                MD5 hash:9b2bec7092a40488108543f9334aab75

                Analysis Process: whoopsie PID: 5303 Parent PID: 1

                General

                Start time:03:45:24
                Start date:10/11/2021
                Path:/usr/bin/whoopsie
                Arguments:/usr/bin/whoopsie -f
                File size:68592 bytes
                MD5 hash:d3a6915d0e7398fb4c89a037c13959c8

                Analysis Process: systemd PID: 5316 Parent PID: 1

                General

                Start time:03:45:28
                Start date:10/11/2021
                Path:/usr/lib/systemd/systemd
                Arguments:n/a
                File size:1620224 bytes
                MD5 hash:9b2bec7092a40488108543f9334aab75

                Analysis Process: sshd PID: 5316 Parent PID: 1

                General

                Start time:03:45:28
                Start date:10/11/2021
                Path:/usr/sbin/sshd
                Arguments:/usr/sbin/sshd -t
                File size:876328 bytes
                MD5 hash:dbca7a6bbf7bf57fedac243d4b2cb340

                Analysis Process: systemd PID: 5317 Parent PID: 1

                General

                Start time:03:45:28
                Start date:10/11/2021
                Path:/usr/lib/systemd/systemd
                Arguments:n/a
                File size:1620224 bytes
                MD5 hash:9b2bec7092a40488108543f9334aab75

                Analysis Process: sshd PID: 5317 Parent PID: 1

                General

                Start time:03:45:28
                Start date:10/11/2021
                Path:/usr/sbin/sshd
                Arguments:/usr/sbin/sshd -D
                File size:876328 bytes
                MD5 hash:dbca7a6bbf7bf57fedac243d4b2cb340

                Analysis Process: gdm3 PID: 5326 Parent PID: 1320

                General

                Start time:03:45:35
                Start date:10/11/2021
                Path:/usr/sbin/gdm3
                Arguments:n/a
                File size:453296 bytes
                MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                Analysis Process: Default PID: 5326 Parent PID: 1320

                General

                Start time:03:45:35
                Start date:10/11/2021
                Path:/etc/gdm3/PrimeOff/Default
                Arguments:/etc/gdm3/PrimeOff/Default
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                Analysis Process: gdm3 PID: 5329 Parent PID: 1320

                General

                Start time:03:45:35
                Start date:10/11/2021
                Path:/usr/sbin/gdm3
                Arguments:n/a
                File size:453296 bytes
                MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                Analysis Process: Default PID: 5329 Parent PID: 1320

                General

                Start time:03:45:35
                Start date:10/11/2021
                Path:/etc/gdm3/PrimeOff/Default
                Arguments:/etc/gdm3/PrimeOff/Default
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                Analysis Process: systemd PID: 5330 Parent PID: 1

                General

                Start time:03:45:35
                Start date:10/11/2021
                Path:/usr/lib/systemd/systemd
                Arguments:n/a
                File size:1620224 bytes
                MD5 hash:9b2bec7092a40488108543f9334aab75

                Analysis Process: accounts-daemon PID: 5330 Parent PID: 1

                General

                Start time:03:45:35
                Start date:10/11/2021
                Path:/usr/lib/accountsservice/accounts-daemon
                Arguments:/usr/lib/accountsservice/accounts-daemon
                File size:203192 bytes
                MD5 hash:01a899e3fb5e7e434bea1290255a1f30

                Analysis Process: accounts-daemon PID: 5348 Parent PID: 5330

                General

                Start time:03:45:35
                Start date:10/11/2021
                Path:/usr/lib/accountsservice/accounts-daemon
                Arguments:n/a
                File size:203192 bytes
                MD5 hash:01a899e3fb5e7e434bea1290255a1f30

                Analysis Process: language-validate PID: 5348 Parent PID: 5330

                General

                Start time:03:45:35
                Start date:10/11/2021
                Path:/usr/share/language-tools/language-validate
                Arguments:/usr/share/language-tools/language-validate en_US.UTF-8
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                Analysis Process: language-validate PID: 5349 Parent PID: 5348

                General

                Start time:03:45:35
                Start date:10/11/2021
                Path:/usr/share/language-tools/language-validate
                Arguments:n/a
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                Analysis Process: language-options PID: 5349 Parent PID: 5348

                General

                Start time:03:45:35
                Start date:10/11/2021
                Path:/usr/share/language-tools/language-options
                Arguments:/usr/share/language-tools/language-options
                File size:3478464 bytes
                MD5 hash:16a21f464119ea7fad1d3660de963637

                Analysis Process: language-options PID: 5350 Parent PID: 5349

                General

                Start time:03:45:36
                Start date:10/11/2021
                Path:/usr/share/language-tools/language-options
                Arguments:n/a
                File size:3478464 bytes
                MD5 hash:16a21f464119ea7fad1d3660de963637

                Analysis Process: sh PID: 5350 Parent PID: 5349

                General

                Start time:03:45:36
                Start date:10/11/2021
                Path:/bin/sh
                Arguments:sh -c "locale -a | grep -F .utf8 "
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                Analysis Process: sh PID: 5351 Parent PID: 5350

                General

                Start time:03:45:36
                Start date:10/11/2021
                Path:/bin/sh
                Arguments:n/a
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                Analysis Process: locale PID: 5351 Parent PID: 5350

                General

                Start time:03:45:36
                Start date:10/11/2021
                Path:/usr/bin/locale
                Arguments:locale -a
                File size:58944 bytes
                MD5 hash:c72a78792469db86d91369c9057f20d2

                Analysis Process: sh PID: 5352 Parent PID: 5350

                General

                Start time:03:45:36
                Start date:10/11/2021
                Path:/bin/sh
                Arguments:n/a
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                Analysis Process: grep PID: 5352 Parent PID: 5350

                General

                Start time:03:45:36
                Start date:10/11/2021
                Path:/usr/bin/grep
                Arguments:grep -F .utf8
                File size:199136 bytes
                MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                Analysis Process: gdm3 PID: 5353 Parent PID: 1320

                General

                Start time:03:45:37
                Start date:10/11/2021
                Path:/usr/sbin/gdm3
                Arguments:n/a
                File size:453296 bytes
                MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                Analysis Process: gdm-session-worker PID: 5353 Parent PID: 1320

                General

                Start time:03:45:37
                Start date:10/11/2021
                Path:/usr/lib/gdm3/gdm-session-worker
                Arguments:"gdm-session-worker [pam/gdm-launch-environment]"
                File size:293360 bytes
                MD5 hash:692243754bd9f38fe9bd7e230b5c060a

                Analysis Process: gdm-session-worker PID: 5357 Parent PID: 5353

                General

                Start time:03:45:39
                Start date:10/11/2021
                Path:/usr/lib/gdm3/gdm-session-worker
                Arguments:n/a
                File size:293360 bytes
                MD5 hash:692243754bd9f38fe9bd7e230b5c060a

                Analysis Process: gdm-wayland-session PID: 5357 Parent PID: 5353

                General

                Start time:03:45:39
                Start date:10/11/2021
                Path:/usr/lib/gdm3/gdm-wayland-session
                Arguments:/usr/lib/gdm3/gdm-wayland-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"
                File size:76368 bytes
                MD5 hash:d3def63cf1e83f7fb8a0f13b1744ff7c

                Analysis Process: gdm-wayland-session PID: 5360 Parent PID: 5357

                General

                Start time:03:45:39
                Start date:10/11/2021
                Path:/usr/lib/gdm3/gdm-wayland-session
                Arguments:n/a
                File size:76368 bytes
                MD5 hash:d3def63cf1e83f7fb8a0f13b1744ff7c

                Analysis Process: dbus-run-session PID: 5360 Parent PID: 5357

                General

                Start time:03:45:39
                Start date:10/11/2021
                Path:/usr/bin/dbus-run-session
                Arguments:dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart
                File size:14480 bytes
                MD5 hash:245f3ef6a268850b33b0225a8753b7f4

                Analysis Process: dbus-run-session PID: 5361 Parent PID: 5360

                General

                Start time:03:45:39
                Start date:10/11/2021
                Path:/usr/bin/dbus-run-session
                Arguments:n/a
                File size:14480 bytes
                MD5 hash:245f3ef6a268850b33b0225a8753b7f4

                Analysis Process: dbus-daemon PID: 5361 Parent PID: 5360

                General

                Start time:03:45:39
                Start date:10/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:dbus-daemon --nofork --print-address 4 --session
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                Analysis Process: dbus-daemon PID: 5367 Parent PID: 5361

                General

                Start time:03:45:40
                Start date:10/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                Analysis Process: dbus-daemon PID: 5368 Parent PID: 5367

                General

                Start time:03:45:40
                Start date:10/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                Analysis Process: false PID: 5368 Parent PID: 5367

                General

                Start time:03:45:40
                Start date:10/11/2021
                Path:/bin/false
                Arguments:/bin/false
                File size:39256 bytes
                MD5 hash:3177546c74e4f0062909eae43d948bfc

                Analysis Process: dbus-daemon PID: 5370 Parent PID: 5361

                General

                Start time:03:45:41
                Start date:10/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                Analysis Process: dbus-daemon PID: 5371 Parent PID: 5370

                General

                Start time:03:45:41
                Start date:10/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                Analysis Process: false PID: 5371 Parent PID: 5370

                General

                Start time:03:45:41
                Start date:10/11/2021
                Path:/bin/false
                Arguments:/bin/false
                File size:39256 bytes
                MD5 hash:3177546c74e4f0062909eae43d948bfc

                Analysis Process: dbus-daemon PID: 5372 Parent PID: 5361

                General

                Start time:03:45:41
                Start date:10/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                Analysis Process: dbus-daemon PID: 5373 Parent PID: 5372

                General

                Start time:03:45:41
                Start date:10/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                Analysis Process: false PID: 5373 Parent PID: 5372

                General

                Start time:03:45:41
                Start date:10/11/2021
                Path:/bin/false
                Arguments:/bin/false
                File size:39256 bytes
                MD5 hash:3177546c74e4f0062909eae43d948bfc

                Analysis Process: dbus-daemon PID: 5374 Parent PID: 5361

                General

                Start time:03:45:41
                Start date:10/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                Analysis Process: dbus-daemon PID: 5375 Parent PID: 5374

                General

                Start time:03:45:41
                Start date:10/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                Analysis Process: false PID: 5375 Parent PID: 5374

                General

                Start time:03:45:41
                Start date:10/11/2021
                Path:/bin/false
                Arguments:/bin/false
                File size:39256 bytes
                MD5 hash:3177546c74e4f0062909eae43d948bfc

                Analysis Process: dbus-daemon PID: 5376 Parent PID: 5361

                General

                Start time:03:45:41
                Start date:10/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                Analysis Process: dbus-daemon PID: 5377 Parent PID: 5376

                General

                Start time:03:45:41
                Start date:10/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                Analysis Process: false PID: 5377 Parent PID: 5376

                General

                Start time:03:45:41
                Start date:10/11/2021
                Path:/bin/false
                Arguments:/bin/false
                File size:39256 bytes
                MD5 hash:3177546c74e4f0062909eae43d948bfc

                Analysis Process: dbus-daemon PID: 5378 Parent PID: 5361

                General

                Start time:03:45:41
                Start date:10/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                Analysis Process: dbus-daemon PID: 5379 Parent PID: 5378

                General

                Start time:03:45:41
                Start date:10/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                Analysis Process: false PID: 5379 Parent PID: 5378

                General

                Start time:03:45:41
                Start date:10/11/2021
                Path:/bin/false
                Arguments:/bin/false
                File size:39256 bytes
                MD5 hash:3177546c74e4f0062909eae43d948bfc

                Analysis Process: dbus-daemon PID: 5381 Parent PID: 5361

                General

                Start time:03:45:41
                Start date:10/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                Analysis Process: dbus-daemon PID: 5382 Parent PID: 5381

                General

                Start time:03:45:41
                Start date:10/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                Analysis Process: false PID: 5382 Parent PID: 5381

                General

                Start time:03:45:41
                Start date:10/11/2021
                Path:/bin/false
                Arguments:/bin/false
                File size:39256 bytes
                MD5 hash:3177546c74e4f0062909eae43d948bfc

                Analysis Process: dbus-run-session PID: 5362 Parent PID: 5360

                General

                Start time:03:45:39
                Start date:10/11/2021
                Path:/usr/bin/dbus-run-session
                Arguments:n/a
                File size:14480 bytes
                MD5 hash:245f3ef6a268850b33b0225a8753b7f4

                Analysis Process: gnome-session PID: 5362 Parent PID: 5360

                General

                Start time:03:45:39
                Start date:10/11/2021
                Path:/usr/bin/gnome-session
                Arguments:gnome-session --autostart /usr/share/gdm/greeter/autostart
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                Analysis Process: gnome-session-binary PID: 5362 Parent PID: 5360

                General

                Start time:03:45:39
                Start date:10/11/2021
                Path:/usr/libexec/gnome-session-binary
                Arguments:/usr/libexec/gnome-session-binary --systemd --autostart /usr/share/gdm/greeter/autostart
                File size:334664 bytes
                MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                Analysis Process: gnome-session-binary PID: 5383 Parent PID: 5362

                General

                Start time:03:45:42
                Start date:10/11/2021
                Path:/usr/libexec/gnome-session-binary
                Arguments:n/a
                File size:334664 bytes
                MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                Analysis Process: session-migration PID: 5383 Parent PID: 5362

                General

                Start time:03:45:42
                Start date:10/11/2021
                Path:/usr/bin/session-migration
                Arguments:session-migration
                File size:22680 bytes
                MD5 hash:5227af42ebf14ac2fe2acddb002f68dc

                Analysis Process: gnome-session-binary PID: 5384 Parent PID: 5362

                General

                Start time:03:45:43
                Start date:10/11/2021
                Path:/usr/libexec/gnome-session-binary
                Arguments:n/a
                File size:334664 bytes
                MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                Analysis Process: sh PID: 5384 Parent PID: 5362

                General

                Start time:03:45:43
                Start date:10/11/2021
                Path:/bin/sh
                Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                Analysis Process: gnome-shell PID: 5384 Parent PID: 5362

                General

                Start time:03:45:43
                Start date:10/11/2021
                Path:/usr/bin/gnome-shell
                Arguments:/usr/bin/gnome-shell
                File size:23168 bytes
                MD5 hash:da7a257239677622fe4b3a65972c9e87

                Analysis Process: gdm3 PID: 5411 Parent PID: 1320

                General

                Start time:03:45:47
                Start date:10/11/2021
                Path:/usr/sbin/gdm3
                Arguments:n/a
                File size:453296 bytes
                MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                Analysis Process: gdm-session-worker PID: 5411 Parent PID: 1320

                General

                Start time:03:45:47
                Start date:10/11/2021
                Path:/usr/lib/gdm3/gdm-session-worker
                Arguments:"gdm-session-worker [pam/gdm-launch-environment]"
                File size:293360 bytes
                MD5 hash:692243754bd9f38fe9bd7e230b5c060a

                Analysis Process: gdm-session-worker PID: 5416 Parent PID: 5411

                General

                Start time:03:45:48
                Start date:10/11/2021
                Path:/usr/lib/gdm3/gdm-session-worker
                Arguments:n/a
                File size:293360 bytes
                MD5 hash:692243754bd9f38fe9bd7e230b5c060a

                Analysis Process: gdm-x-session PID: 5416 Parent PID: 5411

                General

                Start time:03:45:48
                Start date:10/11/2021
                Path:/usr/lib/gdm3/gdm-x-session
                Arguments:/usr/lib/gdm3/gdm-x-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"
                File size:96944 bytes
                MD5 hash:498a824333f1c1ec7767f4612d1887cc

                Analysis Process: gdm-x-session PID: 5418 Parent PID: 5416

                General

                Start time:03:45:48
                Start date:10/11/2021
                Path:/usr/lib/gdm3/gdm-x-session
                Arguments:n/a
                File size:96944 bytes
                MD5 hash:498a824333f1c1ec7767f4612d1887cc

                Analysis Process: Xorg PID: 5418 Parent PID: 5416

                General

                Start time:03:45:48
                Start date:10/11/2021
                Path:/usr/bin/Xorg
                Arguments:/usr/bin/Xorg vt1 -displayfd 3 -auth /run/user/127/gdm/Xauthority -background none -noreset -keeptty -verbose 3
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                Analysis Process: Xorg.wrap PID: 5418 Parent PID: 5416

                General

                Start time:03:45:48
                Start date:10/11/2021
                Path:/usr/lib/xorg/Xorg.wrap
                Arguments:/usr/lib/xorg/Xorg.wrap vt1 -displayfd 3 -auth /run/user/127/gdm/Xauthority -background none -noreset -keeptty -verbose 3
                File size:14488 bytes
                MD5 hash:48993830888200ecf19dd7def0884dfd

                Analysis Process: Xorg PID: 5418 Parent PID: 5416

                General

                Start time:03:45:48
                Start date:10/11/2021
                Path:/usr/lib/xorg/Xorg
                Arguments:/usr/lib/xorg/Xorg vt1 -displayfd 3 -auth /run/user/127/gdm/Xauthority -background none -noreset -keeptty -verbose 3
                File size:2448840 bytes
                MD5 hash:730cf4c45a7ee8bea88abf165463b7f8

                Analysis Process: Xorg PID: 5428 Parent PID: 5418

                General

                Start time:03:45:57
                Start date:10/11/2021
                Path:/usr/lib/xorg/Xorg
                Arguments:n/a
                File size:2448840 bytes
                MD5 hash:730cf4c45a7ee8bea88abf165463b7f8

                Analysis Process: sh PID: 5428 Parent PID: 5418

                General

                Start time:03:45:57
                Start date:10/11/2021
                Path:/bin/sh
                Arguments:sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                Analysis Process: sh PID: 5429 Parent PID: 5428

                General

                Start time:03:45:57
                Start date:10/11/2021
                Path:/bin/sh
                Arguments:n/a
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                Analysis Process: xkbcomp PID: 5429 Parent PID: 5428

                General

                Start time:03:45:57
                Start date:10/11/2021
                Path:/usr/bin/xkbcomp
                Arguments:/usr/bin/xkbcomp -w 1 -R/usr/share/X11/xkb -xkm - -em1 "The XKEYBOARD keymap compiler (xkbcomp) reports:" -emp "> " -eml "Errors from xkbcomp are not fatal to the X server" /tmp/server-0.xkm
                File size:217184 bytes
                MD5 hash:c5f953aec4c00d2a1cc27acb75d62c9b

                Analysis Process: Xorg PID: 5872 Parent PID: 5418

                General

                Start time:03:46:30
                Start date:10/11/2021
                Path:/usr/lib/xorg/Xorg
                Arguments:n/a
                File size:2448840 bytes
                MD5 hash:730cf4c45a7ee8bea88abf165463b7f8

                Analysis Process: sh PID: 5872 Parent PID: 5418

                General

                Start time:03:46:30
                Start date:10/11/2021
                Path:/bin/sh
                Arguments:sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                Analysis Process: sh PID: 5873 Parent PID: 5872

                General

                Start time:03:46:30
                Start date:10/11/2021
                Path:/bin/sh
                Arguments:n/a
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                Analysis Process: xkbcomp PID: 5873 Parent PID: 5872

                General

                Start time:03:46:30
                Start date:10/11/2021
                Path:/usr/bin/xkbcomp
                Arguments:/usr/bin/xkbcomp -w 1 -R/usr/share/X11/xkb -xkm - -em1 "The XKEYBOARD keymap compiler (xkbcomp) reports:" -emp "> " -eml "Errors from xkbcomp are not fatal to the X server" /tmp/server-0.xkm
                File size:217184 bytes
                MD5 hash:c5f953aec4c00d2a1cc27acb75d62c9b

                Analysis Process: gdm-x-session PID: 5462 Parent PID: 5416

                General

                Start time:03:46:04
                Start date:10/11/2021
                Path:/usr/lib/gdm3/gdm-x-session
                Arguments:n/a
                File size:96944 bytes
                MD5 hash:498a824333f1c1ec7767f4612d1887cc

                Analysis Process: Default PID: 5462 Parent PID: 5416

                General

                Start time:03:46:04
                Start date:10/11/2021
                Path:/etc/gdm3/Prime/Default
                Arguments:/etc/gdm3/Prime/Default
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                Analysis Process: gdm-x-session PID: 5463 Parent PID: 5416

                General

                Start time:03:46:04
                Start date:10/11/2021
                Path:/usr/lib/gdm3/gdm-x-session
                Arguments:n/a
                File size:96944 bytes
                MD5 hash:498a824333f1c1ec7767f4612d1887cc

                Analysis Process: dbus-run-session PID: 5463 Parent PID: 5416

                General

                Start time:03:46:04
                Start date:10/11/2021
                Path:/usr/bin/dbus-run-session
                Arguments:dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart
                File size:14480 bytes
                MD5 hash:245f3ef6a268850b33b0225a8753b7f4

                Analysis Process: dbus-run-session PID: 5464 Parent PID: 5463

                General

                Start time:03:46:04
                Start date:10/11/2021
                Path:/usr/bin/dbus-run-session
                Arguments:n/a
                File size:14480 bytes
                MD5 hash:245f3ef6a268850b33b0225a8753b7f4

                Analysis Process: dbus-daemon PID: 5464 Parent PID: 5463

                General

                Start time:03:46:04
                Start date:10/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:dbus-daemon --nofork --print-address 4 --session
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                Analysis Process: dbus-daemon PID: 5520 Parent PID: 5464

                General

                Start time:03:46:13
                Start date:10/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                Analysis Process: dbus-daemon PID: 5521 Parent PID: 5520

                General

                Start time:03:46:13
                Start date:10/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                Analysis Process: at-spi-bus-launcher PID: 5521 Parent PID: 5520

                General

                Start time:03:46:13
                Start date:10/11/2021
                Path:/usr/libexec/at-spi-bus-launcher
                Arguments:/usr/libexec/at-spi-bus-launcher
                File size:27008 bytes
                MD5 hash:1563f274acd4e7ba530a55bdc4c95682

                Analysis Process: at-spi-bus-launcher PID: 5526 Parent PID: 5521

                General

                Start time:03:46:13
                Start date:10/11/2021
                Path:/usr/libexec/at-spi-bus-launcher
                Arguments:n/a
                File size:27008 bytes
                MD5 hash:1563f274acd4e7ba530a55bdc4c95682

                Analysis Process: dbus-daemon PID: 5526 Parent PID: 5521

                General

                Start time:03:46:13
                Start date:10/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:/usr/bin/dbus-daemon --config-file=/usr/share/defaults/at-spi2/accessibility.conf --nofork --print-address 3
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                Analysis Process: dbus-daemon PID: 5882 Parent PID: 5526

                General

                Start time:03:46:32
                Start date:10/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                Analysis Process: dbus-daemon PID: 5883 Parent PID: 5882

                General

                Start time:03:46:32
                Start date:10/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                Analysis Process: at-spi2-registryd PID: 5883 Parent PID: 5882

                General

                Start time:03:46:32
                Start date:10/11/2021
                Path:/usr/libexec/at-spi2-registryd
                Arguments:/usr/libexec/at-spi2-registryd --use-gnome-session
                File size:100224 bytes
                MD5 hash:1d904c2693452edebc7ede3a9e24d440

                Analysis Process: dbus-daemon PID: 5549 Parent PID: 5464

                General

                Start time:03:46:15
                Start date:10/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                Analysis Process: dbus-daemon PID: 5550 Parent PID: 5549

                General

                Start time:03:46:15
                Start date:10/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                Analysis Process: false PID: 5550 Parent PID: 5549

                General

                Start time:03:46:15
                Start date:10/11/2021
                Path:/bin/false
                Arguments:/bin/false
                File size:39256 bytes
                MD5 hash:3177546c74e4f0062909eae43d948bfc

                Analysis Process: dbus-daemon PID: 5552 Parent PID: 5464

                General

                Start time:03:46:15
                Start date:10/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                Analysis Process: dbus-daemon PID: 5553 Parent PID: 5552

                General

                Start time:03:46:15
                Start date:10/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                Analysis Process: false PID: 5553 Parent PID: 5552

                General

                Start time:03:46:15
                Start date:10/11/2021
                Path:/bin/false
                Arguments:/bin/false
                File size:39256 bytes
                MD5 hash:3177546c74e4f0062909eae43d948bfc

                Analysis Process: dbus-daemon PID: 5554 Parent PID: 5464

                General

                Start time:03:46:16
                Start date:10/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                Analysis Process: dbus-daemon PID: 5555 Parent PID: 5554

                General

                Start time:03:46:16
                Start date:10/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                Analysis Process: false PID: 5555 Parent PID: 5554

                General

                Start time:03:46:16
                Start date:10/11/2021
                Path:/bin/false
                Arguments:/bin/false
                File size:39256 bytes
                MD5 hash:3177546c74e4f0062909eae43d948bfc

                Analysis Process: dbus-daemon PID: 5556 Parent PID: 5464

                General

                Start time:03:46:16
                Start date:10/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                Analysis Process: dbus-daemon PID: 5557 Parent PID: 5556

                General

                Start time:03:46:16
                Start date:10/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                Analysis Process: false PID: 5557 Parent PID: 5556

                General

                Start time:03:46:16
                Start date:10/11/2021
                Path:/bin/false
                Arguments:/bin/false
                File size:39256 bytes
                MD5 hash:3177546c74e4f0062909eae43d948bfc

                Analysis Process: dbus-daemon PID: 5558 Parent PID: 5464

                General

                Start time:03:46:16
                Start date:10/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                Analysis Process: dbus-daemon PID: 5559 Parent PID: 5558

                General

                Start time:03:46:16
                Start date:10/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                Analysis Process: false PID: 5559 Parent PID: 5558

                General

                Start time:03:46:16
                Start date:10/11/2021
                Path:/bin/false
                Arguments:/bin/false
                File size:39256 bytes
                MD5 hash:3177546c74e4f0062909eae43d948bfc

                Analysis Process: dbus-daemon PID: 5560 Parent PID: 5464

                General

                Start time:03:46:16
                Start date:10/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                Analysis Process: dbus-daemon PID: 5561 Parent PID: 5560

                General

                Start time:03:46:16
                Start date:10/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                Analysis Process: false PID: 5561 Parent PID: 5560

                General

                Start time:03:46:16
                Start date:10/11/2021
                Path:/bin/false
                Arguments:/bin/false
                File size:39256 bytes
                MD5 hash:3177546c74e4f0062909eae43d948bfc

                Analysis Process: dbus-daemon PID: 5563 Parent PID: 5464

                General

                Start time:03:46:16
                Start date:10/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                Analysis Process: dbus-daemon PID: 5564 Parent PID: 5563

                General

                Start time:03:46:16
                Start date:10/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                Analysis Process: false PID: 5564 Parent PID: 5563

                General

                Start time:03:46:17
                Start date:10/11/2021
                Path:/bin/false
                Arguments:/bin/false
                File size:39256 bytes
                MD5 hash:3177546c74e4f0062909eae43d948bfc

                Analysis Process: dbus-daemon PID: 5868 Parent PID: 5464

                General

                Start time:03:46:29
                Start date:10/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                Analysis Process: dbus-daemon PID: 5869 Parent PID: 5868

                General

                Start time:03:46:29
                Start date:10/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                Analysis Process: ibus-portal PID: 5869 Parent PID: 5868

                General

                Start time:03:46:29
                Start date:10/11/2021
                Path:/usr/libexec/ibus-portal
                Arguments:/usr/libexec/ibus-portal
                File size:92536 bytes
                MD5 hash:562ad55bd9a4d54bd7b76746b01e37d3

                Analysis Process: dbus-daemon PID: 6091 Parent PID: 5464

                General

                Start time:03:46:34
                Start date:10/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                Analysis Process: dbus-daemon PID: 6092 Parent PID: 6091

                General

                Start time:03:46:34
                Start date:10/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                Analysis Process: gjs PID: 6092 Parent PID: 6091

                General

                Start time:03:46:34
                Start date:10/11/2021
                Path:/usr/bin/gjs
                Arguments:/usr/bin/gjs /usr/share/gnome-shell/org.gnome.Shell.Notifications
                File size:23128 bytes
                MD5 hash:5f3eceb792bb65c22f23d1efb4fde3ad

                Analysis Process: dbus-daemon PID: 6428 Parent PID: 5464

                General

                Start time:03:46:47
                Start date:10/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                Analysis Process: dbus-daemon PID: 6429 Parent PID: 6428

                General

                Start time:03:46:47
                Start date:10/11/2021
                Path:/usr/bin/dbus-daemon
                Arguments:n/a
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                Analysis Process: false PID: 6429 Parent PID: 6428

                General

                Start time:03:46:47
                Start date:10/11/2021
                Path:/bin/false
                Arguments:/bin/false
                File size:39256 bytes
                MD5 hash:3177546c74e4f0062909eae43d948bfc

                Analysis Process: dbus-run-session PID: 5467 Parent PID: 5463

                General

                Start time:03:46:05
                Start date:10/11/2021
                Path:/usr/bin/dbus-run-session
                Arguments:n/a
                File size:14480 bytes
                MD5 hash:245f3ef6a268850b33b0225a8753b7f4

                Analysis Process: gnome-session PID: 5467 Parent PID: 5463

                General

                Start time:03:46:05
                Start date:10/11/2021
                Path:/usr/bin/gnome-session
                Arguments:gnome-session --autostart /usr/share/gdm/greeter/autostart
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                Analysis Process: gnome-session-binary PID: 5467 Parent PID: 5463

                General

                Start time:03:46:05
                Start date:10/11/2021
                Path:/usr/libexec/gnome-session-binary
                Arguments:/usr/libexec/gnome-session-binary --systemd --autostart /usr/share/gdm/greeter/autostart
                File size:334664 bytes
                MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                Analysis Process: gnome-session-binary PID: 5468 Parent PID: 5467

                General

                Start time:03:46:05
                Start date:10/11/2021
                Path:/usr/libexec/gnome-session-binary
                Arguments:n/a
                File size:334664 bytes
                MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                Analysis Process: gnome-session-check-accelerated PID: 5468 Parent PID: 5467

                General

                Start time:03:46:05
                Start date:10/11/2021
                Path:/usr/libexec/gnome-session-check-accelerated
                Arguments:/usr/libexec/gnome-session-check-accelerated
                File size:18752 bytes
                MD5 hash:a64839518af85b2b9de31aca27646396

                Analysis Process: gnome-session-check-accelerated PID: 5527 Parent PID: 5468

                General

                Start time:03:46:13
                Start date:10/11/2021
                Path:/usr/libexec/gnome-session-check-accelerated
                Arguments:n/a
                File size:18752 bytes
                MD5 hash:a64839518af85b2b9de31aca27646396

                Analysis Process: gnome-session-check-accelerated-gl-helper PID: 5527 Parent PID: 5468

                General

                Start time:03:46:13
                Start date:10/11/2021
                Path:/usr/libexec/gnome-session-check-accelerated-gl-helper
                Arguments:/usr/libexec/gnome-session-check-accelerated-gl-helper --print-renderer
                File size:22920 bytes
                MD5 hash:b1ab9a384f9e98a39ae5c36037dd5e78

                Analysis Process: gnome-session-check-accelerated PID: 5536 Parent PID: 5468

                General

                Start time:03:46:14
                Start date:10/11/2021
                Path:/usr/libexec/gnome-session-check-accelerated
                Arguments:n/a
                File size:18752 bytes
                MD5 hash:a64839518af85b2b9de31aca27646396

                Analysis Process: gnome-session-check-accelerated-gles-helper PID: 5536 Parent PID: 5468

                General

                Start time:03:46:14
                Start date:10/11/2021
                Path:/usr/libexec/gnome-session-check-accelerated-gles-helper
                Arguments:/usr/libexec/gnome-session-check-accelerated-gles-helper --print-renderer
                File size:14728 bytes
                MD5 hash:1bd78885765a18e60c05ed1fb5fa3bf8

                Analysis Process: gnome-session-binary PID: 5565 Parent PID: 5467

                General

                Start time:03:46:17
                Start date:10/11/2021
                Path:/usr/libexec/gnome-session-binary
                Arguments:n/a
                File size:334664 bytes
                MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                Analysis Process: session-migration PID: 5565 Parent PID: 5467

                General

                Start time:03:46:17
                Start date:10/11/2021
                Path:/usr/bin/session-migration
                Arguments:session-migration
                File size:22680 bytes
                MD5 hash:5227af42ebf14ac2fe2acddb002f68dc

                Analysis Process: gnome-session-binary PID: 5566 Parent PID: 5467

                General

                Start time:03:46:17
                Start date:10/11/2021
                Path:/usr/libexec/gnome-session-binary
                Arguments:n/a
                File size:334664 bytes
                MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                Analysis Process: sh PID: 5566 Parent PID: 5467

                General

                Start time:03:46:17
                Start date:10/11/2021
                Path:/bin/sh
                Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                Analysis Process: gnome-shell PID: 5566 Parent PID: 5467

                General

                Start time:03:46:17
                Start date:10/11/2021
                Path:/usr/bin/gnome-shell
                Arguments:/usr/bin/gnome-shell
                File size:23168 bytes
                MD5 hash:da7a257239677622fe4b3a65972c9e87

                Analysis Process: gnome-shell PID: 5623 Parent PID: 5566

                General

                Start time:03:46:28
                Start date:10/11/2021
                Path:/usr/bin/gnome-shell
                Arguments:n/a
                File size:23168 bytes
                MD5 hash:da7a257239677622fe4b3a65972c9e87

                Analysis Process: ibus-daemon PID: 5623 Parent PID: 5566

                General

                Start time:03:46:28
                Start date:10/11/2021
                Path:/usr/bin/ibus-daemon
                Arguments:ibus-daemon --panel disable --xim
                File size:199088 bytes
                MD5 hash:1e00fb9860b198c73f6e364e3ff16f31

                Analysis Process: ibus-daemon PID: 5864 Parent PID: 5623

                General

                Start time:03:46:29
                Start date:10/11/2021
                Path:/usr/bin/ibus-daemon
                Arguments:n/a
                File size:199088 bytes
                MD5 hash:1e00fb9860b198c73f6e364e3ff16f31

                Analysis Process: ibus-memconf PID: 5864 Parent PID: 5623

                General

                Start time:03:46:29
                Start date:10/11/2021
                Path:/usr/libexec/ibus-memconf
                Arguments:/usr/libexec/ibus-memconf
                File size:22904 bytes
                MD5 hash:523e939905910d06598e66385761a822

                Analysis Process: ibus-daemon PID: 5866 Parent PID: 5623

                General

                Start time:03:46:29
                Start date:10/11/2021
                Path:/usr/bin/ibus-daemon
                Arguments:n/a
                File size:199088 bytes
                MD5 hash:1e00fb9860b198c73f6e364e3ff16f31

                Analysis Process: ibus-daemon PID: 5867 Parent PID: 5866

                General

                Start time:03:46:29
                Start date:10/11/2021
                Path:/usr/bin/ibus-daemon
                Arguments:n/a
                File size:199088 bytes
                MD5 hash:1e00fb9860b198c73f6e364e3ff16f31

                Analysis Process: ibus-x11 PID: 5867 Parent PID: 1

                General

                Start time:03:46:29
                Start date:10/11/2021
                Path:/usr/libexec/ibus-x11
                Arguments:/usr/libexec/ibus-x11 --kill-daemon
                File size:100352 bytes
                MD5 hash:2aa1e54666191243814c2733d6992dbd

                Analysis Process: ibus-daemon PID: 6133 Parent PID: 5623

                General

                Start time:03:46:41
                Start date:10/11/2021
                Path:/usr/bin/ibus-daemon
                Arguments:n/a
                File size:199088 bytes
                MD5 hash:1e00fb9860b198c73f6e364e3ff16f31

                Analysis Process: ibus-engine-simple PID: 6133 Parent PID: 5623

                General

                Start time:03:46:41
                Start date:10/11/2021
                Path:/usr/libexec/ibus-engine-simple
                Arguments:/usr/libexec/ibus-engine-simple
                File size:14712 bytes
                MD5 hash:0238866d5e8802a0ce1b1b9af8cb1376

                Analysis Process: gnome-session-binary PID: 6110 Parent PID: 5467

                General

                Start time:03:46:37
                Start date:10/11/2021
                Path:/usr/libexec/gnome-session-binary
                Arguments:n/a
                File size:334664 bytes
                MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                Analysis Process: sh PID: 6110 Parent PID: 5467

                General

                Start time:03:46:37
                Start date:10/11/2021
                Path:/bin/sh
                Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                Analysis Process: gsd-sharing PID: 6110 Parent PID: 5467

                General

                Start time:03:46:37
                Start date:10/11/2021
                Path:/usr/libexec/gsd-sharing
                Arguments:/usr/libexec/gsd-sharing
                File size:35424 bytes
                MD5 hash:e29d9025d98590fbb69f89fdbd4438b3

                Analysis Process: gnome-session-binary PID: 6112 Parent PID: 5467

                General

                Start time:03:46:37
                Start date:10/11/2021
                Path:/usr/libexec/gnome-session-binary
                Arguments:n/a
                File size:334664 bytes
                MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                Analysis Process: sh PID: 6112 Parent PID: 5467

                General

                Start time:03:46:37
                Start date:10/11/2021
                Path:/bin/sh
                Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-wacom
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                Analysis Process: gsd-wacom PID: 6112 Parent PID: 5467

                General

                Start time:03:46:37
                Start date:10/11/2021
                Path:/usr/libexec/gsd-wacom
                Arguments:/usr/libexec/gsd-wacom
                File size:39520 bytes
                MD5 hash:13778dd1a23a4e94ddc17ac9caa4fcc1

                Analysis Process: gnome-session-binary PID: 6114 Parent PID: 5467

                General

                Start time:03:46:37
                Start date:10/11/2021
                Path:/usr/libexec/gnome-session-binary
                Arguments:n/a
                File size:334664 bytes
                MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                Analysis Process: sh PID: 6114 Parent PID: 5467

                General

                Start time:03:46:37
                Start date:10/11/2021
                Path:/bin/sh
                Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-color
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                Analysis Process: gsd-color PID: 6114 Parent PID: 5467

                General

                Start time:03:46:37
                Start date:10/11/2021
                Path:/usr/libexec/gsd-color
                Arguments:/usr/libexec/gsd-color
                File size:92832 bytes
                MD5 hash:ac2861ad93ce047283e8e87cefef9a19

                Analysis Process: gnome-session-binary PID: 6115 Parent PID: 5467

                General

                Start time:03:46:37
                Start date:10/11/2021
                Path:/usr/libexec/gnome-session-binary
                Arguments:n/a
                File size:334664 bytes
                MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                Analysis Process: sh PID: 6115 Parent PID: 5467

                General

                Start time:03:46:37
                Start date:10/11/2021
                Path:/bin/sh
                Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-keyboard
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                Analysis Process: gsd-keyboard PID: 6115 Parent PID: 5467

                General

                Start time:03:46:38
                Start date:10/11/2021
                Path:/usr/libexec/gsd-keyboard
                Arguments:/usr/libexec/gsd-keyboard
                File size:39760 bytes
                MD5 hash:8e288fd17c80bb0a1148b964b2ac2279

                Analysis Process: gnome-session-binary PID: 6116 Parent PID: 5467

                General

                Start time:03:46:38
                Start date:10/11/2021
                Path:/usr/libexec/gnome-session-binary
                Arguments:n/a
                File size:334664 bytes
                MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                Analysis Process: sh PID: 6116 Parent PID: 5467

                General

                Start time:03:46:38
                Start date:10/11/2021
                Path:/bin/sh
                Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                Analysis Process: gsd-print-notifications PID: 6116 Parent PID: 5467

                General

                Start time:03:46:38
                Start date:10/11/2021
                Path:/usr/libexec/gsd-print-notifications
                Arguments:/usr/libexec/gsd-print-notifications
                File size:51840 bytes
                MD5 hash:71539698aa691718cee775d6b9450ae2

                Analysis Process: gsd-print-notifications PID: 6150 Parent PID: 6116

                General

                Start time:03:46:45
                Start date:10/11/2021
                Path:/usr/libexec/gsd-print-notifications
                Arguments:n/a
                File size:51840 bytes
                MD5 hash:71539698aa691718cee775d6b9450ae2

                Analysis Process: gsd-print-notifications PID: 6152 Parent PID: 6150

                General

                Start time:03:46:45
                Start date:10/11/2021
                Path:/usr/libexec/gsd-print-notifications
                Arguments:n/a
                File size:51840 bytes
                MD5 hash:71539698aa691718cee775d6b9450ae2

                Analysis Process: gsd-printer PID: 6152 Parent PID: 1

                General

                Start time:03:46:46
                Start date:10/11/2021
                Path:/usr/libexec/gsd-printer
                Arguments:/usr/libexec/gsd-printer
                File size:31120 bytes
                MD5 hash:7995828cf98c315fd55f2ffb3b22384d

                Analysis Process: gnome-session-binary PID: 6117 Parent PID: 5467

                General

                Start time:03:46:38
                Start date:10/11/2021
                Path:/usr/libexec/gnome-session-binary
                Arguments:n/a
                File size:334664 bytes
                MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                Analysis Process: sh PID: 6117 Parent PID: 5467

                General

                Start time:03:46:38
                Start date:10/11/2021
                Path:/bin/sh
                Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                Analysis Process: gsd-rfkill PID: 6117 Parent PID: 5467

                General

                Start time:03:46:38
                Start date:10/11/2021
                Path:/usr/libexec/gsd-rfkill
                Arguments:/usr/libexec/gsd-rfkill
                File size:51808 bytes
                MD5 hash:88a16a3c0aba1759358c06215ecfb5cc

                Analysis Process: gnome-session-binary PID: 6118 Parent PID: 5467

                General

                Start time:03:46:38
                Start date:10/11/2021
                Path:/usr/libexec/gnome-session-binary
                Arguments:n/a
                File size:334664 bytes
                MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                Analysis Process: sh PID: 6118 Parent PID: 5467

                General

                Start time:03:46:39
                Start date:10/11/2021
                Path:/bin/sh
                Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-smartcard
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                Analysis Process: gsd-smartcard PID: 6118 Parent PID: 5467

                General

                Start time:03:46:39
                Start date:10/11/2021
                Path:/usr/libexec/gsd-smartcard
                Arguments:/usr/libexec/gsd-smartcard
                File size:109152 bytes
                MD5 hash:ea1fbd7f62e4cd0331eae2ef754ee605

                Analysis Process: gnome-session-binary PID: 6120 Parent PID: 5467

                General

                Start time:03:46:39
                Start date:10/11/2021
                Path:/usr/libexec/gnome-session-binary
                Arguments:n/a
                File size:334664 bytes
                MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                Analysis Process: sh PID: 6120 Parent PID: 5467

                General

                Start time:03:46:39
                Start date:10/11/2021
                Path:/bin/sh
                Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-datetime
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                Analysis Process: gsd-datetime PID: 6120 Parent PID: 5467

                General

                Start time:03:46:39
                Start date:10/11/2021
                Path:/usr/libexec/gsd-datetime
                Arguments:/usr/libexec/gsd-datetime
                File size:76736 bytes
                MD5 hash:d80d39745740de37d6634d36e344d4bc

                Analysis Process: gnome-session-binary PID: 6121 Parent PID: 5467

                General

                Start time:03:46:39
                Start date:10/11/2021
                Path:/usr/libexec/gnome-session-binary
                Arguments:n/a
                File size:334664 bytes
                MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                Analysis Process: sh PID: 6121 Parent PID: 5467

                General

                Start time:03:46:39
                Start date:10/11/2021
                Path:/bin/sh
                Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-media-keys
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                Analysis Process: gsd-media-keys PID: 6121 Parent PID: 5467

                General

                Start time:03:46:40
                Start date:10/11/2021
                Path:/usr/libexec/gsd-media-keys
                Arguments:/usr/libexec/gsd-media-keys
                File size:232936 bytes
                MD5 hash:a425448c135afb4b8bfd79cc0b6b74da

                Analysis Process: gnome-session-binary PID: 6126 Parent PID: 5467

                General

                Start time:03:46:40
                Start date:10/11/2021
                Path:/usr/libexec/gnome-session-binary
                Arguments:n/a
                File size:334664 bytes
                MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                Analysis Process: sh PID: 6126 Parent PID: 5467

                General

                Start time:03:46:40
                Start date:10/11/2021
                Path:/bin/sh
                Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-screensaver-proxy
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                Analysis Process: gsd-screensaver-proxy PID: 6126 Parent PID: 5467

                General

                Start time:03:46:41
                Start date:10/11/2021
                Path:/usr/libexec/gsd-screensaver-proxy
                Arguments:/usr/libexec/gsd-screensaver-proxy
                File size:27232 bytes
                MD5 hash:77e309450c87dceee43f1a9e50cc0d02

                Analysis Process: gnome-session-binary PID: 6128 Parent PID: 5467

                General

                Start time:03:46:40
                Start date:10/11/2021
                Path:/usr/libexec/gnome-session-binary
                Arguments:n/a
                File size:334664 bytes
                MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                Analysis Process: sh PID: 6128 Parent PID: 5467

                General

                Start time:03:46:41
                Start date:10/11/2021
                Path:/bin/sh
                Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sound
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                Analysis Process: gsd-sound PID: 6128 Parent PID: 5467

                General

                Start time:03:46:41
                Start date:10/11/2021
                Path:/usr/libexec/gsd-sound
                Arguments:/usr/libexec/gsd-sound
                File size:31248 bytes
                MD5 hash:4c7d3fb993463337b4a0eb5c80c760ee

                Analysis Process: gnome-session-binary PID: 6130 Parent PID: 5467

                General

                Start time:03:46:41
                Start date:10/11/2021
                Path:/usr/libexec/gnome-session-binary
                Arguments:n/a
                File size:334664 bytes
                MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                Analysis Process: sh PID: 6130 Parent PID: 5467

                General

                Start time:03:46:41
                Start date:10/11/2021
                Path:/bin/sh
                Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-a11y-settings
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                Analysis Process: gsd-a11y-settings PID: 6130 Parent PID: 5467

                General

                Start time:03:46:42
                Start date:10/11/2021
                Path:/usr/libexec/gsd-a11y-settings
                Arguments:/usr/libexec/gsd-a11y-settings
                File size:23056 bytes
                MD5 hash:18e243d2cf30ecee7ea89d1462725c5c

                Analysis Process: gnome-session-binary PID: 6134 Parent PID: 5467

                General

                Start time:03:46:41
                Start date:10/11/2021
                Path:/usr/libexec/gnome-session-binary
                Arguments:n/a
                File size:334664 bytes
                MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                Analysis Process: sh PID: 6134 Parent PID: 5467

                General

                Start time:03:46:42
                Start date:10/11/2021
                Path:/bin/sh
                Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-housekeeping
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                Analysis Process: gsd-housekeeping PID: 6134 Parent PID: 5467

                General

                Start time:03:46:42
                Start date:10/11/2021
                Path:/usr/libexec/gsd-housekeeping
                Arguments:/usr/libexec/gsd-housekeeping
                File size:51840 bytes
                MD5 hash:b55f3394a84976ddb92a2915e5d76914

                Analysis Process: gnome-session-binary PID: 6137 Parent PID: 5467

                General

                Start time:03:46:42
                Start date:10/11/2021
                Path:/usr/libexec/gnome-session-binary
                Arguments:n/a
                File size:334664 bytes
                MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                Analysis Process: sh PID: 6137 Parent PID: 5467

                General

                Start time:03:46:42
                Start date:10/11/2021
                Path:/bin/sh
                Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-power
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                Analysis Process: gsd-power PID: 6137 Parent PID: 5467

                General

                Start time:03:46:43
                Start date:10/11/2021
                Path:/usr/libexec/gsd-power
                Arguments:/usr/libexec/gsd-power
                File size:88672 bytes
                MD5 hash:28b8e1b43c3e7f1db6741ea1ecd978b7

                Analysis Process: gnome-session-binary PID: 6978 Parent PID: 5467

                General

                Start time:03:47:07
                Start date:10/11/2021
                Path:/usr/libexec/gnome-session-binary
                Arguments:n/a
                File size:334664 bytes
                MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                Analysis Process: sh PID: 6978 Parent PID: 5467

                General

                Start time:03:47:07
                Start date:10/11/2021
                Path:/bin/sh
                Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/spice-vdagent
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                Analysis Process: spice-vdagent PID: 6978 Parent PID: 5467

                General

                Start time:03:47:07
                Start date:10/11/2021
                Path:/usr/bin/spice-vdagent
                Arguments:/usr/bin/spice-vdagent
                File size:80664 bytes
                MD5 hash:80fb7f613aa78d1b8a229dbcf4577a9d

                Analysis Process: gnome-session-binary PID: 6981 Parent PID: 5467

                General

                Start time:03:47:08
                Start date:10/11/2021
                Path:/usr/libexec/gnome-session-binary
                Arguments:n/a
                File size:334664 bytes
                MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                Analysis Process: sh PID: 6981 Parent PID: 5467

                General

                Start time:03:47:08
                Start date:10/11/2021
                Path:/bin/sh
                Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh xbrlapi -q
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                Analysis Process: xbrlapi PID: 6981 Parent PID: 5467

                General

                Start time:03:47:09
                Start date:10/11/2021
                Path:/usr/bin/xbrlapi
                Arguments:xbrlapi -q
                File size:166384 bytes
                MD5 hash:0cfe25df39d38af32d6265ed947ca5b9

                Analysis Process: gdm3 PID: 5412 Parent PID: 1320

                General

                Start time:03:45:47
                Start date:10/11/2021
                Path:/usr/sbin/gdm3
                Arguments:n/a
                File size:453296 bytes
                MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                Analysis Process: Default PID: 5412 Parent PID: 1320

                General

                Start time:03:45:47
                Start date:10/11/2021
                Path:/etc/gdm3/PrimeOff/Default
                Arguments:/etc/gdm3/PrimeOff/Default
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                Analysis Process: gdm3 PID: 5413 Parent PID: 1320

                General

                Start time:03:45:47
                Start date:10/11/2021
                Path:/usr/sbin/gdm3
                Arguments:n/a
                File size:453296 bytes
                MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                Analysis Process: Default PID: 5413 Parent PID: 1320

                General

                Start time:03:45:47
                Start date:10/11/2021
                Path:/etc/gdm3/PrimeOff/Default
                Arguments:/etc/gdm3/PrimeOff/Default
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                Analysis Process: gdm3 PID: 5421 Parent PID: 1320

                General

                Start time:03:45:54
                Start date:10/11/2021
                Path:/usr/sbin/gdm3
                Arguments:n/a
                File size:453296 bytes
                MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                Analysis Process: Default PID: 5421 Parent PID: 1320

                General

                Start time:03:45:54
                Start date:10/11/2021
                Path:/etc/gdm3/PrimeOff/Default
                Arguments:/etc/gdm3/PrimeOff/Default
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                Analysis Process: systemd PID: 5455 Parent PID: 1860

                General

                Start time:03:45:58
                Start date:10/11/2021
                Path:/usr/lib/systemd/systemd
                Arguments:n/a
                File size:1620224 bytes
                MD5 hash:9b2bec7092a40488108543f9334aab75

                Analysis Process: pulseaudio PID: 5455 Parent PID: 1860

                General

                Start time:03:45:58
                Start date:10/11/2021
                Path:/usr/bin/pulseaudio
                Arguments:/usr/bin/pulseaudio --daemonize=no --log-target=journal
                File size:100832 bytes
                MD5 hash:0c3b4c789d8ffb12b25507f27e14c186

                Analysis Process: gvfsd-fuse PID: 5471 Parent PID: 2038

                General

                Start time:03:46:08
                Start date:10/11/2021
                Path:/usr/libexec/gvfsd-fuse
                Arguments:n/a
                File size:47632 bytes
                MD5 hash:d18fbf1cbf8eb57b17fac48b7b4be933

                Analysis Process: fusermount PID: 5471 Parent PID: 2038

                General

                Start time:03:46:08
                Start date:10/11/2021
                Path:/bin/fusermount
                Arguments:fusermount -u -q -z -- /run/user/1000/gvfs
                File size:39144 bytes
                MD5 hash:576a1b135c82bdcbc97a91acea900566

                Analysis Process: systemd PID: 5487 Parent PID: 1

                General

                Start time:03:46:09
                Start date:10/11/2021
                Path:/usr/lib/systemd/systemd
                Arguments:n/a
                File size:1620224 bytes
                MD5 hash:9b2bec7092a40488108543f9334aab75

                Analysis Process: systemd-user-runtime-dir PID: 5487 Parent PID: 1

                General

                Start time:03:46:09
                Start date:10/11/2021
                Path:/lib/systemd/systemd-user-runtime-dir
                Arguments:/lib/systemd/systemd-user-runtime-dir stop 1000
                File size:22672 bytes
                MD5 hash:d55f4b0847f88131dbcfb07435178e54

                Analysis Process: systemd PID: 5591 Parent PID: 1

                General

                Start time:03:46:28
                Start date:10/11/2021
                Path:/usr/lib/systemd/systemd
                Arguments:n/a
                File size:1620224 bytes
                MD5 hash:9b2bec7092a40488108543f9334aab75

                Analysis Process: systemd-localed PID: 5591 Parent PID: 1

                General

                Start time:03:46:28
                Start date:10/11/2021
                Path:/lib/systemd/systemd-localed
                Arguments:/lib/systemd/systemd-localed
                File size:43232 bytes
                MD5 hash:1244af9646256d49594f2a8203329aa9

                Analysis Process: systemd PID: 5879 Parent PID: 1334

                General

                Start time:03:46:32
                Start date:10/11/2021
                Path:/usr/lib/systemd/systemd
                Arguments:n/a
                File size:1620224 bytes
                MD5 hash:9b2bec7092a40488108543f9334aab75

                Analysis Process: pulseaudio PID: 5879 Parent PID: 1334

                General

                Start time:03:46:32
                Start date:10/11/2021
                Path:/usr/bin/pulseaudio
                Arguments:/usr/bin/pulseaudio --daemonize=no --log-target=journal
                File size:100832 bytes
                MD5 hash:0c3b4c789d8ffb12b25507f27e14c186

                Analysis Process: systemd PID: 5884 Parent PID: 1

                General

                Start time:03:46:33
                Start date:10/11/2021
                Path:/usr/lib/systemd/systemd
                Arguments:n/a
                File size:1620224 bytes
                MD5 hash:9b2bec7092a40488108543f9334aab75

                Analysis Process: geoclue PID: 5884 Parent PID: 1

                General

                Start time:03:46:33
                Start date:10/11/2021
                Path:/usr/libexec/geoclue
                Arguments:/usr/libexec/geoclue
                File size:301544 bytes
                MD5 hash:30ac5455f3c598dde91dc87477fb19f7

                Analysis Process: systemd PID: 6155 Parent PID: 1

                General

                Start time:03:46:46
                Start date:10/11/2021
                Path:/usr/lib/systemd/systemd
                Arguments:n/a
                File size:1620224 bytes
                MD5 hash:9b2bec7092a40488108543f9334aab75

                Analysis Process: systemd-hostnamed PID: 6155 Parent PID: 1

                General

                Start time:03:46:46
                Start date:10/11/2021
                Path:/lib/systemd/systemd-hostnamed
                Arguments:/lib/systemd/systemd-hostnamed
                File size:35040 bytes
                MD5 hash:2cc8a5576629a2d5bd98e49a4b8bef65

                Analysis Process: systemd PID: 6507 Parent PID: 1

                General

                Start time:03:47:01
                Start date:10/11/2021
                Path:/usr/lib/systemd/systemd
                Arguments:n/a
                File size:1620224 bytes
                MD5 hash:9b2bec7092a40488108543f9334aab75

                Analysis Process: fprintd PID: 6507 Parent PID: 1

                General

                Start time:03:47:01
                Start date:10/11/2021
                Path:/usr/libexec/fprintd
                Arguments:/usr/libexec/fprintd
                File size:125312 bytes
                MD5 hash:b0d8829f05cd028529b84b061b660e84

                Analysis Process: systemd PID: 6715 Parent PID: 1

                General

                Start time:03:47:03
                Start date:10/11/2021
                Path:/usr/lib/systemd/systemd
                Arguments:n/a
                File size:1620224 bytes
                MD5 hash:9b2bec7092a40488108543f9334aab75

                Analysis Process: systemd-localed PID: 6715 Parent PID: 1

                General

                Start time:03:47:03
                Start date:10/11/2021
                Path:/lib/systemd/systemd-localed
                Arguments:/lib/systemd/systemd-localed
                File size:43232 bytes
                MD5 hash:1244af9646256d49594f2a8203329aa9